1 /* $NetBSD: sys_process.c,v 1.174 2016/10/19 09:44:01 skrll Exp $ */ 2 3 /*- 4 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Andrew Doran. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1989, 1993 34 * The Regents of the University of California. All rights reserved. 35 * (c) UNIX System Laboratories, Inc. 36 * All or some portions of this file are derived from material licensed 37 * to the University of California by American Telephone and Telegraph 38 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 39 * the permission of UNIX System Laboratories, Inc. 40 * 41 * This code is derived from software contributed to Berkeley by 42 * Jan-Simon Pendry. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 3. Neither the name of the University nor the names of its contributors 53 * may be used to endorse or promote products derived from this software 54 * without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 * 68 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 69 */ 70 71 /*- 72 * Copyright (c) 1993 Jan-Simon Pendry. 73 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 74 * 75 * This code is derived from software contributed to Berkeley by 76 * Jan-Simon Pendry. 77 * 78 * Redistribution and use in source and binary forms, with or without 79 * modification, are permitted provided that the following conditions 80 * are met: 81 * 1. Redistributions of source code must retain the above copyright 82 * notice, this list of conditions and the following disclaimer. 83 * 2. Redistributions in binary form must reproduce the above copyright 84 * notice, this list of conditions and the following disclaimer in the 85 * documentation and/or other materials provided with the distribution. 86 * 3. All advertising materials mentioning features or use of this software 87 * must display the following acknowledgement: 88 * This product includes software developed by the University of 89 * California, Berkeley and its contributors. 90 * 4. Neither the name of the University nor the names of its contributors 91 * may be used to endorse or promote products derived from this software 92 * without specific prior written permission. 93 * 94 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 97 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 98 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 99 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 100 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 101 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 104 * SUCH DAMAGE. 105 * 106 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 107 */ 108 109 /* 110 * References: 111 * (1) Bach's "The Design of the UNIX Operating System", 112 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 113 * (3) the "4.4BSD Programmer's Reference Manual" published 114 * by USENIX and O'Reilly & Associates. 115 * The 4.4BSD PRM does a reasonably good job of documenting what the various 116 * ptrace() requests should actually do, and its text is quoted several times 117 * in this file. 118 */ 119 120 #include <sys/cdefs.h> 121 __KERNEL_RCSID(0, "$NetBSD: sys_process.c,v 1.174 2016/10/19 09:44:01 skrll Exp $"); 122 123 #ifdef _KERNEL_OPT 124 #include "opt_ptrace.h" 125 #include "opt_ktrace.h" 126 #include "opt_pax.h" 127 #endif 128 129 #include <sys/param.h> 130 #include <sys/systm.h> 131 #include <sys/proc.h> 132 #include <sys/errno.h> 133 #include <sys/exec.h> 134 #include <sys/pax.h> 135 #include <sys/ptrace.h> 136 #include <sys/uio.h> 137 #include <sys/ras.h> 138 #include <sys/kmem.h> 139 #include <sys/kauth.h> 140 #include <sys/mount.h> 141 #include <sys/syscallargs.h> 142 143 #include <uvm/uvm_extern.h> 144 145 #include <machine/reg.h> 146 147 #ifdef PTRACE 148 149 # ifdef DEBUG 150 # define DPRINTF(a) uprintf a 151 # else 152 # define DPRINTF(a) 153 # endif 154 155 static kauth_listener_t ptrace_listener; 156 #ifdef PTRACE 157 static int process_auxv_offset(struct proc *, struct uio *); 158 #endif 159 160 static int 161 ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 162 void *arg0, void *arg1, void *arg2, void *arg3) 163 { 164 struct proc *p; 165 int result; 166 167 result = KAUTH_RESULT_DEFER; 168 p = arg0; 169 170 if (action != KAUTH_PROCESS_PTRACE) 171 return result; 172 173 switch ((u_long)arg1) { 174 case PT_TRACE_ME: 175 case PT_ATTACH: 176 case PT_WRITE_I: 177 case PT_WRITE_D: 178 case PT_READ_I: 179 case PT_READ_D: 180 case PT_IO: 181 #ifdef PT_GETREGS 182 case PT_GETREGS: 183 #endif 184 #ifdef PT_SETREGS 185 case PT_SETREGS: 186 #endif 187 #ifdef PT_GETFPREGS 188 case PT_GETFPREGS: 189 #endif 190 #ifdef PT_SETFPREGS 191 case PT_SETFPREGS: 192 #endif 193 case PT_SET_EVENT_MASK: 194 case PT_GET_EVENT_MASK: 195 case PT_GET_PROCESS_STATE: 196 #ifdef __HAVE_PTRACE_MACHDEP 197 PTRACE_MACHDEP_REQUEST_CASES 198 #endif 199 if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) || 200 ISSET(p->p_flag, PK_SUGID)) { 201 break; 202 } 203 204 result = KAUTH_RESULT_ALLOW; 205 206 break; 207 208 #ifdef PT_STEP 209 case PT_STEP: 210 #endif 211 case PT_CONTINUE: 212 case PT_KILL: 213 case PT_DETACH: 214 case PT_LWPINFO: 215 case PT_SYSCALL: 216 case PT_SYSCALLEMU: 217 case PT_DUMPCORE: 218 result = KAUTH_RESULT_ALLOW; 219 break; 220 221 default: 222 break; 223 } 224 225 return result; 226 } 227 228 void 229 ptrace_init(void) 230 { 231 232 ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 233 ptrace_listener_cb, NULL); 234 } 235 236 static int 237 ptrace_copyinpiod(struct ptrace_io_desc *piod, const void *addr) 238 { 239 return copyin(addr, piod, sizeof(*piod)); 240 } 241 242 static void 243 ptrace_copyoutpiod(const struct ptrace_io_desc *piod, void *addr) 244 { 245 (void) copyout(piod, addr, sizeof(*piod)); 246 } 247 248 249 static struct ptrace_methods native_ptm = { 250 .ptm_copyinpiod = ptrace_copyinpiod, 251 .ptm_copyoutpiod = ptrace_copyoutpiod, 252 .ptm_doregs = process_doregs, 253 .ptm_dofpregs = process_dofpregs, 254 }; 255 256 /* 257 * Process debugging system call. 258 */ 259 int 260 sys_ptrace(struct lwp *l, const struct sys_ptrace_args *uap, register_t *retval) 261 { 262 /* { 263 syscallarg(int) req; 264 syscallarg(pid_t) pid; 265 syscallarg(void *) addr; 266 syscallarg(int) data; 267 } */ 268 269 return do_ptrace(&native_ptm, l, SCARG(uap, req), SCARG(uap, pid), 270 SCARG(uap, addr), SCARG(uap, data), retval); 271 } 272 273 int 274 do_ptrace(struct ptrace_methods *ptm, struct lwp *l, int req, pid_t pid, 275 void *addr, int data, register_t *retval) 276 { 277 struct proc *p = l->l_proc; 278 struct lwp *lt; 279 #ifdef PT_STEP 280 struct lwp *lt2; 281 #endif 282 struct proc *t; /* target process */ 283 struct uio uio; 284 struct iovec iov; 285 struct ptrace_io_desc piod; 286 struct ptrace_event pe; 287 struct ptrace_state ps; 288 struct ptrace_lwpinfo pl; 289 struct vmspace *vm; 290 int error, write, tmp, pheld; 291 int signo = 0; 292 int resume_all; 293 ksiginfo_t ksi; 294 char *path; 295 int len = 0; 296 error = 0; 297 298 /* 299 * If attaching or detaching, we need to get a write hold on the 300 * proclist lock so that we can re-parent the target process. 301 */ 302 mutex_enter(proc_lock); 303 304 /* "A foolish consistency..." XXX */ 305 if (req == PT_TRACE_ME) { 306 t = p; 307 mutex_enter(t->p_lock); 308 } else { 309 /* Find the process we're supposed to be operating on. */ 310 t = proc_find(pid); 311 if (t == NULL) { 312 mutex_exit(proc_lock); 313 return ESRCH; 314 } 315 316 /* XXX-elad */ 317 mutex_enter(t->p_lock); 318 error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, 319 t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 320 if (error) { 321 mutex_exit(proc_lock); 322 mutex_exit(t->p_lock); 323 return ESRCH; 324 } 325 } 326 327 /* 328 * Grab a reference on the process to prevent it from execing or 329 * exiting. 330 */ 331 if (!rw_tryenter(&t->p_reflock, RW_READER)) { 332 mutex_exit(proc_lock); 333 mutex_exit(t->p_lock); 334 return EBUSY; 335 } 336 337 /* Make sure we can operate on it. */ 338 switch (req) { 339 case PT_TRACE_ME: 340 /* Saying that you're being traced is always legal. */ 341 break; 342 343 case PT_ATTACH: 344 /* 345 * You can't attach to a process if: 346 * (1) it's the process that's doing the attaching, 347 */ 348 if (t->p_pid == p->p_pid) { 349 error = EINVAL; 350 break; 351 } 352 353 /* 354 * (2) it's a system process 355 */ 356 if (t->p_flag & PK_SYSTEM) { 357 error = EPERM; 358 break; 359 } 360 361 /* 362 * (3) it's already being traced, or 363 */ 364 if (ISSET(t->p_slflag, PSL_TRACED)) { 365 error = EBUSY; 366 break; 367 } 368 369 /* 370 * (4) the tracer is chrooted, and its root directory is 371 * not at or above the root directory of the tracee 372 */ 373 mutex_exit(t->p_lock); /* XXXSMP */ 374 tmp = proc_isunder(t, l); 375 mutex_enter(t->p_lock); /* XXXSMP */ 376 if (!tmp) { 377 error = EPERM; 378 break; 379 } 380 break; 381 382 case PT_READ_I: 383 case PT_READ_D: 384 case PT_WRITE_I: 385 case PT_WRITE_D: 386 case PT_IO: 387 #ifdef PT_GETREGS 388 case PT_GETREGS: 389 #endif 390 #ifdef PT_SETREGS 391 case PT_SETREGS: 392 #endif 393 #ifdef PT_GETFPREGS 394 case PT_GETFPREGS: 395 #endif 396 #ifdef PT_SETFPREGS 397 case PT_SETFPREGS: 398 #endif 399 #ifdef __HAVE_PTRACE_MACHDEP 400 PTRACE_MACHDEP_REQUEST_CASES 401 #endif 402 /* 403 * You can't read/write the memory or registers of a process 404 * if the tracer is chrooted, and its root directory is not at 405 * or above the root directory of the tracee. 406 */ 407 mutex_exit(t->p_lock); /* XXXSMP */ 408 tmp = proc_isunder(t, l); 409 mutex_enter(t->p_lock); /* XXXSMP */ 410 if (!tmp) { 411 error = EPERM; 412 break; 413 } 414 /*FALLTHROUGH*/ 415 416 case PT_CONTINUE: 417 case PT_KILL: 418 case PT_DETACH: 419 case PT_LWPINFO: 420 case PT_SYSCALL: 421 case PT_SYSCALLEMU: 422 case PT_DUMPCORE: 423 #ifdef PT_STEP 424 case PT_STEP: 425 #endif 426 case PT_SET_EVENT_MASK: 427 case PT_GET_EVENT_MASK: 428 case PT_GET_PROCESS_STATE: 429 /* 430 * You can't do what you want to the process if: 431 * (1) It's not being traced at all, 432 */ 433 if (!ISSET(t->p_slflag, PSL_TRACED)) { 434 error = EPERM; 435 break; 436 } 437 438 /* 439 * (2) it's being traced by procfs (which has 440 * different signal delivery semantics), 441 */ 442 if (ISSET(t->p_slflag, PSL_FSTRACE)) { 443 DPRINTF(("file system traced\n")); 444 error = EBUSY; 445 break; 446 } 447 448 /* 449 * (3) it's not being traced by _you_, or 450 */ 451 if (t->p_pptr != p) { 452 DPRINTF(("parent %d != %d\n", t->p_pptr->p_pid, 453 p->p_pid)); 454 error = EBUSY; 455 break; 456 } 457 458 /* 459 * (4) it's not currently stopped. 460 */ 461 if (t->p_stat != SSTOP || !t->p_waited /* XXXSMP */) { 462 DPRINTF(("stat %d flag %d\n", t->p_stat, 463 !t->p_waited)); 464 error = EBUSY; 465 break; 466 } 467 break; 468 469 default: /* It was not a legal request. */ 470 error = EINVAL; 471 break; 472 } 473 474 if (error == 0) { 475 error = kauth_authorize_process(l->l_cred, 476 KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req), 477 NULL, NULL); 478 } 479 if (error == 0) { 480 lt = lwp_find_first(t); 481 if (lt == NULL) 482 error = ESRCH; 483 } 484 485 if (error != 0) { 486 mutex_exit(proc_lock); 487 mutex_exit(t->p_lock); 488 rw_exit(&t->p_reflock); 489 return error; 490 } 491 492 /* Do single-step fixup if needed. */ 493 FIX_SSTEP(t); 494 KASSERT(lt != NULL); 495 lwp_addref(lt); 496 497 /* 498 * Which locks do we need held? XXX Ugly. 499 */ 500 switch (req) { 501 #ifdef PT_STEP 502 case PT_STEP: 503 #endif 504 case PT_CONTINUE: 505 case PT_DETACH: 506 case PT_KILL: 507 case PT_SYSCALL: 508 case PT_SYSCALLEMU: 509 case PT_ATTACH: 510 case PT_TRACE_ME: 511 pheld = 1; 512 break; 513 default: 514 mutex_exit(proc_lock); 515 mutex_exit(t->p_lock); 516 pheld = 0; 517 break; 518 } 519 520 /* Now do the operation. */ 521 write = 0; 522 *retval = 0; 523 tmp = 0; 524 resume_all = 1; 525 526 switch (req) { 527 case PT_TRACE_ME: 528 /* Just set the trace flag. */ 529 SET(t->p_slflag, PSL_TRACED); 530 t->p_opptr = t->p_pptr; 531 break; 532 533 case PT_WRITE_I: /* XXX no separate I and D spaces */ 534 case PT_WRITE_D: 535 #if defined(__HAVE_RAS) 536 /* 537 * Can't write to a RAS 538 */ 539 if (ras_lookup(t, addr) != (void *)-1) { 540 error = EACCES; 541 break; 542 } 543 #endif 544 write = 1; 545 tmp = data; 546 /* FALLTHROUGH */ 547 548 case PT_READ_I: /* XXX no separate I and D spaces */ 549 case PT_READ_D: 550 /* write = 0 done above. */ 551 iov.iov_base = (void *)&tmp; 552 iov.iov_len = sizeof(tmp); 553 uio.uio_iov = &iov; 554 uio.uio_iovcnt = 1; 555 uio.uio_offset = (off_t)(unsigned long)addr; 556 uio.uio_resid = sizeof(tmp); 557 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 558 UIO_SETUP_SYSSPACE(&uio); 559 560 error = process_domem(l, lt, &uio); 561 if (!write) 562 *retval = tmp; 563 break; 564 565 case PT_IO: 566 error = ptm->ptm_copyinpiod(&piod, addr); 567 if (error) 568 break; 569 570 iov.iov_base = piod.piod_addr; 571 iov.iov_len = piod.piod_len; 572 uio.uio_iov = &iov; 573 uio.uio_iovcnt = 1; 574 uio.uio_offset = (off_t)(unsigned long)piod.piod_offs; 575 uio.uio_resid = piod.piod_len; 576 577 switch (piod.piod_op) { 578 case PIOD_READ_D: 579 case PIOD_READ_I: 580 uio.uio_rw = UIO_READ; 581 break; 582 case PIOD_WRITE_D: 583 case PIOD_WRITE_I: 584 /* 585 * Can't write to a RAS 586 */ 587 if (ras_lookup(t, addr) != (void *)-1) { 588 return EACCES; 589 } 590 uio.uio_rw = UIO_WRITE; 591 break; 592 case PIOD_READ_AUXV: 593 req = PT_READ_D; 594 uio.uio_rw = UIO_READ; 595 tmp = t->p_execsw->es_arglen * PROC_PTRSZ(t); 596 if (uio.uio_offset > tmp) 597 return EIO; 598 if (uio.uio_resid > tmp - uio.uio_offset) 599 uio.uio_resid = tmp - uio.uio_offset; 600 piod.piod_len = iov.iov_len = uio.uio_resid; 601 error = process_auxv_offset(t, &uio); 602 if (error) 603 return error; 604 break; 605 default: 606 error = EINVAL; 607 break; 608 } 609 if (error) 610 break; 611 error = proc_vmspace_getref(l->l_proc, &vm); 612 if (error) 613 break; 614 uio.uio_vmspace = vm; 615 616 error = process_domem(l, lt, &uio); 617 piod.piod_len -= uio.uio_resid; 618 (void) ptm->ptm_copyoutpiod(&piod, addr); 619 620 uvmspace_free(vm); 621 break; 622 623 case PT_DUMPCORE: 624 if ((path = addr) != NULL) { 625 char *dst; 626 len = data; 627 628 if (len < 0 || len >= MAXPATHLEN) { 629 error = EINVAL; 630 break; 631 } 632 dst = kmem_alloc(len + 1, KM_SLEEP); 633 if ((error = copyin(path, dst, len)) != 0) { 634 kmem_free(dst, len + 1); 635 break; 636 } 637 path = dst; 638 path[len] = '\0'; 639 } 640 error = (*coredump_vec)(lt, path); 641 if (path) 642 kmem_free(path, len + 1); 643 break; 644 645 #ifdef PT_STEP 646 case PT_STEP: 647 /* 648 * From the 4.4BSD PRM: 649 * "Execution continues as in request PT_CONTINUE; however 650 * as soon as possible after execution of at least one 651 * instruction, execution stops again. [ ... ]" 652 */ 653 #endif 654 case PT_CONTINUE: 655 case PT_SYSCALL: 656 case PT_DETACH: 657 if (req == PT_SYSCALL) { 658 if (!ISSET(t->p_slflag, PSL_SYSCALL)) { 659 SET(t->p_slflag, PSL_SYSCALL); 660 #ifdef __HAVE_SYSCALL_INTERN 661 (*t->p_emul->e_syscall_intern)(t); 662 #endif 663 } 664 } else { 665 if (ISSET(t->p_slflag, PSL_SYSCALL)) { 666 CLR(t->p_slflag, PSL_SYSCALL); 667 #ifdef __HAVE_SYSCALL_INTERN 668 (*t->p_emul->e_syscall_intern)(t); 669 #endif 670 } 671 } 672 t->p_trace_enabled = trace_is_enabled(t); 673 674 /* 675 * Pick up the LWPID, if supplied. There are two cases: 676 * data < 0 : step or continue single thread, lwp = -data 677 * data > 0 in PT_STEP : step this thread, continue others 678 * For operations other than PT_STEP, data > 0 means 679 * data is the signo to deliver to the process. 680 */ 681 tmp = data; 682 if (tmp >= 0) { 683 #ifdef PT_STEP 684 if (req == PT_STEP) 685 signo = 0; 686 else 687 #endif 688 { 689 signo = tmp; 690 tmp = 0; /* don't search for LWP */ 691 } 692 } else 693 tmp = -tmp; 694 695 if (tmp > 0) { 696 if (req == PT_DETACH) { 697 error = EINVAL; 698 break; 699 } 700 lwp_delref2 (lt); 701 lt = lwp_find(t, tmp); 702 if (lt == NULL) { 703 error = ESRCH; 704 break; 705 } 706 lwp_addref(lt); 707 resume_all = 0; 708 signo = 0; 709 } 710 711 /* 712 * From the 4.4BSD PRM: 713 * "The data argument is taken as a signal number and the 714 * child's execution continues at location addr as if it 715 * incurred that signal. Normally the signal number will 716 * be either 0 to indicate that the signal that caused the 717 * stop should be ignored, or that value fetched out of 718 * the process's image indicating which signal caused 719 * the stop. If addr is (int *)1 then execution continues 720 * from where it stopped." 721 */ 722 723 /* Check that the data is a valid signal number or zero. */ 724 if (signo < 0 || signo >= NSIG) { 725 error = EINVAL; 726 break; 727 } 728 729 /* If the address parameter is not (int *)1, set the pc. */ 730 if ((int *)addr != (int *)1) { 731 error = process_set_pc(lt, addr); 732 if (error != 0) 733 break; 734 } 735 #ifdef PT_STEP 736 /* 737 * Arrange for a single-step, if that's requested and possible. 738 * More precisely, set the single step status as requested for 739 * the requested thread, and clear it for other threads. 740 */ 741 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 742 if (lt != lt2) { 743 lwp_lock(lt2); 744 process_sstep(lt2, 0); 745 lwp_unlock(lt2); 746 } 747 } 748 error = process_sstep(lt, req == PT_STEP); 749 if (error) 750 break; 751 #endif 752 if (req == PT_DETACH) { 753 CLR(t->p_slflag, PSL_TRACED|PSL_FSTRACE|PSL_SYSCALL); 754 755 /* give process back to original parent or init */ 756 if (t->p_opptr != t->p_pptr) { 757 struct proc *pp = t->p_opptr; 758 proc_reparent(t, pp ? pp : initproc); 759 } 760 761 /* not being traced any more */ 762 t->p_opptr = NULL; 763 } 764 sendsig: 765 t->p_fpid = 0; 766 /* Finally, deliver the requested signal (or none). */ 767 if (t->p_stat == SSTOP) { 768 /* 769 * Unstop the process. If it needs to take a 770 * signal, make all efforts to ensure that at 771 * an LWP runs to see it. 772 */ 773 t->p_xsig = signo; 774 if (resume_all) 775 proc_unstop(t); 776 else 777 lwp_unstop(lt); 778 } else if (signo != 0) { 779 KSI_INIT_EMPTY(&ksi); 780 ksi.ksi_signo = signo; 781 kpsignal2(t, &ksi); 782 } 783 break; 784 785 case PT_SYSCALLEMU: 786 if (!ISSET(t->p_slflag, PSL_SYSCALL) || t->p_stat != SSTOP) { 787 error = EINVAL; 788 break; 789 } 790 SET(t->p_slflag, PSL_SYSCALLEMU); 791 break; 792 793 case PT_KILL: 794 /* just send the process a KILL signal. */ 795 signo = SIGKILL; 796 goto sendsig; /* in PT_CONTINUE, above. */ 797 798 case PT_ATTACH: 799 /* 800 * Go ahead and set the trace flag. 801 * Save the old parent (it's reset in 802 * _DETACH, and also in kern_exit.c:wait4() 803 * Reparent the process so that the tracing 804 * proc gets to see all the action. 805 * Stop the target. 806 */ 807 t->p_opptr = t->p_pptr; 808 if (t->p_pptr != p) { 809 struct proc *parent = t->p_pptr; 810 811 if (parent->p_lock < t->p_lock) { 812 if (!mutex_tryenter(parent->p_lock)) { 813 mutex_exit(t->p_lock); 814 mutex_enter(parent->p_lock); 815 mutex_enter(t->p_lock); 816 } 817 } else if (parent->p_lock > t->p_lock) { 818 mutex_enter(parent->p_lock); 819 } 820 parent->p_slflag |= PSL_CHTRACED; 821 proc_reparent(t, p); 822 if (parent->p_lock != t->p_lock) 823 mutex_exit(parent->p_lock); 824 } 825 SET(t->p_slflag, PSL_TRACED); 826 signo = SIGSTOP; 827 goto sendsig; 828 829 case PT_GET_EVENT_MASK: 830 if (data != sizeof(pe)) { 831 DPRINTF(("ptrace(%d): %d != %zu\n", req, 832 data, sizeof(pe))); 833 error = EINVAL; 834 break; 835 } 836 memset(&pe, 0, sizeof(pe)); 837 pe.pe_set_event = ISSET(t->p_slflag, PSL_TRACEFORK) ? 838 PTRACE_FORK : 0; 839 error = copyout(&pe, addr, sizeof(pe)); 840 break; 841 842 case PT_SET_EVENT_MASK: 843 if (data != sizeof(pe)) { 844 DPRINTF(("ptrace(%d): %d != %zu\n", req, data, 845 sizeof(pe))); 846 error = EINVAL; 847 break; 848 } 849 if ((error = copyin(addr, &pe, sizeof(pe))) != 0) 850 return error; 851 if (pe.pe_set_event & PTRACE_FORK) 852 SET(t->p_slflag, PSL_TRACEFORK); 853 else 854 CLR(t->p_slflag, PSL_TRACEFORK); 855 break; 856 857 case PT_GET_PROCESS_STATE: 858 if (data != sizeof(ps)) { 859 DPRINTF(("ptrace(%d): %d != %zu\n", req, data, 860 sizeof(ps))); 861 error = EINVAL; 862 break; 863 } 864 memset(&ps, 0, sizeof(ps)); 865 if (t->p_fpid) { 866 ps.pe_report_event = PTRACE_FORK; 867 ps.pe_other_pid = t->p_fpid; 868 } 869 error = copyout(&ps, addr, sizeof(ps)); 870 break; 871 872 case PT_LWPINFO: 873 if (data != sizeof(pl)) { 874 DPRINTF(("ptrace(%d): %d != %zu\n", req, data, 875 sizeof(pl))); 876 error = EINVAL; 877 break; 878 } 879 error = copyin(addr, &pl, sizeof(pl)); 880 if (error) 881 break; 882 tmp = pl.pl_lwpid; 883 lwp_delref(lt); 884 mutex_enter(t->p_lock); 885 if (tmp == 0) 886 lt = lwp_find_first(t); 887 else { 888 lt = lwp_find(t, tmp); 889 if (lt == NULL) { 890 mutex_exit(t->p_lock); 891 error = ESRCH; 892 break; 893 } 894 lt = LIST_NEXT(lt, l_sibling); 895 } 896 while (lt != NULL && !lwp_alive(lt)) 897 lt = LIST_NEXT(lt, l_sibling); 898 pl.pl_lwpid = 0; 899 pl.pl_event = 0; 900 if (lt) { 901 lwp_addref(lt); 902 pl.pl_lwpid = lt->l_lid; 903 if (lt->l_lid == t->p_sigctx.ps_lwp) 904 pl.pl_event = PL_EVENT_SIGNAL; 905 } 906 mutex_exit(t->p_lock); 907 908 error = copyout(&pl, addr, sizeof(pl)); 909 break; 910 911 #ifdef PT_SETREGS 912 case PT_SETREGS: 913 write = 1; 914 #endif 915 #ifdef PT_GETREGS 916 case PT_GETREGS: 917 /* write = 0 done above. */ 918 #endif 919 #if defined(PT_SETREGS) || defined(PT_GETREGS) 920 tmp = data; 921 if (tmp != 0 && t->p_nlwps > 1) { 922 lwp_delref(lt); 923 mutex_enter(t->p_lock); 924 lt = lwp_find(t, tmp); 925 if (lt == NULL) { 926 mutex_exit(t->p_lock); 927 error = ESRCH; 928 break; 929 } 930 lwp_addref(lt); 931 mutex_exit(t->p_lock); 932 } 933 if (!process_validregs(lt)) 934 error = EINVAL; 935 else { 936 error = proc_vmspace_getref(p, &vm); 937 if (error) 938 break; 939 iov.iov_base = addr; 940 iov.iov_len = PROC_REGSZ(p); 941 uio.uio_iov = &iov; 942 uio.uio_iovcnt = 1; 943 uio.uio_offset = 0; 944 uio.uio_resid = iov.iov_len; 945 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 946 uio.uio_vmspace = vm; 947 948 error = ptm->ptm_doregs(l, lt, &uio); 949 uvmspace_free(vm); 950 } 951 break; 952 #endif 953 954 #ifdef PT_SETFPREGS 955 case PT_SETFPREGS: 956 write = 1; 957 #endif 958 #ifdef PT_GETFPREGS 959 case PT_GETFPREGS: 960 /* write = 0 done above. */ 961 #endif 962 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 963 tmp = data; 964 if (tmp != 0 && t->p_nlwps > 1) { 965 lwp_delref(lt); 966 mutex_enter(t->p_lock); 967 lt = lwp_find(t, tmp); 968 if (lt == NULL) { 969 mutex_exit(t->p_lock); 970 error = ESRCH; 971 break; 972 } 973 lwp_addref(lt); 974 mutex_exit(t->p_lock); 975 } 976 if (!process_validfpregs(lt)) 977 error = EINVAL; 978 else { 979 error = proc_vmspace_getref(p, &vm); 980 if (error) 981 break; 982 iov.iov_base = addr; 983 iov.iov_len = PROC_FPREGSZ(p); 984 uio.uio_iov = &iov; 985 uio.uio_iovcnt = 1; 986 uio.uio_offset = 0; 987 uio.uio_resid = iov.iov_len; 988 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 989 uio.uio_vmspace = vm; 990 991 error = ptm->ptm_dofpregs(l, lt, &uio); 992 uvmspace_free(vm); 993 } 994 break; 995 #endif 996 997 #ifdef __HAVE_PTRACE_MACHDEP 998 PTRACE_MACHDEP_REQUEST_CASES 999 error = ptrace_machdep_dorequest(l, lt, req, addr, data); 1000 break; 1001 #endif 1002 } 1003 1004 if (pheld) { 1005 mutex_exit(t->p_lock); 1006 mutex_exit(proc_lock); 1007 } 1008 if (lt != NULL) 1009 lwp_delref(lt); 1010 rw_exit(&t->p_reflock); 1011 1012 return error; 1013 } 1014 1015 int 1016 process_doregs(struct lwp *curl /*tracer*/, 1017 struct lwp *l /*traced*/, 1018 struct uio *uio) 1019 { 1020 #if defined(PT_GETREGS) || defined(PT_SETREGS) 1021 int error; 1022 struct reg r; 1023 char *kv; 1024 int kl; 1025 1026 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 1027 return EINVAL; 1028 1029 kl = sizeof(r); 1030 kv = (char *)&r; 1031 1032 kv += uio->uio_offset; 1033 kl -= uio->uio_offset; 1034 if ((size_t)kl > uio->uio_resid) 1035 kl = uio->uio_resid; 1036 1037 error = process_read_regs(l, &r); 1038 if (error == 0) 1039 error = uiomove(kv, kl, uio); 1040 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1041 if (l->l_stat != LSSTOP) 1042 error = EBUSY; 1043 else 1044 error = process_write_regs(l, &r); 1045 } 1046 1047 uio->uio_offset = 0; 1048 return error; 1049 #else 1050 return EINVAL; 1051 #endif 1052 } 1053 1054 int 1055 process_validregs(struct lwp *l) 1056 { 1057 1058 #if defined(PT_SETREGS) || defined(PT_GETREGS) 1059 return (l->l_flag & LW_SYSTEM) == 0; 1060 #else 1061 return 0; 1062 #endif 1063 } 1064 1065 int 1066 process_dofpregs(struct lwp *curl /*tracer*/, 1067 struct lwp *l /*traced*/, 1068 struct uio *uio) 1069 { 1070 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 1071 int error; 1072 struct fpreg r; 1073 char *kv; 1074 size_t kl; 1075 1076 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 1077 return EINVAL; 1078 1079 kl = sizeof(r); 1080 kv = (char *)&r; 1081 1082 kv += uio->uio_offset; 1083 kl -= uio->uio_offset; 1084 if (kl > uio->uio_resid) 1085 kl = uio->uio_resid; 1086 1087 error = process_read_fpregs(l, &r, &kl); 1088 if (error == 0) 1089 error = uiomove(kv, kl, uio); 1090 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1091 if (l->l_stat != LSSTOP) 1092 error = EBUSY; 1093 else 1094 error = process_write_fpregs(l, &r, kl); 1095 } 1096 uio->uio_offset = 0; 1097 return error; 1098 #else 1099 return EINVAL; 1100 #endif 1101 } 1102 1103 int 1104 process_validfpregs(struct lwp *l) 1105 { 1106 1107 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 1108 return (l->l_flag & LW_SYSTEM) == 0; 1109 #else 1110 return 0; 1111 #endif 1112 } 1113 #endif /* PTRACE */ 1114 1115 #if defined(KTRACE) || defined(PTRACE) 1116 int 1117 process_domem(struct lwp *curl /*tracer*/, 1118 struct lwp *l /*traced*/, 1119 struct uio *uio) 1120 { 1121 struct proc *p = l->l_proc; /* traced */ 1122 struct vmspace *vm; 1123 int error; 1124 1125 size_t len; 1126 #ifdef PMAP_NEED_PROCWR 1127 vaddr_t addr; 1128 #endif 1129 1130 error = 0; 1131 len = uio->uio_resid; 1132 1133 if (len == 0) 1134 return 0; 1135 1136 #ifdef PMAP_NEED_PROCWR 1137 addr = uio->uio_offset; 1138 #endif 1139 1140 vm = p->p_vmspace; 1141 1142 mutex_enter(&vm->vm_map.misc_lock); 1143 if ((l->l_flag & LW_WEXIT) || vm->vm_refcnt < 1) 1144 error = EFAULT; 1145 if (error == 0) 1146 p->p_vmspace->vm_refcnt++; /* XXX */ 1147 mutex_exit(&vm->vm_map.misc_lock); 1148 if (error != 0) 1149 return error; 1150 error = uvm_io(&vm->vm_map, uio, pax_mprotect_prot(l)); 1151 uvmspace_free(vm); 1152 1153 #ifdef PMAP_NEED_PROCWR 1154 if (error == 0 && uio->uio_rw == UIO_WRITE) 1155 pmap_procwr(p, addr, len); 1156 #endif 1157 return error; 1158 } 1159 #endif /* KTRACE || PTRACE */ 1160 1161 #if defined(KTRACE) || defined(PTRACE) 1162 void 1163 process_stoptrace(void) 1164 { 1165 struct lwp *l = curlwp; 1166 struct proc *p = l->l_proc, *pp; 1167 1168 mutex_enter(proc_lock); 1169 mutex_enter(p->p_lock); 1170 pp = p->p_pptr; 1171 if (pp->p_pid == 1) { 1172 CLR(p->p_slflag, PSL_SYSCALL); /* XXXSMP */ 1173 mutex_exit(p->p_lock); 1174 mutex_exit(proc_lock); 1175 return; 1176 } 1177 1178 p->p_xsig = SIGTRAP; 1179 proc_stop(p, 1, SIGSTOP); 1180 mutex_exit(proc_lock); 1181 1182 if (sigispending(l, 0)) { 1183 lwp_lock(l); 1184 l->l_flag |= LW_PENDSIG; 1185 lwp_unlock(l); 1186 } 1187 mutex_exit(p->p_lock); 1188 } 1189 #endif /* KTRACE || PTRACE */ 1190 1191 #ifdef PTRACE 1192 static int 1193 process_auxv_offset(struct proc *p, struct uio *uio) 1194 { 1195 struct ps_strings pss; 1196 int error; 1197 off_t off = (off_t)p->p_psstrp; 1198 1199 if ((error = copyin_psstrings(p, &pss)) != 0) 1200 return error; 1201 1202 if (pss.ps_envstr == NULL) 1203 return EIO; 1204 1205 uio->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + pss.ps_nenvstr + 1); 1206 #ifdef __MACHINE_STACK_GROWS_UP 1207 if (uio->uio_offset < off) 1208 return EIO; 1209 #else 1210 if (uio->uio_offset > off) 1211 return EIO; 1212 if ((uio->uio_offset + uio->uio_resid) > off) 1213 uio->uio_resid = off - uio->uio_offset; 1214 #endif 1215 return 0; 1216 } 1217 #endif 1218