1 /* $NetBSD: sys_process.c,v 1.79 2003/01/23 17:35:32 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 1993 Jan-Simon Pendry. 5 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 6 * Copyright (c) 1982, 1986, 1989, 1993 7 * The Regents of the University of California. All rights reserved. 8 * (c) UNIX System Laboratories, Inc. 9 * All or some portions of this file are derived from material licensed 10 * to the University of California by American Telephone and Telegraph 11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 12 * the permission of UNIX System Laboratories, Inc. 13 * 14 * This code is derived from software contributed to Berkeley by 15 * Jan-Simon Pendry. 16 * 17 * Redistribution and use in source and binary forms, with or without 18 * modification, are permitted provided that the following conditions 19 * are met: 20 * 1. Redistributions of source code must retain the above copyright 21 * notice, this list of conditions and the following disclaimer. 22 * 2. Redistributions in binary form must reproduce the above copyright 23 * notice, this list of conditions and the following disclaimer in the 24 * documentation and/or other materials provided with the distribution. 25 * 3. All advertising materials mentioning features or use of this software 26 * must display the following acknowledgement: 27 * This product includes software developed by the University of 28 * California, Berkeley and its contributors. 29 * 4. Neither the name of the University nor the names of its contributors 30 * may be used to endorse or promote products derived from this software 31 * without specific prior written permission. 32 * 33 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 34 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 35 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 36 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 37 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 38 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 39 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 40 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 41 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 42 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 43 * SUCH DAMAGE. 44 * 45 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 46 */ 47 48 /* 49 * References: 50 * (1) Bach's "The Design of the UNIX Operating System", 51 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 52 * (3) the "4.4BSD Programmer's Reference Manual" published 53 * by USENIX and O'Reilly & Associates. 54 * The 4.4BSD PRM does a reasonably good job of documenting what the various 55 * ptrace() requests should actually do, and its text is quoted several times 56 * in this file. 57 */ 58 59 #include <sys/cdefs.h> 60 __KERNEL_RCSID(0, "$NetBSD: sys_process.c,v 1.79 2003/01/23 17:35:32 christos Exp $"); 61 62 #include <sys/param.h> 63 #include <sys/systm.h> 64 #include <sys/proc.h> 65 #include <sys/errno.h> 66 #include <sys/ptrace.h> 67 #include <sys/uio.h> 68 #include <sys/user.h> 69 #include <sys/ras.h> 70 71 #include <sys/mount.h> 72 #include <sys/sa.h> 73 #include <sys/syscallargs.h> 74 75 #include <uvm/uvm_extern.h> 76 77 #include <machine/reg.h> 78 79 /* Macros to clear/set/test flags. */ 80 #define SET(t, f) (t) |= (f) 81 #define CLR(t, f) (t) &= ~(f) 82 #define ISSET(t, f) ((t) & (f)) 83 84 /* 85 * Process debugging system call. 86 */ 87 int 88 sys_ptrace(l, v, retval) 89 struct lwp *l; 90 void *v; 91 register_t *retval; 92 { 93 struct sys_ptrace_args /* { 94 syscallarg(int) req; 95 syscallarg(pid_t) pid; 96 syscallarg(caddr_t) addr; 97 syscallarg(int) data; 98 } */ *uap = v; 99 struct proc *p = l->l_proc; 100 struct lwp *lt; 101 struct proc *t; /* target process */ 102 struct uio uio; 103 struct iovec iov; 104 struct ptrace_io_desc piod; 105 int s, error, write, tmp; 106 107 /* "A foolish consistency..." XXX */ 108 if (SCARG(uap, req) == PT_TRACE_ME) 109 t = p; 110 else { 111 112 /* Find the process we're supposed to be operating on. */ 113 if ((t = pfind(SCARG(uap, pid))) == NULL) 114 return (ESRCH); 115 } 116 117 /* Can't trace a process that's currently exec'ing. */ 118 if ((t->p_flag & P_INEXEC) != 0) 119 return EAGAIN; 120 121 /* Make sure we can operate on it. */ 122 switch (SCARG(uap, req)) { 123 case PT_TRACE_ME: 124 /* Saying that you're being traced is always legal. */ 125 break; 126 127 case PT_ATTACH: 128 case PT_DUMPCORE: 129 /* 130 * You can't attach to a process if: 131 * (1) it's the process that's doing the attaching, 132 */ 133 if (t->p_pid == p->p_pid) 134 return (EINVAL); 135 136 /* 137 * (2) it's a system process 138 */ 139 if (t->p_flag & P_SYSTEM) 140 return (EPERM); 141 142 /* 143 * (3) it's already being traced, or 144 */ 145 if (ISSET(t->p_flag, P_TRACED)) 146 return (EBUSY); 147 148 /* 149 * (4) it's not owned by you, or is set-id on exec 150 * (unless you're root), or... 151 */ 152 if ((t->p_cred->p_ruid != p->p_cred->p_ruid || 153 ISSET(t->p_flag, P_SUGID)) && 154 (error = suser(p->p_ucred, &p->p_acflag)) != 0) 155 return (error); 156 157 /* 158 * (5) ...it's init, which controls the security level 159 * of the entire system, and the system was not 160 * compiled with permanently insecure mode turned on 161 */ 162 if (t == initproc && securelevel > -1) 163 return (EPERM); 164 165 /* 166 * (6) the tracer is chrooted, and its root directory is 167 * not at or above the root directory of the tracee 168 */ 169 170 if (!proc_isunder(t, p)) 171 return EPERM; 172 break; 173 174 case PT_READ_I: 175 case PT_READ_D: 176 case PT_WRITE_I: 177 case PT_WRITE_D: 178 case PT_CONTINUE: 179 case PT_IO: 180 case PT_KILL: 181 case PT_DETACH: 182 #ifdef PT_STEP 183 case PT_STEP: 184 #endif 185 #ifdef PT_GETREGS 186 case PT_GETREGS: 187 #endif 188 #ifdef PT_SETREGS 189 case PT_SETREGS: 190 #endif 191 #ifdef PT_GETFPREGS 192 case PT_GETFPREGS: 193 #endif 194 #ifdef PT_SETFPREGS 195 case PT_SETFPREGS: 196 #endif 197 198 #ifdef __HAVE_PTRACE_MACHDEP 199 PTRACE_MACHDEP_REQUEST_CASES 200 #endif 201 202 /* 203 * You can't do what you want to the process if: 204 * (1) It's not being traced at all, 205 */ 206 if (!ISSET(t->p_flag, P_TRACED)) 207 return (EPERM); 208 209 /* 210 * (2) it's being traced by procfs (which has 211 * different signal delivery semantics), 212 */ 213 if (ISSET(t->p_flag, P_FSTRACE)) 214 return (EBUSY); 215 216 /* 217 * (3) it's not being traced by _you_, or 218 */ 219 if (t->p_pptr != p) 220 return (EBUSY); 221 222 /* 223 * (4) it's not currently stopped. 224 */ 225 if (t->p_stat != SSTOP || !ISSET(t->p_flag, P_WAITED)) 226 return (EBUSY); 227 break; 228 229 default: /* It was not a legal request. */ 230 return (EINVAL); 231 } 232 233 /* Do single-step fixup if needed. */ 234 FIX_SSTEP(t); 235 236 /* 237 * XXX NJWLWP 238 * 239 * The entire ptrace interface needs work to be useful to a 240 * process with multiple LWPs. For the moment, we'll kluge 241 * this; memory access will be fine, but register access will 242 * be weird. 243 */ 244 245 lt = proc_representative_lwp(t); 246 247 /* Now do the operation. */ 248 write = 0; 249 *retval = 0; 250 tmp = 0; 251 252 switch (SCARG(uap, req)) { 253 case PT_TRACE_ME: 254 /* Just set the trace flag. */ 255 SET(t->p_flag, P_TRACED); 256 t->p_opptr = t->p_pptr; 257 return (0); 258 259 case PT_WRITE_I: /* XXX no separate I and D spaces */ 260 case PT_WRITE_D: 261 #if defined(__HAVE_RAS) 262 /* 263 * Can't write to a RAS 264 */ 265 if ((t->p_nras != 0) && 266 (ras_lookup(t, SCARG(uap, addr)) != (caddr_t)-1)) { 267 return (EACCES); 268 } 269 #endif 270 write = 1; 271 tmp = SCARG(uap, data); 272 case PT_READ_I: /* XXX no separate I and D spaces */ 273 case PT_READ_D: 274 /* write = 0 done above. */ 275 iov.iov_base = (caddr_t)&tmp; 276 iov.iov_len = sizeof(tmp); 277 uio.uio_iov = &iov; 278 uio.uio_iovcnt = 1; 279 uio.uio_offset = (off_t)(long)SCARG(uap, addr); 280 uio.uio_resid = sizeof(tmp); 281 uio.uio_segflg = UIO_SYSSPACE; 282 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 283 uio.uio_procp = p; 284 error = process_domem(p, t, &uio); 285 if (!write) 286 *retval = tmp; 287 return (error); 288 289 case PT_IO: 290 error = copyin(SCARG(uap, addr), &piod, sizeof(piod)); 291 if (error) 292 return (error); 293 iov.iov_base = piod.piod_addr; 294 iov.iov_len = piod.piod_len; 295 uio.uio_iov = &iov; 296 uio.uio_iovcnt = 1; 297 uio.uio_offset = (off_t)(long)piod.piod_offs; 298 uio.uio_resid = piod.piod_len; 299 uio.uio_segflg = UIO_USERSPACE; 300 uio.uio_procp = p; 301 switch (piod.piod_op) { 302 case PIOD_READ_D: 303 case PIOD_READ_I: 304 uio.uio_rw = UIO_READ; 305 break; 306 case PIOD_WRITE_D: 307 case PIOD_WRITE_I: 308 uio.uio_rw = UIO_WRITE; 309 break; 310 default: 311 return (EINVAL); 312 } 313 error = process_domem(p, t, &uio); 314 piod.piod_len -= uio.uio_resid; 315 (void) copyout(&piod, SCARG(uap, addr), sizeof(piod)); 316 return (error); 317 318 case PT_DUMPCORE: 319 return coredump(lt); 320 321 #ifdef PT_STEP 322 case PT_STEP: 323 /* 324 * From the 4.4BSD PRM: 325 * "Execution continues as in request PT_CONTINUE; however 326 * as soon as possible after execution of at least one 327 * instruction, execution stops again. [ ... ]" 328 */ 329 #endif 330 case PT_CONTINUE: 331 case PT_DETACH: 332 /* 333 * From the 4.4BSD PRM: 334 * "The data argument is taken as a signal number and the 335 * child's execution continues at location addr as if it 336 * incurred that signal. Normally the signal number will 337 * be either 0 to indicate that the signal that caused the 338 * stop should be ignored, or that value fetched out of 339 * the process's image indicating which signal caused 340 * the stop. If addr is (int *)1 then execution continues 341 * from where it stopped." 342 */ 343 344 /* Check that the data is a valid signal number or zero. */ 345 if (SCARG(uap, data) < 0 || SCARG(uap, data) >= NSIG) 346 return (EINVAL); 347 348 PHOLD(lt); 349 350 /* If the address parameter is not (int *)1, set the pc. */ 351 if ((int *)SCARG(uap, addr) != (int *)1) 352 if ((error = process_set_pc(lt, SCARG(uap, addr))) != 0) 353 goto relebad; 354 355 #ifdef PT_STEP 356 /* 357 * Arrange for a single-step, if that's requested and possible. 358 */ 359 error = process_sstep(lt, SCARG(uap, req) == PT_STEP); 360 if (error) 361 goto relebad; 362 #endif 363 364 PRELE(lt); 365 366 if (SCARG(uap, req) == PT_DETACH) { 367 /* give process back to original parent or init */ 368 if (t->p_opptr != t->p_pptr) { 369 struct proc *pp = t->p_opptr; 370 proc_reparent(t, pp ? pp : initproc); 371 } 372 373 /* not being traced any more */ 374 t->p_opptr = NULL; 375 CLR(t->p_flag, P_TRACED|P_WAITED); 376 } 377 378 sendsig: 379 /* Finally, deliver the requested signal (or none). */ 380 if (t->p_stat == SSTOP) { 381 t->p_xstat = SCARG(uap, data); 382 SCHED_LOCK(s); 383 setrunnable(proc_unstop(t)); 384 SCHED_UNLOCK(s); 385 } else { 386 if (SCARG(uap, data) != 0) 387 psignal(t, SCARG(uap, data)); 388 } 389 return (0); 390 391 relebad: 392 PRELE(lt); 393 return (error); 394 395 case PT_KILL: 396 /* just send the process a KILL signal. */ 397 SCARG(uap, data) = SIGKILL; 398 goto sendsig; /* in PT_CONTINUE, above. */ 399 400 case PT_ATTACH: 401 /* 402 * Go ahead and set the trace flag. 403 * Save the old parent (it's reset in 404 * _DETACH, and also in kern_exit.c:wait4() 405 * Reparent the process so that the tracing 406 * proc gets to see all the action. 407 * Stop the target. 408 */ 409 SET(t->p_flag, P_TRACED); 410 t->p_opptr = t->p_pptr; 411 if (t->p_pptr != p) { 412 t->p_pptr->p_flag |= P_CHTRACED; 413 proc_reparent(t, p); 414 } 415 SCARG(uap, data) = SIGSTOP; 416 goto sendsig; 417 418 #ifdef PT_SETREGS 419 case PT_SETREGS: 420 write = 1; 421 #endif 422 #ifdef PT_GETREGS 423 case PT_GETREGS: 424 /* write = 0 done above. */ 425 #endif 426 #if defined(PT_SETREGS) || defined(PT_GETREGS) 427 tmp = SCARG(uap, data); 428 if (tmp != 0 && t->p_nlwps > 1) { 429 LIST_FOREACH(lt, &t->p_lwps, l_sibling) 430 if (lt->l_lid == tmp) 431 break; 432 if (lt == NULL) 433 return (ESRCH); 434 } 435 if (!process_validregs(t)) 436 return (EINVAL); 437 else { 438 iov.iov_base = SCARG(uap, addr); 439 iov.iov_len = sizeof(struct reg); 440 uio.uio_iov = &iov; 441 uio.uio_iovcnt = 1; 442 uio.uio_offset = 0; 443 uio.uio_resid = sizeof(struct reg); 444 uio.uio_segflg = UIO_USERSPACE; 445 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 446 uio.uio_procp = p; 447 return (process_doregs(p, lt, &uio)); 448 } 449 #endif 450 451 #ifdef PT_SETFPREGS 452 case PT_SETFPREGS: 453 write = 1; 454 #endif 455 #ifdef PT_GETFPREGS 456 case PT_GETFPREGS: 457 /* write = 0 done above. */ 458 #endif 459 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 460 tmp = SCARG(uap, data); 461 if (tmp != 0 && t->p_nlwps > 1) { 462 LIST_FOREACH(lt, &t->p_lwps, l_sibling) 463 if (lt->l_lid == tmp) 464 break; 465 if (lt == NULL) 466 return (ESRCH); 467 } 468 if (!process_validfpregs(t)) 469 return (EINVAL); 470 else { 471 iov.iov_base = SCARG(uap, addr); 472 iov.iov_len = sizeof(struct fpreg); 473 uio.uio_iov = &iov; 474 uio.uio_iovcnt = 1; 475 uio.uio_offset = 0; 476 uio.uio_resid = sizeof(struct fpreg); 477 uio.uio_segflg = UIO_USERSPACE; 478 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 479 uio.uio_procp = p; 480 return (process_dofpregs(p, lt, &uio)); 481 } 482 #endif 483 484 #ifdef __HAVE_PTRACE_MACHDEP 485 PTRACE_MACHDEP_REQUEST_CASES 486 return (ptrace_machdep_dorequest(p, lt, 487 SCARG(uap, req), SCARG(uap, addr), 488 SCARG(uap, data))); 489 #endif 490 } 491 492 #ifdef DIAGNOSTIC 493 panic("ptrace: impossible"); 494 #endif 495 return 0; 496 } 497 498 int 499 process_doregs(curp, l, uio) 500 struct proc *curp; /* tracer */ 501 struct lwp *l; /* traced */ 502 struct uio *uio; 503 { 504 #if defined(PT_GETREGS) || defined(PT_SETREGS) 505 int error; 506 struct reg r; 507 char *kv; 508 int kl; 509 510 if ((error = process_checkioperm(curp, l->l_proc)) != 0) 511 return error; 512 513 kl = sizeof(r); 514 kv = (char *) &r; 515 516 kv += uio->uio_offset; 517 kl -= uio->uio_offset; 518 if (kl < 0) 519 return (EINVAL); 520 if ((size_t) kl > uio->uio_resid) 521 kl = uio->uio_resid; 522 523 PHOLD(l); 524 525 error = process_read_regs(l, &r); 526 if (error == 0) 527 error = uiomove(kv, kl, uio); 528 if (error == 0 && uio->uio_rw == UIO_WRITE) { 529 if (l->l_stat != LSSTOP) 530 error = EBUSY; 531 else 532 error = process_write_regs(l, &r); 533 } 534 535 PRELE(l); 536 537 uio->uio_offset = 0; 538 return (error); 539 #else 540 return (EINVAL); 541 #endif 542 } 543 544 int 545 process_validregs(p) 546 struct proc *p; 547 { 548 549 #if defined(PT_SETREGS) || defined(PT_GETREGS) 550 return ((p->p_flag & P_SYSTEM) == 0); 551 #else 552 return (0); 553 #endif 554 } 555 556 int 557 process_dofpregs(curp, l, uio) 558 struct proc *curp; /* tracer */ 559 struct lwp *l; /* traced */ 560 struct uio *uio; 561 { 562 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 563 int error; 564 struct fpreg r; 565 char *kv; 566 int kl; 567 568 if ((error = process_checkioperm(curp, l->l_proc)) != 0) 569 return (error); 570 571 kl = sizeof(r); 572 kv = (char *) &r; 573 574 kv += uio->uio_offset; 575 kl -= uio->uio_offset; 576 if (kl < 0) 577 return (EINVAL); 578 if ((size_t) kl > uio->uio_resid) 579 kl = uio->uio_resid; 580 581 PHOLD(l); 582 583 error = process_read_fpregs(l, &r); 584 if (error == 0) 585 error = uiomove(kv, kl, uio); 586 if (error == 0 && uio->uio_rw == UIO_WRITE) { 587 if (l->l_stat != LSSTOP) 588 error = EBUSY; 589 else 590 error = process_write_fpregs(l, &r); 591 } 592 593 PRELE(l); 594 595 uio->uio_offset = 0; 596 return (error); 597 #else 598 return (EINVAL); 599 #endif 600 } 601 602 int 603 process_validfpregs(p) 604 struct proc *p; 605 { 606 607 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 608 return ((p->p_flag & P_SYSTEM) == 0); 609 #else 610 return (0); 611 #endif 612 } 613 614 int 615 process_domem(curp, p, uio) 616 struct proc *curp; /* tracer */ 617 struct proc *p; /* traced */ 618 struct uio *uio; 619 { 620 int error; 621 622 size_t len; 623 #ifdef PMAP_NEED_PROCWR 624 vaddr_t addr; 625 #endif 626 627 len = uio->uio_resid; 628 629 if (len == 0) 630 return (0); 631 632 #ifdef PMAP_NEED_PROCWR 633 addr = uio->uio_offset; 634 #endif 635 636 if ((error = process_checkioperm(curp, p)) != 0) 637 return (error); 638 639 /* XXXCDC: how should locking work here? */ 640 if ((p->p_flag & P_WEXIT) || (p->p_vmspace->vm_refcnt < 1)) 641 return(EFAULT); 642 p->p_vmspace->vm_refcnt++; /* XXX */ 643 error = uvm_io(&p->p_vmspace->vm_map, uio); 644 uvmspace_free(p->p_vmspace); 645 646 #ifdef PMAP_NEED_PROCWR 647 if (uio->uio_rw == UIO_WRITE) 648 pmap_procwr(p, addr, len); 649 #endif 650 return (error); 651 } 652 653 /* 654 * Ensure that a process has permission to perform I/O on another. 655 * Arguments: 656 * p The process wishing to do the I/O (the tracer). 657 * t The process who's memory/registers will be read/written. 658 */ 659 int 660 process_checkioperm(p, t) 661 struct proc *p, *t; 662 { 663 int error; 664 665 /* 666 * You cannot attach to a processes mem/regs if: 667 * 668 * (1) It is currently exec'ing 669 */ 670 if (ISSET(t->p_flag, P_INEXEC)) 671 return (EAGAIN); 672 673 /* 674 * (2) it's not owned by you, or is set-id on exec 675 * (unless you're root), or... 676 */ 677 if ((t->p_cred->p_ruid != p->p_cred->p_ruid || 678 ISSET(t->p_flag, P_SUGID)) && 679 (error = suser(p->p_ucred, &p->p_acflag)) != 0) 680 return (error); 681 682 /* 683 * (3) ...it's init, which controls the security level 684 * of the entire system, and the system was not 685 * compiled with permanetly insecure mode turned on. 686 */ 687 if (t == initproc && securelevel > -1) 688 return (EPERM); 689 690 /* 691 * (4) the tracer is chrooted, and its root directory is 692 * not at or above the root directory of the tracee 693 */ 694 if (!proc_isunder(t, p)) 695 return (EPERM); 696 697 return (0); 698 } 699