1 /* $NetBSD: sys_process.c,v 1.110 2006/09/01 21:05:33 matt Exp $ */ 2 3 /*- 4 * Copyright (c) 1982, 1986, 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * This code is derived from software contributed to Berkeley by 13 * Jan-Simon Pendry. 14 * 15 * Redistribution and use in source and binary forms, with or without 16 * modification, are permitted provided that the following conditions 17 * are met: 18 * 1. Redistributions of source code must retain the above copyright 19 * notice, this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright 21 * notice, this list of conditions and the following disclaimer in the 22 * documentation and/or other materials provided with the distribution. 23 * 3. Neither the name of the University nor the names of its contributors 24 * may be used to endorse or promote products derived from this software 25 * without specific prior written permission. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * 39 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 40 */ 41 42 /*- 43 * Copyright (c) 1993 Jan-Simon Pendry. 44 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 45 * 46 * This code is derived from software contributed to Berkeley by 47 * Jan-Simon Pendry. 48 * 49 * Redistribution and use in source and binary forms, with or without 50 * modification, are permitted provided that the following conditions 51 * are met: 52 * 1. Redistributions of source code must retain the above copyright 53 * notice, this list of conditions and the following disclaimer. 54 * 2. Redistributions in binary form must reproduce the above copyright 55 * notice, this list of conditions and the following disclaimer in the 56 * documentation and/or other materials provided with the distribution. 57 * 3. All advertising materials mentioning features or use of this software 58 * must display the following acknowledgement: 59 * This product includes software developed by the University of 60 * California, Berkeley and its contributors. 61 * 4. Neither the name of the University nor the names of its contributors 62 * may be used to endorse or promote products derived from this software 63 * without specific prior written permission. 64 * 65 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 66 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 67 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 68 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 69 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 70 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 71 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 72 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 73 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 74 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 75 * SUCH DAMAGE. 76 * 77 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 78 */ 79 80 /* 81 * References: 82 * (1) Bach's "The Design of the UNIX Operating System", 83 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 84 * (3) the "4.4BSD Programmer's Reference Manual" published 85 * by USENIX and O'Reilly & Associates. 86 * The 4.4BSD PRM does a reasonably good job of documenting what the various 87 * ptrace() requests should actually do, and its text is quoted several times 88 * in this file. 89 */ 90 91 #include "opt_coredump.h" 92 #include "opt_ptrace.h" 93 #include "opt_ktrace.h" 94 95 #include <sys/cdefs.h> 96 __KERNEL_RCSID(0, "$NetBSD: sys_process.c,v 1.110 2006/09/01 21:05:33 matt Exp $"); 97 98 #include <sys/param.h> 99 #include <sys/systm.h> 100 #include <sys/proc.h> 101 #include <sys/errno.h> 102 #include <sys/ptrace.h> 103 #include <sys/uio.h> 104 #include <sys/user.h> 105 #include <sys/ras.h> 106 #include <sys/malloc.h> 107 #include <sys/kauth.h> 108 109 #include <sys/mount.h> 110 #include <sys/sa.h> 111 #include <sys/syscallargs.h> 112 113 #include <uvm/uvm_extern.h> 114 115 #include <machine/reg.h> 116 117 #ifdef PTRACE 118 /* 119 * Process debugging system call. 120 */ 121 int 122 sys_ptrace(struct lwp *l, void *v, register_t *retval) 123 { 124 struct sys_ptrace_args /* { 125 syscallarg(int) req; 126 syscallarg(pid_t) pid; 127 syscallarg(caddr_t) addr; 128 syscallarg(int) data; 129 } */ *uap = v; 130 struct proc *p = l->l_proc; 131 struct lwp *lt, *lr; 132 struct proc *t; /* target process */ 133 struct uio uio; 134 struct iovec iov; 135 struct ptrace_io_desc piod; 136 struct ptrace_lwpinfo pl; 137 struct vmspace *vm; 138 int s, error, write, tmp, size; 139 #ifdef COREDUMP 140 char *path; 141 #endif 142 143 /* "A foolish consistency..." XXX */ 144 if (SCARG(uap, req) == PT_TRACE_ME) 145 t = p; 146 else { 147 148 /* Find the process we're supposed to be operating on. */ 149 if ((t = pfind(SCARG(uap, pid))) == NULL) 150 return (ESRCH); 151 } 152 153 /* Can't trace a process that's currently exec'ing. */ 154 if ((t->p_flag & P_INEXEC) != 0) 155 return EAGAIN; 156 157 /* Make sure we can operate on it. */ 158 switch (SCARG(uap, req)) { 159 case PT_TRACE_ME: 160 /* Saying that you're being traced is always legal. */ 161 break; 162 163 case PT_ATTACH: 164 /* 165 * You can't attach to a process if: 166 * (1) it's the process that's doing the attaching, 167 */ 168 if (t->p_pid == p->p_pid) 169 return (EINVAL); 170 171 /* 172 * (2) it's a system process 173 */ 174 if (t->p_flag & P_SYSTEM) 175 return (EPERM); 176 177 /* 178 * (3) it's already being traced, or 179 */ 180 if (ISSET(t->p_flag, P_TRACED)) 181 return (EBUSY); 182 183 /* 184 * (4) it's not owned by you, or is set-id on exec 185 * (unless you're root), or... 186 */ 187 if ((kauth_cred_getuid(t->p_cred) != 188 kauth_cred_getuid(l->l_cred) || 189 ISSET(t->p_flag, P_SUGID)) && 190 (error = kauth_authorize_generic(l->l_cred, 191 KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0) 192 return (error); 193 194 /* 195 * (5) ...it's init, which controls the security level 196 * of the entire system, and the system was not 197 * compiled with permanently insecure mode turned on 198 */ 199 if (t == initproc && securelevel > -1) 200 return (EPERM); 201 202 /* 203 * (6) the tracer is chrooted, and its root directory is 204 * not at or above the root directory of the tracee 205 */ 206 207 if (!proc_isunder(t, l)) 208 return EPERM; 209 break; 210 211 case PT_READ_I: 212 case PT_READ_D: 213 case PT_WRITE_I: 214 case PT_WRITE_D: 215 case PT_CONTINUE: 216 case PT_IO: 217 case PT_KILL: 218 case PT_DETACH: 219 case PT_LWPINFO: 220 case PT_SYSCALL: 221 #ifdef COREDUMP 222 case PT_DUMPCORE: 223 #endif 224 #ifdef PT_STEP 225 case PT_STEP: 226 #endif 227 #ifdef PT_GETREGS 228 case PT_GETREGS: 229 #endif 230 #ifdef PT_SETREGS 231 case PT_SETREGS: 232 #endif 233 #ifdef PT_GETFPREGS 234 case PT_GETFPREGS: 235 #endif 236 #ifdef PT_SETFPREGS 237 case PT_SETFPREGS: 238 #endif 239 240 #ifdef __HAVE_PTRACE_MACHDEP 241 PTRACE_MACHDEP_REQUEST_CASES 242 #endif 243 244 /* 245 * You can't do what you want to the process if: 246 * (1) It's not being traced at all, 247 */ 248 if (!ISSET(t->p_flag, P_TRACED)) 249 return (EPERM); 250 251 /* 252 * (2) it's being traced by procfs (which has 253 * different signal delivery semantics), 254 */ 255 if (ISSET(t->p_flag, P_FSTRACE)) { 256 uprintf("file system traced\n"); 257 return (EBUSY); 258 } 259 260 /* 261 * (3) it's not being traced by _you_, or 262 */ 263 if (t->p_pptr != p) { 264 uprintf("parent %d != %d\n", t->p_pptr->p_pid, p->p_pid); 265 return (EBUSY); 266 } 267 268 /* 269 * (4) it's not currently stopped. 270 */ 271 if (t->p_stat != SSTOP || !ISSET(t->p_flag, P_WAITED)) { 272 uprintf("stat %d flag %d\n", t->p_stat, 273 !ISSET(t->p_flag, P_WAITED)); 274 return (EBUSY); 275 } 276 break; 277 278 default: /* It was not a legal request. */ 279 return (EINVAL); 280 } 281 282 /* Do single-step fixup if needed. */ 283 FIX_SSTEP(t); 284 285 /* 286 * XXX NJWLWP 287 * 288 * The entire ptrace interface needs work to be useful to a 289 * process with multiple LWPs. For the moment, we'll kluge 290 * this; memory access will be fine, but register access will 291 * be weird. 292 */ 293 294 lt = proc_representative_lwp(t); 295 296 /* Now do the operation. */ 297 write = 0; 298 *retval = 0; 299 tmp = 0; 300 301 switch (SCARG(uap, req)) { 302 case PT_TRACE_ME: 303 /* Just set the trace flag. */ 304 SET(t->p_flag, P_TRACED); 305 t->p_opptr = t->p_pptr; 306 return (0); 307 308 case PT_WRITE_I: /* XXX no separate I and D spaces */ 309 case PT_WRITE_D: 310 #if defined(__HAVE_RAS) 311 /* 312 * Can't write to a RAS 313 */ 314 if (!LIST_EMPTY(&t->p_raslist) && 315 (ras_lookup(t, SCARG(uap, addr)) != (caddr_t)-1)) { 316 return (EACCES); 317 } 318 #endif 319 write = 1; 320 tmp = SCARG(uap, data); 321 case PT_READ_I: /* XXX no separate I and D spaces */ 322 case PT_READ_D: 323 /* write = 0 done above. */ 324 iov.iov_base = (caddr_t)&tmp; 325 iov.iov_len = sizeof(tmp); 326 uio.uio_iov = &iov; 327 uio.uio_iovcnt = 1; 328 uio.uio_offset = (off_t)(unsigned long)SCARG(uap, addr); 329 uio.uio_resid = sizeof(tmp); 330 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 331 UIO_SETUP_SYSSPACE(&uio); 332 error = process_domem(l, lt, &uio); 333 if (!write) 334 *retval = tmp; 335 return (error); 336 337 case PT_IO: 338 error = copyin(SCARG(uap, addr), &piod, sizeof(piod)); 339 if (error) 340 return (error); 341 iov.iov_base = piod.piod_addr; 342 iov.iov_len = piod.piod_len; 343 uio.uio_iov = &iov; 344 uio.uio_iovcnt = 1; 345 uio.uio_offset = (off_t)(unsigned long)piod.piod_offs; 346 uio.uio_resid = piod.piod_len; 347 error = proc_vmspace_getref(l->l_proc, &vm); 348 if (error) { 349 return error; 350 } 351 uio.uio_vmspace = vm; 352 switch (piod.piod_op) { 353 case PIOD_READ_D: 354 case PIOD_READ_I: 355 uio.uio_rw = UIO_READ; 356 break; 357 case PIOD_WRITE_D: 358 case PIOD_WRITE_I: 359 uio.uio_rw = UIO_WRITE; 360 break; 361 default: 362 return (EINVAL); 363 } 364 error = process_domem(l, lt, &uio); 365 piod.piod_len -= uio.uio_resid; 366 (void) copyout(&piod, SCARG(uap, addr), sizeof(piod)); 367 uvmspace_free(vm); 368 return (error); 369 370 #ifdef COREDUMP 371 case PT_DUMPCORE: 372 if ((path = SCARG(uap, addr)) != NULL) { 373 char *dst; 374 int len = SCARG(uap, data); 375 if (len >= MAXPATHLEN) 376 return EINVAL; 377 dst = malloc(len + 1, M_TEMP, M_WAITOK); 378 if ((error = copyin(path, dst, len)) != 0) { 379 free(dst, M_TEMP); 380 return error; 381 } 382 path = dst; 383 path[len] = '\0'; 384 } 385 error = coredump(lt, path); 386 if (path) 387 free(path, M_TEMP); 388 return error; 389 #endif 390 391 #ifdef PT_STEP 392 case PT_STEP: 393 /* 394 * From the 4.4BSD PRM: 395 * "Execution continues as in request PT_CONTINUE; however 396 * as soon as possible after execution of at least one 397 * instruction, execution stops again. [ ... ]" 398 */ 399 #endif 400 case PT_CONTINUE: 401 case PT_SYSCALL: 402 case PT_DETACH: 403 if (SCARG(uap, req) == PT_SYSCALL) { 404 if (!ISSET(t->p_flag, P_SYSCALL)) { 405 SET(t->p_flag, P_SYSCALL); 406 #ifdef __HAVE_SYSCALL_INTERN 407 (*t->p_emul->e_syscall_intern)(t); 408 #endif 409 } 410 } else { 411 if (ISSET(t->p_flag, P_SYSCALL)) { 412 CLR(t->p_flag, P_SYSCALL); 413 #ifdef __HAVE_SYSCALL_INTERN 414 (*t->p_emul->e_syscall_intern)(t); 415 #endif 416 } 417 } 418 419 /* 420 * From the 4.4BSD PRM: 421 * "The data argument is taken as a signal number and the 422 * child's execution continues at location addr as if it 423 * incurred that signal. Normally the signal number will 424 * be either 0 to indicate that the signal that caused the 425 * stop should be ignored, or that value fetched out of 426 * the process's image indicating which signal caused 427 * the stop. If addr is (int *)1 then execution continues 428 * from where it stopped." 429 */ 430 431 /* Check that the data is a valid signal number or zero. */ 432 if (SCARG(uap, data) < 0 || SCARG(uap, data) >= NSIG) 433 return (EINVAL); 434 435 PHOLD(lt); 436 437 /* If the address parameter is not (int *)1, set the pc. */ 438 if ((int *)SCARG(uap, addr) != (int *)1) 439 if ((error = process_set_pc(lt, SCARG(uap, addr))) != 0) 440 goto relebad; 441 442 #ifdef PT_STEP 443 /* 444 * Arrange for a single-step, if that's requested and possible. 445 */ 446 error = process_sstep(lt, SCARG(uap, req) == PT_STEP); 447 if (error) 448 goto relebad; 449 #endif 450 451 PRELE(lt); 452 453 if (SCARG(uap, req) == PT_DETACH) { 454 /* give process back to original parent or init */ 455 s = proclist_lock_write(); 456 if (t->p_opptr != t->p_pptr) { 457 struct proc *pp = t->p_opptr; 458 proc_reparent(t, pp ? pp : initproc); 459 } 460 461 /* not being traced any more */ 462 t->p_opptr = NULL; 463 proclist_unlock_write(s); 464 CLR(t->p_flag, P_TRACED|P_WAITED|P_SYSCALL|P_FSTRACE); 465 } 466 467 sendsig: 468 /* Finally, deliver the requested signal (or none). */ 469 if (t->p_stat == SSTOP) { 470 t->p_xstat = SCARG(uap, data); 471 SCHED_LOCK(s); 472 lr = proc_unstop(t); 473 /* 474 * If the target needs to take a signal, there 475 * is no running LWP that will see it, and 476 * there is a LWP sleeping interruptably, then 477 * get it moving. 478 */ 479 if (lr && (t->p_xstat != 0)) 480 setrunnable(lr); 481 SCHED_UNLOCK(s); 482 } else { 483 if (SCARG(uap, data) != 0) 484 psignal(t, SCARG(uap, data)); 485 } 486 return (0); 487 488 relebad: 489 PRELE(lt); 490 return (error); 491 492 case PT_KILL: 493 /* just send the process a KILL signal. */ 494 SCARG(uap, data) = SIGKILL; 495 goto sendsig; /* in PT_CONTINUE, above. */ 496 497 case PT_ATTACH: 498 /* 499 * Go ahead and set the trace flag. 500 * Save the old parent (it's reset in 501 * _DETACH, and also in kern_exit.c:wait4() 502 * Reparent the process so that the tracing 503 * proc gets to see all the action. 504 * Stop the target. 505 */ 506 SET(t->p_flag, P_TRACED); 507 s = proclist_lock_write(); 508 t->p_opptr = t->p_pptr; 509 if (t->p_pptr != p) { 510 t->p_pptr->p_flag |= P_CHTRACED; 511 proc_reparent(t, p); 512 } 513 proclist_unlock_write(s); 514 SCARG(uap, data) = SIGSTOP; 515 goto sendsig; 516 517 case PT_LWPINFO: 518 size = SCARG(uap, data); 519 if (size < sizeof(lwpid_t)) 520 return (EINVAL); 521 error = copyin(SCARG(uap, addr), &pl, sizeof(lwpid_t)); 522 if (error) 523 return (error); 524 tmp = pl.pl_lwpid; 525 if (tmp == 0) 526 lt = LIST_FIRST(&t->p_lwps); 527 else { 528 LIST_FOREACH(lt, &t->p_lwps, l_sibling) 529 if (lt->l_lid == tmp) 530 break; 531 if (lt == NULL) 532 return (ESRCH); 533 lt = LIST_NEXT(lt, l_sibling); 534 } 535 pl.pl_lwpid = 0; 536 pl.pl_event = 0; 537 if (lt) { 538 pl.pl_lwpid = lt->l_lid; 539 if (lt->l_lid == t->p_sigctx.ps_lwp) 540 pl.pl_event = PL_EVENT_SIGNAL; 541 } 542 543 error = copyout(&pl, SCARG(uap, addr), SCARG(uap, data)); 544 545 return (0); 546 547 #ifdef PT_SETREGS 548 case PT_SETREGS: 549 write = 1; 550 #endif 551 #ifdef PT_GETREGS 552 case PT_GETREGS: 553 /* write = 0 done above. */ 554 #endif 555 #if defined(PT_SETREGS) || defined(PT_GETREGS) 556 tmp = SCARG(uap, data); 557 if (tmp != 0 && t->p_nlwps > 1) { 558 LIST_FOREACH(lt, &t->p_lwps, l_sibling) 559 if (lt->l_lid == tmp) 560 break; 561 if (lt == NULL) 562 return (ESRCH); 563 } 564 if (!process_validregs(proc_representative_lwp(t))) 565 return (EINVAL); 566 else { 567 error = proc_vmspace_getref(l->l_proc, &vm); 568 if (error) { 569 return error; 570 } 571 iov.iov_base = SCARG(uap, addr); 572 iov.iov_len = sizeof(struct reg); 573 uio.uio_iov = &iov; 574 uio.uio_iovcnt = 1; 575 uio.uio_offset = 0; 576 uio.uio_resid = sizeof(struct reg); 577 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 578 uio.uio_vmspace = vm; 579 error = process_doregs(l, lt, &uio); 580 uvmspace_free(vm); 581 return error; 582 } 583 #endif 584 585 #ifdef PT_SETFPREGS 586 case PT_SETFPREGS: 587 write = 1; 588 #endif 589 #ifdef PT_GETFPREGS 590 case PT_GETFPREGS: 591 /* write = 0 done above. */ 592 #endif 593 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 594 tmp = SCARG(uap, data); 595 if (tmp != 0 && t->p_nlwps > 1) { 596 LIST_FOREACH(lt, &t->p_lwps, l_sibling) 597 if (lt->l_lid == tmp) 598 break; 599 if (lt == NULL) 600 return (ESRCH); 601 } 602 if (!process_validfpregs(proc_representative_lwp(t))) 603 return (EINVAL); 604 else { 605 error = proc_vmspace_getref(l->l_proc, &vm); 606 if (error) { 607 return error; 608 } 609 iov.iov_base = SCARG(uap, addr); 610 iov.iov_len = sizeof(struct fpreg); 611 uio.uio_iov = &iov; 612 uio.uio_iovcnt = 1; 613 uio.uio_offset = 0; 614 uio.uio_resid = sizeof(struct fpreg); 615 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 616 uio.uio_vmspace = vm; 617 error = process_dofpregs(l, lt, &uio); 618 uvmspace_free(vm); 619 return error; 620 } 621 #endif 622 623 #ifdef __HAVE_PTRACE_MACHDEP 624 PTRACE_MACHDEP_REQUEST_CASES 625 return (ptrace_machdep_dorequest(l, lt, 626 SCARG(uap, req), SCARG(uap, addr), 627 SCARG(uap, data))); 628 #endif 629 } 630 631 #ifdef DIAGNOSTIC 632 panic("ptrace: impossible"); 633 #endif 634 return 0; 635 } 636 637 int 638 process_doregs(struct lwp *curl /*tracer*/, 639 struct lwp *l /*traced*/, 640 struct uio *uio) 641 { 642 #if defined(PT_GETREGS) || defined(PT_SETREGS) 643 struct proc *p = l->l_proc; 644 int error; 645 struct reg r; 646 char *kv; 647 int kl; 648 649 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 650 return EINVAL; 651 652 if ((error = process_checkioperm(curl, p)) != 0) 653 return error; 654 655 kl = sizeof(r); 656 kv = (char *)&r; 657 658 kv += uio->uio_offset; 659 kl -= uio->uio_offset; 660 if ((size_t)kl > uio->uio_resid) 661 kl = uio->uio_resid; 662 663 PHOLD(l); 664 665 error = process_read_regs(l, &r); 666 if (error == 0) 667 error = uiomove(kv, kl, uio); 668 if (error == 0 && uio->uio_rw == UIO_WRITE) { 669 if (l->l_stat != LSSTOP) 670 error = EBUSY; 671 else 672 error = process_write_regs(l, &r); 673 } 674 675 PRELE(l); 676 677 uio->uio_offset = 0; 678 return (error); 679 #else 680 return (EINVAL); 681 #endif 682 } 683 684 int 685 process_validregs(struct lwp *l) 686 { 687 688 #if defined(PT_SETREGS) || defined(PT_GETREGS) 689 return ((l->l_proc->p_flag & P_SYSTEM) == 0); 690 #else 691 return (0); 692 #endif 693 } 694 695 int 696 process_dofpregs(struct lwp *curl /*tracer*/, 697 struct lwp *l /*traced*/, 698 struct uio *uio) 699 { 700 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 701 struct proc *p = l->l_proc; 702 int error; 703 struct fpreg r; 704 char *kv; 705 int kl; 706 707 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 708 return EINVAL; 709 710 if ((error = process_checkioperm(curl, p)) != 0) 711 return (error); 712 713 kl = sizeof(r); 714 kv = (char *)&r; 715 716 kv += uio->uio_offset; 717 kl -= uio->uio_offset; 718 if ((size_t)kl > uio->uio_resid) 719 kl = uio->uio_resid; 720 721 PHOLD(l); 722 723 error = process_read_fpregs(l, &r); 724 if (error == 0) 725 error = uiomove(kv, kl, uio); 726 if (error == 0 && uio->uio_rw == UIO_WRITE) { 727 if (l->l_stat != LSSTOP) 728 error = EBUSY; 729 else 730 error = process_write_fpregs(l, &r); 731 } 732 733 PRELE(l); 734 735 uio->uio_offset = 0; 736 return (error); 737 #else 738 return (EINVAL); 739 #endif 740 } 741 742 int 743 process_validfpregs(struct lwp *l) 744 { 745 746 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 747 return ((l->l_proc->p_flag & P_SYSTEM) == 0); 748 #else 749 return (0); 750 #endif 751 } 752 #endif /* PTRACE */ 753 754 #if defined(KTRACE) || defined(PTRACE) || defined(SYSTRACE) 755 int 756 process_domem(struct lwp *curl /*tracer*/, 757 struct lwp *l /*traced*/, 758 struct uio *uio) 759 { 760 struct proc *p = l->l_proc; /* traced */ 761 struct vmspace *vm; 762 int error; 763 764 size_t len; 765 #ifdef PMAP_NEED_PROCWR 766 vaddr_t addr; 767 #endif 768 769 len = uio->uio_resid; 770 771 if (len == 0) 772 return (0); 773 774 #ifdef PMAP_NEED_PROCWR 775 addr = uio->uio_offset; 776 #endif 777 778 if ((error = process_checkioperm(curl, p)) != 0) 779 return (error); 780 781 vm = p->p_vmspace; 782 783 simple_lock(&vm->vm_map.ref_lock); 784 if ((p->p_flag & P_WEXIT) || vm->vm_refcnt < 1) 785 error = EFAULT; 786 if (error == 0) 787 p->p_vmspace->vm_refcnt++; /* XXX */ 788 simple_unlock(&vm->vm_map.ref_lock); 789 if (error != 0) 790 return (error); 791 error = uvm_io(&vm->vm_map, uio); 792 uvmspace_free(vm); 793 794 #ifdef PMAP_NEED_PROCWR 795 if (error == 0 && uio->uio_rw == UIO_WRITE) 796 pmap_procwr(p, addr, len); 797 #endif 798 return (error); 799 } 800 #endif /* KTRACE || PTRACE || SYSTRACE */ 801 802 #if defined(KTRACE) || defined(PTRACE) 803 /* 804 * Ensure that a process has permission to perform I/O on another. 805 * Arguments: 806 * p The process wishing to do the I/O (the tracer). 807 * t The process who's memory/registers will be read/written. 808 */ 809 int 810 process_checkioperm(struct lwp *l, struct proc *t) 811 { 812 int error; 813 814 /* 815 * You cannot attach to a processes mem/regs if: 816 * 817 * (1) It is currently exec'ing 818 */ 819 if (ISSET(t->p_flag, P_INEXEC)) 820 return (EAGAIN); 821 822 /* 823 * (2) it's not owned by you, or is set-id on exec 824 * (unless you're root), or... 825 */ 826 if ((kauth_cred_getuid(t->p_cred) != kauth_cred_getuid(l->l_cred) || 827 ISSET(t->p_flag, P_SUGID)) && 828 (error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, 829 &l->l_acflag)) != 0) 830 return (error); 831 832 /* 833 * (3) ...it's init, which controls the security level 834 * of the entire system, and the system was not 835 * compiled with permanetly insecure mode turned on. 836 */ 837 if (t == initproc && securelevel > -1) 838 return (EPERM); 839 840 /* 841 * (4) the tracer is chrooted, and its root directory is 842 * not at or above the root directory of the tracee 843 */ 844 if (!proc_isunder(t, l)) 845 return (EPERM); 846 847 return (0); 848 } 849 850 void 851 process_stoptrace(struct lwp *l) 852 { 853 int s = 0, dolock = (l->l_flag & L_SINTR) == 0; 854 struct proc *p = l->l_proc, *pp = p->p_pptr; 855 856 if (pp->p_pid == 1) { 857 CLR(p->p_flag, P_SYSCALL); 858 return; 859 } 860 861 p->p_xstat = SIGTRAP; 862 child_psignal(pp, dolock); 863 864 if (dolock) 865 SCHED_LOCK(s); 866 867 proc_stop(p, 1); 868 869 mi_switch(l, NULL); 870 SCHED_ASSERT_UNLOCKED(); 871 872 if (dolock) 873 splx(s); 874 } 875 #endif /* KTRACE || PTRACE */ 876