1 /* $NetBSD: sys_ptrace_common.c,v 1.83 2020/05/30 08:41:22 maxv Exp $ */ 2 3 /*- 4 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Andrew Doran. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1989, 1993 34 * The Regents of the University of California. All rights reserved. 35 * (c) UNIX System Laboratories, Inc. 36 * All or some portions of this file are derived from material licensed 37 * to the University of California by American Telephone and Telegraph 38 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 39 * the permission of UNIX System Laboratories, Inc. 40 * 41 * This code is derived from software contributed to Berkeley by 42 * Jan-Simon Pendry. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 3. Neither the name of the University nor the names of its contributors 53 * may be used to endorse or promote products derived from this software 54 * without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 * 68 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 69 */ 70 71 /*- 72 * Copyright (c) 1993 Jan-Simon Pendry. 73 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 74 * 75 * This code is derived from software contributed to Berkeley by 76 * Jan-Simon Pendry. 77 * 78 * Redistribution and use in source and binary forms, with or without 79 * modification, are permitted provided that the following conditions 80 * are met: 81 * 1. Redistributions of source code must retain the above copyright 82 * notice, this list of conditions and the following disclaimer. 83 * 2. Redistributions in binary form must reproduce the above copyright 84 * notice, this list of conditions and the following disclaimer in the 85 * documentation and/or other materials provided with the distribution. 86 * 3. All advertising materials mentioning features or use of this software 87 * must display the following acknowledgement: 88 * This product includes software developed by the University of 89 * California, Berkeley and its contributors. 90 * 4. Neither the name of the University nor the names of its contributors 91 * may be used to endorse or promote products derived from this software 92 * without specific prior written permission. 93 * 94 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 97 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 98 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 99 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 100 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 101 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 104 * SUCH DAMAGE. 105 * 106 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 107 */ 108 109 /* 110 * References: 111 * (1) Bach's "The Design of the UNIX Operating System", 112 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 113 * (3) the "4.4BSD Programmer's Reference Manual" published 114 * by USENIX and O'Reilly & Associates. 115 * The 4.4BSD PRM does a reasonably good job of documenting what the various 116 * ptrace() requests should actually do, and its text is quoted several times 117 * in this file. 118 */ 119 120 #include <sys/cdefs.h> 121 __KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.83 2020/05/30 08:41:22 maxv Exp $"); 122 123 #ifdef _KERNEL_OPT 124 #include "opt_ptrace.h" 125 #include "opt_ktrace.h" 126 #include "opt_pax.h" 127 #include "opt_compat_netbsd32.h" 128 #endif 129 130 #if defined(__HAVE_COMPAT_NETBSD32) && !defined(COMPAT_NETBSD32) \ 131 && !defined(_RUMPKERNEL) 132 #define COMPAT_NETBSD32 133 #endif 134 135 #include <sys/param.h> 136 #include <sys/systm.h> 137 #include <sys/proc.h> 138 #include <sys/errno.h> 139 #include <sys/exec.h> 140 #include <sys/pax.h> 141 #include <sys/ptrace.h> 142 #include <sys/uio.h> 143 #include <sys/ras.h> 144 #include <sys/kmem.h> 145 #include <sys/kauth.h> 146 #include <sys/mount.h> 147 #include <sys/syscallargs.h> 148 #include <sys/module.h> 149 #include <sys/condvar.h> 150 #include <sys/mutex.h> 151 #include <sys/compat_stub.h> 152 153 #include <uvm/uvm_extern.h> 154 155 #include <machine/reg.h> 156 157 #ifdef PTRACE 158 # ifdef PTRACE_DEBUG 159 # define DPRINTF(a) uprintf a 160 # else 161 # define DPRINTF(a) 162 # endif 163 164 static kauth_listener_t ptrace_listener; 165 static int process_auxv_offset(struct proc *, struct uio *); 166 167 extern int user_va0_disable; 168 169 #if 0 170 static int ptrace_cbref; 171 static kmutex_t ptrace_mtx; 172 static kcondvar_t ptrace_cv; 173 #endif 174 175 #ifdef PT_GETREGS 176 # define case_PT_GETREGS case PT_GETREGS: 177 #else 178 # define case_PT_GETREGS 179 #endif 180 181 #ifdef PT_SETREGS 182 # define case_PT_SETREGS case PT_SETREGS: 183 #else 184 # define case_PT_SETREGS 185 #endif 186 187 #ifdef PT_GETFPREGS 188 # define case_PT_GETFPREGS case PT_GETFPREGS: 189 #else 190 # define case_PT_GETFPREGS 191 #endif 192 193 #ifdef PT_SETFPREGS 194 # define case_PT_SETFPREGS case PT_SETFPREGS: 195 #else 196 # define case_PT_SETFPREGS 197 #endif 198 199 #ifdef PT_GETDBREGS 200 # define case_PT_GETDBREGS case PT_GETDBREGS: 201 #else 202 # define case_PT_GETDBREGS 203 #endif 204 205 #ifdef PT_SETDBREGS 206 # define case_PT_SETDBREGS case PT_SETDBREGS: 207 #else 208 # define case_PT_SETDBREGS 209 #endif 210 211 #if defined(PT_SETREGS) || defined(PT_GETREGS) || \ 212 defined(PT_SETFPREGS) || defined(PT_GETFPREGS) || \ 213 defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 214 # define PT_REGISTERS 215 #endif 216 217 #ifndef PTRACE_REGS_ALIGN 218 #define PTRACE_REGS_ALIGN /* nothing */ 219 #endif 220 221 static int 222 ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 223 void *arg0, void *arg1, void *arg2, void *arg3) 224 { 225 struct proc *p; 226 int result; 227 #ifdef PT_SETDBREGS 228 extern int user_set_dbregs; 229 #endif 230 231 result = KAUTH_RESULT_DEFER; 232 p = arg0; 233 234 #if 0 235 mutex_enter(&ptrace_mtx); 236 ptrace_cbref++; 237 mutex_exit(&ptrace_mtx); 238 #endif 239 if (action != KAUTH_PROCESS_PTRACE) 240 goto out; 241 242 switch ((u_long)arg1) { 243 #ifdef PT_SETDBREGS 244 case_PT_SETDBREGS 245 if (kauth_cred_getuid(cred) != 0 && user_set_dbregs == 0) { 246 result = KAUTH_RESULT_DENY; 247 break; 248 } 249 #endif 250 /* FALLTHROUGH */ 251 case PT_TRACE_ME: 252 case PT_ATTACH: 253 case PT_WRITE_I: 254 case PT_WRITE_D: 255 case PT_READ_I: 256 case PT_READ_D: 257 case PT_IO: 258 case_PT_GETREGS 259 case_PT_SETREGS 260 case_PT_GETFPREGS 261 case_PT_SETFPREGS 262 case_PT_GETDBREGS 263 case PT_SET_EVENT_MASK: 264 case PT_GET_EVENT_MASK: 265 case PT_GET_PROCESS_STATE: 266 case PT_SET_SIGINFO: 267 case PT_GET_SIGINFO: 268 #ifdef __HAVE_PTRACE_MACHDEP 269 PTRACE_MACHDEP_REQUEST_CASES 270 #endif 271 if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) || 272 ISSET(p->p_flag, PK_SUGID)) { 273 break; 274 } 275 276 result = KAUTH_RESULT_ALLOW; 277 278 break; 279 280 #ifdef PT_STEP 281 case PT_STEP: 282 case PT_SETSTEP: 283 case PT_CLEARSTEP: 284 #endif 285 case PT_CONTINUE: 286 case PT_KILL: 287 case PT_DETACH: 288 case PT_LWPINFO: 289 case PT_SYSCALL: 290 case PT_SYSCALLEMU: 291 case PT_DUMPCORE: 292 case PT_RESUME: 293 case PT_SUSPEND: 294 case PT_STOP: 295 case PT_LWPSTATUS: 296 case PT_LWPNEXT: 297 case PT_SET_SIGPASS: 298 case PT_GET_SIGPASS: 299 result = KAUTH_RESULT_ALLOW; 300 break; 301 302 default: 303 break; 304 } 305 306 out: 307 #if 0 308 mutex_enter(&ptrace_mtx); 309 if (--ptrace_cbref == 0) 310 cv_broadcast(&ptrace_cv); 311 mutex_exit(&ptrace_mtx); 312 #endif 313 314 return result; 315 } 316 317 int 318 ptrace_init(void) 319 { 320 321 #if 0 322 mutex_init(&ptrace_mtx, MUTEX_DEFAULT, IPL_NONE); 323 cv_init(&ptrace_cv, "ptracecb"); 324 ptrace_cbref = 0; 325 #endif 326 ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 327 ptrace_listener_cb, NULL); 328 return 0; 329 } 330 331 int 332 ptrace_fini(void) 333 { 334 335 kauth_unlisten_scope(ptrace_listener); 336 337 #if 0 338 /* Make sure no-one is executing our kauth listener */ 339 340 mutex_enter(&ptrace_mtx); 341 while (ptrace_cbref != 0) 342 cv_wait(&ptrace_cv, &ptrace_mtx); 343 mutex_exit(&ptrace_mtx); 344 mutex_destroy(&ptrace_mtx); 345 cv_destroy(&ptrace_cv); 346 #endif 347 348 return 0; 349 } 350 351 static struct proc * 352 ptrace_find(struct lwp *l, int req, pid_t pid) 353 { 354 struct proc *t; 355 356 /* "A foolish consistency..." XXX */ 357 if (req == PT_TRACE_ME) { 358 t = l->l_proc; 359 mutex_enter(t->p_lock); 360 return t; 361 } 362 363 /* Find the process we're supposed to be operating on. */ 364 t = proc_find(pid); 365 if (t == NULL) 366 return NULL; 367 368 /* XXX-elad */ 369 mutex_enter(t->p_lock); 370 int error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, 371 t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 372 if (error) { 373 mutex_exit(t->p_lock); 374 return NULL; 375 } 376 return t; 377 } 378 379 static int 380 ptrace_allowed(struct lwp *l, int req, struct proc *t, struct proc *p, 381 bool *locked) 382 { 383 *locked = false; 384 385 /* 386 * Grab a reference on the process to prevent it from execing or 387 * exiting. 388 */ 389 if (!rw_tryenter(&t->p_reflock, RW_READER)) 390 return EBUSY; 391 392 *locked = true; 393 394 /* Make sure we can operate on it. */ 395 switch (req) { 396 case PT_TRACE_ME: 397 /* 398 * You can't say to the parent of a process to start tracing if: 399 * (1) the parent is initproc, 400 */ 401 if (p->p_pptr == initproc) 402 return EPERM; 403 404 /* 405 * (2) the process is initproc, or 406 */ 407 if (p == initproc) 408 return EPERM; 409 410 /* 411 * (3) the child is already traced. 412 */ 413 if (ISSET(p->p_slflag, PSL_TRACED)) 414 return EBUSY; 415 416 return 0; 417 418 case PT_ATTACH: 419 /* 420 * You can't attach to a process if: 421 * (1) it's the process that's doing the attaching, 422 */ 423 if (t == p) 424 return EINVAL; 425 426 /* 427 * (2) it's a system process, 428 */ 429 if (t->p_flag & PK_SYSTEM) 430 return EPERM; 431 432 /* 433 * (3) the tracer is initproc, 434 */ 435 if (p == initproc) 436 return EPERM; 437 438 /* 439 * (4) it's already being traced, 440 */ 441 if (ISSET(t->p_slflag, PSL_TRACED)) 442 return EBUSY; 443 444 /* 445 * (5) it's a vfork(2)ed parent of the current process, or 446 */ 447 if (ISSET(p->p_lflag, PL_PPWAIT) && p->p_pptr == t) 448 return EPERM; 449 450 /* 451 * (6) the tracer is chrooted, and its root directory is 452 * not at or above the root directory of the tracee 453 */ 454 mutex_exit(t->p_lock); /* XXXSMP */ 455 int tmp = proc_isunder(t, l); 456 mutex_enter(t->p_lock); /* XXXSMP */ 457 if (!tmp) 458 return EPERM; 459 return 0; 460 461 case PT_READ_I: 462 case PT_READ_D: 463 case PT_WRITE_I: 464 case PT_WRITE_D: 465 case PT_IO: 466 case PT_SET_SIGINFO: 467 case PT_GET_SIGINFO: 468 case_PT_GETREGS 469 case_PT_SETREGS 470 case_PT_GETFPREGS 471 case_PT_SETFPREGS 472 case_PT_GETDBREGS 473 case_PT_SETDBREGS 474 #ifdef __HAVE_PTRACE_MACHDEP 475 PTRACE_MACHDEP_REQUEST_CASES 476 #endif 477 /* 478 * You can't read/write the memory or registers of a process 479 * if the tracer is chrooted, and its root directory is not at 480 * or above the root directory of the tracee. 481 */ 482 mutex_exit(t->p_lock); /* XXXSMP */ 483 tmp = proc_isunder(t, l); 484 mutex_enter(t->p_lock); /* XXXSMP */ 485 if (!tmp) 486 return EPERM; 487 /*FALLTHROUGH*/ 488 489 case PT_CONTINUE: 490 case PT_KILL: 491 case PT_DETACH: 492 case PT_LWPINFO: 493 case PT_SYSCALL: 494 case PT_SYSCALLEMU: 495 case PT_DUMPCORE: 496 #ifdef PT_STEP 497 case PT_STEP: 498 case PT_SETSTEP: 499 case PT_CLEARSTEP: 500 #endif 501 case PT_SET_EVENT_MASK: 502 case PT_GET_EVENT_MASK: 503 case PT_GET_PROCESS_STATE: 504 case PT_RESUME: 505 case PT_SUSPEND: 506 case PT_STOP: 507 case PT_LWPSTATUS: 508 case PT_LWPNEXT: 509 case PT_SET_SIGPASS: 510 case PT_GET_SIGPASS: 511 /* 512 * You can't do what you want to the process if: 513 * (1) It's not being traced at all, 514 */ 515 if (!ISSET(t->p_slflag, PSL_TRACED)) 516 return EPERM; 517 518 /* 519 * (2) it's not being traced by _you_, or 520 */ 521 if (t->p_pptr != p) { 522 DPRINTF(("parent %d != %d\n", t->p_pptr->p_pid, 523 p->p_pid)); 524 return EBUSY; 525 } 526 527 /* 528 * (3) it's not currently stopped. 529 * 530 * As an exception allow PT_KILL and PT_STOP here. 531 */ 532 if (req != PT_KILL && req != PT_STOP && 533 (t->p_stat != SSTOP || !t->p_waited /* XXXSMP */)) { 534 DPRINTF(("stat %d flag %d\n", t->p_stat, 535 !t->p_waited)); 536 return EBUSY; 537 } 538 return 0; 539 540 default: /* It was not a legal request. */ 541 return EINVAL; 542 } 543 } 544 545 static int 546 ptrace_needs_hold(int req) 547 { 548 switch (req) { 549 #ifdef PT_STEP 550 case PT_STEP: 551 #endif 552 case PT_CONTINUE: 553 case PT_DETACH: 554 case PT_KILL: 555 case PT_SYSCALL: 556 case PT_SYSCALLEMU: 557 case PT_ATTACH: 558 case PT_TRACE_ME: 559 case PT_GET_SIGINFO: 560 case PT_SET_SIGINFO: 561 case PT_STOP: 562 return 1; 563 default: 564 return 0; 565 } 566 } 567 568 static int 569 ptrace_update_lwp(struct proc *t, struct lwp **lt, lwpid_t lid) 570 { 571 if (lid == 0 || lid == (*lt)->l_lid || t->p_nlwps == 1) 572 return 0; 573 574 mutex_enter(t->p_lock); 575 lwp_delref2(*lt); 576 577 *lt = lwp_find(t, lid); 578 if (*lt == NULL) { 579 mutex_exit(t->p_lock); 580 return ESRCH; 581 } 582 583 if ((*lt)->l_flag & LW_SYSTEM) { 584 mutex_exit(t->p_lock); 585 *lt = NULL; 586 return EINVAL; 587 } 588 589 lwp_addref(*lt); 590 mutex_exit(t->p_lock); 591 592 return 0; 593 } 594 595 static int 596 ptrace_get_siginfo(struct proc *t, struct ptrace_methods *ptm, void *addr, 597 size_t data) 598 { 599 struct ptrace_siginfo psi; 600 601 memset(&psi, 0, sizeof(psi)); 602 psi.psi_siginfo._info = t->p_sigctx.ps_info; 603 psi.psi_lwpid = t->p_sigctx.ps_lwp; 604 DPRINTF(("%s: lwp=%d signal=%d\n", __func__, psi.psi_lwpid, 605 psi.psi_siginfo.si_signo)); 606 607 return ptm->ptm_copyout_siginfo(&psi, addr, data); 608 } 609 610 static int 611 ptrace_set_siginfo(struct proc *t, struct lwp **lt, struct ptrace_methods *ptm, 612 void *addr, size_t data) 613 { 614 struct ptrace_siginfo psi; 615 616 int error = ptm->ptm_copyin_siginfo(&psi, addr, data); 617 if (error) 618 return error; 619 620 /* Check that the data is a valid signal number or zero. */ 621 if (psi.psi_siginfo.si_signo < 0 || psi.psi_siginfo.si_signo >= NSIG) 622 return EINVAL; 623 624 t->p_sigctx.ps_faked = true; 625 t->p_sigctx.ps_info = psi.psi_siginfo._info; 626 t->p_sigctx.ps_lwp = psi.psi_lwpid; 627 DPRINTF(("%s: lwp=%d signal=%d\n", __func__, psi.psi_lwpid, 628 psi.psi_siginfo.si_signo)); 629 return 0; 630 } 631 632 static int 633 ptrace_get_sigpass(struct proc *t, void *addr, size_t data) 634 { 635 sigset_t set; 636 637 if (data > sizeof(set) || data <= 0) { 638 DPRINTF(("%s: invalid data: %zu < %zu <= 0\n", 639 __func__, sizeof(set), data)); 640 return EINVAL; 641 } 642 643 set = t->p_sigctx.ps_sigpass; 644 645 return copyout(&set, addr, data); 646 } 647 648 static int 649 ptrace_set_sigpass(struct proc *t, void *addr, size_t data) 650 { 651 sigset_t set; 652 int error; 653 654 if (data > sizeof(set) || data <= 0) { 655 DPRINTF(("%s: invalid data: %zu < %zu <= 0\n", 656 __func__, sizeof(set), data)); 657 return EINVAL; 658 } 659 660 memset(&set, 0, sizeof(set)); 661 662 if ((error = copyin(addr, &set, data))) 663 return error; 664 665 /* We catch SIGSTOP and cannot intercept SIGKILL. */ 666 sigminusset(&sigcantmask, &set); 667 668 t->p_sigctx.ps_sigpass = set; 669 670 return 0; 671 } 672 673 static int 674 ptrace_get_event_mask(struct proc *t, void *addr, size_t data) 675 { 676 struct ptrace_event pe; 677 678 if (data != sizeof(pe)) { 679 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pe))); 680 return EINVAL; 681 } 682 memset(&pe, 0, sizeof(pe)); 683 pe.pe_set_event = ISSET(t->p_slflag, PSL_TRACEFORK) ? 684 PTRACE_FORK : 0; 685 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK) ? 686 PTRACE_VFORK : 0; 687 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK_DONE) ? 688 PTRACE_VFORK_DONE : 0; 689 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_CREATE) ? 690 PTRACE_LWP_CREATE : 0; 691 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_EXIT) ? 692 PTRACE_LWP_EXIT : 0; 693 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEPOSIX_SPAWN) ? 694 PTRACE_POSIX_SPAWN : 0; 695 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 696 t->p_sigctx.ps_lwp, pe.pe_set_event)); 697 return copyout(&pe, addr, sizeof(pe)); 698 } 699 700 static int 701 ptrace_set_event_mask(struct proc *t, void *addr, size_t data) 702 { 703 struct ptrace_event pe; 704 int error; 705 706 if (data != sizeof(pe)) { 707 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pe))); 708 return EINVAL; 709 } 710 if ((error = copyin(addr, &pe, sizeof(pe))) != 0) 711 return error; 712 713 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 714 t->p_sigctx.ps_lwp, pe.pe_set_event)); 715 if (pe.pe_set_event & PTRACE_FORK) 716 SET(t->p_slflag, PSL_TRACEFORK); 717 else 718 CLR(t->p_slflag, PSL_TRACEFORK); 719 720 if (pe.pe_set_event & PTRACE_VFORK) 721 SET(t->p_slflag, PSL_TRACEVFORK); 722 else 723 CLR(t->p_slflag, PSL_TRACEVFORK); 724 725 if (pe.pe_set_event & PTRACE_VFORK_DONE) 726 SET(t->p_slflag, PSL_TRACEVFORK_DONE); 727 else 728 CLR(t->p_slflag, PSL_TRACEVFORK_DONE); 729 730 if (pe.pe_set_event & PTRACE_LWP_CREATE) 731 SET(t->p_slflag, PSL_TRACELWP_CREATE); 732 else 733 CLR(t->p_slflag, PSL_TRACELWP_CREATE); 734 735 if (pe.pe_set_event & PTRACE_LWP_EXIT) 736 SET(t->p_slflag, PSL_TRACELWP_EXIT); 737 else 738 CLR(t->p_slflag, PSL_TRACELWP_EXIT); 739 740 if (pe.pe_set_event & PTRACE_POSIX_SPAWN) 741 SET(t->p_slflag, PSL_TRACEPOSIX_SPAWN); 742 else 743 CLR(t->p_slflag, PSL_TRACEPOSIX_SPAWN); 744 745 return 0; 746 } 747 748 static int 749 ptrace_get_process_state(struct proc *t, void *addr, size_t data) 750 { 751 struct _ksiginfo *si; 752 struct ptrace_state ps; 753 754 if (data != sizeof(ps)) { 755 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(ps))); 756 return EINVAL; 757 } 758 759 if (t->p_sigctx.ps_info._signo != SIGTRAP || 760 (t->p_sigctx.ps_info._code != TRAP_CHLD && 761 t->p_sigctx.ps_info._code != TRAP_LWP)) { 762 memset(&ps, 0, sizeof(ps)); 763 } else { 764 si = &t->p_sigctx.ps_info; 765 766 KASSERT(si->_reason._ptrace_state._pe_report_event > 0); 767 KASSERT(si->_reason._ptrace_state._option._pe_other_pid > 0); 768 769 ps.pe_report_event = si->_reason._ptrace_state._pe_report_event; 770 771 CTASSERT(sizeof(ps.pe_other_pid) == sizeof(ps.pe_lwp)); 772 ps.pe_other_pid = 773 si->_reason._ptrace_state._option._pe_other_pid; 774 } 775 776 DPRINTF(("%s: lwp=%d event=%#x pid=%d lwp=%d\n", __func__, 777 t->p_sigctx.ps_lwp, ps.pe_report_event, 778 ps.pe_other_pid, ps.pe_lwp)); 779 return copyout(&ps, addr, sizeof(ps)); 780 } 781 782 static int 783 ptrace_lwpinfo(struct proc *t, struct lwp **lt, void *addr, size_t data) 784 { 785 struct ptrace_lwpinfo pl; 786 787 if (data != sizeof(pl)) { 788 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pl))); 789 return EINVAL; 790 } 791 int error = copyin(addr, &pl, sizeof(pl)); 792 if (error) 793 return error; 794 795 lwpid_t tmp = pl.pl_lwpid; 796 lwp_delref(*lt); 797 mutex_enter(t->p_lock); 798 if (tmp == 0) 799 *lt = lwp_find_first(t); 800 else { 801 *lt = lwp_find(t, tmp); 802 if (*lt == NULL) { 803 mutex_exit(t->p_lock); 804 return ESRCH; 805 } 806 *lt = LIST_NEXT(*lt, l_sibling); 807 } 808 809 while (*lt != NULL && (!lwp_alive(*lt) || 810 ((*lt)->l_flag & LW_SYSTEM) != 0)) 811 *lt = LIST_NEXT(*lt, l_sibling); 812 813 pl.pl_lwpid = 0; 814 pl.pl_event = 0; 815 if (*lt) { 816 lwp_addref(*lt); 817 pl.pl_lwpid = (*lt)->l_lid; 818 819 if ((*lt)->l_flag & LW_WSUSPEND) 820 pl.pl_event = PL_EVENT_SUSPENDED; 821 /* 822 * If we match the lwp, or it was sent to every lwp, 823 * we set PL_EVENT_SIGNAL. 824 * XXX: ps_lwp == 0 means everyone and noone, so 825 * check ps_signo too. 826 */ 827 else if ((*lt)->l_lid == t->p_sigctx.ps_lwp 828 || (t->p_sigctx.ps_lwp == 0 && 829 t->p_sigctx.ps_info._signo)) { 830 DPRINTF(("%s: lwp=%d siglwp=%d signo %d\n", __func__, 831 pl.pl_lwpid, t->p_sigctx.ps_lwp, 832 t->p_sigctx.ps_info._signo)); 833 pl.pl_event = PL_EVENT_SIGNAL; 834 } 835 } 836 mutex_exit(t->p_lock); 837 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 838 pl.pl_lwpid, pl.pl_event)); 839 840 return copyout(&pl, addr, sizeof(pl)); 841 } 842 843 static int 844 ptrace_lwpstatus(struct proc *t, struct ptrace_methods *ptm, struct lwp **lt, 845 void *addr, size_t data, bool next) 846 { 847 struct ptrace_lwpstatus pls; 848 struct lwp *l; 849 int error; 850 851 if (data > sizeof(pls) || data < sizeof(lwpid_t)) { 852 DPRINTF(("%s: invalid data: %zu < %zu < %zu\n", 853 __func__, sizeof(lwpid_t), data, sizeof(pls))); 854 return EINVAL; 855 } 856 error = copyin(addr, &pls.pl_lwpid, sizeof(lwpid_t)); 857 if (error) 858 return error; 859 860 if (next) { 861 lwp_delref(*lt); 862 lwpid_t tmp = pls.pl_lwpid; 863 mutex_enter(t->p_lock); 864 if (tmp == 0) 865 *lt = lwp_find_first(t); 866 else { 867 *lt = lwp_find(t, tmp); 868 if (*lt == NULL) { 869 mutex_exit(t->p_lock); 870 return ESRCH; 871 } 872 *lt = LIST_NEXT(*lt, l_sibling); 873 } 874 875 while (*lt != NULL && (!lwp_alive(*lt) || 876 ((*lt)->l_flag & LW_SYSTEM) != 0)) 877 *lt = LIST_NEXT(*lt, l_sibling); 878 879 if (*lt == NULL) { 880 memset(&pls, 0, sizeof(pls)); 881 mutex_exit(t->p_lock); 882 goto out; 883 } 884 lwp_addref(*lt); 885 mutex_exit(t->p_lock); 886 887 pls.pl_lwpid = (*lt)->l_lid; 888 } else { 889 if ((error = ptrace_update_lwp(t, lt, pls.pl_lwpid)) != 0) 890 return error; 891 } 892 893 l = *lt; 894 895 ptrace_read_lwpstatus(l, &pls); 896 897 out: 898 DPRINTF(("%s: lwp=%d sigpend=%02x%02x%02x%02x sigmask=%02x%02x%02x%02x " 899 "name='%s' private=%p\n", __func__, pls.pl_lwpid, 900 pls.pl_sigpend.__bits[0], pls.pl_sigpend.__bits[1], 901 pls.pl_sigpend.__bits[2], pls.pl_sigpend.__bits[3], 902 pls.pl_sigmask.__bits[0], pls.pl_sigmask.__bits[1], 903 pls.pl_sigmask.__bits[2], pls.pl_sigmask.__bits[3], 904 pls.pl_name, pls.pl_private)); 905 906 return ptm->ptm_copyout_lwpstatus(&pls, addr, data); 907 } 908 909 static int 910 ptrace_startstop(struct proc *t, struct lwp **lt, int rq, void *addr, 911 size_t data) 912 { 913 int error; 914 915 if ((error = ptrace_update_lwp(t, lt, data)) != 0) 916 return error; 917 918 DPRINTF(("%s: lwp=%d request=%d\n", __func__, (*lt)->l_lid, rq)); 919 lwp_lock(*lt); 920 if (rq == PT_SUSPEND) 921 (*lt)->l_flag |= LW_DBGSUSPEND; 922 else { 923 (*lt)->l_flag &= ~LW_DBGSUSPEND; 924 if ((*lt)->l_flag != LSSUSPENDED) 925 (*lt)->l_stat = LSSTOP; 926 } 927 lwp_unlock(*lt); 928 return 0; 929 } 930 931 #ifdef PT_REGISTERS 932 static int 933 ptrace_uio_dir(int req) 934 { 935 switch (req) { 936 case_PT_GETREGS 937 case_PT_GETFPREGS 938 case_PT_GETDBREGS 939 return UIO_READ; 940 case_PT_SETREGS 941 case_PT_SETFPREGS 942 case_PT_SETDBREGS 943 return UIO_WRITE; 944 default: 945 return -1; 946 } 947 } 948 949 static int 950 ptrace_regs(struct lwp *l, struct lwp **lt, int rq, struct ptrace_methods *ptm, 951 void *addr, size_t data) 952 { 953 int error; 954 struct proc *p, *t; 955 struct vmspace *vm; 956 957 p = l->l_proc; /* tracer */ 958 t = (*lt)->l_proc; /* traced */ 959 960 if ((error = ptrace_update_lwp(t, lt, data)) != 0) 961 return error; 962 963 int dir = ptrace_uio_dir(rq); 964 size_t size; 965 int (*func)(struct lwp *, struct lwp *, struct uio *); 966 967 DPRINTF(("%s: lwp=%d request=%d\n", __func__, l->l_lid, rq)); 968 969 switch (rq) { 970 #if defined(PT_SETREGS) || defined(PT_GETREGS) 971 case_PT_GETREGS 972 case_PT_SETREGS 973 if (!process_validregs(*lt)) 974 return EINVAL; 975 size = PROC_REGSZ(p); 976 func = ptm->ptm_doregs; 977 break; 978 #endif 979 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 980 case_PT_GETFPREGS 981 case_PT_SETFPREGS 982 if (!process_validfpregs(*lt)) 983 return EINVAL; 984 size = PROC_FPREGSZ(p); 985 func = ptm->ptm_dofpregs; 986 break; 987 #endif 988 #if defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 989 case_PT_GETDBREGS 990 case_PT_SETDBREGS 991 if (!process_validdbregs(*lt)) 992 return EINVAL; 993 size = PROC_DBREGSZ(p); 994 func = ptm->ptm_dodbregs; 995 break; 996 #endif 997 default: 998 return EINVAL; 999 } 1000 1001 error = proc_vmspace_getref(l->l_proc, &vm); 1002 if (error) 1003 return error; 1004 1005 struct uio uio; 1006 struct iovec iov; 1007 1008 iov.iov_base = addr; 1009 iov.iov_len = size; 1010 uio.uio_iov = &iov; 1011 uio.uio_iovcnt = 1; 1012 uio.uio_offset = 0; 1013 uio.uio_resid = iov.iov_len; 1014 uio.uio_rw = dir; 1015 uio.uio_vmspace = vm; 1016 1017 error = (*func)(l, *lt, &uio); 1018 uvmspace_free(vm); 1019 return error; 1020 } 1021 #endif 1022 1023 static int 1024 ptrace_sendsig(struct lwp *l, int req, struct proc *t, struct lwp *lt, int signo, int resume_all) 1025 { 1026 ksiginfo_t ksi; 1027 1028 /* Finally, deliver the requested signal (or none). */ 1029 if (t->p_stat == SSTOP) { 1030 /* 1031 * Unstop the process. If it needs to take a 1032 * signal, make all efforts to ensure that at 1033 * an LWP runs to see it. 1034 */ 1035 t->p_xsig = signo; 1036 1037 /* 1038 * signo > 0 check prevents a potential panic, as 1039 * sigismember(&...,0) is invalid check and signo 1040 * can be equal to 0 as a special case of no-signal. 1041 */ 1042 if (signo > 0 && sigismember(&stopsigmask, signo)) { 1043 t->p_waited = 0; 1044 child_psignal(t, 0); 1045 } else if (resume_all) 1046 proc_unstop(t); 1047 else 1048 lwp_unstop(lt); 1049 return 0; 1050 } 1051 1052 KASSERT(req == PT_KILL || req == PT_STOP || req == PT_ATTACH); 1053 1054 KSI_INIT(&ksi); 1055 ksi.ksi_signo = signo; 1056 ksi.ksi_code = SI_USER; 1057 ksi.ksi_pid = l->l_proc->p_pid; 1058 ksi.ksi_uid = kauth_cred_geteuid(l->l_cred); 1059 1060 t->p_sigctx.ps_faked = false; 1061 1062 DPRINTF(("%s: pid=%d.%d signal=%d resume_all=%d\n", __func__, t->p_pid, 1063 lt->l_lid, signo, resume_all)); 1064 1065 return kpsignal2(t, &ksi); 1066 } 1067 1068 static int 1069 ptrace_dumpcore(struct lwp *lt, char *path, size_t len) 1070 { 1071 int error; 1072 if (path != NULL) { 1073 1074 if (len >= MAXPATHLEN) 1075 return EINVAL; 1076 1077 char *src = path; 1078 path = kmem_alloc(len + 1, KM_SLEEP); 1079 error = copyin(src, path, len); 1080 if (error) 1081 goto out; 1082 path[len] = '\0'; 1083 } 1084 DPRINTF(("%s: lwp=%d\n", __func__, lt->l_lid)); 1085 MODULE_HOOK_CALL(coredump_hook, (lt, path), 0, error); 1086 out: 1087 if (path) 1088 kmem_free(path, len + 1); 1089 return error; 1090 } 1091 1092 static int 1093 ptrace_doio(struct lwp *l, struct proc *t, struct lwp *lt, 1094 struct ptrace_io_desc *piod, void *addr, bool sysspace) 1095 { 1096 struct uio uio; 1097 struct iovec iov; 1098 int error, tmp; 1099 1100 error = 0; 1101 iov.iov_base = piod->piod_addr; 1102 iov.iov_len = piod->piod_len; 1103 uio.uio_iov = &iov; 1104 uio.uio_iovcnt = 1; 1105 uio.uio_offset = (off_t)(unsigned long)piod->piod_offs; 1106 uio.uio_resid = piod->piod_len; 1107 1108 DPRINTF(("%s: lwp=%d request=%d\n", __func__, l->l_lid, piod->piod_op)); 1109 1110 switch (piod->piod_op) { 1111 case PIOD_READ_D: 1112 case PIOD_READ_I: 1113 uio.uio_rw = UIO_READ; 1114 break; 1115 case PIOD_WRITE_D: 1116 case PIOD_WRITE_I: 1117 /* 1118 * Can't write to a RAS 1119 */ 1120 if (ras_lookup(t, addr) != (void *)-1) { 1121 return EACCES; 1122 } 1123 uio.uio_rw = UIO_WRITE; 1124 break; 1125 case PIOD_READ_AUXV: 1126 uio.uio_rw = UIO_READ; 1127 tmp = t->p_execsw->es_arglen; 1128 if (uio.uio_offset > tmp) 1129 return EIO; 1130 if (uio.uio_resid > tmp - uio.uio_offset) 1131 uio.uio_resid = tmp - uio.uio_offset; 1132 piod->piod_len = iov.iov_len = uio.uio_resid; 1133 error = process_auxv_offset(t, &uio); 1134 break; 1135 default: 1136 error = EINVAL; 1137 break; 1138 } 1139 1140 if (error) 1141 return error; 1142 1143 if (sysspace) { 1144 uio.uio_vmspace = vmspace_kernel(); 1145 } else { 1146 error = proc_vmspace_getref(l->l_proc, &uio.uio_vmspace); 1147 if (error) 1148 return error; 1149 } 1150 1151 error = process_domem(l, lt, &uio); 1152 if (!sysspace) 1153 uvmspace_free(uio.uio_vmspace); 1154 if (error) 1155 return error; 1156 piod->piod_len -= uio.uio_resid; 1157 return 0; 1158 } 1159 1160 int 1161 do_ptrace(struct ptrace_methods *ptm, struct lwp *l, int req, pid_t pid, 1162 void *addr, int data, register_t *retval) 1163 { 1164 struct proc *p = l->l_proc; 1165 struct lwp *lt = NULL; 1166 struct lwp *lt2; 1167 struct proc *t; /* target process */ 1168 struct ptrace_io_desc piod; 1169 int error, write, tmp, pheld; 1170 int signo = 0; 1171 int resume_all; 1172 bool locked; 1173 error = 0; 1174 1175 /* 1176 * If attaching or detaching, we need to get a write hold on the 1177 * proclist lock so that we can re-parent the target process. 1178 */ 1179 mutex_enter(&proc_lock); 1180 1181 t = ptrace_find(l, req, pid); 1182 if (t == NULL) { 1183 mutex_exit(&proc_lock); 1184 return ESRCH; 1185 } 1186 1187 pheld = 1; 1188 if ((error = ptrace_allowed(l, req, t, p, &locked)) != 0) 1189 goto out; 1190 1191 if ((error = kauth_authorize_process(l->l_cred, 1192 KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req), NULL, NULL)) != 0) 1193 goto out; 1194 1195 if ((lt = lwp_find_first(t)) == NULL) { 1196 error = ESRCH; 1197 goto out; 1198 } 1199 1200 /* Do single-step fixup if needed. */ 1201 FIX_SSTEP(t); 1202 KASSERT(lt != NULL); 1203 lwp_addref(lt); 1204 1205 /* 1206 * Which locks do we need held? XXX Ugly. 1207 */ 1208 if ((pheld = ptrace_needs_hold(req)) == 0) { 1209 mutex_exit(t->p_lock); 1210 mutex_exit(&proc_lock); 1211 } 1212 1213 /* Now do the operation. */ 1214 write = 0; 1215 *retval = 0; 1216 tmp = 0; 1217 resume_all = 1; 1218 1219 switch (req) { 1220 case PT_TRACE_ME: 1221 /* Just set the trace flag. */ 1222 SET(t->p_slflag, PSL_TRACED); 1223 t->p_opptr = t->p_pptr; 1224 break; 1225 1226 /* 1227 * The I and D separate address space has been inherited from PDP-11. 1228 * The 16-bit UNIX started with a single address space per program, 1229 * but was extended to two 16-bit (2 x 64kb) address spaces. 1230 * 1231 * We no longer maintain this feature in maintained architectures, but 1232 * we keep the API for backward compatiblity. Currently the I and D 1233 * operations are exactly the same and not distinguished in debuggers. 1234 */ 1235 case PT_WRITE_I: 1236 case PT_WRITE_D: 1237 write = 1; 1238 tmp = data; 1239 /* FALLTHROUGH */ 1240 case PT_READ_I: 1241 case PT_READ_D: 1242 piod.piod_addr = &tmp; 1243 piod.piod_len = sizeof(tmp); 1244 piod.piod_offs = addr; 1245 piod.piod_op = write ? PIOD_WRITE_D : PIOD_READ_D; 1246 if ((error = ptrace_doio(l, t, lt, &piod, addr, true)) != 0) 1247 break; 1248 /* 1249 * For legacy reasons we treat here two results as success: 1250 * - incomplete transfer piod.piod_len < sizeof(tmp) 1251 * - no transfer piod.piod_len == 0 1252 * 1253 * This means that there is no way to determine whether 1254 * transfer operation was performed in PT_WRITE and PT_READ 1255 * calls. 1256 */ 1257 if (!write) 1258 *retval = tmp; 1259 break; 1260 1261 case PT_IO: 1262 if ((error = ptm->ptm_copyin_piod(&piod, addr, data)) != 0) 1263 break; 1264 if (piod.piod_len < 1) { 1265 error = EINVAL; 1266 break; 1267 } 1268 if ((error = ptrace_doio(l, t, lt, &piod, addr, false)) != 0) 1269 break; 1270 /* 1271 * For legacy reasons we treat here two results as success: 1272 * - incomplete transfer piod.piod_len < sizeof(tmp) 1273 * - no transfer piod.piod_len == 0 1274 */ 1275 error = ptm->ptm_copyout_piod(&piod, addr, data); 1276 break; 1277 1278 case PT_DUMPCORE: 1279 error = ptrace_dumpcore(lt, addr, data); 1280 break; 1281 1282 #ifdef PT_STEP 1283 case PT_STEP: 1284 /* 1285 * From the 4.4BSD PRM: 1286 * "Execution continues as in request PT_CONTINUE; however 1287 * as soon as possible after execution of at least one 1288 * instruction, execution stops again. [ ... ]" 1289 */ 1290 #endif 1291 case PT_CONTINUE: 1292 case PT_SYSCALL: 1293 case PT_DETACH: 1294 if (req == PT_SYSCALL) { 1295 if (!ISSET(t->p_slflag, PSL_SYSCALL)) { 1296 SET(t->p_slflag, PSL_SYSCALL); 1297 #ifdef __HAVE_SYSCALL_INTERN 1298 (*t->p_emul->e_syscall_intern)(t); 1299 #endif 1300 } 1301 } else { 1302 if (ISSET(t->p_slflag, PSL_SYSCALL)) { 1303 CLR(t->p_slflag, PSL_SYSCALL); 1304 #ifdef __HAVE_SYSCALL_INTERN 1305 (*t->p_emul->e_syscall_intern)(t); 1306 #endif 1307 } 1308 } 1309 t->p_trace_enabled = trace_is_enabled(t); 1310 1311 /* 1312 * Pick up the LWPID, if supplied. There are two cases: 1313 * data < 0 : step or continue single thread, lwp = -data 1314 * data > 0 in PT_STEP : step this thread, continue others 1315 * For operations other than PT_STEP, data > 0 means 1316 * data is the signo to deliver to the process. 1317 */ 1318 tmp = data; 1319 if (tmp >= 0) { 1320 #ifdef PT_STEP 1321 if (req == PT_STEP) 1322 signo = 0; 1323 else 1324 #endif 1325 { 1326 signo = tmp; 1327 tmp = 0; /* don't search for LWP */ 1328 } 1329 } else if (tmp == INT_MIN) { 1330 error = ESRCH; 1331 break; 1332 } else { 1333 tmp = -tmp; 1334 } 1335 1336 if (tmp > 0) { 1337 if (req == PT_DETACH) { 1338 error = EINVAL; 1339 break; 1340 } 1341 lwp_delref2 (lt); 1342 lt = lwp_find(t, tmp); 1343 if (lt == NULL) { 1344 error = ESRCH; 1345 break; 1346 } 1347 lwp_addref(lt); 1348 resume_all = 0; 1349 signo = 0; 1350 } 1351 1352 /* 1353 * From the 4.4BSD PRM: 1354 * "The data argument is taken as a signal number and the 1355 * child's execution continues at location addr as if it 1356 * incurred that signal. Normally the signal number will 1357 * be either 0 to indicate that the signal that caused the 1358 * stop should be ignored, or that value fetched out of 1359 * the process's image indicating which signal caused 1360 * the stop. If addr is (int *)1 then execution continues 1361 * from where it stopped." 1362 */ 1363 1364 /* Check that the data is a valid signal number or zero. */ 1365 if (signo < 0 || signo >= NSIG) { 1366 error = EINVAL; 1367 break; 1368 } 1369 1370 /* Prevent process deadlock */ 1371 if (resume_all) { 1372 #ifdef PT_STEP 1373 if (req == PT_STEP) { 1374 if (lt->l_flag & 1375 (LW_WSUSPEND | LW_DBGSUSPEND)) { 1376 error = EDEADLK; 1377 break; 1378 } 1379 } else 1380 #endif 1381 { 1382 error = EDEADLK; 1383 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1384 if ((lt2->l_flag & 1385 (LW_WSUSPEND | LW_DBGSUSPEND)) == 0 1386 ) { 1387 error = 0; 1388 break; 1389 } 1390 } 1391 if (error != 0) 1392 break; 1393 } 1394 } else { 1395 if (lt->l_flag & (LW_WSUSPEND | LW_DBGSUSPEND)) { 1396 error = EDEADLK; 1397 break; 1398 } 1399 } 1400 1401 /* 1402 * Reject setting program counter to 0x0 if VA0 is disabled. 1403 * 1404 * Not all kernels implement this feature to set Program 1405 * Counter in one go in PT_CONTINUE and similar operations. 1406 * This causes portability issues as passing address 0x0 1407 * on these kernels is no-operation, but can cause failure 1408 * in most cases on NetBSD. 1409 */ 1410 if (user_va0_disable && addr == 0) { 1411 error = EINVAL; 1412 break; 1413 } 1414 1415 /* If the address parameter is not (int *)1, set the pc. */ 1416 if ((int *)addr != (int *)1) { 1417 error = process_set_pc(lt, addr); 1418 if (error != 0) 1419 break; 1420 } 1421 #ifdef PT_STEP 1422 /* 1423 * Arrange for a single-step, if that's requested and possible. 1424 * More precisely, set the single step status as requested for 1425 * the requested thread, and clear it for other threads. 1426 */ 1427 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1428 error = process_sstep(lt2, 1429 ISSET(lt2->l_pflag, LP_SINGLESTEP)); 1430 if (error) 1431 break; 1432 } 1433 if (error) 1434 break; 1435 error = process_sstep(lt, 1436 ISSET(lt->l_pflag, LP_SINGLESTEP) || req == PT_STEP); 1437 if (error) 1438 break; 1439 #endif 1440 if (req == PT_DETACH) { 1441 CLR(t->p_slflag, 1442 PSL_TRACED|PSL_TRACEDCHILD|PSL_SYSCALL); 1443 1444 /* clear sigpass mask */ 1445 sigemptyset(&t->p_sigctx.ps_sigpass); 1446 1447 /* give process back to original parent or init */ 1448 if (t->p_opptr != t->p_pptr) { 1449 struct proc *pp = t->p_opptr; 1450 proc_reparent(t, pp ? pp : initproc); 1451 } 1452 1453 /* not being traced any more */ 1454 t->p_opptr = NULL; 1455 1456 /* clear single step */ 1457 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1458 CLR(lt2->l_pflag, LP_SINGLESTEP); 1459 } 1460 CLR(lt->l_pflag, LP_SINGLESTEP); 1461 } 1462 sendsig: 1463 error = ptrace_sendsig(l, req, t, lt, signo, resume_all); 1464 break; 1465 1466 case PT_SYSCALLEMU: 1467 if (!ISSET(t->p_slflag, PSL_SYSCALL) || t->p_stat != SSTOP) { 1468 error = EINVAL; 1469 break; 1470 } 1471 SET(t->p_slflag, PSL_SYSCALLEMU); 1472 break; 1473 1474 #ifdef PT_STEP 1475 case PT_SETSTEP: 1476 write = 1; 1477 1478 /* FALLTHROUGH */ 1479 case PT_CLEARSTEP: 1480 /* write = 0 done above. */ 1481 if ((error = ptrace_update_lwp(t, <, data)) != 0) 1482 break; 1483 1484 if (write) 1485 SET(lt->l_pflag, LP_SINGLESTEP); 1486 else 1487 CLR(lt->l_pflag, LP_SINGLESTEP); 1488 break; 1489 #endif 1490 1491 case PT_KILL: 1492 /* just send the process a KILL signal. */ 1493 signo = SIGKILL; 1494 goto sendsig; /* in PT_CONTINUE, above. */ 1495 1496 case PT_STOP: 1497 /* just send the process a STOP signal. */ 1498 signo = SIGSTOP; 1499 goto sendsig; /* in PT_CONTINUE, above. */ 1500 1501 case PT_ATTACH: 1502 /* 1503 * Go ahead and set the trace flag. 1504 * Save the old parent (it's reset in 1505 * _DETACH, and also in kern_exit.c:wait4() 1506 * Reparent the process so that the tracing 1507 * proc gets to see all the action. 1508 * Stop the target. 1509 */ 1510 proc_changeparent(t, p); 1511 signo = SIGSTOP; 1512 goto sendsig; 1513 1514 case PT_GET_EVENT_MASK: 1515 error = ptrace_get_event_mask(t, addr, data); 1516 break; 1517 1518 case PT_SET_EVENT_MASK: 1519 error = ptrace_set_event_mask(t, addr, data); 1520 break; 1521 1522 case PT_GET_PROCESS_STATE: 1523 error = ptrace_get_process_state(t, addr, data); 1524 break; 1525 1526 case PT_LWPINFO: 1527 error = ptrace_lwpinfo(t, <, addr, data); 1528 break; 1529 1530 case PT_SET_SIGINFO: 1531 error = ptrace_set_siginfo(t, <, ptm, addr, data); 1532 break; 1533 1534 case PT_GET_SIGINFO: 1535 error = ptrace_get_siginfo(t, ptm, addr, data); 1536 break; 1537 1538 case PT_RESUME: 1539 case PT_SUSPEND: 1540 error = ptrace_startstop(t, <, req, addr, data); 1541 break; 1542 1543 case PT_LWPSTATUS: 1544 error = ptrace_lwpstatus(t, ptm, <, addr, data, false); 1545 break; 1546 1547 case PT_LWPNEXT: 1548 error = ptrace_lwpstatus(t, ptm, <, addr, data, true); 1549 break; 1550 1551 case PT_SET_SIGPASS: 1552 error = ptrace_set_sigpass(t, addr, data); 1553 break; 1554 1555 case PT_GET_SIGPASS: 1556 error = ptrace_get_sigpass(t, addr, data); 1557 break; 1558 1559 #ifdef PT_REGISTERS 1560 case_PT_SETREGS 1561 case_PT_GETREGS 1562 case_PT_SETFPREGS 1563 case_PT_GETFPREGS 1564 case_PT_SETDBREGS 1565 case_PT_GETDBREGS 1566 error = ptrace_regs(l, <, req, ptm, addr, data); 1567 break; 1568 #endif 1569 1570 #ifdef __HAVE_PTRACE_MACHDEP 1571 PTRACE_MACHDEP_REQUEST_CASES 1572 error = ptrace_machdep_dorequest(l, lt, req, addr, data); 1573 break; 1574 #endif 1575 } 1576 1577 out: 1578 if (pheld) { 1579 mutex_exit(t->p_lock); 1580 mutex_exit(&proc_lock); 1581 } 1582 if (lt != NULL) 1583 lwp_delref(lt); 1584 if (locked) 1585 rw_exit(&t->p_reflock); 1586 1587 return error; 1588 } 1589 1590 typedef int (*regrfunc_t)(struct lwp *, void *, size_t *); 1591 typedef int (*regwfunc_t)(struct lwp *, void *, size_t); 1592 1593 #ifdef PT_REGISTERS 1594 static int 1595 proc_regio(struct lwp *l, struct uio *uio, size_t ks, regrfunc_t r, 1596 regwfunc_t w) 1597 { 1598 char buf[1024] PTRACE_REGS_ALIGN; 1599 int error; 1600 char *kv; 1601 size_t kl; 1602 1603 if (ks > sizeof(buf)) 1604 return E2BIG; 1605 1606 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)ks) 1607 return EINVAL; 1608 1609 kv = buf + uio->uio_offset; 1610 kl = ks - uio->uio_offset; 1611 1612 if (kl > uio->uio_resid) 1613 kl = uio->uio_resid; 1614 1615 error = (*r)(l, buf, &ks); 1616 if (error == 0) 1617 error = uiomove(kv, kl, uio); 1618 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1619 if (l->l_stat != LSSTOP) 1620 error = EBUSY; 1621 else 1622 error = (*w)(l, buf, ks); 1623 } 1624 1625 uio->uio_offset = 0; 1626 return error; 1627 } 1628 #endif 1629 1630 int 1631 process_doregs(struct lwp *curl /*tracer*/, 1632 struct lwp *l /*traced*/, 1633 struct uio *uio) 1634 { 1635 #if defined(PT_GETREGS) || defined(PT_SETREGS) 1636 size_t s; 1637 regrfunc_t r; 1638 regwfunc_t w; 1639 1640 #ifdef COMPAT_NETBSD32 1641 const bool pk32 = (curl->l_proc->p_flag & PK_32) != 0; 1642 1643 if (__predict_false(pk32)) { 1644 if ((l->l_proc->p_flag & PK_32) == 0) { 1645 // 32 bit tracer can't trace 64 bit process 1646 return EINVAL; 1647 } 1648 s = sizeof(process_reg32); 1649 r = __FPTRCAST(regrfunc_t, process_read_regs32); 1650 w = __FPTRCAST(regwfunc_t, process_write_regs32); 1651 } else 1652 #endif 1653 { 1654 s = sizeof(struct reg); 1655 r = __FPTRCAST(regrfunc_t, process_read_regs); 1656 w = __FPTRCAST(regwfunc_t, process_write_regs); 1657 } 1658 return proc_regio(l, uio, s, r, w); 1659 #else 1660 return EINVAL; 1661 #endif 1662 } 1663 1664 int 1665 process_validregs(struct lwp *l) 1666 { 1667 1668 #if defined(PT_SETREGS) || defined(PT_GETREGS) 1669 return (l->l_flag & LW_SYSTEM) == 0; 1670 #else 1671 return 0; 1672 #endif 1673 } 1674 1675 int 1676 process_dofpregs(struct lwp *curl /*tracer*/, 1677 struct lwp *l /*traced*/, 1678 struct uio *uio) 1679 { 1680 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 1681 size_t s; 1682 regrfunc_t r; 1683 regwfunc_t w; 1684 1685 #ifdef COMPAT_NETBSD32 1686 const bool pk32 = (curl->l_proc->p_flag & PK_32) != 0; 1687 1688 if (__predict_false(pk32)) { 1689 if ((l->l_proc->p_flag & PK_32) == 0) { 1690 // 32 bit tracer can't trace 64 bit process 1691 return EINVAL; 1692 } 1693 s = sizeof(process_fpreg32); 1694 r = (regrfunc_t)process_read_fpregs32; 1695 w = (regwfunc_t)process_write_fpregs32; 1696 } else 1697 #endif 1698 { 1699 s = sizeof(struct fpreg); 1700 r = (regrfunc_t)process_read_fpregs; 1701 w = (regwfunc_t)process_write_fpregs; 1702 } 1703 return proc_regio(l, uio, s, r, w); 1704 #else 1705 return EINVAL; 1706 #endif 1707 } 1708 1709 int 1710 process_validfpregs(struct lwp *l) 1711 { 1712 1713 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 1714 return (l->l_flag & LW_SYSTEM) == 0; 1715 #else 1716 return 0; 1717 #endif 1718 } 1719 1720 int 1721 process_dodbregs(struct lwp *curl /*tracer*/, 1722 struct lwp *l /*traced*/, 1723 struct uio *uio) 1724 { 1725 #if defined(PT_GETDBREGS) || defined(PT_SETDBREGS) 1726 size_t s; 1727 regrfunc_t r; 1728 regwfunc_t w; 1729 1730 #ifdef COMPAT_NETBSD32 1731 const bool pk32 = (curl->l_proc->p_flag & PK_32) != 0; 1732 1733 if (__predict_false(pk32)) { 1734 if ((l->l_proc->p_flag & PK_32) == 0) { 1735 // 32 bit tracer can't trace 64 bit process 1736 return EINVAL; 1737 } 1738 s = sizeof(process_dbreg32); 1739 r = (regrfunc_t)process_read_dbregs32; 1740 w = (regwfunc_t)process_write_dbregs32; 1741 } else 1742 #endif 1743 { 1744 s = sizeof(struct dbreg); 1745 r = (regrfunc_t)process_read_dbregs; 1746 w = (regwfunc_t)process_write_dbregs; 1747 } 1748 return proc_regio(l, uio, s, r, w); 1749 #else 1750 return EINVAL; 1751 #endif 1752 } 1753 1754 int 1755 process_validdbregs(struct lwp *l) 1756 { 1757 1758 #if defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 1759 return (l->l_flag & LW_SYSTEM) == 0; 1760 #else 1761 return 0; 1762 #endif 1763 } 1764 1765 static int 1766 process_auxv_offset(struct proc *p, struct uio *uio) 1767 { 1768 struct ps_strings pss; 1769 int error; 1770 off_t off = (off_t)p->p_psstrp; 1771 1772 if ((error = copyin_psstrings(p, &pss)) != 0) 1773 return error; 1774 1775 if (pss.ps_envstr == NULL) 1776 return EIO; 1777 1778 #ifdef COMPAT_NETBSD32 1779 if (p->p_flag & PK_32) 1780 uio->uio_offset += (off_t)((vaddr_t)pss.ps_envstr + 1781 sizeof(uint32_t) * (pss.ps_nenvstr + 1)); 1782 else 1783 #endif 1784 uio->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + 1785 pss.ps_nenvstr + 1); 1786 1787 #ifdef __MACHINE_STACK_GROWS_UP 1788 if (uio->uio_offset < off) 1789 return EIO; 1790 #else 1791 if (uio->uio_offset > off) 1792 return EIO; 1793 if ((uio->uio_offset + uio->uio_resid) > off) 1794 uio->uio_resid = off - uio->uio_offset; 1795 #endif 1796 return 0; 1797 } 1798 #endif /* PTRACE */ 1799 1800 MODULE(MODULE_CLASS_EXEC, ptrace_common, NULL); 1801 1802 static int 1803 ptrace_common_modcmd(modcmd_t cmd, void *arg) 1804 { 1805 int error; 1806 1807 switch (cmd) { 1808 case MODULE_CMD_INIT: 1809 error = ptrace_init(); 1810 break; 1811 case MODULE_CMD_FINI: 1812 error = ptrace_fini(); 1813 break; 1814 default: 1815 ptrace_hooks(); 1816 error = ENOTTY; 1817 break; 1818 } 1819 return error; 1820 } 1821