1 /* $NetBSD: sys_process.c,v 1.166 2015/07/02 03:47:54 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Andrew Doran. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1989, 1993 34 * The Regents of the University of California. All rights reserved. 35 * (c) UNIX System Laboratories, Inc. 36 * All or some portions of this file are derived from material licensed 37 * to the University of California by American Telephone and Telegraph 38 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 39 * the permission of UNIX System Laboratories, Inc. 40 * 41 * This code is derived from software contributed to Berkeley by 42 * Jan-Simon Pendry. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 3. Neither the name of the University nor the names of its contributors 53 * may be used to endorse or promote products derived from this software 54 * without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 * 68 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 69 */ 70 71 /*- 72 * Copyright (c) 1993 Jan-Simon Pendry. 73 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 74 * 75 * This code is derived from software contributed to Berkeley by 76 * Jan-Simon Pendry. 77 * 78 * Redistribution and use in source and binary forms, with or without 79 * modification, are permitted provided that the following conditions 80 * are met: 81 * 1. Redistributions of source code must retain the above copyright 82 * notice, this list of conditions and the following disclaimer. 83 * 2. Redistributions in binary form must reproduce the above copyright 84 * notice, this list of conditions and the following disclaimer in the 85 * documentation and/or other materials provided with the distribution. 86 * 3. All advertising materials mentioning features or use of this software 87 * must display the following acknowledgement: 88 * This product includes software developed by the University of 89 * California, Berkeley and its contributors. 90 * 4. Neither the name of the University nor the names of its contributors 91 * may be used to endorse or promote products derived from this software 92 * without specific prior written permission. 93 * 94 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 97 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 98 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 99 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 100 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 101 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 104 * SUCH DAMAGE. 105 * 106 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 107 */ 108 109 /* 110 * References: 111 * (1) Bach's "The Design of the UNIX Operating System", 112 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 113 * (3) the "4.4BSD Programmer's Reference Manual" published 114 * by USENIX and O'Reilly & Associates. 115 * The 4.4BSD PRM does a reasonably good job of documenting what the various 116 * ptrace() requests should actually do, and its text is quoted several times 117 * in this file. 118 */ 119 120 #include <sys/cdefs.h> 121 __KERNEL_RCSID(0, "$NetBSD: sys_process.c,v 1.166 2015/07/02 03:47:54 christos Exp $"); 122 123 #include "opt_ptrace.h" 124 #include "opt_ktrace.h" 125 126 #include <sys/param.h> 127 #include <sys/systm.h> 128 #include <sys/proc.h> 129 #include <sys/errno.h> 130 #include <sys/exec.h> 131 #include <sys/ptrace.h> 132 #include <sys/uio.h> 133 #include <sys/ras.h> 134 #include <sys/kmem.h> 135 #include <sys/kauth.h> 136 #include <sys/mount.h> 137 #include <sys/syscallargs.h> 138 139 #include <uvm/uvm_extern.h> 140 141 #include <machine/reg.h> 142 143 #ifdef PTRACE 144 145 # ifdef DEBUG 146 # define DPRINTF(a) uprintf a 147 # else 148 # define DPRINTF(a) 149 # endif 150 151 static kauth_listener_t ptrace_listener; 152 #ifdef PTRACE 153 static int process_auxv_offset(struct proc *, struct uio *); 154 #endif 155 156 static int 157 ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 158 void *arg0, void *arg1, void *arg2, void *arg3) 159 { 160 struct proc *p; 161 int result; 162 163 result = KAUTH_RESULT_DEFER; 164 p = arg0; 165 166 if (action != KAUTH_PROCESS_PTRACE) 167 return result; 168 169 switch ((u_long)arg1) { 170 case PT_TRACE_ME: 171 case PT_ATTACH: 172 case PT_WRITE_I: 173 case PT_WRITE_D: 174 case PT_READ_I: 175 case PT_READ_D: 176 case PT_IO: 177 #ifdef PT_GETREGS 178 case PT_GETREGS: 179 #endif 180 #ifdef PT_SETREGS 181 case PT_SETREGS: 182 #endif 183 #ifdef PT_GETFPREGS 184 case PT_GETFPREGS: 185 #endif 186 #ifdef PT_SETFPREGS 187 case PT_SETFPREGS: 188 #endif 189 case PT_SET_EVENT_MASK: 190 case PT_GET_EVENT_MASK: 191 case PT_GET_PROCESS_STATE: 192 #ifdef __HAVE_PTRACE_MACHDEP 193 PTRACE_MACHDEP_REQUEST_CASES 194 #endif 195 if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) || 196 ISSET(p->p_flag, PK_SUGID)) { 197 break; 198 } 199 200 result = KAUTH_RESULT_ALLOW; 201 202 break; 203 204 #ifdef PT_STEP 205 case PT_STEP: 206 #endif 207 case PT_CONTINUE: 208 case PT_KILL: 209 case PT_DETACH: 210 case PT_LWPINFO: 211 case PT_SYSCALL: 212 case PT_SYSCALLEMU: 213 case PT_DUMPCORE: 214 result = KAUTH_RESULT_ALLOW; 215 break; 216 217 default: 218 break; 219 } 220 221 return result; 222 } 223 224 void 225 ptrace_init(void) 226 { 227 228 ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 229 ptrace_listener_cb, NULL); 230 } 231 232 /* 233 * Process debugging system call. 234 */ 235 int 236 sys_ptrace(struct lwp *l, const struct sys_ptrace_args *uap, register_t *retval) 237 { 238 /* { 239 syscallarg(int) req; 240 syscallarg(pid_t) pid; 241 syscallarg(void *) addr; 242 syscallarg(int) data; 243 } */ 244 struct proc *p = l->l_proc; 245 struct lwp *lt; 246 #ifdef PT_STEP 247 struct lwp *lt2; 248 #endif 249 struct proc *t; /* target process */ 250 struct uio uio; 251 struct iovec iov; 252 struct ptrace_io_desc piod; 253 struct ptrace_event pe; 254 struct ptrace_state ps; 255 struct ptrace_lwpinfo pl; 256 struct vmspace *vm; 257 int error, write, tmp, req, pheld; 258 int signo = 0; 259 int resume_all; 260 ksiginfo_t ksi; 261 char *path; 262 int len = 0; 263 264 error = 0; 265 req = SCARG(uap, req); 266 267 /* 268 * If attaching or detaching, we need to get a write hold on the 269 * proclist lock so that we can re-parent the target process. 270 */ 271 mutex_enter(proc_lock); 272 273 /* "A foolish consistency..." XXX */ 274 if (req == PT_TRACE_ME) { 275 t = p; 276 mutex_enter(t->p_lock); 277 } else { 278 /* Find the process we're supposed to be operating on. */ 279 t = proc_find(SCARG(uap, pid)); 280 if (t == NULL) { 281 mutex_exit(proc_lock); 282 return (ESRCH); 283 } 284 285 /* XXX-elad */ 286 mutex_enter(t->p_lock); 287 error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, 288 t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 289 if (error) { 290 mutex_exit(proc_lock); 291 mutex_exit(t->p_lock); 292 return (ESRCH); 293 } 294 } 295 296 /* 297 * Grab a reference on the process to prevent it from execing or 298 * exiting. 299 */ 300 if (!rw_tryenter(&t->p_reflock, RW_READER)) { 301 mutex_exit(proc_lock); 302 mutex_exit(t->p_lock); 303 return EBUSY; 304 } 305 306 /* Make sure we can operate on it. */ 307 switch (req) { 308 case PT_TRACE_ME: 309 /* Saying that you're being traced is always legal. */ 310 break; 311 312 case PT_ATTACH: 313 /* 314 * You can't attach to a process if: 315 * (1) it's the process that's doing the attaching, 316 */ 317 if (t->p_pid == p->p_pid) { 318 error = EINVAL; 319 break; 320 } 321 322 /* 323 * (2) it's a system process 324 */ 325 if (t->p_flag & PK_SYSTEM) { 326 error = EPERM; 327 break; 328 } 329 330 /* 331 * (3) it's already being traced, or 332 */ 333 if (ISSET(t->p_slflag, PSL_TRACED)) { 334 error = EBUSY; 335 break; 336 } 337 338 /* 339 * (4) the tracer is chrooted, and its root directory is 340 * not at or above the root directory of the tracee 341 */ 342 mutex_exit(t->p_lock); /* XXXSMP */ 343 tmp = proc_isunder(t, l); 344 mutex_enter(t->p_lock); /* XXXSMP */ 345 if (!tmp) { 346 error = EPERM; 347 break; 348 } 349 break; 350 351 case PT_READ_I: 352 case PT_READ_D: 353 case PT_WRITE_I: 354 case PT_WRITE_D: 355 case PT_IO: 356 #ifdef PT_GETREGS 357 case PT_GETREGS: 358 #endif 359 #ifdef PT_SETREGS 360 case PT_SETREGS: 361 #endif 362 #ifdef PT_GETFPREGS 363 case PT_GETFPREGS: 364 #endif 365 #ifdef PT_SETFPREGS 366 case PT_SETFPREGS: 367 #endif 368 #ifdef __HAVE_PTRACE_MACHDEP 369 PTRACE_MACHDEP_REQUEST_CASES 370 #endif 371 /* 372 * You can't read/write the memory or registers of a process 373 * if the tracer is chrooted, and its root directory is not at 374 * or above the root directory of the tracee. 375 */ 376 mutex_exit(t->p_lock); /* XXXSMP */ 377 tmp = proc_isunder(t, l); 378 mutex_enter(t->p_lock); /* XXXSMP */ 379 if (!tmp) { 380 error = EPERM; 381 break; 382 } 383 /*FALLTHROUGH*/ 384 385 case PT_CONTINUE: 386 case PT_KILL: 387 case PT_DETACH: 388 case PT_LWPINFO: 389 case PT_SYSCALL: 390 case PT_SYSCALLEMU: 391 case PT_DUMPCORE: 392 #ifdef PT_STEP 393 case PT_STEP: 394 #endif 395 case PT_SET_EVENT_MASK: 396 case PT_GET_EVENT_MASK: 397 case PT_GET_PROCESS_STATE: 398 /* 399 * You can't do what you want to the process if: 400 * (1) It's not being traced at all, 401 */ 402 if (!ISSET(t->p_slflag, PSL_TRACED)) { 403 error = EPERM; 404 break; 405 } 406 407 /* 408 * (2) it's being traced by procfs (which has 409 * different signal delivery semantics), 410 */ 411 if (ISSET(t->p_slflag, PSL_FSTRACE)) { 412 DPRINTF(("file system traced\n")); 413 error = EBUSY; 414 break; 415 } 416 417 /* 418 * (3) it's not being traced by _you_, or 419 */ 420 if (t->p_pptr != p) { 421 DPRINTF(("parent %d != %d\n", t->p_pptr->p_pid, 422 p->p_pid)); 423 error = EBUSY; 424 break; 425 } 426 427 /* 428 * (4) it's not currently stopped. 429 */ 430 if (t->p_stat != SSTOP || !t->p_waited /* XXXSMP */) { 431 DPRINTF(("stat %d flag %d\n", t->p_stat, 432 !t->p_waited)); 433 error = EBUSY; 434 break; 435 } 436 break; 437 438 default: /* It was not a legal request. */ 439 error = EINVAL; 440 break; 441 } 442 443 if (error == 0) { 444 error = kauth_authorize_process(l->l_cred, 445 KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req), 446 NULL, NULL); 447 } 448 if (error == 0) { 449 lt = lwp_find_first(t); 450 if (lt == NULL) 451 error = ESRCH; 452 } 453 454 if (error != 0) { 455 mutex_exit(proc_lock); 456 mutex_exit(t->p_lock); 457 rw_exit(&t->p_reflock); 458 return error; 459 } 460 461 /* Do single-step fixup if needed. */ 462 FIX_SSTEP(t); 463 KASSERT(lt != NULL); 464 lwp_addref(lt); 465 466 /* 467 * Which locks do we need held? XXX Ugly. 468 */ 469 switch (req) { 470 #ifdef PT_STEP 471 case PT_STEP: 472 #endif 473 case PT_CONTINUE: 474 case PT_DETACH: 475 case PT_KILL: 476 case PT_SYSCALL: 477 case PT_SYSCALLEMU: 478 case PT_ATTACH: 479 case PT_TRACE_ME: 480 pheld = 1; 481 break; 482 default: 483 mutex_exit(proc_lock); 484 mutex_exit(t->p_lock); 485 pheld = 0; 486 break; 487 } 488 489 /* Now do the operation. */ 490 write = 0; 491 *retval = 0; 492 tmp = 0; 493 resume_all = 1; 494 495 switch (req) { 496 case PT_TRACE_ME: 497 /* Just set the trace flag. */ 498 SET(t->p_slflag, PSL_TRACED); 499 t->p_opptr = t->p_pptr; 500 break; 501 502 case PT_WRITE_I: /* XXX no separate I and D spaces */ 503 case PT_WRITE_D: 504 #if defined(__HAVE_RAS) 505 /* 506 * Can't write to a RAS 507 */ 508 if (ras_lookup(t, SCARG(uap, addr)) != (void *)-1) { 509 error = EACCES; 510 break; 511 } 512 #endif 513 write = 1; 514 tmp = SCARG(uap, data); 515 /* FALLTHROUGH */ 516 517 case PT_READ_I: /* XXX no separate I and D spaces */ 518 case PT_READ_D: 519 /* write = 0 done above. */ 520 iov.iov_base = (void *)&tmp; 521 iov.iov_len = sizeof(tmp); 522 uio.uio_iov = &iov; 523 uio.uio_iovcnt = 1; 524 uio.uio_offset = (off_t)(unsigned long)SCARG(uap, addr); 525 uio.uio_resid = sizeof(tmp); 526 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 527 UIO_SETUP_SYSSPACE(&uio); 528 529 error = process_domem(l, lt, &uio); 530 if (!write) 531 *retval = tmp; 532 break; 533 534 case PT_IO: 535 error = copyin(SCARG(uap, addr), &piod, sizeof(piod)); 536 if (error) 537 break; 538 539 iov.iov_base = piod.piod_addr; 540 iov.iov_len = piod.piod_len; 541 uio.uio_iov = &iov; 542 uio.uio_iovcnt = 1; 543 uio.uio_offset = (off_t)(unsigned long)piod.piod_offs; 544 uio.uio_resid = piod.piod_len; 545 546 switch (piod.piod_op) { 547 case PIOD_READ_D: 548 case PIOD_READ_I: 549 uio.uio_rw = UIO_READ; 550 break; 551 case PIOD_WRITE_D: 552 case PIOD_WRITE_I: 553 /* 554 * Can't write to a RAS 555 */ 556 if (ras_lookup(t, SCARG(uap, addr)) != (void *)-1) { 557 return (EACCES); 558 } 559 uio.uio_rw = UIO_WRITE; 560 break; 561 case PIOD_READ_AUXV: 562 req = PT_READ_D; 563 uio.uio_rw = UIO_READ; 564 tmp = t->p_execsw->es_arglen * sizeof(char *); 565 if (uio.uio_offset > tmp) 566 return EIO; 567 if (uio.uio_resid > tmp - uio.uio_offset) 568 uio.uio_resid = tmp - uio.uio_offset; 569 piod.piod_len = iov.iov_len = uio.uio_resid; 570 error = process_auxv_offset(t, &uio); 571 if (error) 572 return error; 573 break; 574 default: 575 error = EINVAL; 576 break; 577 } 578 if (error) 579 break; 580 error = proc_vmspace_getref(l->l_proc, &vm); 581 if (error) 582 break; 583 uio.uio_vmspace = vm; 584 585 error = process_domem(l, lt, &uio); 586 piod.piod_len -= uio.uio_resid; 587 (void) copyout(&piod, SCARG(uap, addr), sizeof(piod)); 588 uvmspace_free(vm); 589 break; 590 591 case PT_DUMPCORE: 592 if ((path = SCARG(uap, addr)) != NULL) { 593 char *dst; 594 len = SCARG(uap, data); 595 596 if (len < 0 || len >= MAXPATHLEN) { 597 error = EINVAL; 598 break; 599 } 600 dst = kmem_alloc(len + 1, KM_SLEEP); 601 if ((error = copyin(path, dst, len)) != 0) { 602 kmem_free(dst, len + 1); 603 break; 604 } 605 path = dst; 606 path[len] = '\0'; 607 } 608 error = (*coredump_vec)(lt, path); 609 if (path) 610 kmem_free(path, len + 1); 611 break; 612 613 #ifdef PT_STEP 614 case PT_STEP: 615 /* 616 * From the 4.4BSD PRM: 617 * "Execution continues as in request PT_CONTINUE; however 618 * as soon as possible after execution of at least one 619 * instruction, execution stops again. [ ... ]" 620 */ 621 #endif 622 case PT_CONTINUE: 623 case PT_SYSCALL: 624 case PT_DETACH: 625 if (req == PT_SYSCALL) { 626 if (!ISSET(t->p_slflag, PSL_SYSCALL)) { 627 SET(t->p_slflag, PSL_SYSCALL); 628 #ifdef __HAVE_SYSCALL_INTERN 629 (*t->p_emul->e_syscall_intern)(t); 630 #endif 631 } 632 } else { 633 if (ISSET(t->p_slflag, PSL_SYSCALL)) { 634 CLR(t->p_slflag, PSL_SYSCALL); 635 #ifdef __HAVE_SYSCALL_INTERN 636 (*t->p_emul->e_syscall_intern)(t); 637 #endif 638 } 639 } 640 t->p_trace_enabled = trace_is_enabled(t); 641 642 /* 643 * Pick up the LWPID, if supplied. There are two cases: 644 * data < 0 : step or continue single thread, lwp = -data 645 * data > 0 in PT_STEP : step this thread, continue others 646 * For operations other than PT_STEP, data > 0 means 647 * data is the signo to deliver to the process. 648 */ 649 tmp = SCARG(uap, data); 650 if (tmp >= 0) { 651 #ifdef PT_STEP 652 if (req == PT_STEP) 653 signo = 0; 654 else 655 #endif 656 { 657 signo = tmp; 658 tmp = 0; /* don't search for LWP */ 659 } 660 } 661 else 662 tmp = -tmp; 663 664 if (tmp > 0) { 665 if (req == PT_DETACH) { 666 error = EINVAL; 667 break; 668 } 669 lwp_delref2 (lt); 670 lt = lwp_find(t, tmp); 671 if (lt == NULL) { 672 error = ESRCH; 673 break; 674 } 675 lwp_addref(lt); 676 resume_all = 0; 677 signo = 0; 678 } 679 680 /* 681 * From the 4.4BSD PRM: 682 * "The data argument is taken as a signal number and the 683 * child's execution continues at location addr as if it 684 * incurred that signal. Normally the signal number will 685 * be either 0 to indicate that the signal that caused the 686 * stop should be ignored, or that value fetched out of 687 * the process's image indicating which signal caused 688 * the stop. If addr is (int *)1 then execution continues 689 * from where it stopped." 690 */ 691 692 /* Check that the data is a valid signal number or zero. */ 693 if (signo < 0 || signo >= NSIG) { 694 error = EINVAL; 695 break; 696 } 697 698 /* If the address parameter is not (int *)1, set the pc. */ 699 if ((int *)SCARG(uap, addr) != (int *)1) { 700 error = process_set_pc(lt, SCARG(uap, addr)); 701 if (error != 0) 702 break; 703 } 704 #ifdef PT_STEP 705 /* 706 * Arrange for a single-step, if that's requested and possible. 707 * More precisely, set the single step status as requested for 708 * the requested thread, and clear it for other threads. 709 */ 710 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 711 if (lt != lt2) 712 { 713 lwp_lock(lt2); 714 process_sstep(lt2, 0); 715 lwp_unlock(lt2); 716 } 717 } 718 error = process_sstep(lt, req == PT_STEP); 719 if (error) 720 break; 721 #endif 722 if (req == PT_DETACH) { 723 CLR(t->p_slflag, PSL_TRACED|PSL_FSTRACE|PSL_SYSCALL); 724 725 /* give process back to original parent or init */ 726 if (t->p_opptr != t->p_pptr) { 727 struct proc *pp = t->p_opptr; 728 proc_reparent(t, pp ? pp : initproc); 729 } 730 731 /* not being traced any more */ 732 t->p_opptr = NULL; 733 } 734 sendsig: 735 t->p_fpid = 0; 736 /* Finally, deliver the requested signal (or none). */ 737 if (t->p_stat == SSTOP) { 738 /* 739 * Unstop the process. If it needs to take a 740 * signal, make all efforts to ensure that at 741 * an LWP runs to see it. 742 */ 743 t->p_xstat = signo; 744 if (resume_all) 745 proc_unstop(t); 746 else 747 lwp_unstop(lt); 748 } else if (signo != 0) { 749 KSI_INIT_EMPTY(&ksi); 750 ksi.ksi_signo = signo; 751 kpsignal2(t, &ksi); 752 } 753 break; 754 755 case PT_SYSCALLEMU: 756 if (!ISSET(t->p_slflag, PSL_SYSCALL) || t->p_stat != SSTOP) { 757 error = EINVAL; 758 break; 759 } 760 SET(t->p_slflag, PSL_SYSCALLEMU); 761 break; 762 763 case PT_KILL: 764 /* just send the process a KILL signal. */ 765 signo = SIGKILL; 766 goto sendsig; /* in PT_CONTINUE, above. */ 767 768 case PT_ATTACH: 769 /* 770 * Go ahead and set the trace flag. 771 * Save the old parent (it's reset in 772 * _DETACH, and also in kern_exit.c:wait4() 773 * Reparent the process so that the tracing 774 * proc gets to see all the action. 775 * Stop the target. 776 */ 777 t->p_opptr = t->p_pptr; 778 if (t->p_pptr != p) { 779 struct proc *parent = t->p_pptr; 780 781 if (parent->p_lock < t->p_lock) { 782 if (!mutex_tryenter(parent->p_lock)) { 783 mutex_exit(t->p_lock); 784 mutex_enter(parent->p_lock); 785 } 786 } else if (parent->p_lock > t->p_lock) { 787 mutex_enter(parent->p_lock); 788 } 789 parent->p_slflag |= PSL_CHTRACED; 790 proc_reparent(t, p); 791 if (parent->p_lock != t->p_lock) 792 mutex_exit(parent->p_lock); 793 } 794 SET(t->p_slflag, PSL_TRACED); 795 signo = SIGSTOP; 796 goto sendsig; 797 798 case PT_GET_EVENT_MASK: 799 if (SCARG(uap, data) != sizeof(pe)) { 800 DPRINTF(("ptrace(%d): %d != %zu\n", req, 801 SCARG(uap, data), sizeof(pe))); 802 error = EINVAL; 803 break; 804 } 805 memset(&pe, 0, sizeof(pe)); 806 pe.pe_set_event = ISSET(t->p_slflag, PSL_TRACEFORK) ? 807 PTRACE_FORK : 0; 808 error = copyout(&pe, SCARG(uap, addr), sizeof(pe)); 809 break; 810 811 case PT_SET_EVENT_MASK: 812 if (SCARG(uap, data) != sizeof(pe)) { 813 DPRINTF(("ptrace(%d): %d != %zu\n", req, 814 SCARG(uap, data), sizeof(pe))); 815 error = EINVAL; 816 break; 817 } 818 if ((error = copyin(SCARG(uap, addr), &pe, sizeof(pe))) != 0) 819 return error; 820 if (pe.pe_set_event & PTRACE_FORK) 821 SET(t->p_slflag, PSL_TRACEFORK); 822 else 823 CLR(t->p_slflag, PSL_TRACEFORK); 824 break; 825 826 case PT_GET_PROCESS_STATE: 827 if (SCARG(uap, data) != sizeof(ps)) { 828 DPRINTF(("ptrace(%d): %d != %zu\n", req, 829 SCARG(uap, data), sizeof(ps))); 830 error = EINVAL; 831 break; 832 } 833 memset(&ps, 0, sizeof(ps)); 834 if (t->p_fpid) { 835 ps.pe_report_event = PTRACE_FORK; 836 ps.pe_other_pid = t->p_fpid; 837 } 838 error = copyout(&ps, SCARG(uap, addr), sizeof(ps)); 839 break; 840 841 case PT_LWPINFO: 842 if (SCARG(uap, data) != sizeof(pl)) { 843 DPRINTF(("ptrace(%d): %d != %zu\n", req, 844 SCARG(uap, data), sizeof(pl))); 845 error = EINVAL; 846 break; 847 } 848 error = copyin(SCARG(uap, addr), &pl, sizeof(pl)); 849 if (error) 850 break; 851 tmp = pl.pl_lwpid; 852 lwp_delref(lt); 853 mutex_enter(t->p_lock); 854 if (tmp == 0) 855 lt = lwp_find_first(t); 856 else { 857 lt = lwp_find(t, tmp); 858 if (lt == NULL) { 859 mutex_exit(t->p_lock); 860 error = ESRCH; 861 break; 862 } 863 lt = LIST_NEXT(lt, l_sibling); 864 } 865 while (lt != NULL && !lwp_alive(lt)) 866 lt = LIST_NEXT(lt, l_sibling); 867 pl.pl_lwpid = 0; 868 pl.pl_event = 0; 869 if (lt) { 870 lwp_addref(lt); 871 pl.pl_lwpid = lt->l_lid; 872 if (lt->l_lid == t->p_sigctx.ps_lwp) 873 pl.pl_event = PL_EVENT_SIGNAL; 874 } 875 mutex_exit(t->p_lock); 876 877 error = copyout(&pl, SCARG(uap, addr), sizeof(pl)); 878 break; 879 880 #ifdef PT_SETREGS 881 case PT_SETREGS: 882 write = 1; 883 #endif 884 #ifdef PT_GETREGS 885 case PT_GETREGS: 886 /* write = 0 done above. */ 887 #endif 888 #if defined(PT_SETREGS) || defined(PT_GETREGS) 889 tmp = SCARG(uap, data); 890 if (tmp != 0 && t->p_nlwps > 1) { 891 lwp_delref(lt); 892 mutex_enter(t->p_lock); 893 lt = lwp_find(t, tmp); 894 if (lt == NULL) { 895 mutex_exit(t->p_lock); 896 error = ESRCH; 897 break; 898 } 899 lwp_addref(lt); 900 mutex_exit(t->p_lock); 901 } 902 if (!process_validregs(lt)) 903 error = EINVAL; 904 else { 905 error = proc_vmspace_getref(l->l_proc, &vm); 906 if (error) 907 break; 908 iov.iov_base = SCARG(uap, addr); 909 iov.iov_len = sizeof(struct reg); 910 uio.uio_iov = &iov; 911 uio.uio_iovcnt = 1; 912 uio.uio_offset = 0; 913 uio.uio_resid = sizeof(struct reg); 914 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 915 uio.uio_vmspace = vm; 916 917 error = process_doregs(l, lt, &uio); 918 uvmspace_free(vm); 919 } 920 break; 921 #endif 922 923 #ifdef PT_SETFPREGS 924 case PT_SETFPREGS: 925 write = 1; 926 #endif 927 #ifdef PT_GETFPREGS 928 case PT_GETFPREGS: 929 /* write = 0 done above. */ 930 #endif 931 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 932 tmp = SCARG(uap, data); 933 if (tmp != 0 && t->p_nlwps > 1) { 934 lwp_delref(lt); 935 mutex_enter(t->p_lock); 936 lt = lwp_find(t, tmp); 937 if (lt == NULL) { 938 mutex_exit(t->p_lock); 939 error = ESRCH; 940 break; 941 } 942 lwp_addref(lt); 943 mutex_exit(t->p_lock); 944 } 945 if (!process_validfpregs(lt)) 946 error = EINVAL; 947 else { 948 error = proc_vmspace_getref(l->l_proc, &vm); 949 if (error) 950 break; 951 iov.iov_base = SCARG(uap, addr); 952 iov.iov_len = sizeof(struct fpreg); 953 uio.uio_iov = &iov; 954 uio.uio_iovcnt = 1; 955 uio.uio_offset = 0; 956 uio.uio_resid = sizeof(struct fpreg); 957 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 958 uio.uio_vmspace = vm; 959 960 error = process_dofpregs(l, lt, &uio); 961 uvmspace_free(vm); 962 } 963 break; 964 #endif 965 966 #ifdef __HAVE_PTRACE_MACHDEP 967 PTRACE_MACHDEP_REQUEST_CASES 968 error = ptrace_machdep_dorequest(l, lt, 969 req, SCARG(uap, addr), SCARG(uap, data)); 970 break; 971 #endif 972 } 973 974 if (pheld) { 975 mutex_exit(t->p_lock); 976 mutex_exit(proc_lock); 977 } 978 if (lt != NULL) 979 lwp_delref(lt); 980 rw_exit(&t->p_reflock); 981 982 return error; 983 } 984 985 int 986 process_doregs(struct lwp *curl /*tracer*/, 987 struct lwp *l /*traced*/, 988 struct uio *uio) 989 { 990 #if defined(PT_GETREGS) || defined(PT_SETREGS) 991 int error; 992 struct reg r; 993 char *kv; 994 int kl; 995 996 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 997 return EINVAL; 998 999 kl = sizeof(r); 1000 kv = (char *)&r; 1001 1002 kv += uio->uio_offset; 1003 kl -= uio->uio_offset; 1004 if ((size_t)kl > uio->uio_resid) 1005 kl = uio->uio_resid; 1006 1007 error = process_read_regs(l, &r); 1008 if (error == 0) 1009 error = uiomove(kv, kl, uio); 1010 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1011 if (l->l_stat != LSSTOP) 1012 error = EBUSY; 1013 else 1014 error = process_write_regs(l, &r); 1015 } 1016 1017 uio->uio_offset = 0; 1018 return (error); 1019 #else 1020 return (EINVAL); 1021 #endif 1022 } 1023 1024 int 1025 process_validregs(struct lwp *l) 1026 { 1027 1028 #if defined(PT_SETREGS) || defined(PT_GETREGS) 1029 return ((l->l_flag & LW_SYSTEM) == 0); 1030 #else 1031 return (0); 1032 #endif 1033 } 1034 1035 int 1036 process_dofpregs(struct lwp *curl /*tracer*/, 1037 struct lwp *l /*traced*/, 1038 struct uio *uio) 1039 { 1040 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 1041 int error; 1042 struct fpreg r; 1043 char *kv; 1044 size_t kl; 1045 1046 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 1047 return EINVAL; 1048 1049 kl = sizeof(r); 1050 kv = (char *)&r; 1051 1052 kv += uio->uio_offset; 1053 kl -= uio->uio_offset; 1054 if (kl > uio->uio_resid) 1055 kl = uio->uio_resid; 1056 1057 error = process_read_fpregs(l, &r, &kl); 1058 if (error == 0) 1059 error = uiomove(kv, kl, uio); 1060 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1061 if (l->l_stat != LSSTOP) 1062 error = EBUSY; 1063 else 1064 error = process_write_fpregs(l, &r, kl); 1065 } 1066 uio->uio_offset = 0; 1067 return (error); 1068 #else 1069 return (EINVAL); 1070 #endif 1071 } 1072 1073 int 1074 process_validfpregs(struct lwp *l) 1075 { 1076 1077 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 1078 return ((l->l_flag & LW_SYSTEM) == 0); 1079 #else 1080 return (0); 1081 #endif 1082 } 1083 #endif /* PTRACE */ 1084 1085 #if defined(KTRACE) || defined(PTRACE) 1086 int 1087 process_domem(struct lwp *curl /*tracer*/, 1088 struct lwp *l /*traced*/, 1089 struct uio *uio) 1090 { 1091 struct proc *p = l->l_proc; /* traced */ 1092 struct vmspace *vm; 1093 int error; 1094 1095 size_t len; 1096 #ifdef PMAP_NEED_PROCWR 1097 vaddr_t addr; 1098 #endif 1099 1100 error = 0; 1101 len = uio->uio_resid; 1102 1103 if (len == 0) 1104 return (0); 1105 1106 #ifdef PMAP_NEED_PROCWR 1107 addr = uio->uio_offset; 1108 #endif 1109 1110 vm = p->p_vmspace; 1111 1112 mutex_enter(&vm->vm_map.misc_lock); 1113 if ((l->l_flag & LW_WEXIT) || vm->vm_refcnt < 1) 1114 error = EFAULT; 1115 if (error == 0) 1116 p->p_vmspace->vm_refcnt++; /* XXX */ 1117 mutex_exit(&vm->vm_map.misc_lock); 1118 if (error != 0) 1119 return (error); 1120 error = uvm_io(&vm->vm_map, uio); 1121 uvmspace_free(vm); 1122 1123 #ifdef PMAP_NEED_PROCWR 1124 if (error == 0 && uio->uio_rw == UIO_WRITE) 1125 pmap_procwr(p, addr, len); 1126 #endif 1127 return (error); 1128 } 1129 #endif /* KTRACE || PTRACE */ 1130 1131 #if defined(KTRACE) || defined(PTRACE) 1132 void 1133 process_stoptrace(void) 1134 { 1135 struct lwp *l = curlwp; 1136 struct proc *p = l->l_proc, *pp; 1137 1138 mutex_enter(proc_lock); 1139 mutex_enter(p->p_lock); 1140 pp = p->p_pptr; 1141 if (pp->p_pid == 1) { 1142 CLR(p->p_slflag, PSL_SYSCALL); /* XXXSMP */ 1143 mutex_exit(p->p_lock); 1144 mutex_exit(proc_lock); 1145 return; 1146 } 1147 1148 p->p_xstat = SIGTRAP; 1149 proc_stop(p, 1, SIGSTOP); 1150 mutex_exit(proc_lock); 1151 1152 if (sigispending(l, 0)) { 1153 lwp_lock(l); 1154 l->l_flag |= LW_PENDSIG; 1155 lwp_unlock(l); 1156 } 1157 mutex_exit(p->p_lock); 1158 } 1159 #endif /* KTRACE || PTRACE */ 1160 1161 #ifdef PTRACE 1162 static int 1163 process_auxv_offset(struct proc *p, struct uio *uio) 1164 { 1165 struct ps_strings pss; 1166 int error; 1167 off_t off = (off_t)p->p_psstrp; 1168 1169 if ((error = copyin_psstrings(p, &pss)) != 0) 1170 return error; 1171 1172 if (pss.ps_envstr == NULL) 1173 return EIO; 1174 1175 uio->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + pss.ps_nenvstr + 1); 1176 #ifdef __MACHINE_STACK_GROWS_UP 1177 if (uio->uio_offset < off) 1178 return EIO; 1179 #else 1180 if (uio->uio_offset > off) 1181 return EIO; 1182 if ((uio->uio_offset + uio->uio_resid) > off) 1183 uio->uio_resid = off - uio->uio_offset; 1184 #endif 1185 return 0; 1186 } 1187 #endif 1188