1 /* $NetBSD: sys_process.c,v 1.114 2006/11/13 02:52:08 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 1982, 1986, 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * This code is derived from software contributed to Berkeley by 13 * Jan-Simon Pendry. 14 * 15 * Redistribution and use in source and binary forms, with or without 16 * modification, are permitted provided that the following conditions 17 * are met: 18 * 1. Redistributions of source code must retain the above copyright 19 * notice, this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright 21 * notice, this list of conditions and the following disclaimer in the 22 * documentation and/or other materials provided with the distribution. 23 * 3. Neither the name of the University nor the names of its contributors 24 * may be used to endorse or promote products derived from this software 25 * without specific prior written permission. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * 39 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 40 */ 41 42 /*- 43 * Copyright (c) 1993 Jan-Simon Pendry. 44 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 45 * 46 * This code is derived from software contributed to Berkeley by 47 * Jan-Simon Pendry. 48 * 49 * Redistribution and use in source and binary forms, with or without 50 * modification, are permitted provided that the following conditions 51 * are met: 52 * 1. Redistributions of source code must retain the above copyright 53 * notice, this list of conditions and the following disclaimer. 54 * 2. Redistributions in binary form must reproduce the above copyright 55 * notice, this list of conditions and the following disclaimer in the 56 * documentation and/or other materials provided with the distribution. 57 * 3. All advertising materials mentioning features or use of this software 58 * must display the following acknowledgement: 59 * This product includes software developed by the University of 60 * California, Berkeley and its contributors. 61 * 4. Neither the name of the University nor the names of its contributors 62 * may be used to endorse or promote products derived from this software 63 * without specific prior written permission. 64 * 65 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 66 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 67 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 68 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 69 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 70 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 71 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 72 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 73 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 74 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 75 * SUCH DAMAGE. 76 * 77 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 78 */ 79 80 /* 81 * References: 82 * (1) Bach's "The Design of the UNIX Operating System", 83 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 84 * (3) the "4.4BSD Programmer's Reference Manual" published 85 * by USENIX and O'Reilly & Associates. 86 * The 4.4BSD PRM does a reasonably good job of documenting what the various 87 * ptrace() requests should actually do, and its text is quoted several times 88 * in this file. 89 */ 90 91 #include "opt_coredump.h" 92 #include "opt_ptrace.h" 93 #include "opt_ktrace.h" 94 95 #include <sys/cdefs.h> 96 __KERNEL_RCSID(0, "$NetBSD: sys_process.c,v 1.114 2006/11/13 02:52:08 christos Exp $"); 97 98 #include <sys/param.h> 99 #include <sys/systm.h> 100 #include <sys/proc.h> 101 #include <sys/errno.h> 102 #include <sys/ptrace.h> 103 #include <sys/uio.h> 104 #include <sys/user.h> 105 #include <sys/ras.h> 106 #include <sys/malloc.h> 107 #include <sys/kauth.h> 108 109 #include <sys/mount.h> 110 #include <sys/sa.h> 111 #include <sys/syscallargs.h> 112 113 #include <uvm/uvm_extern.h> 114 115 #include <machine/reg.h> 116 117 #ifdef PTRACE 118 /* 119 * Process debugging system call. 120 */ 121 int 122 sys_ptrace(struct lwp *l, void *v, register_t *retval) 123 { 124 struct sys_ptrace_args /* { 125 syscallarg(int) req; 126 syscallarg(pid_t) pid; 127 syscallarg(caddr_t) addr; 128 syscallarg(int) data; 129 } */ *uap = v; 130 struct proc *p = l->l_proc; 131 struct lwp *lt, *lr; 132 struct proc *t; /* target process */ 133 struct uio uio; 134 struct iovec iov; 135 struct ptrace_io_desc piod; 136 struct ptrace_lwpinfo pl; 137 struct vmspace *vm; 138 int s, error, write, tmp; 139 #ifdef COREDUMP 140 char *path; 141 #endif 142 143 /* "A foolish consistency..." XXX */ 144 if (SCARG(uap, req) == PT_TRACE_ME) 145 t = p; 146 else { 147 148 /* Find the process we're supposed to be operating on. */ 149 if ((t = pfind(SCARG(uap, pid))) == NULL) 150 return (ESRCH); 151 } 152 153 /* Can't trace a process that's currently exec'ing. */ 154 if ((t->p_flag & P_INEXEC) != 0) 155 return EAGAIN; 156 157 /* Make sure we can operate on it. */ 158 switch (SCARG(uap, req)) { 159 case PT_TRACE_ME: 160 /* Saying that you're being traced is always legal. */ 161 break; 162 163 case PT_ATTACH: 164 /* 165 * You can't attach to a process if: 166 * (1) it's the process that's doing the attaching, 167 */ 168 if (t->p_pid == p->p_pid) 169 return (EINVAL); 170 171 /* 172 * (2) it's a system process 173 */ 174 if (t->p_flag & P_SYSTEM) 175 return (EPERM); 176 177 /* 178 * (3) it's already being traced, or 179 */ 180 if (ISSET(t->p_flag, P_TRACED)) 181 return (EBUSY); 182 183 /* 184 * (4) it's not owned by you, or is set-id on exec 185 * (unless you're root), or... 186 */ 187 if ((kauth_cred_getuid(t->p_cred) != 188 kauth_cred_getuid(l->l_cred) || 189 ISSET(t->p_flag, P_SUGID)) && 190 (error = kauth_authorize_generic(l->l_cred, 191 KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0) 192 return (error); 193 194 /* 195 * (5) ...it's init, which controls the security level 196 * of the entire system, and the system was not 197 * compiled with permanently insecure mode turned on 198 */ 199 if (t == initproc && securelevel > -1) 200 return (EPERM); 201 202 /* 203 * (6) the tracer is chrooted, and its root directory is 204 * not at or above the root directory of the tracee 205 */ 206 207 if (!proc_isunder(t, l)) 208 return EPERM; 209 break; 210 211 case PT_READ_I: 212 case PT_READ_D: 213 case PT_WRITE_I: 214 case PT_WRITE_D: 215 case PT_CONTINUE: 216 case PT_IO: 217 case PT_KILL: 218 case PT_DETACH: 219 case PT_LWPINFO: 220 case PT_SYSCALL: 221 #ifdef COREDUMP 222 case PT_DUMPCORE: 223 #endif 224 #ifdef PT_STEP 225 case PT_STEP: 226 #endif 227 #ifdef PT_GETREGS 228 case PT_GETREGS: 229 #endif 230 #ifdef PT_SETREGS 231 case PT_SETREGS: 232 #endif 233 #ifdef PT_GETFPREGS 234 case PT_GETFPREGS: 235 #endif 236 #ifdef PT_SETFPREGS 237 case PT_SETFPREGS: 238 #endif 239 240 #ifdef __HAVE_PTRACE_MACHDEP 241 PTRACE_MACHDEP_REQUEST_CASES 242 #endif 243 244 /* 245 * You can't do what you want to the process if: 246 * (1) It's not being traced at all, 247 */ 248 if (!ISSET(t->p_flag, P_TRACED)) 249 return (EPERM); 250 251 /* 252 * (2) it's being traced by procfs (which has 253 * different signal delivery semantics), 254 */ 255 if (ISSET(t->p_flag, P_FSTRACE)) { 256 uprintf("file system traced\n"); 257 return (EBUSY); 258 } 259 260 /* 261 * (3) it's not being traced by _you_, or 262 */ 263 if (t->p_pptr != p) { 264 uprintf("parent %d != %d\n", t->p_pptr->p_pid, p->p_pid); 265 return (EBUSY); 266 } 267 268 /* 269 * (4) it's not currently stopped. 270 */ 271 if (t->p_stat != SSTOP || !ISSET(t->p_flag, P_WAITED)) { 272 uprintf("stat %d flag %d\n", t->p_stat, 273 !ISSET(t->p_flag, P_WAITED)); 274 return (EBUSY); 275 } 276 break; 277 278 default: /* It was not a legal request. */ 279 return (EINVAL); 280 } 281 282 /* Do single-step fixup if needed. */ 283 FIX_SSTEP(t); 284 285 /* 286 * XXX NJWLWP 287 * 288 * The entire ptrace interface needs work to be useful to a 289 * process with multiple LWPs. For the moment, we'll kluge 290 * this; memory access will be fine, but register access will 291 * be weird. 292 */ 293 294 lt = proc_representative_lwp(t); 295 296 /* Now do the operation. */ 297 write = 0; 298 *retval = 0; 299 tmp = 0; 300 301 switch (SCARG(uap, req)) { 302 case PT_TRACE_ME: 303 /* Just set the trace flag. */ 304 SET(t->p_flag, P_TRACED); 305 t->p_opptr = t->p_pptr; 306 return (0); 307 308 case PT_WRITE_I: /* XXX no separate I and D spaces */ 309 case PT_WRITE_D: 310 #if defined(__HAVE_RAS) 311 /* 312 * Can't write to a RAS 313 */ 314 if (!LIST_EMPTY(&t->p_raslist) && 315 (ras_lookup(t, SCARG(uap, addr)) != (caddr_t)-1)) { 316 return (EACCES); 317 } 318 #endif 319 write = 1; 320 tmp = SCARG(uap, data); 321 case PT_READ_I: /* XXX no separate I and D spaces */ 322 case PT_READ_D: 323 /* write = 0 done above. */ 324 iov.iov_base = (caddr_t)&tmp; 325 iov.iov_len = sizeof(tmp); 326 uio.uio_iov = &iov; 327 uio.uio_iovcnt = 1; 328 uio.uio_offset = (off_t)(unsigned long)SCARG(uap, addr); 329 uio.uio_resid = sizeof(tmp); 330 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 331 UIO_SETUP_SYSSPACE(&uio); 332 error = process_domem(l, lt, &uio); 333 if (!write) 334 *retval = tmp; 335 return (error); 336 337 case PT_IO: 338 error = copyin(SCARG(uap, addr), &piod, sizeof(piod)); 339 if (error) 340 return (error); 341 iov.iov_base = piod.piod_addr; 342 iov.iov_len = piod.piod_len; 343 uio.uio_iov = &iov; 344 uio.uio_iovcnt = 1; 345 uio.uio_offset = (off_t)(unsigned long)piod.piod_offs; 346 uio.uio_resid = piod.piod_len; 347 error = proc_vmspace_getref(l->l_proc, &vm); 348 if (error) { 349 return error; 350 } 351 uio.uio_vmspace = vm; 352 switch (piod.piod_op) { 353 case PIOD_READ_D: 354 case PIOD_READ_I: 355 uio.uio_rw = UIO_READ; 356 break; 357 case PIOD_WRITE_D: 358 case PIOD_WRITE_I: 359 uio.uio_rw = UIO_WRITE; 360 break; 361 default: 362 return (EINVAL); 363 } 364 error = process_domem(l, lt, &uio); 365 piod.piod_len -= uio.uio_resid; 366 (void) copyout(&piod, SCARG(uap, addr), sizeof(piod)); 367 uvmspace_free(vm); 368 return (error); 369 370 #ifdef COREDUMP 371 case PT_DUMPCORE: 372 if ((path = SCARG(uap, addr)) != NULL) { 373 char *dst; 374 int len = SCARG(uap, data); 375 if (len < 0 || len >= MAXPATHLEN) 376 return EINVAL; 377 dst = malloc(len + 1, M_TEMP, M_WAITOK); 378 if ((error = copyin(path, dst, len)) != 0) { 379 free(dst, M_TEMP); 380 return error; 381 } 382 path = dst; 383 path[len] = '\0'; 384 } 385 error = coredump(lt, path); 386 if (path) 387 free(path, M_TEMP); 388 return error; 389 #endif 390 391 #ifdef PT_STEP 392 case PT_STEP: 393 /* 394 * From the 4.4BSD PRM: 395 * "Execution continues as in request PT_CONTINUE; however 396 * as soon as possible after execution of at least one 397 * instruction, execution stops again. [ ... ]" 398 */ 399 #endif 400 case PT_CONTINUE: 401 case PT_SYSCALL: 402 case PT_DETACH: 403 if (SCARG(uap, req) == PT_SYSCALL) { 404 if (!ISSET(t->p_flag, P_SYSCALL)) { 405 SET(t->p_flag, P_SYSCALL); 406 #ifdef __HAVE_SYSCALL_INTERN 407 (*t->p_emul->e_syscall_intern)(t); 408 #endif 409 } 410 } else { 411 if (ISSET(t->p_flag, P_SYSCALL)) { 412 CLR(t->p_flag, P_SYSCALL); 413 #ifdef __HAVE_SYSCALL_INTERN 414 (*t->p_emul->e_syscall_intern)(t); 415 #endif 416 } 417 } 418 419 /* 420 * From the 4.4BSD PRM: 421 * "The data argument is taken as a signal number and the 422 * child's execution continues at location addr as if it 423 * incurred that signal. Normally the signal number will 424 * be either 0 to indicate that the signal that caused the 425 * stop should be ignored, or that value fetched out of 426 * the process's image indicating which signal caused 427 * the stop. If addr is (int *)1 then execution continues 428 * from where it stopped." 429 */ 430 431 /* Check that the data is a valid signal number or zero. */ 432 if (SCARG(uap, data) < 0 || SCARG(uap, data) >= NSIG) 433 return (EINVAL); 434 435 PHOLD(lt); 436 437 /* If the address parameter is not (int *)1, set the pc. */ 438 if ((int *)SCARG(uap, addr) != (int *)1) 439 if ((error = process_set_pc(lt, SCARG(uap, addr))) != 0) 440 goto relebad; 441 442 #ifdef PT_STEP 443 /* 444 * Arrange for a single-step, if that's requested and possible. 445 */ 446 error = process_sstep(lt, SCARG(uap, req) == PT_STEP); 447 if (error) 448 goto relebad; 449 #endif 450 451 PRELE(lt); 452 453 if (SCARG(uap, req) == PT_DETACH) { 454 /* give process back to original parent or init */ 455 s = proclist_lock_write(); 456 if (t->p_opptr != t->p_pptr) { 457 struct proc *pp = t->p_opptr; 458 proc_reparent(t, pp ? pp : initproc); 459 } 460 461 /* not being traced any more */ 462 t->p_opptr = NULL; 463 proclist_unlock_write(s); 464 CLR(t->p_flag, P_TRACED|P_WAITED|P_SYSCALL|P_FSTRACE); 465 } 466 467 sendsig: 468 /* Finally, deliver the requested signal (or none). */ 469 if (t->p_stat == SSTOP) { 470 t->p_xstat = SCARG(uap, data); 471 SCHED_LOCK(s); 472 lr = proc_unstop(t); 473 /* 474 * If the target needs to take a signal, there 475 * is no running LWP that will see it, and 476 * there is a LWP sleeping interruptably, then 477 * get it moving. 478 */ 479 if (lr && (t->p_xstat != 0)) 480 setrunnable(lr); 481 SCHED_UNLOCK(s); 482 } else { 483 if (SCARG(uap, data) != 0) 484 psignal(t, SCARG(uap, data)); 485 } 486 return (0); 487 488 relebad: 489 PRELE(lt); 490 return (error); 491 492 case PT_KILL: 493 /* just send the process a KILL signal. */ 494 SCARG(uap, data) = SIGKILL; 495 goto sendsig; /* in PT_CONTINUE, above. */ 496 497 case PT_ATTACH: 498 /* 499 * Go ahead and set the trace flag. 500 * Save the old parent (it's reset in 501 * _DETACH, and also in kern_exit.c:wait4() 502 * Reparent the process so that the tracing 503 * proc gets to see all the action. 504 * Stop the target. 505 */ 506 SET(t->p_flag, P_TRACED); 507 s = proclist_lock_write(); 508 t->p_opptr = t->p_pptr; 509 if (t->p_pptr != p) { 510 t->p_pptr->p_flag |= P_CHTRACED; 511 proc_reparent(t, p); 512 } 513 proclist_unlock_write(s); 514 SCARG(uap, data) = SIGSTOP; 515 goto sendsig; 516 517 case PT_LWPINFO: 518 if (SCARG(uap, data) != sizeof(pl)) 519 return (EINVAL); 520 error = copyin(SCARG(uap, addr), &pl, sizeof(pl)); 521 if (error) 522 return (error); 523 tmp = pl.pl_lwpid; 524 if (tmp == 0) 525 lt = LIST_FIRST(&t->p_lwps); 526 else { 527 LIST_FOREACH(lt, &t->p_lwps, l_sibling) 528 if (lt->l_lid == tmp) 529 break; 530 if (lt == NULL) 531 return (ESRCH); 532 lt = LIST_NEXT(lt, l_sibling); 533 } 534 pl.pl_lwpid = 0; 535 pl.pl_event = 0; 536 if (lt) { 537 pl.pl_lwpid = lt->l_lid; 538 if (lt->l_lid == t->p_sigctx.ps_lwp) 539 pl.pl_event = PL_EVENT_SIGNAL; 540 } 541 542 return copyout(&pl, SCARG(uap, addr), sizeof(pl)); 543 544 #ifdef PT_SETREGS 545 case PT_SETREGS: 546 write = 1; 547 #endif 548 #ifdef PT_GETREGS 549 case PT_GETREGS: 550 /* write = 0 done above. */ 551 #endif 552 #if defined(PT_SETREGS) || defined(PT_GETREGS) 553 tmp = SCARG(uap, data); 554 if (tmp != 0 && t->p_nlwps > 1) { 555 LIST_FOREACH(lt, &t->p_lwps, l_sibling) 556 if (lt->l_lid == tmp) 557 break; 558 if (lt == NULL) 559 return (ESRCH); 560 } 561 if (!process_validregs(proc_representative_lwp(t))) 562 return (EINVAL); 563 else { 564 error = proc_vmspace_getref(l->l_proc, &vm); 565 if (error) { 566 return error; 567 } 568 iov.iov_base = SCARG(uap, addr); 569 iov.iov_len = sizeof(struct reg); 570 uio.uio_iov = &iov; 571 uio.uio_iovcnt = 1; 572 uio.uio_offset = 0; 573 uio.uio_resid = sizeof(struct reg); 574 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 575 uio.uio_vmspace = vm; 576 error = process_doregs(l, lt, &uio); 577 uvmspace_free(vm); 578 return error; 579 } 580 #endif 581 582 #ifdef PT_SETFPREGS 583 case PT_SETFPREGS: 584 write = 1; 585 #endif 586 #ifdef PT_GETFPREGS 587 case PT_GETFPREGS: 588 /* write = 0 done above. */ 589 #endif 590 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 591 tmp = SCARG(uap, data); 592 if (tmp != 0 && t->p_nlwps > 1) { 593 LIST_FOREACH(lt, &t->p_lwps, l_sibling) 594 if (lt->l_lid == tmp) 595 break; 596 if (lt == NULL) 597 return (ESRCH); 598 } 599 if (!process_validfpregs(proc_representative_lwp(t))) 600 return (EINVAL); 601 else { 602 error = proc_vmspace_getref(l->l_proc, &vm); 603 if (error) { 604 return error; 605 } 606 iov.iov_base = SCARG(uap, addr); 607 iov.iov_len = sizeof(struct fpreg); 608 uio.uio_iov = &iov; 609 uio.uio_iovcnt = 1; 610 uio.uio_offset = 0; 611 uio.uio_resid = sizeof(struct fpreg); 612 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 613 uio.uio_vmspace = vm; 614 error = process_dofpregs(l, lt, &uio); 615 uvmspace_free(vm); 616 return error; 617 } 618 #endif 619 620 #ifdef __HAVE_PTRACE_MACHDEP 621 PTRACE_MACHDEP_REQUEST_CASES 622 return (ptrace_machdep_dorequest(l, lt, 623 SCARG(uap, req), SCARG(uap, addr), 624 SCARG(uap, data))); 625 #endif 626 } 627 628 #ifdef DIAGNOSTIC 629 panic("ptrace: impossible"); 630 #endif 631 return 0; 632 } 633 634 int 635 process_doregs(struct lwp *curl /*tracer*/, 636 struct lwp *l /*traced*/, 637 struct uio *uio) 638 { 639 #if defined(PT_GETREGS) || defined(PT_SETREGS) 640 struct proc *p = l->l_proc; 641 int error; 642 struct reg r; 643 char *kv; 644 int kl; 645 646 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 647 return EINVAL; 648 649 if ((error = process_checkioperm(curl, p)) != 0) 650 return error; 651 652 kl = sizeof(r); 653 kv = (char *)&r; 654 655 kv += uio->uio_offset; 656 kl -= uio->uio_offset; 657 if ((size_t)kl > uio->uio_resid) 658 kl = uio->uio_resid; 659 660 PHOLD(l); 661 662 error = process_read_regs(l, &r); 663 if (error == 0) 664 error = uiomove(kv, kl, uio); 665 if (error == 0 && uio->uio_rw == UIO_WRITE) { 666 if (l->l_stat != LSSTOP) 667 error = EBUSY; 668 else 669 error = process_write_regs(l, &r); 670 } 671 672 PRELE(l); 673 674 uio->uio_offset = 0; 675 return (error); 676 #else 677 return (EINVAL); 678 #endif 679 } 680 681 int 682 process_validregs(struct lwp *l) 683 { 684 685 #if defined(PT_SETREGS) || defined(PT_GETREGS) 686 return ((l->l_proc->p_flag & P_SYSTEM) == 0); 687 #else 688 return (0); 689 #endif 690 } 691 692 int 693 process_dofpregs(struct lwp *curl /*tracer*/, 694 struct lwp *l /*traced*/, 695 struct uio *uio) 696 { 697 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 698 struct proc *p = l->l_proc; 699 int error; 700 struct fpreg r; 701 char *kv; 702 int kl; 703 704 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 705 return EINVAL; 706 707 if ((error = process_checkioperm(curl, p)) != 0) 708 return (error); 709 710 kl = sizeof(r); 711 kv = (char *)&r; 712 713 kv += uio->uio_offset; 714 kl -= uio->uio_offset; 715 if ((size_t)kl > uio->uio_resid) 716 kl = uio->uio_resid; 717 718 PHOLD(l); 719 720 error = process_read_fpregs(l, &r); 721 if (error == 0) 722 error = uiomove(kv, kl, uio); 723 if (error == 0 && uio->uio_rw == UIO_WRITE) { 724 if (l->l_stat != LSSTOP) 725 error = EBUSY; 726 else 727 error = process_write_fpregs(l, &r); 728 } 729 730 PRELE(l); 731 732 uio->uio_offset = 0; 733 return (error); 734 #else 735 return (EINVAL); 736 #endif 737 } 738 739 int 740 process_validfpregs(struct lwp *l) 741 { 742 743 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 744 return ((l->l_proc->p_flag & P_SYSTEM) == 0); 745 #else 746 return (0); 747 #endif 748 } 749 #endif /* PTRACE */ 750 751 #if defined(KTRACE) || defined(PTRACE) || defined(SYSTRACE) 752 int 753 process_domem(struct lwp *curl /*tracer*/, 754 struct lwp *l /*traced*/, 755 struct uio *uio) 756 { 757 struct proc *p = l->l_proc; /* traced */ 758 struct vmspace *vm; 759 int error; 760 761 size_t len; 762 #ifdef PMAP_NEED_PROCWR 763 vaddr_t addr; 764 #endif 765 766 len = uio->uio_resid; 767 768 if (len == 0) 769 return (0); 770 771 #ifdef PMAP_NEED_PROCWR 772 addr = uio->uio_offset; 773 #endif 774 775 if ((error = process_checkioperm(curl, p)) != 0) 776 return (error); 777 778 vm = p->p_vmspace; 779 780 simple_lock(&vm->vm_map.ref_lock); 781 if ((p->p_flag & P_WEXIT) || vm->vm_refcnt < 1) 782 error = EFAULT; 783 if (error == 0) 784 p->p_vmspace->vm_refcnt++; /* XXX */ 785 simple_unlock(&vm->vm_map.ref_lock); 786 if (error != 0) 787 return (error); 788 error = uvm_io(&vm->vm_map, uio); 789 uvmspace_free(vm); 790 791 #ifdef PMAP_NEED_PROCWR 792 if (error == 0 && uio->uio_rw == UIO_WRITE) 793 pmap_procwr(p, addr, len); 794 #endif 795 return (error); 796 } 797 #endif /* KTRACE || PTRACE || SYSTRACE */ 798 799 #if defined(KTRACE) || defined(PTRACE) 800 /* 801 * Ensure that a process has permission to perform I/O on another. 802 * Arguments: 803 * p The process wishing to do the I/O (the tracer). 804 * t The process who's memory/registers will be read/written. 805 */ 806 int 807 process_checkioperm(struct lwp *l, struct proc *t) 808 { 809 int error; 810 811 /* 812 * You cannot attach to a processes mem/regs if: 813 * 814 * (1) It is currently exec'ing 815 */ 816 if (ISSET(t->p_flag, P_INEXEC)) 817 return (EAGAIN); 818 819 /* 820 * (2) it's not owned by you, or is set-id on exec 821 * (unless you're root), or... 822 */ 823 if ((kauth_cred_getuid(t->p_cred) != kauth_cred_getuid(l->l_cred) || 824 ISSET(t->p_flag, P_SUGID)) && 825 (error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, 826 &l->l_acflag)) != 0) 827 return (error); 828 829 /* 830 * (3) ...it's init, which controls the security level 831 * of the entire system, and the system was not 832 * compiled with permanetly insecure mode turned on. 833 */ 834 if (t == initproc && securelevel > -1) 835 return (EPERM); 836 837 /* 838 * (4) the tracer is chrooted, and its root directory is 839 * not at or above the root directory of the tracee 840 */ 841 if (!proc_isunder(t, l)) 842 return (EPERM); 843 844 return (0); 845 } 846 847 void 848 process_stoptrace(struct lwp *l) 849 { 850 int s; 851 struct proc *p = l->l_proc; 852 853 if (p->p_pptr->p_pid == 1) { 854 CLR(p->p_flag, P_SYSCALL); 855 return; 856 } 857 858 p->p_xstat = SIGTRAP; 859 child_psignal(p); 860 861 SCHED_LOCK(s); 862 863 proc_stop(p, 1); 864 865 mi_switch(l, NULL); 866 SCHED_ASSERT_UNLOCKED(); 867 868 splx(s); 869 } 870 #endif /* KTRACE || PTRACE */ 871