xref: /netbsd-src/sys/kern/sys_process.c (revision c4a72b64362cdaf56b20ef58a2b9eb3d98492c47) 
1 /*	$NetBSD: sys_process.c,v 1.77 2002/08/28 07:27:14 gmcgarry Exp $	*/
2 
3 /*-
4  * Copyright (c) 1993 Jan-Simon Pendry.
5  * Copyright (c) 1994 Christopher G. Demetriou.  All rights reserved.
6  * Copyright (c) 1982, 1986, 1989, 1993
7  *	The Regents of the University of California.  All rights reserved.
8  * (c) UNIX System Laboratories, Inc.
9  * All or some portions of this file are derived from material licensed
10  * to the University of California by American Telephone and Telegraph
11  * Co. or Unix System Laboratories, Inc. and are reproduced herein with
12  * the permission of UNIX System Laboratories, Inc.
13  *
14  * This code is derived from software contributed to Berkeley by
15  * Jan-Simon Pendry.
16  *
17  * Redistribution and use in source and binary forms, with or without
18  * modification, are permitted provided that the following conditions
19  * are met:
20  * 1. Redistributions of source code must retain the above copyright
21  *    notice, this list of conditions and the following disclaimer.
22  * 2. Redistributions in binary form must reproduce the above copyright
23  *    notice, this list of conditions and the following disclaimer in the
24  *    documentation and/or other materials provided with the distribution.
25  * 3. All advertising materials mentioning features or use of this software
26  *    must display the following acknowledgement:
27  *	This product includes software developed by the University of
28  *	California, Berkeley and its contributors.
29  * 4. Neither the name of the University nor the names of its contributors
30  *    may be used to endorse or promote products derived from this software
31  *    without specific prior written permission.
32  *
33  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
34  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
35  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
36  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
37  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
38  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
39  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
40  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
41  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
42  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43  * SUCH DAMAGE.
44  *
45  *	from: @(#)sys_process.c	8.1 (Berkeley) 6/10/93
46  */
47 
48 /*
49  * References:
50  *	(1) Bach's "The Design of the UNIX Operating System",
51  *	(2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution,
52  *	(3) the "4.4BSD Programmer's Reference Manual" published
53  *		by USENIX and O'Reilly & Associates.
54  * The 4.4BSD PRM does a reasonably good job of documenting what the various
55  * ptrace() requests should actually do, and its text is quoted several times
56  * in this file.
57  */
58 
59 #include <sys/cdefs.h>
60 __KERNEL_RCSID(0, "$NetBSD: sys_process.c,v 1.77 2002/08/28 07:27:14 gmcgarry Exp $");
61 
62 #include <sys/param.h>
63 #include <sys/systm.h>
64 #include <sys/proc.h>
65 #include <sys/errno.h>
66 #include <sys/ptrace.h>
67 #include <sys/uio.h>
68 #include <sys/user.h>
69 #include <sys/ras.h>
70 
71 #include <sys/mount.h>
72 #include <sys/syscallargs.h>
73 
74 #include <uvm/uvm_extern.h>
75 
76 #include <machine/reg.h>
77 
78 /* Macros to clear/set/test flags. */
79 #define	SET(t, f)	(t) |= (f)
80 #define	CLR(t, f)	(t) &= ~(f)
81 #define	ISSET(t, f)	((t) & (f))
82 
83 /*
84  * Process debugging system call.
85  */
86 int
87 sys_ptrace(p, v, retval)
88 	struct proc *p;
89 	void *v;
90 	register_t *retval;
91 {
92 	struct sys_ptrace_args /* {
93 		syscallarg(int) req;
94 		syscallarg(pid_t) pid;
95 		syscallarg(caddr_t) addr;
96 		syscallarg(int) data;
97 	} */ *uap = v;
98 	struct proc *t;				/* target process */
99 	struct uio uio;
100 	struct iovec iov;
101 	struct ptrace_io_desc piod;
102 	int s, error, write, tmp;
103 
104 	/* "A foolish consistency..." XXX */
105 	if (SCARG(uap, req) == PT_TRACE_ME)
106 		t = p;
107 	else {
108 
109 		/* Find the process we're supposed to be operating on. */
110 		if ((t = pfind(SCARG(uap, pid))) == NULL)
111 			return (ESRCH);
112 	}
113 
114 	/* Can't trace a process that's currently exec'ing. */
115 	if ((t->p_flag & P_INEXEC) != 0)
116 		return EAGAIN;
117 
118 	/* Make sure we can operate on it. */
119 	switch (SCARG(uap, req)) {
120 	case  PT_TRACE_ME:
121 		/* Saying that you're being traced is always legal. */
122 		break;
123 
124 	case  PT_ATTACH:
125 		/*
126 		 * You can't attach to a process if:
127 		 *	(1) it's the process that's doing the attaching,
128 		 */
129 		if (t->p_pid == p->p_pid)
130 			return (EINVAL);
131 
132 		/*
133 		 *  (2) it's a system process
134 		 */
135 		if (t->p_flag & P_SYSTEM)
136 			return (EPERM);
137 
138 		/*
139 		 *	(3) it's already being traced, or
140 		 */
141 		if (ISSET(t->p_flag, P_TRACED))
142 			return (EBUSY);
143 
144 		/*
145 		 *	(4) it's not owned by you, or is set-id on exec
146 		 *	    (unless you're root), or...
147 		 */
148 		if ((t->p_cred->p_ruid != p->p_cred->p_ruid ||
149 			ISSET(t->p_flag, P_SUGID)) &&
150 		    (error = suser(p->p_ucred, &p->p_acflag)) != 0)
151 			return (error);
152 
153 		/*
154 		 *	(5) ...it's init, which controls the security level
155 		 *	    of the entire system, and the system was not
156 		 *	    compiled with permanently insecure mode turned on
157 		 */
158 		if (t == initproc && securelevel > -1)
159 			return (EPERM);
160 
161 		/*
162 		 * (6) the tracer is chrooted, and its root directory is
163 		 * not at or above the root directory of the tracee
164 		 */
165 
166 		if (!proc_isunder(t, p))
167 			return EPERM;
168 		break;
169 
170 	case  PT_READ_I:
171 	case  PT_READ_D:
172 	case  PT_WRITE_I:
173 	case  PT_WRITE_D:
174 	case  PT_CONTINUE:
175 	case  PT_IO:
176 	case  PT_KILL:
177 	case  PT_DETACH:
178 #ifdef PT_STEP
179 	case  PT_STEP:
180 #endif
181 #ifdef PT_GETREGS
182 	case  PT_GETREGS:
183 #endif
184 #ifdef PT_SETREGS
185 	case  PT_SETREGS:
186 #endif
187 #ifdef PT_GETFPREGS
188 	case  PT_GETFPREGS:
189 #endif
190 #ifdef PT_SETFPREGS
191 	case  PT_SETFPREGS:
192 #endif
193 
194 #ifdef __HAVE_PTRACE_MACHDEP
195 	PTRACE_MACHDEP_REQUEST_CASES
196 #endif
197 
198 		/*
199 		 * You can't do what you want to the process if:
200 		 *	(1) It's not being traced at all,
201 		 */
202 		if (!ISSET(t->p_flag, P_TRACED))
203 			return (EPERM);
204 
205 		/*
206 		 *	(2) it's being traced by procfs (which has
207 		 *	    different signal delivery semantics),
208 		 */
209 		if (ISSET(t->p_flag, P_FSTRACE))
210 			return (EBUSY);
211 
212 		/*
213 		 *	(3) it's not being traced by _you_, or
214 		 */
215 		if (t->p_pptr != p)
216 			return (EBUSY);
217 
218 		/*
219 		 *	(4) it's not currently stopped.
220 		 */
221 		if (t->p_stat != SSTOP || !ISSET(t->p_flag, P_WAITED))
222 			return (EBUSY);
223 		break;
224 
225 	default:			/* It was not a legal request. */
226 		return (EINVAL);
227 	}
228 
229 	/* Do single-step fixup if needed. */
230 	FIX_SSTEP(t);
231 
232 	/* Now do the operation. */
233 	write = 0;
234 	*retval = 0;
235 	tmp = 0;
236 
237 	switch (SCARG(uap, req)) {
238 	case  PT_TRACE_ME:
239 		/* Just set the trace flag. */
240 		SET(t->p_flag, P_TRACED);
241 		t->p_opptr = t->p_pptr;
242 		return (0);
243 
244 	case  PT_WRITE_I:		/* XXX no separate I and D spaces */
245 	case  PT_WRITE_D:
246 #if defined(__HAVE_RAS)
247 		/*
248 		 * Can't write to a RAS
249 		 */
250 		if ((t->p_nras != 0) &&
251 		    (ras_lookup(t, SCARG(uap, addr)) != (caddr_t)-1)) {
252 			return (EACCES);
253 		}
254 #endif
255 		write = 1;
256 		tmp = SCARG(uap, data);
257 	case  PT_READ_I:		/* XXX no separate I and D spaces */
258 	case  PT_READ_D:
259 		/* write = 0 done above. */
260 		iov.iov_base = (caddr_t)&tmp;
261 		iov.iov_len = sizeof(tmp);
262 		uio.uio_iov = &iov;
263 		uio.uio_iovcnt = 1;
264 		uio.uio_offset = (off_t)(long)SCARG(uap, addr);
265 		uio.uio_resid = sizeof(tmp);
266 		uio.uio_segflg = UIO_SYSSPACE;
267 		uio.uio_rw = write ? UIO_WRITE : UIO_READ;
268 		uio.uio_procp = p;
269 		error = process_domem(p, t, &uio);
270 		if (!write)
271 			*retval = tmp;
272 		return (error);
273 
274 	case  PT_IO:
275 		error = copyin(SCARG(uap, addr), &piod, sizeof(piod));
276 		if (error)
277 			return (error);
278 		iov.iov_base = piod.piod_addr;
279 		iov.iov_len = piod.piod_len;
280 		uio.uio_iov = &iov;
281 		uio.uio_iovcnt = 1;
282 		uio.uio_offset = (off_t)(long)piod.piod_offs;
283 		uio.uio_resid = piod.piod_len;
284 		uio.uio_segflg = UIO_USERSPACE;
285 		uio.uio_procp = p;
286 		switch (piod.piod_op) {
287 		case PIOD_READ_D:
288 		case PIOD_READ_I:
289 			uio.uio_rw = UIO_READ;
290 			break;
291 		case PIOD_WRITE_D:
292 		case PIOD_WRITE_I:
293 			uio.uio_rw = UIO_WRITE;
294 			break;
295 		default:
296 			return (EINVAL);
297 		}
298 		error = process_domem(p, t, &uio);
299 		piod.piod_len -= uio.uio_resid;
300 		(void) copyout(&piod, SCARG(uap, addr), sizeof(piod));
301 		return (error);
302 
303 #ifdef PT_STEP
304 	case  PT_STEP:
305 		/*
306 		 * From the 4.4BSD PRM:
307 		 * "Execution continues as in request PT_CONTINUE; however
308 		 * as soon as possible after execution of at least one
309 		 * instruction, execution stops again. [ ... ]"
310 		 */
311 #endif
312 	case  PT_CONTINUE:
313 	case  PT_DETACH:
314 		/*
315 		 * From the 4.4BSD PRM:
316 		 * "The data argument is taken as a signal number and the
317 		 * child's execution continues at location addr as if it
318 		 * incurred that signal.  Normally the signal number will
319 		 * be either 0 to indicate that the signal that caused the
320 		 * stop should be ignored, or that value fetched out of
321 		 * the process's image indicating which signal caused
322 		 * the stop.  If addr is (int *)1 then execution continues
323 		 * from where it stopped."
324 		 */
325 
326 		/* Check that the data is a valid signal number or zero. */
327 		if (SCARG(uap, data) < 0 || SCARG(uap, data) >= NSIG)
328 			return (EINVAL);
329 
330 		PHOLD(t);
331 
332 		/* If the address parameter is not (int *)1, set the pc. */
333 		if ((int *)SCARG(uap, addr) != (int *)1)
334 			if ((error = process_set_pc(t, SCARG(uap, addr))) != 0)
335 				goto relebad;
336 
337 #ifdef PT_STEP
338 		/*
339 		 * Arrange for a single-step, if that's requested and possible.
340 		 */
341 		error = process_sstep(t, SCARG(uap, req) == PT_STEP);
342 		if (error)
343 			goto relebad;
344 #endif
345 
346 		PRELE(t);
347 
348 		if (SCARG(uap, req) == PT_DETACH) {
349 			/* give process back to original parent or init */
350 			if (t->p_opptr != t->p_pptr) {
351 				struct proc *pp = t->p_opptr;
352 				proc_reparent(t, pp ? pp : initproc);
353 			}
354 
355 			/* not being traced any more */
356 			t->p_opptr = NULL;
357 			CLR(t->p_flag, P_TRACED|P_WAITED);
358 		}
359 
360 	sendsig:
361 		/* Finally, deliver the requested signal (or none). */
362 		if (t->p_stat == SSTOP) {
363 			t->p_xstat = SCARG(uap, data);
364 			SCHED_LOCK(s);
365 			setrunnable(t);
366 			SCHED_UNLOCK(s);
367 		} else {
368 			if (SCARG(uap, data) != 0)
369 				psignal(t, SCARG(uap, data));
370 		}
371 		return (0);
372 
373 	relebad:
374 		PRELE(t);
375 		return (error);
376 
377 	case  PT_KILL:
378 		/* just send the process a KILL signal. */
379 		SCARG(uap, data) = SIGKILL;
380 		goto sendsig;	/* in PT_CONTINUE, above. */
381 
382 	case  PT_ATTACH:
383 		/*
384 		 * Go ahead and set the trace flag.
385 		 * Save the old parent (it's reset in
386 		 *   _DETACH, and also in kern_exit.c:wait4()
387 		 * Reparent the process so that the tracing
388 		 *   proc gets to see all the action.
389 		 * Stop the target.
390 		 */
391 		SET(t->p_flag, P_TRACED);
392 		t->p_opptr = t->p_pptr;
393 		if (t->p_pptr != p) {
394 			t->p_pptr->p_flag |= P_CHTRACED;
395 			proc_reparent(t, p);
396 		}
397 		SCARG(uap, data) = SIGSTOP;
398 		goto sendsig;
399 
400 #ifdef PT_SETREGS
401 	case  PT_SETREGS:
402 		write = 1;
403 #endif
404 #ifdef PT_GETREGS
405 	case  PT_GETREGS:
406 		/* write = 0 done above. */
407 #endif
408 #if defined(PT_SETREGS) || defined(PT_GETREGS)
409 		if (!process_validregs(t))
410 			return (EINVAL);
411 		else {
412 			iov.iov_base = SCARG(uap, addr);
413 			iov.iov_len = sizeof(struct reg);
414 			uio.uio_iov = &iov;
415 			uio.uio_iovcnt = 1;
416 			uio.uio_offset = 0;
417 			uio.uio_resid = sizeof(struct reg);
418 			uio.uio_segflg = UIO_USERSPACE;
419 			uio.uio_rw = write ? UIO_WRITE : UIO_READ;
420 			uio.uio_procp = p;
421 			return (process_doregs(p, t, &uio));
422 		}
423 #endif
424 
425 #ifdef PT_SETFPREGS
426 	case  PT_SETFPREGS:
427 		write = 1;
428 #endif
429 #ifdef PT_GETFPREGS
430 	case  PT_GETFPREGS:
431 		/* write = 0 done above. */
432 #endif
433 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS)
434 		if (!process_validfpregs(t))
435 			return (EINVAL);
436 		else {
437 			iov.iov_base = SCARG(uap, addr);
438 			iov.iov_len = sizeof(struct fpreg);
439 			uio.uio_iov = &iov;
440 			uio.uio_iovcnt = 1;
441 			uio.uio_offset = 0;
442 			uio.uio_resid = sizeof(struct fpreg);
443 			uio.uio_segflg = UIO_USERSPACE;
444 			uio.uio_rw = write ? UIO_WRITE : UIO_READ;
445 			uio.uio_procp = p;
446 			return (process_dofpregs(p, t, &uio));
447 		}
448 #endif
449 
450 #ifdef __HAVE_PTRACE_MACHDEP
451 	PTRACE_MACHDEP_REQUEST_CASES
452 		return (ptrace_machdep_dorequest(p, t,
453 		    SCARG(uap, req), SCARG(uap, addr),
454 		    SCARG(uap, data)));
455 #endif
456 	}
457 
458 #ifdef DIAGNOSTIC
459 	panic("ptrace: impossible");
460 #endif
461 	return 0;
462 }
463 
464 int
465 process_doregs(curp, p, uio)
466 	struct proc *curp;		/* tracer */
467 	struct proc *p;			/* traced */
468 	struct uio *uio;
469 {
470 #if defined(PT_GETREGS) || defined(PT_SETREGS)
471 	int error;
472 	struct reg r;
473 	char *kv;
474 	int kl;
475 
476 	if ((error = process_checkioperm(curp, p)) != 0)
477 		return error;
478 
479 	kl = sizeof(r);
480 	kv = (char *) &r;
481 
482 	kv += uio->uio_offset;
483 	kl -= uio->uio_offset;
484 	if (kl < 0)
485 		return (EINVAL);
486 	if ((size_t) kl > uio->uio_resid)
487 		kl = uio->uio_resid;
488 
489 	PHOLD(p);
490 
491 	error = process_read_regs(p, &r);
492 	if (error == 0)
493 		error = uiomove(kv, kl, uio);
494 	if (error == 0 && uio->uio_rw == UIO_WRITE) {
495 		if (p->p_stat != SSTOP)
496 			error = EBUSY;
497 		else
498 			error = process_write_regs(p, &r);
499 	}
500 
501 	PRELE(p);
502 
503 	uio->uio_offset = 0;
504 	return (error);
505 #else
506 	return (EINVAL);
507 #endif
508 }
509 
510 int
511 process_validregs(p)
512 	struct proc *p;
513 {
514 
515 #if defined(PT_SETREGS) || defined(PT_GETREGS)
516 	return ((p->p_flag & P_SYSTEM) == 0);
517 #else
518 	return (0);
519 #endif
520 }
521 
522 int
523 process_dofpregs(curp, p, uio)
524 	struct proc *curp;		/* tracer */
525 	struct proc *p;			/* traced */
526 	struct uio *uio;
527 {
528 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS)
529 	int error;
530 	struct fpreg r;
531 	char *kv;
532 	int kl;
533 
534 	if ((error = process_checkioperm(curp, p)) != 0)
535 		return (error);
536 
537 	kl = sizeof(r);
538 	kv = (char *) &r;
539 
540 	kv += uio->uio_offset;
541 	kl -= uio->uio_offset;
542 	if (kl < 0)
543 		return (EINVAL);
544 	if ((size_t) kl > uio->uio_resid)
545 		kl = uio->uio_resid;
546 
547 	PHOLD(p);
548 
549 	error = process_read_fpregs(p, &r);
550 	if (error == 0)
551 		error = uiomove(kv, kl, uio);
552 	if (error == 0 && uio->uio_rw == UIO_WRITE) {
553 		if (p->p_stat != SSTOP)
554 			error = EBUSY;
555 		else
556 			error = process_write_fpregs(p, &r);
557 	}
558 
559 	PRELE(p);
560 
561 	uio->uio_offset = 0;
562 	return (error);
563 #else
564 	return (EINVAL);
565 #endif
566 }
567 
568 int
569 process_validfpregs(p)
570 	struct proc *p;
571 {
572 
573 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS)
574 	return ((p->p_flag & P_SYSTEM) == 0);
575 #else
576 	return (0);
577 #endif
578 }
579 
580 int
581 process_domem(curp, p, uio)
582 	struct proc *curp;		/* tracer */
583 	struct proc *p;			/* traced */
584 	struct uio *uio;
585 {
586 	int error;
587 
588 	size_t len;
589 #ifdef PMAP_NEED_PROCWR
590 	vaddr_t	addr;
591 #endif
592 
593 	len = uio->uio_resid;
594 
595 	if (len == 0)
596 		return (0);
597 
598 #ifdef PMAP_NEED_PROCWR
599 	addr = uio->uio_offset;
600 #endif
601 
602 	if ((error = process_checkioperm(curp, p)) != 0)
603 		return (error);
604 
605 	/* XXXCDC: how should locking work here? */
606 	if ((p->p_flag & P_WEXIT) || (p->p_vmspace->vm_refcnt < 1))
607 		return(EFAULT);
608 	p->p_vmspace->vm_refcnt++;  /* XXX */
609 	error = uvm_io(&p->p_vmspace->vm_map, uio);
610 	uvmspace_free(p->p_vmspace);
611 
612 #ifdef PMAP_NEED_PROCWR
613 	if (uio->uio_rw == UIO_WRITE)
614 		pmap_procwr(p, addr, len);
615 #endif
616 	return (error);
617 }
618 
619 /*
620  * Ensure that a process has permission to perform I/O on another.
621  * Arguments:
622  *	p	The process wishing to do the I/O (the tracer).
623  *	t	The process who's memory/registers will be read/written.
624  */
625 int
626 process_checkioperm(p, t)
627 	struct proc *p, *t;
628 {
629 	int error;
630 
631 	/*
632 	 * You cannot attach to a processes mem/regs if:
633 	 *
634 	 *	(1) It is currently exec'ing
635 	 */
636 	if (ISSET(t->p_flag, P_INEXEC))
637 		return (EAGAIN);
638 
639 	/*
640 	 *	(2) it's not owned by you, or is set-id on exec
641 	 *	    (unless you're root), or...
642 	 */
643 	if ((t->p_cred->p_ruid != p->p_cred->p_ruid ||
644 		ISSET(t->p_flag, P_SUGID)) &&
645 	    (error = suser(p->p_ucred, &p->p_acflag)) != 0)
646 		return (error);
647 
648 	/*
649 	 *	(3) ...it's init, which controls the security level
650 	 *	    of the entire system, and the system was not
651 	 *	    compiled with permanetly insecure mode turned on.
652 	 */
653 	if (t == initproc && securelevel > -1)
654 		return (EPERM);
655 
656 	/*
657 	 *	(4) the tracer is chrooted, and its root directory is
658 	 * 	    not at or above the root directory of the tracee
659 	 */
660 	if (!proc_isunder(t, p))
661 		return (EPERM);
662 
663 	return (0);
664 }
665