1 /* $NetBSD: sys_process.c,v 1.169 2016/05/25 17:43:58 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Andrew Doran. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1989, 1993 34 * The Regents of the University of California. All rights reserved. 35 * (c) UNIX System Laboratories, Inc. 36 * All or some portions of this file are derived from material licensed 37 * to the University of California by American Telephone and Telegraph 38 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 39 * the permission of UNIX System Laboratories, Inc. 40 * 41 * This code is derived from software contributed to Berkeley by 42 * Jan-Simon Pendry. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 3. Neither the name of the University nor the names of its contributors 53 * may be used to endorse or promote products derived from this software 54 * without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 * 68 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 69 */ 70 71 /*- 72 * Copyright (c) 1993 Jan-Simon Pendry. 73 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 74 * 75 * This code is derived from software contributed to Berkeley by 76 * Jan-Simon Pendry. 77 * 78 * Redistribution and use in source and binary forms, with or without 79 * modification, are permitted provided that the following conditions 80 * are met: 81 * 1. Redistributions of source code must retain the above copyright 82 * notice, this list of conditions and the following disclaimer. 83 * 2. Redistributions in binary form must reproduce the above copyright 84 * notice, this list of conditions and the following disclaimer in the 85 * documentation and/or other materials provided with the distribution. 86 * 3. All advertising materials mentioning features or use of this software 87 * must display the following acknowledgement: 88 * This product includes software developed by the University of 89 * California, Berkeley and its contributors. 90 * 4. Neither the name of the University nor the names of its contributors 91 * may be used to endorse or promote products derived from this software 92 * without specific prior written permission. 93 * 94 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 97 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 98 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 99 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 100 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 101 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 104 * SUCH DAMAGE. 105 * 106 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 107 */ 108 109 /* 110 * References: 111 * (1) Bach's "The Design of the UNIX Operating System", 112 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 113 * (3) the "4.4BSD Programmer's Reference Manual" published 114 * by USENIX and O'Reilly & Associates. 115 * The 4.4BSD PRM does a reasonably good job of documenting what the various 116 * ptrace() requests should actually do, and its text is quoted several times 117 * in this file. 118 */ 119 120 #include <sys/cdefs.h> 121 __KERNEL_RCSID(0, "$NetBSD: sys_process.c,v 1.169 2016/05/25 17:43:58 christos Exp $"); 122 123 #include "opt_ptrace.h" 124 #include "opt_ktrace.h" 125 #include "opt_pax.h" 126 127 #include <sys/param.h> 128 #include <sys/systm.h> 129 #include <sys/proc.h> 130 #include <sys/errno.h> 131 #include <sys/exec.h> 132 #include <sys/pax.h> 133 #include <sys/ptrace.h> 134 #include <sys/uio.h> 135 #include <sys/ras.h> 136 #include <sys/kmem.h> 137 #include <sys/kauth.h> 138 #include <sys/mount.h> 139 #include <sys/syscallargs.h> 140 141 #include <uvm/uvm_extern.h> 142 143 #include <machine/reg.h> 144 145 #ifdef PTRACE 146 147 # ifdef DEBUG 148 # define DPRINTF(a) uprintf a 149 # else 150 # define DPRINTF(a) 151 # endif 152 153 static kauth_listener_t ptrace_listener; 154 #ifdef PTRACE 155 static int process_auxv_offset(struct proc *, struct uio *); 156 #endif 157 158 static int 159 ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 160 void *arg0, void *arg1, void *arg2, void *arg3) 161 { 162 struct proc *p; 163 int result; 164 165 result = KAUTH_RESULT_DEFER; 166 p = arg0; 167 168 if (action != KAUTH_PROCESS_PTRACE) 169 return result; 170 171 switch ((u_long)arg1) { 172 case PT_TRACE_ME: 173 case PT_ATTACH: 174 case PT_WRITE_I: 175 case PT_WRITE_D: 176 case PT_READ_I: 177 case PT_READ_D: 178 case PT_IO: 179 #ifdef PT_GETREGS 180 case PT_GETREGS: 181 #endif 182 #ifdef PT_SETREGS 183 case PT_SETREGS: 184 #endif 185 #ifdef PT_GETFPREGS 186 case PT_GETFPREGS: 187 #endif 188 #ifdef PT_SETFPREGS 189 case PT_SETFPREGS: 190 #endif 191 case PT_SET_EVENT_MASK: 192 case PT_GET_EVENT_MASK: 193 case PT_GET_PROCESS_STATE: 194 #ifdef __HAVE_PTRACE_MACHDEP 195 PTRACE_MACHDEP_REQUEST_CASES 196 #endif 197 if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) || 198 ISSET(p->p_flag, PK_SUGID)) { 199 break; 200 } 201 202 result = KAUTH_RESULT_ALLOW; 203 204 break; 205 206 #ifdef PT_STEP 207 case PT_STEP: 208 #endif 209 case PT_CONTINUE: 210 case PT_KILL: 211 case PT_DETACH: 212 case PT_LWPINFO: 213 case PT_SYSCALL: 214 case PT_SYSCALLEMU: 215 case PT_DUMPCORE: 216 result = KAUTH_RESULT_ALLOW; 217 break; 218 219 default: 220 break; 221 } 222 223 return result; 224 } 225 226 void 227 ptrace_init(void) 228 { 229 230 ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 231 ptrace_listener_cb, NULL); 232 } 233 234 /* 235 * Process debugging system call. 236 */ 237 int 238 sys_ptrace(struct lwp *l, const struct sys_ptrace_args *uap, register_t *retval) 239 { 240 /* { 241 syscallarg(int) req; 242 syscallarg(pid_t) pid; 243 syscallarg(void *) addr; 244 syscallarg(int) data; 245 } */ 246 struct proc *p = l->l_proc; 247 struct lwp *lt; 248 #ifdef PT_STEP 249 struct lwp *lt2; 250 #endif 251 struct proc *t; /* target process */ 252 struct uio uio; 253 struct iovec iov; 254 struct ptrace_io_desc piod; 255 struct ptrace_event pe; 256 struct ptrace_state ps; 257 struct ptrace_lwpinfo pl; 258 struct vmspace *vm; 259 int error, write, tmp, req, pheld; 260 int signo = 0; 261 int resume_all; 262 ksiginfo_t ksi; 263 char *path; 264 int len = 0; 265 266 error = 0; 267 req = SCARG(uap, req); 268 269 /* 270 * If attaching or detaching, we need to get a write hold on the 271 * proclist lock so that we can re-parent the target process. 272 */ 273 mutex_enter(proc_lock); 274 275 /* "A foolish consistency..." XXX */ 276 if (req == PT_TRACE_ME) { 277 t = p; 278 mutex_enter(t->p_lock); 279 } else { 280 /* Find the process we're supposed to be operating on. */ 281 t = proc_find(SCARG(uap, pid)); 282 if (t == NULL) { 283 mutex_exit(proc_lock); 284 return (ESRCH); 285 } 286 287 /* XXX-elad */ 288 mutex_enter(t->p_lock); 289 error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, 290 t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 291 if (error) { 292 mutex_exit(proc_lock); 293 mutex_exit(t->p_lock); 294 return (ESRCH); 295 } 296 } 297 298 /* 299 * Grab a reference on the process to prevent it from execing or 300 * exiting. 301 */ 302 if (!rw_tryenter(&t->p_reflock, RW_READER)) { 303 mutex_exit(proc_lock); 304 mutex_exit(t->p_lock); 305 return EBUSY; 306 } 307 308 /* Make sure we can operate on it. */ 309 switch (req) { 310 case PT_TRACE_ME: 311 /* Saying that you're being traced is always legal. */ 312 break; 313 314 case PT_ATTACH: 315 /* 316 * You can't attach to a process if: 317 * (1) it's the process that's doing the attaching, 318 */ 319 if (t->p_pid == p->p_pid) { 320 error = EINVAL; 321 break; 322 } 323 324 /* 325 * (2) it's a system process 326 */ 327 if (t->p_flag & PK_SYSTEM) { 328 error = EPERM; 329 break; 330 } 331 332 /* 333 * (3) it's already being traced, or 334 */ 335 if (ISSET(t->p_slflag, PSL_TRACED)) { 336 error = EBUSY; 337 break; 338 } 339 340 /* 341 * (4) the tracer is chrooted, and its root directory is 342 * not at or above the root directory of the tracee 343 */ 344 mutex_exit(t->p_lock); /* XXXSMP */ 345 tmp = proc_isunder(t, l); 346 mutex_enter(t->p_lock); /* XXXSMP */ 347 if (!tmp) { 348 error = EPERM; 349 break; 350 } 351 break; 352 353 case PT_READ_I: 354 case PT_READ_D: 355 case PT_WRITE_I: 356 case PT_WRITE_D: 357 case PT_IO: 358 #ifdef PT_GETREGS 359 case PT_GETREGS: 360 #endif 361 #ifdef PT_SETREGS 362 case PT_SETREGS: 363 #endif 364 #ifdef PT_GETFPREGS 365 case PT_GETFPREGS: 366 #endif 367 #ifdef PT_SETFPREGS 368 case PT_SETFPREGS: 369 #endif 370 #ifdef __HAVE_PTRACE_MACHDEP 371 PTRACE_MACHDEP_REQUEST_CASES 372 #endif 373 /* 374 * You can't read/write the memory or registers of a process 375 * if the tracer is chrooted, and its root directory is not at 376 * or above the root directory of the tracee. 377 */ 378 mutex_exit(t->p_lock); /* XXXSMP */ 379 tmp = proc_isunder(t, l); 380 mutex_enter(t->p_lock); /* XXXSMP */ 381 if (!tmp) { 382 error = EPERM; 383 break; 384 } 385 /*FALLTHROUGH*/ 386 387 case PT_CONTINUE: 388 case PT_KILL: 389 case PT_DETACH: 390 case PT_LWPINFO: 391 case PT_SYSCALL: 392 case PT_SYSCALLEMU: 393 case PT_DUMPCORE: 394 #ifdef PT_STEP 395 case PT_STEP: 396 #endif 397 case PT_SET_EVENT_MASK: 398 case PT_GET_EVENT_MASK: 399 case PT_GET_PROCESS_STATE: 400 /* 401 * You can't do what you want to the process if: 402 * (1) It's not being traced at all, 403 */ 404 if (!ISSET(t->p_slflag, PSL_TRACED)) { 405 error = EPERM; 406 break; 407 } 408 409 /* 410 * (2) it's being traced by procfs (which has 411 * different signal delivery semantics), 412 */ 413 if (ISSET(t->p_slflag, PSL_FSTRACE)) { 414 DPRINTF(("file system traced\n")); 415 error = EBUSY; 416 break; 417 } 418 419 /* 420 * (3) it's not being traced by _you_, or 421 */ 422 if (t->p_pptr != p) { 423 DPRINTF(("parent %d != %d\n", t->p_pptr->p_pid, 424 p->p_pid)); 425 error = EBUSY; 426 break; 427 } 428 429 /* 430 * (4) it's not currently stopped. 431 */ 432 if (t->p_stat != SSTOP || !t->p_waited /* XXXSMP */) { 433 DPRINTF(("stat %d flag %d\n", t->p_stat, 434 !t->p_waited)); 435 error = EBUSY; 436 break; 437 } 438 break; 439 440 default: /* It was not a legal request. */ 441 error = EINVAL; 442 break; 443 } 444 445 if (error == 0) { 446 error = kauth_authorize_process(l->l_cred, 447 KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req), 448 NULL, NULL); 449 } 450 if (error == 0) { 451 lt = lwp_find_first(t); 452 if (lt == NULL) 453 error = ESRCH; 454 } 455 456 if (error != 0) { 457 mutex_exit(proc_lock); 458 mutex_exit(t->p_lock); 459 rw_exit(&t->p_reflock); 460 return error; 461 } 462 463 /* Do single-step fixup if needed. */ 464 FIX_SSTEP(t); 465 KASSERT(lt != NULL); 466 lwp_addref(lt); 467 468 /* 469 * Which locks do we need held? XXX Ugly. 470 */ 471 switch (req) { 472 #ifdef PT_STEP 473 case PT_STEP: 474 #endif 475 case PT_CONTINUE: 476 case PT_DETACH: 477 case PT_KILL: 478 case PT_SYSCALL: 479 case PT_SYSCALLEMU: 480 case PT_ATTACH: 481 case PT_TRACE_ME: 482 pheld = 1; 483 break; 484 default: 485 mutex_exit(proc_lock); 486 mutex_exit(t->p_lock); 487 pheld = 0; 488 break; 489 } 490 491 /* Now do the operation. */ 492 write = 0; 493 *retval = 0; 494 tmp = 0; 495 resume_all = 1; 496 497 switch (req) { 498 case PT_TRACE_ME: 499 /* Just set the trace flag. */ 500 SET(t->p_slflag, PSL_TRACED); 501 t->p_opptr = t->p_pptr; 502 break; 503 504 case PT_WRITE_I: /* XXX no separate I and D spaces */ 505 case PT_WRITE_D: 506 #if defined(__HAVE_RAS) 507 /* 508 * Can't write to a RAS 509 */ 510 if (ras_lookup(t, SCARG(uap, addr)) != (void *)-1) { 511 error = EACCES; 512 break; 513 } 514 #endif 515 write = 1; 516 tmp = SCARG(uap, data); 517 /* FALLTHROUGH */ 518 519 case PT_READ_I: /* XXX no separate I and D spaces */ 520 case PT_READ_D: 521 /* write = 0 done above. */ 522 iov.iov_base = (void *)&tmp; 523 iov.iov_len = sizeof(tmp); 524 uio.uio_iov = &iov; 525 uio.uio_iovcnt = 1; 526 uio.uio_offset = (off_t)(unsigned long)SCARG(uap, addr); 527 uio.uio_resid = sizeof(tmp); 528 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 529 UIO_SETUP_SYSSPACE(&uio); 530 531 error = process_domem(l, lt, &uio); 532 if (!write) 533 *retval = tmp; 534 break; 535 536 case PT_IO: 537 error = copyin(SCARG(uap, addr), &piod, sizeof(piod)); 538 if (error) 539 break; 540 541 iov.iov_base = piod.piod_addr; 542 iov.iov_len = piod.piod_len; 543 uio.uio_iov = &iov; 544 uio.uio_iovcnt = 1; 545 uio.uio_offset = (off_t)(unsigned long)piod.piod_offs; 546 uio.uio_resid = piod.piod_len; 547 548 switch (piod.piod_op) { 549 case PIOD_READ_D: 550 case PIOD_READ_I: 551 uio.uio_rw = UIO_READ; 552 break; 553 case PIOD_WRITE_D: 554 case PIOD_WRITE_I: 555 /* 556 * Can't write to a RAS 557 */ 558 if (ras_lookup(t, SCARG(uap, addr)) != (void *)-1) { 559 return (EACCES); 560 } 561 uio.uio_rw = UIO_WRITE; 562 break; 563 case PIOD_READ_AUXV: 564 req = PT_READ_D; 565 uio.uio_rw = UIO_READ; 566 tmp = t->p_execsw->es_arglen * sizeof(char *); 567 if (uio.uio_offset > tmp) 568 return EIO; 569 if (uio.uio_resid > tmp - uio.uio_offset) 570 uio.uio_resid = tmp - uio.uio_offset; 571 piod.piod_len = iov.iov_len = uio.uio_resid; 572 error = process_auxv_offset(t, &uio); 573 if (error) 574 return error; 575 break; 576 default: 577 error = EINVAL; 578 break; 579 } 580 if (error) 581 break; 582 error = proc_vmspace_getref(l->l_proc, &vm); 583 if (error) 584 break; 585 uio.uio_vmspace = vm; 586 587 error = process_domem(l, lt, &uio); 588 piod.piod_len -= uio.uio_resid; 589 (void) copyout(&piod, SCARG(uap, addr), sizeof(piod)); 590 uvmspace_free(vm); 591 break; 592 593 case PT_DUMPCORE: 594 if ((path = SCARG(uap, addr)) != NULL) { 595 char *dst; 596 len = SCARG(uap, data); 597 598 if (len < 0 || len >= MAXPATHLEN) { 599 error = EINVAL; 600 break; 601 } 602 dst = kmem_alloc(len + 1, KM_SLEEP); 603 if ((error = copyin(path, dst, len)) != 0) { 604 kmem_free(dst, len + 1); 605 break; 606 } 607 path = dst; 608 path[len] = '\0'; 609 } 610 error = (*coredump_vec)(lt, path); 611 if (path) 612 kmem_free(path, len + 1); 613 break; 614 615 #ifdef PT_STEP 616 case PT_STEP: 617 /* 618 * From the 4.4BSD PRM: 619 * "Execution continues as in request PT_CONTINUE; however 620 * as soon as possible after execution of at least one 621 * instruction, execution stops again. [ ... ]" 622 */ 623 #endif 624 case PT_CONTINUE: 625 case PT_SYSCALL: 626 case PT_DETACH: 627 if (req == PT_SYSCALL) { 628 if (!ISSET(t->p_slflag, PSL_SYSCALL)) { 629 SET(t->p_slflag, PSL_SYSCALL); 630 #ifdef __HAVE_SYSCALL_INTERN 631 (*t->p_emul->e_syscall_intern)(t); 632 #endif 633 } 634 } else { 635 if (ISSET(t->p_slflag, PSL_SYSCALL)) { 636 CLR(t->p_slflag, PSL_SYSCALL); 637 #ifdef __HAVE_SYSCALL_INTERN 638 (*t->p_emul->e_syscall_intern)(t); 639 #endif 640 } 641 } 642 t->p_trace_enabled = trace_is_enabled(t); 643 644 /* 645 * Pick up the LWPID, if supplied. There are two cases: 646 * data < 0 : step or continue single thread, lwp = -data 647 * data > 0 in PT_STEP : step this thread, continue others 648 * For operations other than PT_STEP, data > 0 means 649 * data is the signo to deliver to the process. 650 */ 651 tmp = SCARG(uap, data); 652 if (tmp >= 0) { 653 #ifdef PT_STEP 654 if (req == PT_STEP) 655 signo = 0; 656 else 657 #endif 658 { 659 signo = tmp; 660 tmp = 0; /* don't search for LWP */ 661 } 662 } 663 else 664 tmp = -tmp; 665 666 if (tmp > 0) { 667 if (req == PT_DETACH) { 668 error = EINVAL; 669 break; 670 } 671 lwp_delref2 (lt); 672 lt = lwp_find(t, tmp); 673 if (lt == NULL) { 674 error = ESRCH; 675 break; 676 } 677 lwp_addref(lt); 678 resume_all = 0; 679 signo = 0; 680 } 681 682 /* 683 * From the 4.4BSD PRM: 684 * "The data argument is taken as a signal number and the 685 * child's execution continues at location addr as if it 686 * incurred that signal. Normally the signal number will 687 * be either 0 to indicate that the signal that caused the 688 * stop should be ignored, or that value fetched out of 689 * the process's image indicating which signal caused 690 * the stop. If addr is (int *)1 then execution continues 691 * from where it stopped." 692 */ 693 694 /* Check that the data is a valid signal number or zero. */ 695 if (signo < 0 || signo >= NSIG) { 696 error = EINVAL; 697 break; 698 } 699 700 /* If the address parameter is not (int *)1, set the pc. */ 701 if ((int *)SCARG(uap, addr) != (int *)1) { 702 error = process_set_pc(lt, SCARG(uap, addr)); 703 if (error != 0) 704 break; 705 } 706 #ifdef PT_STEP 707 /* 708 * Arrange for a single-step, if that's requested and possible. 709 * More precisely, set the single step status as requested for 710 * the requested thread, and clear it for other threads. 711 */ 712 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 713 if (lt != lt2) 714 { 715 lwp_lock(lt2); 716 process_sstep(lt2, 0); 717 lwp_unlock(lt2); 718 } 719 } 720 error = process_sstep(lt, req == PT_STEP); 721 if (error) 722 break; 723 #endif 724 if (req == PT_DETACH) { 725 CLR(t->p_slflag, PSL_TRACED|PSL_FSTRACE|PSL_SYSCALL); 726 727 /* give process back to original parent or init */ 728 if (t->p_opptr != t->p_pptr) { 729 struct proc *pp = t->p_opptr; 730 proc_reparent(t, pp ? pp : initproc); 731 } 732 733 /* not being traced any more */ 734 t->p_opptr = NULL; 735 } 736 sendsig: 737 t->p_fpid = 0; 738 /* Finally, deliver the requested signal (or none). */ 739 if (t->p_stat == SSTOP) { 740 /* 741 * Unstop the process. If it needs to take a 742 * signal, make all efforts to ensure that at 743 * an LWP runs to see it. 744 */ 745 t->p_xsig = signo; 746 if (resume_all) 747 proc_unstop(t); 748 else 749 lwp_unstop(lt); 750 } else if (signo != 0) { 751 KSI_INIT_EMPTY(&ksi); 752 ksi.ksi_signo = signo; 753 kpsignal2(t, &ksi); 754 } 755 break; 756 757 case PT_SYSCALLEMU: 758 if (!ISSET(t->p_slflag, PSL_SYSCALL) || t->p_stat != SSTOP) { 759 error = EINVAL; 760 break; 761 } 762 SET(t->p_slflag, PSL_SYSCALLEMU); 763 break; 764 765 case PT_KILL: 766 /* just send the process a KILL signal. */ 767 signo = SIGKILL; 768 goto sendsig; /* in PT_CONTINUE, above. */ 769 770 case PT_ATTACH: 771 /* 772 * Go ahead and set the trace flag. 773 * Save the old parent (it's reset in 774 * _DETACH, and also in kern_exit.c:wait4() 775 * Reparent the process so that the tracing 776 * proc gets to see all the action. 777 * Stop the target. 778 */ 779 t->p_opptr = t->p_pptr; 780 if (t->p_pptr != p) { 781 struct proc *parent = t->p_pptr; 782 783 if (parent->p_lock < t->p_lock) { 784 if (!mutex_tryenter(parent->p_lock)) { 785 mutex_exit(t->p_lock); 786 mutex_enter(parent->p_lock); 787 mutex_enter(t->p_lock); 788 } 789 } else if (parent->p_lock > t->p_lock) { 790 mutex_enter(parent->p_lock); 791 } 792 parent->p_slflag |= PSL_CHTRACED; 793 proc_reparent(t, p); 794 if (parent->p_lock != t->p_lock) 795 mutex_exit(parent->p_lock); 796 } 797 SET(t->p_slflag, PSL_TRACED); 798 signo = SIGSTOP; 799 goto sendsig; 800 801 case PT_GET_EVENT_MASK: 802 if (SCARG(uap, data) != sizeof(pe)) { 803 DPRINTF(("ptrace(%d): %d != %zu\n", req, 804 SCARG(uap, data), sizeof(pe))); 805 error = EINVAL; 806 break; 807 } 808 memset(&pe, 0, sizeof(pe)); 809 pe.pe_set_event = ISSET(t->p_slflag, PSL_TRACEFORK) ? 810 PTRACE_FORK : 0; 811 error = copyout(&pe, SCARG(uap, addr), sizeof(pe)); 812 break; 813 814 case PT_SET_EVENT_MASK: 815 if (SCARG(uap, data) != sizeof(pe)) { 816 DPRINTF(("ptrace(%d): %d != %zu\n", req, 817 SCARG(uap, data), sizeof(pe))); 818 error = EINVAL; 819 break; 820 } 821 if ((error = copyin(SCARG(uap, addr), &pe, sizeof(pe))) != 0) 822 return error; 823 if (pe.pe_set_event & PTRACE_FORK) 824 SET(t->p_slflag, PSL_TRACEFORK); 825 else 826 CLR(t->p_slflag, PSL_TRACEFORK); 827 break; 828 829 case PT_GET_PROCESS_STATE: 830 if (SCARG(uap, data) != sizeof(ps)) { 831 DPRINTF(("ptrace(%d): %d != %zu\n", req, 832 SCARG(uap, data), sizeof(ps))); 833 error = EINVAL; 834 break; 835 } 836 memset(&ps, 0, sizeof(ps)); 837 if (t->p_fpid) { 838 ps.pe_report_event = PTRACE_FORK; 839 ps.pe_other_pid = t->p_fpid; 840 } 841 error = copyout(&ps, SCARG(uap, addr), sizeof(ps)); 842 break; 843 844 case PT_LWPINFO: 845 if (SCARG(uap, data) != sizeof(pl)) { 846 DPRINTF(("ptrace(%d): %d != %zu\n", req, 847 SCARG(uap, data), sizeof(pl))); 848 error = EINVAL; 849 break; 850 } 851 error = copyin(SCARG(uap, addr), &pl, sizeof(pl)); 852 if (error) 853 break; 854 tmp = pl.pl_lwpid; 855 lwp_delref(lt); 856 mutex_enter(t->p_lock); 857 if (tmp == 0) 858 lt = lwp_find_first(t); 859 else { 860 lt = lwp_find(t, tmp); 861 if (lt == NULL) { 862 mutex_exit(t->p_lock); 863 error = ESRCH; 864 break; 865 } 866 lt = LIST_NEXT(lt, l_sibling); 867 } 868 while (lt != NULL && !lwp_alive(lt)) 869 lt = LIST_NEXT(lt, l_sibling); 870 pl.pl_lwpid = 0; 871 pl.pl_event = 0; 872 if (lt) { 873 lwp_addref(lt); 874 pl.pl_lwpid = lt->l_lid; 875 if (lt->l_lid == t->p_sigctx.ps_lwp) 876 pl.pl_event = PL_EVENT_SIGNAL; 877 } 878 mutex_exit(t->p_lock); 879 880 error = copyout(&pl, SCARG(uap, addr), sizeof(pl)); 881 break; 882 883 #ifdef PT_SETREGS 884 case PT_SETREGS: 885 write = 1; 886 #endif 887 #ifdef PT_GETREGS 888 case PT_GETREGS: 889 /* write = 0 done above. */ 890 #endif 891 #if defined(PT_SETREGS) || defined(PT_GETREGS) 892 tmp = SCARG(uap, data); 893 if (tmp != 0 && t->p_nlwps > 1) { 894 lwp_delref(lt); 895 mutex_enter(t->p_lock); 896 lt = lwp_find(t, tmp); 897 if (lt == NULL) { 898 mutex_exit(t->p_lock); 899 error = ESRCH; 900 break; 901 } 902 lwp_addref(lt); 903 mutex_exit(t->p_lock); 904 } 905 if (!process_validregs(lt)) 906 error = EINVAL; 907 else { 908 error = proc_vmspace_getref(l->l_proc, &vm); 909 if (error) 910 break; 911 iov.iov_base = SCARG(uap, addr); 912 iov.iov_len = sizeof(struct reg); 913 uio.uio_iov = &iov; 914 uio.uio_iovcnt = 1; 915 uio.uio_offset = 0; 916 uio.uio_resid = sizeof(struct reg); 917 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 918 uio.uio_vmspace = vm; 919 920 error = process_doregs(l, lt, &uio); 921 uvmspace_free(vm); 922 } 923 break; 924 #endif 925 926 #ifdef PT_SETFPREGS 927 case PT_SETFPREGS: 928 write = 1; 929 #endif 930 #ifdef PT_GETFPREGS 931 case PT_GETFPREGS: 932 /* write = 0 done above. */ 933 #endif 934 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 935 tmp = SCARG(uap, data); 936 if (tmp != 0 && t->p_nlwps > 1) { 937 lwp_delref(lt); 938 mutex_enter(t->p_lock); 939 lt = lwp_find(t, tmp); 940 if (lt == NULL) { 941 mutex_exit(t->p_lock); 942 error = ESRCH; 943 break; 944 } 945 lwp_addref(lt); 946 mutex_exit(t->p_lock); 947 } 948 if (!process_validfpregs(lt)) 949 error = EINVAL; 950 else { 951 error = proc_vmspace_getref(l->l_proc, &vm); 952 if (error) 953 break; 954 iov.iov_base = SCARG(uap, addr); 955 iov.iov_len = sizeof(struct fpreg); 956 uio.uio_iov = &iov; 957 uio.uio_iovcnt = 1; 958 uio.uio_offset = 0; 959 uio.uio_resid = sizeof(struct fpreg); 960 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 961 uio.uio_vmspace = vm; 962 963 error = process_dofpregs(l, lt, &uio); 964 uvmspace_free(vm); 965 } 966 break; 967 #endif 968 969 #ifdef __HAVE_PTRACE_MACHDEP 970 PTRACE_MACHDEP_REQUEST_CASES 971 error = ptrace_machdep_dorequest(l, lt, 972 req, SCARG(uap, addr), SCARG(uap, data)); 973 break; 974 #endif 975 } 976 977 if (pheld) { 978 mutex_exit(t->p_lock); 979 mutex_exit(proc_lock); 980 } 981 if (lt != NULL) 982 lwp_delref(lt); 983 rw_exit(&t->p_reflock); 984 985 return error; 986 } 987 988 int 989 process_doregs(struct lwp *curl /*tracer*/, 990 struct lwp *l /*traced*/, 991 struct uio *uio) 992 { 993 #if defined(PT_GETREGS) || defined(PT_SETREGS) 994 int error; 995 struct reg r; 996 char *kv; 997 int kl; 998 999 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 1000 return EINVAL; 1001 1002 kl = sizeof(r); 1003 kv = (char *)&r; 1004 1005 kv += uio->uio_offset; 1006 kl -= uio->uio_offset; 1007 if ((size_t)kl > uio->uio_resid) 1008 kl = uio->uio_resid; 1009 1010 error = process_read_regs(l, &r); 1011 if (error == 0) 1012 error = uiomove(kv, kl, uio); 1013 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1014 if (l->l_stat != LSSTOP) 1015 error = EBUSY; 1016 else 1017 error = process_write_regs(l, &r); 1018 } 1019 1020 uio->uio_offset = 0; 1021 return (error); 1022 #else 1023 return (EINVAL); 1024 #endif 1025 } 1026 1027 int 1028 process_validregs(struct lwp *l) 1029 { 1030 1031 #if defined(PT_SETREGS) || defined(PT_GETREGS) 1032 return ((l->l_flag & LW_SYSTEM) == 0); 1033 #else 1034 return (0); 1035 #endif 1036 } 1037 1038 int 1039 process_dofpregs(struct lwp *curl /*tracer*/, 1040 struct lwp *l /*traced*/, 1041 struct uio *uio) 1042 { 1043 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 1044 int error; 1045 struct fpreg r; 1046 char *kv; 1047 size_t kl; 1048 1049 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 1050 return EINVAL; 1051 1052 kl = sizeof(r); 1053 kv = (char *)&r; 1054 1055 kv += uio->uio_offset; 1056 kl -= uio->uio_offset; 1057 if (kl > uio->uio_resid) 1058 kl = uio->uio_resid; 1059 1060 error = process_read_fpregs(l, &r, &kl); 1061 if (error == 0) 1062 error = uiomove(kv, kl, uio); 1063 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1064 if (l->l_stat != LSSTOP) 1065 error = EBUSY; 1066 else 1067 error = process_write_fpregs(l, &r, kl); 1068 } 1069 uio->uio_offset = 0; 1070 return (error); 1071 #else 1072 return (EINVAL); 1073 #endif 1074 } 1075 1076 int 1077 process_validfpregs(struct lwp *l) 1078 { 1079 1080 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 1081 return ((l->l_flag & LW_SYSTEM) == 0); 1082 #else 1083 return (0); 1084 #endif 1085 } 1086 #endif /* PTRACE */ 1087 1088 #if defined(KTRACE) || defined(PTRACE) 1089 int 1090 process_domem(struct lwp *curl /*tracer*/, 1091 struct lwp *l /*traced*/, 1092 struct uio *uio) 1093 { 1094 struct proc *p = l->l_proc; /* traced */ 1095 struct vmspace *vm; 1096 int error; 1097 1098 size_t len; 1099 #ifdef PMAP_NEED_PROCWR 1100 vaddr_t addr; 1101 #endif 1102 1103 error = 0; 1104 len = uio->uio_resid; 1105 1106 if (len == 0) 1107 return (0); 1108 1109 #ifdef PMAP_NEED_PROCWR 1110 addr = uio->uio_offset; 1111 #endif 1112 1113 vm = p->p_vmspace; 1114 1115 mutex_enter(&vm->vm_map.misc_lock); 1116 if ((l->l_flag & LW_WEXIT) || vm->vm_refcnt < 1) 1117 error = EFAULT; 1118 if (error == 0) 1119 p->p_vmspace->vm_refcnt++; /* XXX */ 1120 mutex_exit(&vm->vm_map.misc_lock); 1121 if (error != 0) 1122 return (error); 1123 error = uvm_io(&vm->vm_map, uio, pax_mprotect_prot(l)); 1124 uvmspace_free(vm); 1125 1126 #ifdef PMAP_NEED_PROCWR 1127 if (error == 0 && uio->uio_rw == UIO_WRITE) 1128 pmap_procwr(p, addr, len); 1129 #endif 1130 return (error); 1131 } 1132 #endif /* KTRACE || PTRACE */ 1133 1134 #if defined(KTRACE) || defined(PTRACE) 1135 void 1136 process_stoptrace(void) 1137 { 1138 struct lwp *l = curlwp; 1139 struct proc *p = l->l_proc, *pp; 1140 1141 mutex_enter(proc_lock); 1142 mutex_enter(p->p_lock); 1143 pp = p->p_pptr; 1144 if (pp->p_pid == 1) { 1145 CLR(p->p_slflag, PSL_SYSCALL); /* XXXSMP */ 1146 mutex_exit(p->p_lock); 1147 mutex_exit(proc_lock); 1148 return; 1149 } 1150 1151 p->p_xsig = SIGTRAP; 1152 proc_stop(p, 1, SIGSTOP); 1153 mutex_exit(proc_lock); 1154 1155 if (sigispending(l, 0)) { 1156 lwp_lock(l); 1157 l->l_flag |= LW_PENDSIG; 1158 lwp_unlock(l); 1159 } 1160 mutex_exit(p->p_lock); 1161 } 1162 #endif /* KTRACE || PTRACE */ 1163 1164 #ifdef PTRACE 1165 static int 1166 process_auxv_offset(struct proc *p, struct uio *uio) 1167 { 1168 struct ps_strings pss; 1169 int error; 1170 off_t off = (off_t)p->p_psstrp; 1171 1172 if ((error = copyin_psstrings(p, &pss)) != 0) 1173 return error; 1174 1175 if (pss.ps_envstr == NULL) 1176 return EIO; 1177 1178 uio->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + pss.ps_nenvstr + 1); 1179 #ifdef __MACHINE_STACK_GROWS_UP 1180 if (uio->uio_offset < off) 1181 return EIO; 1182 #else 1183 if (uio->uio_offset > off) 1184 return EIO; 1185 if ((uio->uio_offset + uio->uio_resid) > off) 1186 uio->uio_resid = off - uio->uio_offset; 1187 #endif 1188 return 0; 1189 } 1190 #endif 1191