1 /* $OpenBSD: sys_process.c,v 1.82 2019/12/11 07:30:09 guenther Exp $ */ 2 /* $NetBSD: sys_process.c,v 1.55 1996/05/15 06:17:47 tls Exp $ */ 3 4 /*- 5 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 6 * Copyright (c) 1982, 1986, 1989, 1993 7 * The Regents of the University of California. All rights reserved. 8 * (c) UNIX System Laboratories, Inc. 9 * All or some portions of this file are derived from material licensed 10 * to the University of California by American Telephone and Telegraph 11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 12 * the permission of UNIX System Laboratories, Inc. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 39 */ 40 41 /* 42 * References: 43 * (1) Bach's "The Design of the UNIX Operating System", 44 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 45 * (3) the "4.4BSD Programmer's Reference Manual" published 46 * by USENIX and O'Reilly & Associates. 47 * The 4.4BSD PRM does a reasonably good job of documenting what the various 48 * ptrace() requests should actually do, and its text is quoted several times 49 * in this file. 50 */ 51 52 #include <sys/param.h> 53 #include <sys/systm.h> 54 #include <sys/exec.h> 55 #include <sys/proc.h> 56 #include <sys/signalvar.h> 57 #include <sys/errno.h> 58 #include <sys/malloc.h> 59 #include <sys/ptrace.h> 60 #include <sys/uio.h> 61 #include <sys/sched.h> 62 63 #include <sys/mount.h> 64 #include <sys/syscallargs.h> 65 66 #include <uvm/uvm_extern.h> 67 68 #include <machine/reg.h> 69 70 #ifdef PTRACE 71 72 static inline int process_checktracestate(struct process *_curpr, 73 struct process *_tr, struct proc *_t); 74 static inline struct process *process_tprfind(pid_t _tpid, struct proc **_tp); 75 76 int ptrace_ctrl(struct proc *, int, pid_t, caddr_t, int); 77 int ptrace_ustate(struct proc *, int, pid_t, void *, int, register_t *); 78 int ptrace_kstate(struct proc *, int, pid_t, void *); 79 int process_auxv_offset(struct proc *, struct process *, struct uio *); 80 81 int global_ptrace; /* permit tracing of not children */ 82 83 84 /* 85 * Process debugging system call. 86 */ 87 int 88 sys_ptrace(struct proc *p, void *v, register_t *retval) 89 { 90 struct sys_ptrace_args /* { 91 syscallarg(int) req; 92 syscallarg(pid_t) pid; 93 syscallarg(caddr_t) addr; 94 syscallarg(int) data; 95 } */ *uap = v; 96 int req = SCARG(uap, req); 97 pid_t pid = SCARG(uap, pid); 98 caddr_t uaddr = SCARG(uap, addr); /* userspace */ 99 void *kaddr = NULL; /* kernelspace */ 100 int data = SCARG(uap, data); 101 union { 102 struct ptrace_thread_state u_pts; 103 struct ptrace_io_desc u_piod; 104 struct ptrace_event u_pe; 105 struct ptrace_state u_ps; 106 register_t u_wcookie; 107 } u; 108 int size = 0; 109 enum { NONE, IN, IN_ALLOC, OUT, OUT_ALLOC, IN_OUT } mode; 110 int kstate = 0; 111 int error; 112 113 *retval = 0; 114 115 /* Figure out what sort of copyin/out operations we'll do */ 116 switch (req) { 117 case PT_TRACE_ME: 118 case PT_CONTINUE: 119 case PT_KILL: 120 case PT_ATTACH: 121 case PT_DETACH: 122 #ifdef PT_STEP 123 case PT_STEP: 124 #endif 125 /* control operations do no copyin/out; dispatch directly */ 126 return ptrace_ctrl(p, req, pid, uaddr, data); 127 128 case PT_READ_I: 129 case PT_READ_D: 130 case PT_WRITE_I: 131 case PT_WRITE_D: 132 mode = NONE; 133 break; 134 case PT_IO: 135 mode = IN_OUT; 136 size = sizeof u.u_piod; 137 data = size; /* suppress the data == size check */ 138 break; 139 case PT_GET_THREAD_FIRST: 140 mode = OUT; 141 size = sizeof u.u_pts; 142 kstate = 1; 143 break; 144 case PT_GET_THREAD_NEXT: 145 mode = IN_OUT; 146 size = sizeof u.u_pts; 147 kstate = 1; 148 break; 149 case PT_GET_EVENT_MASK: 150 mode = OUT; 151 size = sizeof u.u_pe; 152 kstate = 1; 153 break; 154 case PT_SET_EVENT_MASK: 155 mode = IN; 156 size = sizeof u.u_pe; 157 kstate = 1; 158 break; 159 case PT_GET_PROCESS_STATE: 160 mode = OUT; 161 size = sizeof u.u_ps; 162 kstate = 1; 163 break; 164 case PT_GETREGS: 165 mode = OUT_ALLOC; 166 size = sizeof(struct reg); 167 break; 168 case PT_SETREGS: 169 mode = IN_ALLOC; 170 size = sizeof(struct reg); 171 break; 172 #ifdef PT_GETFPREGS 173 case PT_GETFPREGS: 174 mode = OUT_ALLOC; 175 size = sizeof(struct fpreg); 176 break; 177 #endif 178 #ifdef PT_SETFPREGS 179 case PT_SETFPREGS: 180 mode = IN_ALLOC; 181 size = sizeof(struct fpreg); 182 break; 183 #endif 184 #ifdef PT_GETXMMREGS 185 case PT_GETXMMREGS: 186 mode = OUT_ALLOC; 187 size = sizeof(struct xmmregs); 188 break; 189 #endif 190 #ifdef PT_SETXMMREGS 191 case PT_SETXMMREGS: 192 mode = IN_ALLOC; 193 size = sizeof(struct xmmregs); 194 break; 195 #endif 196 #ifdef PT_WCOOKIE 197 case PT_WCOOKIE: 198 mode = OUT; 199 size = sizeof u.u_wcookie; 200 data = size; /* suppress the data == size check */ 201 break; 202 #endif 203 default: 204 return EINVAL; 205 } 206 207 208 /* Now do any copyin()s and allocations in a consistent manner */ 209 switch (mode) { 210 case NONE: 211 kaddr = uaddr; 212 break; 213 case IN: 214 case IN_OUT: 215 case OUT: 216 KASSERT(size <= sizeof u); 217 if (data != size) 218 return EINVAL; 219 if (mode == OUT) 220 memset(&u, 0, size); 221 else { /* IN or IN_OUT */ 222 if ((error = copyin(uaddr, &u, size))) 223 return error; 224 } 225 kaddr = &u; 226 break; 227 case IN_ALLOC: 228 kaddr = malloc(size, M_TEMP, M_WAITOK); 229 if ((error = copyin(uaddr, kaddr, size))) { 230 free(kaddr, M_TEMP, size); 231 return error; 232 } 233 break; 234 case OUT_ALLOC: 235 kaddr = malloc(size, M_TEMP, M_WAITOK | M_ZERO); 236 break; 237 } 238 239 if (kstate) 240 error = ptrace_kstate(p, req, pid, kaddr); 241 else 242 error = ptrace_ustate(p, req, pid, kaddr, data, retval); 243 244 /* Do any copyout()s and frees */ 245 if (error == 0) { 246 switch (mode) { 247 case NONE: 248 case IN: 249 case IN_ALLOC: 250 break; 251 case IN_OUT: 252 case OUT: 253 error = copyout(&u, uaddr, size); 254 if (req == PT_IO) { 255 /* historically, errors here are ignored */ 256 error = 0; 257 } 258 break; 259 case OUT_ALLOC: 260 error = copyout(kaddr, uaddr, size); 261 break; 262 } 263 } 264 265 if (mode == IN_ALLOC || mode == OUT_ALLOC) 266 free(kaddr, M_TEMP, size); 267 return error; 268 } 269 270 /* 271 * ptrace control requests: attach, detach, continue, kill, single-step, etc 272 */ 273 int 274 ptrace_ctrl(struct proc *p, int req, pid_t pid, caddr_t addr, int data) 275 { 276 struct proc *t; /* target thread */ 277 struct process *tr; /* target process */ 278 int error = 0; 279 int s; 280 281 switch (req) { 282 case PT_TRACE_ME: 283 /* Just set the trace flag. */ 284 tr = p->p_p; 285 if (ISSET(tr->ps_flags, PS_TRACED)) 286 return EBUSY; 287 atomic_setbits_int(&tr->ps_flags, PS_TRACED); 288 tr->ps_oppid = tr->ps_pptr->ps_pid; 289 if (tr->ps_ptstat == NULL) 290 tr->ps_ptstat = malloc(sizeof(*tr->ps_ptstat), 291 M_SUBPROC, M_WAITOK); 292 memset(tr->ps_ptstat, 0, sizeof(*tr->ps_ptstat)); 293 return 0; 294 295 /* calls that only operate on the PID */ 296 case PT_KILL: 297 case PT_ATTACH: 298 case PT_DETACH: 299 /* Find the process we're supposed to be operating on. */ 300 if ((tr = prfind(pid)) == NULL) { 301 error = ESRCH; 302 goto fail; 303 } 304 t = TAILQ_FIRST(&tr->ps_threads); 305 break; 306 307 /* calls that accept a PID or a thread ID */ 308 case PT_CONTINUE: 309 #ifdef PT_STEP 310 case PT_STEP: 311 #endif 312 if ((tr = process_tprfind(pid, &t)) == NULL) { 313 error = ESRCH; 314 goto fail; 315 } 316 break; 317 } 318 319 /* Check permissions/state */ 320 if (req != PT_ATTACH) { 321 /* Check that the data is a valid signal number or zero. */ 322 if (req != PT_KILL && (data < 0 || data >= NSIG)) { 323 error = EINVAL; 324 goto fail; 325 } 326 327 /* Most operations require the target to already be traced */ 328 if ((error = process_checktracestate(p->p_p, tr, t))) 329 goto fail; 330 331 /* Do single-step fixup if needed. */ 332 FIX_SSTEP(t); 333 } else { 334 /* 335 * PT_ATTACH is the opposite; you can't attach to a process if: 336 * (1) it's the process that's doing the attaching, 337 */ 338 if (tr == p->p_p) { 339 error = EINVAL; 340 goto fail; 341 } 342 343 /* 344 * (2) it's a system process 345 */ 346 if (ISSET(tr->ps_flags, PS_SYSTEM)) { 347 error = EPERM; 348 goto fail; 349 } 350 351 /* 352 * (3) it's already being traced, or 353 */ 354 if (ISSET(tr->ps_flags, PS_TRACED)) { 355 error = EBUSY; 356 goto fail; 357 } 358 359 /* 360 * (4) it's in the middle of execve(2) 361 */ 362 if (ISSET(tr->ps_flags, PS_INEXEC)) { 363 error = EAGAIN; 364 goto fail; 365 } 366 367 /* 368 * (5) it's not owned by you, or the last exec 369 * gave us setuid/setgid privs (unless 370 * you're root), or... 371 * 372 * [Note: once PS_SUGID or PS_SUGIDEXEC gets set in 373 * execve(), they stay set until the process does 374 * another execve(). Hence this prevents a setuid 375 * process which revokes its special privileges using 376 * setuid() from being traced. This is good security.] 377 */ 378 if ((tr->ps_ucred->cr_ruid != p->p_ucred->cr_ruid || 379 ISSET(tr->ps_flags, PS_SUGIDEXEC | PS_SUGID)) && 380 (error = suser(p)) != 0) 381 goto fail; 382 383 /* 384 * (5.5) it's not a child of the tracing process. 385 */ 386 if (global_ptrace == 0 && !inferior(tr, p->p_p) && 387 (error = suser(p)) != 0) 388 goto fail; 389 390 /* 391 * (6) ...it's init, which controls the security level 392 * of the entire system, and the system was not 393 * compiled with permanently insecure mode turned 394 * on. 395 */ 396 if ((tr->ps_pid == 1) && (securelevel > -1)) { 397 error = EPERM; 398 goto fail; 399 } 400 401 /* 402 * (7) it's an ancestor of the current process and 403 * not init (because that would create a loop in 404 * the process graph). 405 */ 406 if (tr->ps_pid != 1 && inferior(p->p_p, tr)) { 407 error = EINVAL; 408 goto fail; 409 } 410 } 411 412 switch (req) { 413 414 #ifdef PT_STEP 415 case PT_STEP: 416 /* 417 * From the 4.4BSD PRM: 418 * "Execution continues as in request PT_CONTINUE; however 419 * as soon as possible after execution of at least one 420 * instruction, execution stops again. [ ... ]" 421 */ 422 #endif 423 case PT_CONTINUE: 424 /* 425 * From the 4.4BSD PRM: 426 * "The data argument is taken as a signal number and the 427 * child's execution continues at location addr as if it 428 * incurred that signal. Normally the signal number will 429 * be either 0 to indicate that the signal that caused the 430 * stop should be ignored, or that value fetched out of 431 * the process's image indicating which signal caused 432 * the stop. If addr is (int *)1 then execution continues 433 * from where it stopped." 434 */ 435 436 if (pid < THREAD_PID_OFFSET && tr->ps_single) 437 t = tr->ps_single; 438 439 /* If the address parameter is not (int *)1, set the pc. */ 440 if ((int *)addr != (int *)1) 441 if ((error = process_set_pc(t, addr)) != 0) 442 goto fail; 443 444 #ifdef PT_STEP 445 /* 446 * Arrange for a single-step, if that's requested and possible. 447 */ 448 error = process_sstep(t, req == PT_STEP); 449 if (error) 450 goto fail; 451 #endif 452 goto sendsig; 453 454 case PT_DETACH: 455 /* 456 * From the 4.4BSD PRM: 457 * "The data argument is taken as a signal number and the 458 * child's execution continues at location addr as if it 459 * incurred that signal. Normally the signal number will 460 * be either 0 to indicate that the signal that caused the 461 * stop should be ignored, or that value fetched out of 462 * the process's image indicating which signal caused 463 * the stop. If addr is (int *)1 then execution continues 464 * from where it stopped." 465 */ 466 467 if (pid < THREAD_PID_OFFSET && tr->ps_single) 468 t = tr->ps_single; 469 470 #ifdef PT_STEP 471 /* 472 * Stop single stepping. 473 */ 474 error = process_sstep(t, 0); 475 if (error) 476 goto fail; 477 #endif 478 479 /* give process back to original parent or init */ 480 if (tr->ps_oppid != tr->ps_pptr->ps_pid) { 481 struct process *ppr; 482 483 ppr = prfind(tr->ps_oppid); 484 proc_reparent(tr, ppr ? ppr : initprocess); 485 } 486 487 /* not being traced any more */ 488 tr->ps_oppid = 0; 489 atomic_clearbits_int(&tr->ps_flags, PS_TRACED|PS_WAITED); 490 491 sendsig: 492 memset(tr->ps_ptstat, 0, sizeof(*tr->ps_ptstat)); 493 494 /* Finally, deliver the requested signal (or none). */ 495 if (t->p_stat == SSTOP) { 496 tr->ps_xsig = data; 497 SCHED_LOCK(s); 498 setrunnable(t); 499 SCHED_UNLOCK(s); 500 } else { 501 if (data != 0) 502 psignal(t, data); 503 } 504 break; 505 506 case PT_KILL: 507 if (pid < THREAD_PID_OFFSET && tr->ps_single) 508 t = tr->ps_single; 509 510 /* just send the process a KILL signal. */ 511 data = SIGKILL; 512 goto sendsig; /* in PT_CONTINUE, above. */ 513 514 case PT_ATTACH: 515 /* 516 * As was done in procfs: 517 * Go ahead and set the trace flag. 518 * Save the old parent (it's reset in 519 * _DETACH, and also in kern_exit.c:wait4() 520 * Reparent the process so that the tracing 521 * proc gets to see all the action. 522 * Stop the target. 523 */ 524 atomic_setbits_int(&tr->ps_flags, PS_TRACED); 525 tr->ps_oppid = tr->ps_pptr->ps_pid; 526 if (tr->ps_pptr != p->p_p) 527 proc_reparent(tr, p->p_p); 528 if (tr->ps_ptstat == NULL) 529 tr->ps_ptstat = malloc(sizeof(*tr->ps_ptstat), 530 M_SUBPROC, M_WAITOK); 531 data = SIGSTOP; 532 goto sendsig; 533 default: 534 KASSERTMSG(0, "%s: unhandled request %d", __func__, req); 535 break; 536 } 537 538 fail: 539 return error; 540 } 541 542 /* 543 * ptrace kernel-state requests: thread list, event mask, process state 544 */ 545 int 546 ptrace_kstate(struct proc *p, int req, pid_t pid, void *addr) 547 { 548 struct process *tr; /* target process */ 549 struct ptrace_event *pe = addr; 550 int error; 551 552 KASSERT((p->p_flag & P_SYSTEM) == 0); 553 554 /* Find the process we're supposed to be operating on. */ 555 if ((tr = prfind(pid)) == NULL) 556 return ESRCH; 557 558 if ((error = process_checktracestate(p->p_p, tr, NULL))) 559 return error; 560 561 switch (req) { 562 case PT_GET_THREAD_FIRST: 563 case PT_GET_THREAD_NEXT: 564 { 565 struct ptrace_thread_state *pts = addr; 566 struct proc *t; 567 568 if (req == PT_GET_THREAD_NEXT) { 569 t = tfind(pts->pts_tid - THREAD_PID_OFFSET); 570 if (t == NULL || ISSET(t->p_flag, P_WEXIT)) 571 return ESRCH; 572 if (t->p_p != tr) 573 return EINVAL; 574 t = TAILQ_NEXT(t, p_thr_link); 575 } else { 576 t = TAILQ_FIRST(&tr->ps_threads); 577 } 578 579 if (t == NULL) 580 pts->pts_tid = -1; 581 else 582 pts->pts_tid = t->p_tid + THREAD_PID_OFFSET; 583 return 0; 584 } 585 } 586 587 switch (req) { 588 case PT_GET_EVENT_MASK: 589 pe->pe_set_event = tr->ps_ptmask; 590 break; 591 case PT_SET_EVENT_MASK: 592 tr->ps_ptmask = pe->pe_set_event; 593 break; 594 case PT_GET_PROCESS_STATE: 595 if (tr->ps_single) 596 tr->ps_ptstat->pe_tid = 597 tr->ps_single->p_tid + THREAD_PID_OFFSET; 598 memcpy(addr, tr->ps_ptstat, sizeof *tr->ps_ptstat); 599 break; 600 default: 601 KASSERTMSG(0, "%s: unhandled request %d", __func__, req); 602 break; 603 } 604 605 return 0; 606 } 607 608 /* 609 * ptrace user-state requests: memory access, registers, stack cookie 610 */ 611 int 612 ptrace_ustate(struct proc *p, int req, pid_t pid, void *addr, int data, 613 register_t *retval) 614 { 615 struct proc *t; /* target thread */ 616 struct process *tr; /* target process */ 617 struct uio uio; 618 struct iovec iov; 619 int error, write; 620 int temp = 0; 621 622 KASSERT((p->p_flag & P_SYSTEM) == 0); 623 624 /* Accept either PID or TID */ 625 if ((tr = process_tprfind(pid, &t)) == NULL) 626 return ESRCH; 627 628 if ((error = process_checktracestate(p->p_p, tr, t))) 629 return error; 630 631 FIX_SSTEP(t); 632 633 /* Now do the operation. */ 634 write = 0; 635 636 if ((error = process_checkioperm(p, tr)) != 0) 637 return error; 638 639 switch (req) { 640 case PT_WRITE_I: /* XXX no separate I and D spaces */ 641 case PT_WRITE_D: 642 write = 1; 643 temp = data; 644 case PT_READ_I: /* XXX no separate I and D spaces */ 645 case PT_READ_D: 646 /* write = 0 done above. */ 647 iov.iov_base = (caddr_t)&temp; 648 iov.iov_len = sizeof(int); 649 uio.uio_iov = &iov; 650 uio.uio_iovcnt = 1; 651 uio.uio_offset = (off_t)(vaddr_t)addr; 652 uio.uio_resid = sizeof(int); 653 uio.uio_segflg = UIO_SYSSPACE; 654 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 655 uio.uio_procp = p; 656 error = process_domem(p, tr, &uio, write ? PT_WRITE_I : 657 PT_READ_I); 658 if (write == 0) 659 *retval = temp; 660 return error; 661 662 case PT_IO: 663 { 664 struct ptrace_io_desc *piod = addr; 665 666 iov.iov_base = piod->piod_addr; 667 iov.iov_len = piod->piod_len; 668 uio.uio_iov = &iov; 669 uio.uio_iovcnt = 1; 670 uio.uio_offset = (off_t)(vaddr_t)piod->piod_offs; 671 uio.uio_resid = piod->piod_len; 672 uio.uio_segflg = UIO_USERSPACE; 673 uio.uio_procp = p; 674 switch (piod->piod_op) { 675 case PIOD_READ_I: 676 req = PT_READ_I; 677 uio.uio_rw = UIO_READ; 678 break; 679 case PIOD_READ_D: 680 req = PT_READ_D; 681 uio.uio_rw = UIO_READ; 682 break; 683 case PIOD_WRITE_I: 684 req = PT_WRITE_I; 685 uio.uio_rw = UIO_WRITE; 686 break; 687 case PIOD_WRITE_D: 688 req = PT_WRITE_D; 689 uio.uio_rw = UIO_WRITE; 690 break; 691 case PIOD_READ_AUXV: 692 req = PT_READ_D; 693 uio.uio_rw = UIO_READ; 694 temp = tr->ps_emul->e_arglen * sizeof(char *); 695 if (uio.uio_offset > temp) 696 return EIO; 697 if (uio.uio_resid > temp - uio.uio_offset) 698 uio.uio_resid = temp - uio.uio_offset; 699 piod->piod_len = iov.iov_len = uio.uio_resid; 700 error = process_auxv_offset(p, tr, &uio); 701 if (error) 702 return error; 703 break; 704 default: 705 return EINVAL; 706 } 707 error = process_domem(p, tr, &uio, req); 708 piod->piod_len -= uio.uio_resid; 709 return error; 710 } 711 712 case PT_SETREGS: 713 return process_write_regs(t, addr); 714 case PT_GETREGS: 715 return process_read_regs(t, addr); 716 717 #ifdef PT_SETFPREGS 718 case PT_SETFPREGS: 719 return process_write_fpregs(t, addr); 720 #endif 721 #ifdef PT_SETFPREGS 722 case PT_GETFPREGS: 723 return process_read_fpregs(t, addr); 724 #endif 725 #ifdef PT_SETXMMREGS 726 case PT_SETXMMREGS: 727 return process_write_xmmregs(t, addr); 728 #endif 729 #ifdef PT_SETXMMREGS 730 case PT_GETXMMREGS: 731 return process_read_xmmregs(t, addr); 732 #endif 733 #ifdef PT_WCOOKIE 734 case PT_WCOOKIE: 735 *(register_t *)addr = process_get_wcookie(t); 736 return 0; 737 #endif 738 default: 739 KASSERTMSG(0, "%s: unhandled request %d", __func__, req); 740 break; 741 } 742 743 return 0; 744 } 745 746 747 /* 748 * Helper for doing "it could be a PID or TID" lookup. On failure 749 * returns NULL; on success returns the selected process and sets *tp 750 * to an appropriate thread in that process. 751 */ 752 static inline struct process * 753 process_tprfind(pid_t tpid, struct proc **tp) 754 { 755 if (tpid > THREAD_PID_OFFSET) { 756 struct proc *t = tfind(tpid - THREAD_PID_OFFSET); 757 758 if (t == NULL) 759 return NULL; 760 *tp = t; 761 return t->p_p; 762 } else { 763 struct process *tr = prfind(tpid); 764 765 if (tr == NULL) 766 return NULL; 767 *tp = TAILQ_FIRST(&tr->ps_threads); 768 return tr; 769 } 770 } 771 772 773 /* 774 * Check whether 'tr' is currently traced by 'curpr' and in a state 775 * to be manipulated. If 't' is supplied then it must be stopped and 776 * waited for. 777 */ 778 static inline int 779 process_checktracestate(struct process *curpr, struct process *tr, 780 struct proc *t) 781 { 782 /* 783 * You can't do what you want to the process if: 784 * (1) It's not being traced at all, 785 */ 786 if (!ISSET(tr->ps_flags, PS_TRACED)) 787 return EPERM; 788 789 /* 790 * (2) it's not being traced by _you_, or 791 */ 792 if (tr->ps_pptr != curpr) 793 return EBUSY; 794 795 /* 796 * (3) it's in the middle of execve(2) 797 */ 798 if (ISSET(tr->ps_flags, PS_INEXEC)) 799 return EAGAIN; 800 801 /* 802 * (4) if a thread was specified and it's not currently stopped. 803 */ 804 if (t != NULL && 805 (t->p_stat != SSTOP || !ISSET(tr->ps_flags, PS_WAITED))) 806 return EBUSY; 807 808 return 0; 809 } 810 811 812 /* 813 * Check if a process is allowed to fiddle with the memory of another. 814 * 815 * p = tracer 816 * tr = tracee 817 * 818 * 1. You can't attach to a process not owned by you or one that has raised 819 * its privileges. 820 * 1a. ...unless you are root. 821 * 822 * 2. init is always off-limits because it can control the securelevel. 823 * 2a. ...unless securelevel is permanently set to insecure. 824 * 825 * 3. Processes that are in the process of doing an exec() are always 826 * off-limits because of the can of worms they are. Just wait a 827 * second. 828 */ 829 int 830 process_checkioperm(struct proc *p, struct process *tr) 831 { 832 int error; 833 834 if ((tr->ps_ucred->cr_ruid != p->p_ucred->cr_ruid || 835 ISSET(tr->ps_flags, PS_SUGIDEXEC | PS_SUGID)) && 836 (error = suser(p)) != 0) 837 return (error); 838 839 if ((tr->ps_pid == 1) && (securelevel > -1)) 840 return (EPERM); 841 842 if (ISSET(tr->ps_flags, PS_INEXEC)) 843 return (EAGAIN); 844 845 return (0); 846 } 847 848 int 849 process_domem(struct proc *curp, struct process *tr, struct uio *uio, int req) 850 { 851 struct vmspace *vm; 852 int error; 853 vaddr_t addr; 854 vsize_t len; 855 856 len = uio->uio_resid; 857 if (len == 0) 858 return 0; 859 860 if ((error = process_checkioperm(curp, tr)) != 0) 861 return error; 862 863 /* XXXCDC: how should locking work here? */ 864 vm = tr->ps_vmspace; 865 if ((tr->ps_flags & PS_EXITING) || (vm->vm_refcnt < 1)) 866 return EFAULT; 867 addr = uio->uio_offset; 868 869 vm->vm_refcnt++; 870 871 error = uvm_io(&vm->vm_map, uio, 872 (uio->uio_rw == UIO_WRITE) ? UVM_IO_FIXPROT : 0); 873 874 uvmspace_free(vm); 875 876 if (error == 0 && req == PT_WRITE_I) 877 pmap_proc_iflush(tr, addr, len); 878 879 return error; 880 } 881 882 int 883 process_auxv_offset(struct proc *curp, struct process *tr, struct uio *uiop) 884 { 885 struct vmspace *vm; 886 struct ps_strings pss; 887 struct iovec iov; 888 struct uio uio; 889 int error; 890 891 iov.iov_base = &pss; 892 iov.iov_len = sizeof(pss); 893 uio.uio_iov = &iov; 894 uio.uio_iovcnt = 1; 895 uio.uio_offset = (off_t)tr->ps_strings; 896 uio.uio_resid = sizeof(pss); 897 uio.uio_segflg = UIO_SYSSPACE; 898 uio.uio_rw = UIO_READ; 899 uio.uio_procp = curp; 900 901 vm = tr->ps_vmspace; 902 if ((tr->ps_flags & PS_EXITING) || (vm->vm_refcnt < 1)) 903 return EFAULT; 904 905 vm->vm_refcnt++; 906 error = uvm_io(&vm->vm_map, &uio, 0); 907 uvmspace_free(vm); 908 909 if (error != 0) 910 return error; 911 912 if (pss.ps_envstr == NULL) 913 return EIO; 914 915 uiop->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + pss.ps_nenvstr + 1); 916 #ifdef MACHINE_STACK_GROWS_UP 917 if (uiop->uio_offset < (off_t)tr->ps_strings) 918 return EIO; 919 #else 920 if (uiop->uio_offset > (off_t)tr->ps_strings) 921 return EIO; 922 if ((uiop->uio_offset + uiop->uio_resid) > (off_t)tr->ps_strings) 923 uiop->uio_resid = (off_t)tr->ps_strings - uiop->uio_offset; 924 #endif 925 926 return 0; 927 } 928 #endif 929