1 /* $NetBSD: sys_process.c,v 1.101 2006/03/07 07:19:44 thorpej Exp $ */ 2 3 /*- 4 * Copyright (c) 1982, 1986, 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * This code is derived from software contributed to Berkeley by 13 * Jan-Simon Pendry. 14 * 15 * Redistribution and use in source and binary forms, with or without 16 * modification, are permitted provided that the following conditions 17 * are met: 18 * 1. Redistributions of source code must retain the above copyright 19 * notice, this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright 21 * notice, this list of conditions and the following disclaimer in the 22 * documentation and/or other materials provided with the distribution. 23 * 3. Neither the name of the University nor the names of its contributors 24 * may be used to endorse or promote products derived from this software 25 * without specific prior written permission. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * 39 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 40 */ 41 42 /*- 43 * Copyright (c) 1993 Jan-Simon Pendry. 44 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 45 * 46 * This code is derived from software contributed to Berkeley by 47 * Jan-Simon Pendry. 48 * 49 * Redistribution and use in source and binary forms, with or without 50 * modification, are permitted provided that the following conditions 51 * are met: 52 * 1. Redistributions of source code must retain the above copyright 53 * notice, this list of conditions and the following disclaimer. 54 * 2. Redistributions in binary form must reproduce the above copyright 55 * notice, this list of conditions and the following disclaimer in the 56 * documentation and/or other materials provided with the distribution. 57 * 3. All advertising materials mentioning features or use of this software 58 * must display the following acknowledgement: 59 * This product includes software developed by the University of 60 * California, Berkeley and its contributors. 61 * 4. Neither the name of the University nor the names of its contributors 62 * may be used to endorse or promote products derived from this software 63 * without specific prior written permission. 64 * 65 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 66 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 67 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 68 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 69 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 70 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 71 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 72 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 73 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 74 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 75 * SUCH DAMAGE. 76 * 77 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 78 */ 79 80 /* 81 * References: 82 * (1) Bach's "The Design of the UNIX Operating System", 83 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 84 * (3) the "4.4BSD Programmer's Reference Manual" published 85 * by USENIX and O'Reilly & Associates. 86 * The 4.4BSD PRM does a reasonably good job of documenting what the various 87 * ptrace() requests should actually do, and its text is quoted several times 88 * in this file. 89 */ 90 91 #include <sys/cdefs.h> 92 __KERNEL_RCSID(0, "$NetBSD: sys_process.c,v 1.101 2006/03/07 07:19:44 thorpej Exp $"); 93 94 #include <sys/param.h> 95 #include <sys/systm.h> 96 #include <sys/proc.h> 97 #include <sys/errno.h> 98 #include <sys/ptrace.h> 99 #include <sys/uio.h> 100 #include <sys/user.h> 101 #include <sys/ras.h> 102 #include <sys/malloc.h> 103 104 #include <sys/mount.h> 105 #include <sys/sa.h> 106 #include <sys/syscallargs.h> 107 108 #include <uvm/uvm_extern.h> 109 110 #include <machine/reg.h> 111 112 /* 113 * Process debugging system call. 114 */ 115 int 116 sys_ptrace(struct lwp *l, void *v, register_t *retval) 117 { 118 struct sys_ptrace_args /* { 119 syscallarg(int) req; 120 syscallarg(pid_t) pid; 121 syscallarg(caddr_t) addr; 122 syscallarg(int) data; 123 } */ *uap = v; 124 struct proc *p = l->l_proc; 125 struct lwp *lt, *lr; 126 struct proc *t; /* target process */ 127 struct uio uio; 128 struct iovec iov; 129 struct ptrace_io_desc piod; 130 struct ptrace_lwpinfo pl; 131 struct vmspace *vm; 132 int s, error, write, tmp, size; 133 char *path; 134 135 /* "A foolish consistency..." XXX */ 136 if (SCARG(uap, req) == PT_TRACE_ME) 137 t = p; 138 else { 139 140 /* Find the process we're supposed to be operating on. */ 141 if ((t = pfind(SCARG(uap, pid))) == NULL) 142 return (ESRCH); 143 } 144 145 /* Can't trace a process that's currently exec'ing. */ 146 if ((t->p_flag & P_INEXEC) != 0) 147 return EAGAIN; 148 149 /* Make sure we can operate on it. */ 150 switch (SCARG(uap, req)) { 151 case PT_TRACE_ME: 152 /* Saying that you're being traced is always legal. */ 153 break; 154 155 case PT_ATTACH: 156 case PT_DUMPCORE: 157 /* 158 * You can't attach to a process if: 159 * (1) it's the process that's doing the attaching, 160 */ 161 if (t->p_pid == p->p_pid) 162 return (EINVAL); 163 164 /* 165 * (2) it's a system process 166 */ 167 if (t->p_flag & P_SYSTEM) 168 return (EPERM); 169 170 /* 171 * (3) it's already being traced, or 172 */ 173 if (ISSET(t->p_flag, P_TRACED)) 174 return (EBUSY); 175 176 /* 177 * (4) it's not owned by you, or is set-id on exec 178 * (unless you're root), or... 179 */ 180 if ((t->p_cred->p_ruid != p->p_cred->p_ruid || 181 ISSET(t->p_flag, P_SUGID)) && 182 (error = suser(p->p_ucred, &p->p_acflag)) != 0) 183 return (error); 184 185 /* 186 * (5) ...it's init, which controls the security level 187 * of the entire system, and the system was not 188 * compiled with permanently insecure mode turned on 189 */ 190 if (t == initproc && securelevel > -1) 191 return (EPERM); 192 193 /* 194 * (6) the tracer is chrooted, and its root directory is 195 * not at or above the root directory of the tracee 196 */ 197 198 if (!proc_isunder(t, l)) 199 return EPERM; 200 break; 201 202 case PT_READ_I: 203 case PT_READ_D: 204 case PT_WRITE_I: 205 case PT_WRITE_D: 206 case PT_CONTINUE: 207 case PT_IO: 208 case PT_KILL: 209 case PT_DETACH: 210 case PT_LWPINFO: 211 case PT_SYSCALL: 212 #ifdef PT_STEP 213 case PT_STEP: 214 #endif 215 #ifdef PT_GETREGS 216 case PT_GETREGS: 217 #endif 218 #ifdef PT_SETREGS 219 case PT_SETREGS: 220 #endif 221 #ifdef PT_GETFPREGS 222 case PT_GETFPREGS: 223 #endif 224 #ifdef PT_SETFPREGS 225 case PT_SETFPREGS: 226 #endif 227 228 #ifdef __HAVE_PTRACE_MACHDEP 229 PTRACE_MACHDEP_REQUEST_CASES 230 #endif 231 232 /* 233 * You can't do what you want to the process if: 234 * (1) It's not being traced at all, 235 */ 236 if (!ISSET(t->p_flag, P_TRACED)) 237 return (EPERM); 238 239 /* 240 * (2) it's being traced by procfs (which has 241 * different signal delivery semantics), 242 */ 243 if (ISSET(t->p_flag, P_FSTRACE)) 244 return (EBUSY); 245 246 /* 247 * (3) it's not being traced by _you_, or 248 */ 249 if (t->p_pptr != p) 250 return (EBUSY); 251 252 /* 253 * (4) it's not currently stopped. 254 */ 255 if (t->p_stat != SSTOP || !ISSET(t->p_flag, P_WAITED)) 256 return (EBUSY); 257 break; 258 259 default: /* It was not a legal request. */ 260 return (EINVAL); 261 } 262 263 /* Do single-step fixup if needed. */ 264 FIX_SSTEP(t); 265 266 /* 267 * XXX NJWLWP 268 * 269 * The entire ptrace interface needs work to be useful to a 270 * process with multiple LWPs. For the moment, we'll kluge 271 * this; memory access will be fine, but register access will 272 * be weird. 273 */ 274 275 lt = proc_representative_lwp(t); 276 277 /* Now do the operation. */ 278 write = 0; 279 *retval = 0; 280 tmp = 0; 281 282 switch (SCARG(uap, req)) { 283 case PT_TRACE_ME: 284 /* Just set the trace flag. */ 285 SET(t->p_flag, P_TRACED); 286 t->p_opptr = t->p_pptr; 287 return (0); 288 289 case PT_WRITE_I: /* XXX no separate I and D spaces */ 290 case PT_WRITE_D: 291 #if defined(__HAVE_RAS) 292 /* 293 * Can't write to a RAS 294 */ 295 if (!LIST_EMPTY(&t->p_raslist) && 296 (ras_lookup(t, SCARG(uap, addr)) != (caddr_t)-1)) { 297 return (EACCES); 298 } 299 #endif 300 write = 1; 301 tmp = SCARG(uap, data); 302 case PT_READ_I: /* XXX no separate I and D spaces */ 303 case PT_READ_D: 304 /* write = 0 done above. */ 305 iov.iov_base = (caddr_t)&tmp; 306 iov.iov_len = sizeof(tmp); 307 uio.uio_iov = &iov; 308 uio.uio_iovcnt = 1; 309 uio.uio_offset = (off_t)(unsigned long)SCARG(uap, addr); 310 uio.uio_resid = sizeof(tmp); 311 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 312 UIO_SETUP_SYSSPACE(&uio); 313 error = process_domem(l, lt, &uio); 314 if (!write) 315 *retval = tmp; 316 return (error); 317 318 case PT_IO: 319 error = copyin(SCARG(uap, addr), &piod, sizeof(piod)); 320 if (error) 321 return (error); 322 iov.iov_base = piod.piod_addr; 323 iov.iov_len = piod.piod_len; 324 uio.uio_iov = &iov; 325 uio.uio_iovcnt = 1; 326 uio.uio_offset = (off_t)(unsigned long)piod.piod_offs; 327 uio.uio_resid = piod.piod_len; 328 error = proc_vmspace_getref(l->l_proc, &vm); 329 if (error) { 330 return error; 331 } 332 uio.uio_vmspace = vm; 333 switch (piod.piod_op) { 334 case PIOD_READ_D: 335 case PIOD_READ_I: 336 uio.uio_rw = UIO_READ; 337 break; 338 case PIOD_WRITE_D: 339 case PIOD_WRITE_I: 340 uio.uio_rw = UIO_WRITE; 341 break; 342 default: 343 return (EINVAL); 344 } 345 error = process_domem(l, lt, &uio); 346 piod.piod_len -= uio.uio_resid; 347 (void) copyout(&piod, SCARG(uap, addr), sizeof(piod)); 348 uvmspace_free(vm); 349 return (error); 350 351 case PT_DUMPCORE: 352 if ((path = SCARG(uap, addr)) != NULL) { 353 char *dst; 354 int len = SCARG(uap, data); 355 if (len >= MAXPATHLEN) 356 return EINVAL; 357 dst = malloc(len + 1, M_TEMP, M_WAITOK); 358 if ((error = copyin(path, dst, len)) != 0) { 359 free(dst, M_TEMP); 360 return error; 361 } 362 path = dst; 363 path[len] = '\0'; 364 } 365 error = coredump(lt, path); 366 if (path) 367 free(path, M_TEMP); 368 return error; 369 370 #ifdef PT_STEP 371 case PT_STEP: 372 /* 373 * From the 4.4BSD PRM: 374 * "Execution continues as in request PT_CONTINUE; however 375 * as soon as possible after execution of at least one 376 * instruction, execution stops again. [ ... ]" 377 */ 378 #endif 379 case PT_CONTINUE: 380 case PT_SYSCALL: 381 case PT_DETACH: 382 if (SCARG(uap, req) == PT_SYSCALL) { 383 if (!ISSET(t->p_flag, P_SYSCALL)) { 384 SET(t->p_flag, P_SYSCALL); 385 #ifdef __HAVE_SYSCALL_INTERN 386 (*t->p_emul->e_syscall_intern)(t); 387 #endif 388 } 389 } else { 390 if (ISSET(t->p_flag, P_SYSCALL)) { 391 CLR(t->p_flag, P_SYSCALL); 392 #ifdef __HAVE_SYSCALL_INTERN 393 (*t->p_emul->e_syscall_intern)(t); 394 #endif 395 } 396 } 397 398 /* 399 * From the 4.4BSD PRM: 400 * "The data argument is taken as a signal number and the 401 * child's execution continues at location addr as if it 402 * incurred that signal. Normally the signal number will 403 * be either 0 to indicate that the signal that caused the 404 * stop should be ignored, or that value fetched out of 405 * the process's image indicating which signal caused 406 * the stop. If addr is (int *)1 then execution continues 407 * from where it stopped." 408 */ 409 410 /* Check that the data is a valid signal number or zero. */ 411 if (SCARG(uap, data) < 0 || SCARG(uap, data) >= NSIG) 412 return (EINVAL); 413 414 PHOLD(lt); 415 416 /* If the address parameter is not (int *)1, set the pc. */ 417 if ((int *)SCARG(uap, addr) != (int *)1) 418 if ((error = process_set_pc(lt, SCARG(uap, addr))) != 0) 419 goto relebad; 420 421 #ifdef PT_STEP 422 /* 423 * Arrange for a single-step, if that's requested and possible. 424 */ 425 error = process_sstep(lt, SCARG(uap, req) == PT_STEP); 426 if (error) 427 goto relebad; 428 #endif 429 430 PRELE(lt); 431 432 if (SCARG(uap, req) == PT_DETACH) { 433 /* give process back to original parent or init */ 434 s = proclist_lock_write(); 435 if (t->p_opptr != t->p_pptr) { 436 struct proc *pp = t->p_opptr; 437 proc_reparent(t, pp ? pp : initproc); 438 } 439 440 /* not being traced any more */ 441 t->p_opptr = NULL; 442 proclist_unlock_write(s); 443 CLR(t->p_flag, P_TRACED|P_WAITED|P_SYSCALL|P_FSTRACE); 444 } 445 446 sendsig: 447 /* Finally, deliver the requested signal (or none). */ 448 if (t->p_stat == SSTOP) { 449 t->p_xstat = SCARG(uap, data); 450 SCHED_LOCK(s); 451 lr = proc_unstop(t); 452 /* 453 * If the target needs to take a signal, there 454 * is no running LWP that will see it, and 455 * there is a LWP sleeping interruptably, then 456 * get it moving. 457 */ 458 if (lr && (t->p_xstat != 0)) 459 setrunnable(lr); 460 SCHED_UNLOCK(s); 461 } else { 462 if (SCARG(uap, data) != 0) 463 psignal(t, SCARG(uap, data)); 464 } 465 return (0); 466 467 relebad: 468 PRELE(lt); 469 return (error); 470 471 case PT_KILL: 472 /* just send the process a KILL signal. */ 473 SCARG(uap, data) = SIGKILL; 474 goto sendsig; /* in PT_CONTINUE, above. */ 475 476 case PT_ATTACH: 477 /* 478 * Go ahead and set the trace flag. 479 * Save the old parent (it's reset in 480 * _DETACH, and also in kern_exit.c:wait4() 481 * Reparent the process so that the tracing 482 * proc gets to see all the action. 483 * Stop the target. 484 */ 485 SET(t->p_flag, P_TRACED); 486 s = proclist_lock_write(); 487 t->p_opptr = t->p_pptr; 488 if (t->p_pptr != p) { 489 t->p_pptr->p_flag |= P_CHTRACED; 490 proc_reparent(t, p); 491 } 492 proclist_unlock_write(s); 493 SCARG(uap, data) = SIGSTOP; 494 goto sendsig; 495 496 case PT_LWPINFO: 497 size = SCARG(uap, data); 498 if (size < sizeof(lwpid_t)) 499 return (EINVAL); 500 error = copyin(SCARG(uap, addr), &pl, sizeof(lwpid_t)); 501 if (error) 502 return (error); 503 tmp = pl.pl_lwpid; 504 if (tmp == 0) 505 lt = LIST_FIRST(&t->p_lwps); 506 else { 507 LIST_FOREACH(lt, &t->p_lwps, l_sibling) 508 if (lt->l_lid == tmp) 509 break; 510 if (lt == NULL) 511 return (ESRCH); 512 lt = LIST_NEXT(lt, l_sibling); 513 } 514 pl.pl_lwpid = 0; 515 pl.pl_event = 0; 516 if (lt) { 517 pl.pl_lwpid = lt->l_lid; 518 if (lt->l_lid == t->p_sigctx.ps_lwp) 519 pl.pl_event = PL_EVENT_SIGNAL; 520 } 521 522 error = copyout(&pl, SCARG(uap, addr), SCARG(uap, data)); 523 524 return (0); 525 526 #ifdef PT_SETREGS 527 case PT_SETREGS: 528 write = 1; 529 #endif 530 #ifdef PT_GETREGS 531 case PT_GETREGS: 532 /* write = 0 done above. */ 533 #endif 534 #if defined(PT_SETREGS) || defined(PT_GETREGS) 535 tmp = SCARG(uap, data); 536 if (tmp != 0 && t->p_nlwps > 1) { 537 LIST_FOREACH(lt, &t->p_lwps, l_sibling) 538 if (lt->l_lid == tmp) 539 break; 540 if (lt == NULL) 541 return (ESRCH); 542 } 543 if (!process_validregs(proc_representative_lwp(t))) 544 return (EINVAL); 545 else { 546 error = proc_vmspace_getref(l->l_proc, &vm); 547 if (error) { 548 return error; 549 } 550 iov.iov_base = SCARG(uap, addr); 551 iov.iov_len = sizeof(struct reg); 552 uio.uio_iov = &iov; 553 uio.uio_iovcnt = 1; 554 uio.uio_offset = 0; 555 uio.uio_resid = sizeof(struct reg); 556 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 557 uio.uio_vmspace = vm; 558 error = process_doregs(l, lt, &uio); 559 uvmspace_free(vm); 560 return error; 561 } 562 #endif 563 564 #ifdef PT_SETFPREGS 565 case PT_SETFPREGS: 566 write = 1; 567 #endif 568 #ifdef PT_GETFPREGS 569 case PT_GETFPREGS: 570 /* write = 0 done above. */ 571 #endif 572 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 573 tmp = SCARG(uap, data); 574 if (tmp != 0 && t->p_nlwps > 1) { 575 LIST_FOREACH(lt, &t->p_lwps, l_sibling) 576 if (lt->l_lid == tmp) 577 break; 578 if (lt == NULL) 579 return (ESRCH); 580 } 581 if (!process_validfpregs(proc_representative_lwp(t))) 582 return (EINVAL); 583 else { 584 error = proc_vmspace_getref(l->l_proc, &vm); 585 if (error) { 586 return error; 587 } 588 iov.iov_base = SCARG(uap, addr); 589 iov.iov_len = sizeof(struct fpreg); 590 uio.uio_iov = &iov; 591 uio.uio_iovcnt = 1; 592 uio.uio_offset = 0; 593 uio.uio_resid = sizeof(struct fpreg); 594 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 595 uio.uio_vmspace = vm; 596 error = process_dofpregs(l, lt, &uio); 597 uvmspace_free(vm); 598 return error; 599 } 600 #endif 601 602 #ifdef __HAVE_PTRACE_MACHDEP 603 PTRACE_MACHDEP_REQUEST_CASES 604 return (ptrace_machdep_dorequest(l, lt, 605 SCARG(uap, req), SCARG(uap, addr), 606 SCARG(uap, data))); 607 #endif 608 } 609 610 #ifdef DIAGNOSTIC 611 panic("ptrace: impossible"); 612 #endif 613 return 0; 614 } 615 616 int 617 process_doregs(struct lwp *curl /*tracer*/, 618 struct lwp *l /*traced*/, 619 struct uio *uio) 620 { 621 #if defined(PT_GETREGS) || defined(PT_SETREGS) 622 struct proc *p = l->l_proc; 623 int error; 624 struct reg r; 625 char *kv; 626 int kl; 627 628 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 629 return EINVAL; 630 631 if ((error = process_checkioperm(curl, p)) != 0) 632 return error; 633 634 kl = sizeof(r); 635 kv = (char *)&r; 636 637 kv += uio->uio_offset; 638 kl -= uio->uio_offset; 639 if ((size_t)kl > uio->uio_resid) 640 kl = uio->uio_resid; 641 642 PHOLD(l); 643 644 error = process_read_regs(l, &r); 645 if (error == 0) 646 error = uiomove(kv, kl, uio); 647 if (error == 0 && uio->uio_rw == UIO_WRITE) { 648 if (l->l_stat != LSSTOP) 649 error = EBUSY; 650 else 651 error = process_write_regs(l, &r); 652 } 653 654 PRELE(l); 655 656 uio->uio_offset = 0; 657 return (error); 658 #else 659 return (EINVAL); 660 #endif 661 } 662 663 int 664 process_validregs(struct lwp *l) 665 { 666 667 #if defined(PT_SETREGS) || defined(PT_GETREGS) 668 return ((l->l_proc->p_flag & P_SYSTEM) == 0); 669 #else 670 return (0); 671 #endif 672 } 673 674 int 675 process_dofpregs(struct lwp *curl /*tracer*/, 676 struct lwp *l /*traced*/, 677 struct uio *uio) 678 { 679 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 680 struct proc *p = l->l_proc; 681 int error; 682 struct fpreg r; 683 char *kv; 684 int kl; 685 686 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 687 return EINVAL; 688 689 if ((error = process_checkioperm(curl, p)) != 0) 690 return (error); 691 692 kl = sizeof(r); 693 kv = (char *)&r; 694 695 kv += uio->uio_offset; 696 kl -= uio->uio_offset; 697 if ((size_t)kl > uio->uio_resid) 698 kl = uio->uio_resid; 699 700 PHOLD(l); 701 702 error = process_read_fpregs(l, &r); 703 if (error == 0) 704 error = uiomove(kv, kl, uio); 705 if (error == 0 && uio->uio_rw == UIO_WRITE) { 706 if (l->l_stat != LSSTOP) 707 error = EBUSY; 708 else 709 error = process_write_fpregs(l, &r); 710 } 711 712 PRELE(l); 713 714 uio->uio_offset = 0; 715 return (error); 716 #else 717 return (EINVAL); 718 #endif 719 } 720 721 int 722 process_validfpregs(struct lwp *l) 723 { 724 725 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 726 return ((l->l_proc->p_flag & P_SYSTEM) == 0); 727 #else 728 return (0); 729 #endif 730 } 731 732 int 733 process_domem(struct lwp *curl /*tracer*/, 734 struct lwp *l /*traced*/, 735 struct uio *uio) 736 { 737 struct proc *p = l->l_proc; /* traced */ 738 struct vmspace *vm; 739 int error; 740 741 size_t len; 742 #ifdef PMAP_NEED_PROCWR 743 vaddr_t addr; 744 #endif 745 746 len = uio->uio_resid; 747 748 if (len == 0) 749 return (0); 750 751 #ifdef PMAP_NEED_PROCWR 752 addr = uio->uio_offset; 753 #endif 754 755 if ((error = process_checkioperm(curl, p)) != 0) 756 return (error); 757 758 vm = p->p_vmspace; 759 760 simple_lock(&vm->vm_map.ref_lock); 761 if ((p->p_flag & P_WEXIT) || vm->vm_refcnt < 1) 762 error = EFAULT; 763 if (error == 0) 764 p->p_vmspace->vm_refcnt++; /* XXX */ 765 simple_unlock(&vm->vm_map.ref_lock); 766 if (error != 0) 767 return (error); 768 error = uvm_io(&vm->vm_map, uio); 769 uvmspace_free(vm); 770 771 #ifdef PMAP_NEED_PROCWR 772 if (error == 0 && uio->uio_rw == UIO_WRITE) 773 pmap_procwr(p, addr, len); 774 #endif 775 return (error); 776 } 777 778 /* 779 * Ensure that a process has permission to perform I/O on another. 780 * Arguments: 781 * p The process wishing to do the I/O (the tracer). 782 * t The process who's memory/registers will be read/written. 783 */ 784 int 785 process_checkioperm(struct lwp *l, struct proc *t) 786 { 787 struct proc *p = l->l_proc; 788 int error; 789 790 /* 791 * You cannot attach to a processes mem/regs if: 792 * 793 * (1) It is currently exec'ing 794 */ 795 if (ISSET(t->p_flag, P_INEXEC)) 796 return (EAGAIN); 797 798 /* 799 * (2) it's not owned by you, or is set-id on exec 800 * (unless you're root), or... 801 */ 802 if ((t->p_cred->p_ruid != p->p_cred->p_ruid || 803 ISSET(t->p_flag, P_SUGID)) && 804 (error = suser(p->p_ucred, &p->p_acflag)) != 0) 805 return (error); 806 807 /* 808 * (3) ...it's init, which controls the security level 809 * of the entire system, and the system was not 810 * compiled with permanetly insecure mode turned on. 811 */ 812 if (t == initproc && securelevel > -1) 813 return (EPERM); 814 815 /* 816 * (4) the tracer is chrooted, and its root directory is 817 * not at or above the root directory of the tracee 818 */ 819 if (!proc_isunder(t, l)) 820 return (EPERM); 821 822 return (0); 823 } 824 825 void 826 process_stoptrace(struct lwp *l) 827 { 828 int s = 0, dolock = (l->l_flag & L_SINTR) == 0; 829 struct proc *p = l->l_proc, *pp = p->p_pptr; 830 831 if (pp->p_pid == 1) { 832 CLR(p->p_flag, P_SYSCALL); 833 return; 834 } 835 836 p->p_xstat = SIGTRAP; 837 child_psignal(pp, dolock); 838 839 if (dolock) 840 SCHED_LOCK(s); 841 842 proc_stop(p, 1); 843 844 mi_switch(l, NULL); 845 SCHED_ASSERT_UNLOCKED(); 846 847 if (dolock) 848 splx(s); 849 } 850