1 /* $NetBSD: sys_ptrace_common.c,v 1.6 2016/12/05 22:07:16 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Andrew Doran. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1989, 1993 34 * The Regents of the University of California. All rights reserved. 35 * (c) UNIX System Laboratories, Inc. 36 * All or some portions of this file are derived from material licensed 37 * to the University of California by American Telephone and Telegraph 38 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 39 * the permission of UNIX System Laboratories, Inc. 40 * 41 * This code is derived from software contributed to Berkeley by 42 * Jan-Simon Pendry. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 3. Neither the name of the University nor the names of its contributors 53 * may be used to endorse or promote products derived from this software 54 * without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 * 68 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 69 */ 70 71 /*- 72 * Copyright (c) 1993 Jan-Simon Pendry. 73 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 74 * 75 * This code is derived from software contributed to Berkeley by 76 * Jan-Simon Pendry. 77 * 78 * Redistribution and use in source and binary forms, with or without 79 * modification, are permitted provided that the following conditions 80 * are met: 81 * 1. Redistributions of source code must retain the above copyright 82 * notice, this list of conditions and the following disclaimer. 83 * 2. Redistributions in binary form must reproduce the above copyright 84 * notice, this list of conditions and the following disclaimer in the 85 * documentation and/or other materials provided with the distribution. 86 * 3. All advertising materials mentioning features or use of this software 87 * must display the following acknowledgement: 88 * This product includes software developed by the University of 89 * California, Berkeley and its contributors. 90 * 4. Neither the name of the University nor the names of its contributors 91 * may be used to endorse or promote products derived from this software 92 * without specific prior written permission. 93 * 94 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 97 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 98 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 99 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 100 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 101 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 104 * SUCH DAMAGE. 105 * 106 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 107 */ 108 109 /* 110 * References: 111 * (1) Bach's "The Design of the UNIX Operating System", 112 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 113 * (3) the "4.4BSD Programmer's Reference Manual" published 114 * by USENIX and O'Reilly & Associates. 115 * The 4.4BSD PRM does a reasonably good job of documenting what the various 116 * ptrace() requests should actually do, and its text is quoted several times 117 * in this file. 118 */ 119 120 #include <sys/cdefs.h> 121 __KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.6 2016/12/05 22:07:16 christos Exp $"); 122 123 #ifdef _KERNEL_OPT 124 #include "opt_ptrace.h" 125 #include "opt_ktrace.h" 126 #include "opt_pax.h" 127 #endif 128 129 #include <sys/param.h> 130 #include <sys/systm.h> 131 #include <sys/proc.h> 132 #include <sys/errno.h> 133 #include <sys/exec.h> 134 #include <sys/pax.h> 135 #include <sys/ptrace.h> 136 #include <sys/uio.h> 137 #include <sys/ras.h> 138 #include <sys/kmem.h> 139 #include <sys/kauth.h> 140 #include <sys/mount.h> 141 #include <sys/syscallargs.h> 142 #include <sys/module.h> 143 #include <sys/condvar.h> 144 #include <sys/mutex.h> 145 146 #include <uvm/uvm_extern.h> 147 148 #include <machine/reg.h> 149 150 #ifdef PTRACE 151 152 # ifdef DEBUG 153 # define DPRINTF(a) uprintf a 154 # else 155 # define DPRINTF(a) 156 # endif 157 158 static kauth_listener_t ptrace_listener; 159 static int process_auxv_offset(struct proc *, struct uio *); 160 161 #if 0 162 static int ptrace_cbref; 163 static kmutex_t ptrace_mtx; 164 static kcondvar_t ptrace_cv; 165 #endif 166 167 static int 168 ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 169 void *arg0, void *arg1, void *arg2, void *arg3) 170 { 171 struct proc *p; 172 int result; 173 174 result = KAUTH_RESULT_DEFER; 175 p = arg0; 176 177 #if 0 178 mutex_enter(&ptrace_mtx); 179 ptrace_cbref++; 180 mutex_exit(&ptrace_mtx); 181 #endif 182 if (action != KAUTH_PROCESS_PTRACE) 183 goto out; 184 185 switch ((u_long)arg1) { 186 case PT_TRACE_ME: 187 case PT_ATTACH: 188 case PT_WRITE_I: 189 case PT_WRITE_D: 190 case PT_READ_I: 191 case PT_READ_D: 192 case PT_IO: 193 #ifdef PT_GETREGS 194 case PT_GETREGS: 195 #endif 196 #ifdef PT_SETREGS 197 case PT_SETREGS: 198 #endif 199 #ifdef PT_GETFPREGS 200 case PT_GETFPREGS: 201 #endif 202 #ifdef PT_SETFPREGS 203 case PT_SETFPREGS: 204 #endif 205 case PT_SET_EVENT_MASK: 206 case PT_GET_EVENT_MASK: 207 case PT_GET_PROCESS_STATE: 208 #ifdef __HAVE_PTRACE_MACHDEP 209 PTRACE_MACHDEP_REQUEST_CASES 210 #endif 211 if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) || 212 ISSET(p->p_flag, PK_SUGID)) { 213 break; 214 } 215 216 result = KAUTH_RESULT_ALLOW; 217 218 break; 219 220 #ifdef PT_STEP 221 case PT_STEP: 222 #endif 223 case PT_CONTINUE: 224 case PT_KILL: 225 case PT_DETACH: 226 case PT_LWPINFO: 227 case PT_SYSCALL: 228 case PT_SYSCALLEMU: 229 case PT_DUMPCORE: 230 result = KAUTH_RESULT_ALLOW; 231 break; 232 233 default: 234 break; 235 } 236 237 out: 238 #if 0 239 mutex_enter(&ptrace_mtx); 240 if (--ptrace_cbref == 0) 241 cv_broadcast(&ptrace_cv); 242 mutex_exit(&ptrace_mtx); 243 #endif 244 245 return result; 246 } 247 248 int 249 ptrace_init(void) 250 { 251 252 #if 0 253 mutex_init(&ptrace_mtx, MUTEX_DEFAULT, IPL_NONE); 254 cv_init(&ptrace_cv, "ptracecb"); 255 ptrace_cbref = 0; 256 #endif 257 ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 258 ptrace_listener_cb, NULL); 259 return 0; 260 } 261 262 int 263 ptrace_fini(void) 264 { 265 266 kauth_unlisten_scope(ptrace_listener); 267 268 #if 0 269 /* Make sure no-one is executing our kauth listener */ 270 271 mutex_enter(&ptrace_mtx); 272 while (ptrace_cbref != 0) 273 cv_wait(&ptrace_cv, &ptrace_mtx); 274 mutex_exit(&ptrace_mtx); 275 mutex_destroy(&ptrace_mtx); 276 cv_destroy(&ptrace_cv); 277 #endif 278 279 return 0; 280 } 281 282 int 283 do_ptrace(struct ptrace_methods *ptm, struct lwp *l, int req, pid_t pid, 284 void *addr, int data, register_t *retval) 285 { 286 struct proc *p = l->l_proc; 287 struct lwp *lt; 288 #ifdef PT_STEP 289 struct lwp *lt2; 290 #endif 291 struct proc *t; /* target process */ 292 struct uio uio; 293 struct iovec iov; 294 struct ptrace_io_desc piod; 295 struct ptrace_event pe; 296 struct ptrace_state ps; 297 struct ptrace_lwpinfo pl; 298 struct vmspace *vm; 299 int error, write, tmp, pheld; 300 int signo = 0; 301 int resume_all; 302 ksiginfo_t ksi; 303 char *path; 304 int len = 0; 305 error = 0; 306 307 /* 308 * If attaching or detaching, we need to get a write hold on the 309 * proclist lock so that we can re-parent the target process. 310 */ 311 mutex_enter(proc_lock); 312 313 /* "A foolish consistency..." XXX */ 314 if (req == PT_TRACE_ME) { 315 t = p; 316 mutex_enter(t->p_lock); 317 } else { 318 /* Find the process we're supposed to be operating on. */ 319 t = proc_find(pid); 320 if (t == NULL) { 321 mutex_exit(proc_lock); 322 return ESRCH; 323 } 324 325 /* XXX-elad */ 326 mutex_enter(t->p_lock); 327 error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, 328 t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 329 if (error) { 330 mutex_exit(proc_lock); 331 mutex_exit(t->p_lock); 332 return ESRCH; 333 } 334 } 335 336 /* 337 * Grab a reference on the process to prevent it from execing or 338 * exiting. 339 */ 340 if (!rw_tryenter(&t->p_reflock, RW_READER)) { 341 mutex_exit(proc_lock); 342 mutex_exit(t->p_lock); 343 return EBUSY; 344 } 345 346 /* Make sure we can operate on it. */ 347 switch (req) { 348 case PT_TRACE_ME: 349 /* Saying that you're being traced is always legal. */ 350 break; 351 352 case PT_ATTACH: 353 /* 354 * You can't attach to a process if: 355 * (1) it's the process that's doing the attaching, 356 */ 357 if (t->p_pid == p->p_pid) { 358 error = EINVAL; 359 break; 360 } 361 362 /* 363 * (2) it's a system process 364 */ 365 if (t->p_flag & PK_SYSTEM) { 366 error = EPERM; 367 break; 368 } 369 370 /* 371 * (3) it's already being traced, or 372 */ 373 if (ISSET(t->p_slflag, PSL_TRACED)) { 374 error = EBUSY; 375 break; 376 } 377 378 /* 379 * (4) the tracer is chrooted, and its root directory is 380 * not at or above the root directory of the tracee 381 */ 382 mutex_exit(t->p_lock); /* XXXSMP */ 383 tmp = proc_isunder(t, l); 384 mutex_enter(t->p_lock); /* XXXSMP */ 385 if (!tmp) { 386 error = EPERM; 387 break; 388 } 389 break; 390 391 case PT_READ_I: 392 case PT_READ_D: 393 case PT_WRITE_I: 394 case PT_WRITE_D: 395 case PT_IO: 396 #ifdef PT_GETREGS 397 case PT_GETREGS: 398 #endif 399 #ifdef PT_SETREGS 400 case PT_SETREGS: 401 #endif 402 #ifdef PT_GETFPREGS 403 case PT_GETFPREGS: 404 #endif 405 #ifdef PT_SETFPREGS 406 case PT_SETFPREGS: 407 #endif 408 #ifdef __HAVE_PTRACE_MACHDEP 409 PTRACE_MACHDEP_REQUEST_CASES 410 #endif 411 /* 412 * You can't read/write the memory or registers of a process 413 * if the tracer is chrooted, and its root directory is not at 414 * or above the root directory of the tracee. 415 */ 416 mutex_exit(t->p_lock); /* XXXSMP */ 417 tmp = proc_isunder(t, l); 418 mutex_enter(t->p_lock); /* XXXSMP */ 419 if (!tmp) { 420 error = EPERM; 421 break; 422 } 423 /*FALLTHROUGH*/ 424 425 case PT_CONTINUE: 426 case PT_KILL: 427 case PT_DETACH: 428 case PT_LWPINFO: 429 case PT_SYSCALL: 430 case PT_SYSCALLEMU: 431 case PT_DUMPCORE: 432 #ifdef PT_STEP 433 case PT_STEP: 434 #endif 435 case PT_SET_EVENT_MASK: 436 case PT_GET_EVENT_MASK: 437 case PT_GET_PROCESS_STATE: 438 /* 439 * You can't do what you want to the process if: 440 * (1) It's not being traced at all, 441 */ 442 if (!ISSET(t->p_slflag, PSL_TRACED)) { 443 error = EPERM; 444 break; 445 } 446 447 /* 448 * (2) it's being traced by procfs (which has 449 * different signal delivery semantics), 450 */ 451 if (ISSET(t->p_slflag, PSL_FSTRACE)) { 452 DPRINTF(("file system traced\n")); 453 error = EBUSY; 454 break; 455 } 456 457 /* 458 * (3) it's not being traced by _you_, or 459 */ 460 if (t->p_pptr != p) { 461 DPRINTF(("parent %d != %d\n", t->p_pptr->p_pid, 462 p->p_pid)); 463 error = EBUSY; 464 break; 465 } 466 467 /* 468 * (4) it's not currently stopped. 469 */ 470 if (t->p_stat != SSTOP || !t->p_waited /* XXXSMP */) { 471 DPRINTF(("stat %d flag %d\n", t->p_stat, 472 !t->p_waited)); 473 error = EBUSY; 474 break; 475 } 476 break; 477 478 default: /* It was not a legal request. */ 479 error = EINVAL; 480 break; 481 } 482 483 if (error == 0) { 484 error = kauth_authorize_process(l->l_cred, 485 KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req), 486 NULL, NULL); 487 } 488 if (error == 0) { 489 lt = lwp_find_first(t); 490 if (lt == NULL) 491 error = ESRCH; 492 } 493 494 if (error != 0) { 495 mutex_exit(proc_lock); 496 mutex_exit(t->p_lock); 497 rw_exit(&t->p_reflock); 498 return error; 499 } 500 501 /* Do single-step fixup if needed. */ 502 FIX_SSTEP(t); 503 KASSERT(lt != NULL); 504 lwp_addref(lt); 505 506 /* 507 * Which locks do we need held? XXX Ugly. 508 */ 509 switch (req) { 510 #ifdef PT_STEP 511 case PT_STEP: 512 #endif 513 case PT_CONTINUE: 514 case PT_DETACH: 515 case PT_KILL: 516 case PT_SYSCALL: 517 case PT_SYSCALLEMU: 518 case PT_ATTACH: 519 case PT_TRACE_ME: 520 pheld = 1; 521 break; 522 default: 523 mutex_exit(proc_lock); 524 mutex_exit(t->p_lock); 525 pheld = 0; 526 break; 527 } 528 529 /* Now do the operation. */ 530 write = 0; 531 *retval = 0; 532 tmp = 0; 533 resume_all = 1; 534 535 switch (req) { 536 case PT_TRACE_ME: 537 /* Just set the trace flag. */ 538 SET(t->p_slflag, PSL_TRACED); 539 t->p_opptr = t->p_pptr; 540 break; 541 542 case PT_WRITE_I: /* XXX no separate I and D spaces */ 543 case PT_WRITE_D: 544 #if defined(__HAVE_RAS) 545 /* 546 * Can't write to a RAS 547 */ 548 if (ras_lookup(t, addr) != (void *)-1) { 549 error = EACCES; 550 break; 551 } 552 #endif 553 write = 1; 554 tmp = data; 555 /* FALLTHROUGH */ 556 557 case PT_READ_I: /* XXX no separate I and D spaces */ 558 case PT_READ_D: 559 /* write = 0 done above. */ 560 iov.iov_base = (void *)&tmp; 561 iov.iov_len = sizeof(tmp); 562 uio.uio_iov = &iov; 563 uio.uio_iovcnt = 1; 564 uio.uio_offset = (off_t)(unsigned long)addr; 565 uio.uio_resid = sizeof(tmp); 566 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 567 UIO_SETUP_SYSSPACE(&uio); 568 569 error = process_domem(l, lt, &uio); 570 if (!write) 571 *retval = tmp; 572 break; 573 574 case PT_IO: 575 error = ptm->ptm_copyinpiod(&piod, addr); 576 if (error) 577 break; 578 579 iov.iov_base = piod.piod_addr; 580 iov.iov_len = piod.piod_len; 581 uio.uio_iov = &iov; 582 uio.uio_iovcnt = 1; 583 uio.uio_offset = (off_t)(unsigned long)piod.piod_offs; 584 uio.uio_resid = piod.piod_len; 585 586 switch (piod.piod_op) { 587 case PIOD_READ_D: 588 case PIOD_READ_I: 589 uio.uio_rw = UIO_READ; 590 break; 591 case PIOD_WRITE_D: 592 case PIOD_WRITE_I: 593 /* 594 * Can't write to a RAS 595 */ 596 if (ras_lookup(t, addr) != (void *)-1) { 597 return EACCES; 598 } 599 uio.uio_rw = UIO_WRITE; 600 break; 601 case PIOD_READ_AUXV: 602 req = PT_READ_D; 603 uio.uio_rw = UIO_READ; 604 tmp = t->p_execsw->es_arglen * PROC_PTRSZ(t); 605 if (uio.uio_offset > tmp) 606 return EIO; 607 if (uio.uio_resid > tmp - uio.uio_offset) 608 uio.uio_resid = tmp - uio.uio_offset; 609 piod.piod_len = iov.iov_len = uio.uio_resid; 610 error = process_auxv_offset(t, &uio); 611 if (error) 612 return error; 613 break; 614 default: 615 error = EINVAL; 616 break; 617 } 618 if (error) 619 break; 620 error = proc_vmspace_getref(l->l_proc, &vm); 621 if (error) 622 break; 623 uio.uio_vmspace = vm; 624 625 error = process_domem(l, lt, &uio); 626 piod.piod_len -= uio.uio_resid; 627 (void) ptm->ptm_copyoutpiod(&piod, addr); 628 629 uvmspace_free(vm); 630 break; 631 632 case PT_DUMPCORE: 633 if ((path = addr) != NULL) { 634 char *dst; 635 len = data; 636 637 if (len < 0 || len >= MAXPATHLEN) { 638 error = EINVAL; 639 break; 640 } 641 dst = kmem_alloc(len + 1, KM_SLEEP); 642 if ((error = copyin(path, dst, len)) != 0) { 643 kmem_free(dst, len + 1); 644 break; 645 } 646 path = dst; 647 path[len] = '\0'; 648 } 649 error = (*coredump_vec)(lt, path); 650 if (path) 651 kmem_free(path, len + 1); 652 break; 653 654 #ifdef PT_STEP 655 case PT_STEP: 656 /* 657 * From the 4.4BSD PRM: 658 * "Execution continues as in request PT_CONTINUE; however 659 * as soon as possible after execution of at least one 660 * instruction, execution stops again. [ ... ]" 661 */ 662 #endif 663 case PT_CONTINUE: 664 case PT_SYSCALL: 665 case PT_DETACH: 666 if (req == PT_SYSCALL) { 667 if (!ISSET(t->p_slflag, PSL_SYSCALL)) { 668 SET(t->p_slflag, PSL_SYSCALL); 669 #ifdef __HAVE_SYSCALL_INTERN 670 (*t->p_emul->e_syscall_intern)(t); 671 #endif 672 } 673 } else { 674 if (ISSET(t->p_slflag, PSL_SYSCALL)) { 675 CLR(t->p_slflag, PSL_SYSCALL); 676 #ifdef __HAVE_SYSCALL_INTERN 677 (*t->p_emul->e_syscall_intern)(t); 678 #endif 679 } 680 } 681 t->p_trace_enabled = trace_is_enabled(t); 682 683 /* 684 * Pick up the LWPID, if supplied. There are two cases: 685 * data < 0 : step or continue single thread, lwp = -data 686 * data > 0 in PT_STEP : step this thread, continue others 687 * For operations other than PT_STEP, data > 0 means 688 * data is the signo to deliver to the process. 689 */ 690 tmp = data; 691 if (tmp >= 0) { 692 #ifdef PT_STEP 693 if (req == PT_STEP) 694 signo = 0; 695 else 696 #endif 697 { 698 signo = tmp; 699 tmp = 0; /* don't search for LWP */ 700 } 701 } else 702 tmp = -tmp; 703 704 if (tmp > 0) { 705 if (req == PT_DETACH) { 706 error = EINVAL; 707 break; 708 } 709 lwp_delref2 (lt); 710 lt = lwp_find(t, tmp); 711 if (lt == NULL) { 712 error = ESRCH; 713 break; 714 } 715 lwp_addref(lt); 716 resume_all = 0; 717 signo = 0; 718 } 719 720 /* 721 * From the 4.4BSD PRM: 722 * "The data argument is taken as a signal number and the 723 * child's execution continues at location addr as if it 724 * incurred that signal. Normally the signal number will 725 * be either 0 to indicate that the signal that caused the 726 * stop should be ignored, or that value fetched out of 727 * the process's image indicating which signal caused 728 * the stop. If addr is (int *)1 then execution continues 729 * from where it stopped." 730 */ 731 732 /* Check that the data is a valid signal number or zero. */ 733 if (signo < 0 || signo >= NSIG) { 734 error = EINVAL; 735 break; 736 } 737 738 /* If the address parameter is not (int *)1, set the pc. */ 739 if ((int *)addr != (int *)1) { 740 error = process_set_pc(lt, addr); 741 if (error != 0) 742 break; 743 } 744 #ifdef PT_STEP 745 /* 746 * Arrange for a single-step, if that's requested and possible. 747 * More precisely, set the single step status as requested for 748 * the requested thread, and clear it for other threads. 749 */ 750 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 751 if (lt != lt2) { 752 lwp_lock(lt2); 753 process_sstep(lt2, 0); 754 lwp_unlock(lt2); 755 } 756 } 757 error = process_sstep(lt, req == PT_STEP); 758 if (error) 759 break; 760 #endif 761 if (req == PT_DETACH) { 762 CLR(t->p_slflag, PSL_TRACED|PSL_FSTRACE|PSL_SYSCALL); 763 764 /* give process back to original parent or init */ 765 if (t->p_opptr != t->p_pptr) { 766 struct proc *pp = t->p_opptr; 767 proc_reparent(t, pp ? pp : initproc); 768 } 769 770 /* not being traced any more */ 771 t->p_opptr = NULL; 772 } 773 sendsig: 774 t->p_fpid = 0; 775 /* Finally, deliver the requested signal (or none). */ 776 if (t->p_stat == SSTOP) { 777 /* 778 * Unstop the process. If it needs to take a 779 * signal, make all efforts to ensure that at 780 * an LWP runs to see it. 781 */ 782 t->p_xsig = signo; 783 if (resume_all) 784 proc_unstop(t); 785 else 786 lwp_unstop(lt); 787 } else if (signo != 0) { 788 KSI_INIT_EMPTY(&ksi); 789 ksi.ksi_signo = signo; 790 kpsignal2(t, &ksi); 791 } 792 break; 793 794 case PT_SYSCALLEMU: 795 if (!ISSET(t->p_slflag, PSL_SYSCALL) || t->p_stat != SSTOP) { 796 error = EINVAL; 797 break; 798 } 799 SET(t->p_slflag, PSL_SYSCALLEMU); 800 break; 801 802 case PT_KILL: 803 /* just send the process a KILL signal. */ 804 signo = SIGKILL; 805 goto sendsig; /* in PT_CONTINUE, above. */ 806 807 case PT_ATTACH: 808 /* 809 * Go ahead and set the trace flag. 810 * Save the old parent (it's reset in 811 * _DETACH, and also in kern_exit.c:wait4() 812 * Reparent the process so that the tracing 813 * proc gets to see all the action. 814 * Stop the target. 815 */ 816 proc_changeparent(t, p); 817 signo = SIGSTOP; 818 goto sendsig; 819 820 case PT_GET_EVENT_MASK: 821 if (data != sizeof(pe)) { 822 DPRINTF(("ptrace(%d): %d != %zu\n", req, 823 data, sizeof(pe))); 824 error = EINVAL; 825 break; 826 } 827 memset(&pe, 0, sizeof(pe)); 828 pe.pe_set_event = ISSET(t->p_slflag, PSL_TRACEFORK) ? 829 PTRACE_FORK : 0; 830 error = copyout(&pe, addr, sizeof(pe)); 831 break; 832 833 case PT_SET_EVENT_MASK: 834 if (data != sizeof(pe)) { 835 DPRINTF(("ptrace(%d): %d != %zu\n", req, data, 836 sizeof(pe))); 837 error = EINVAL; 838 break; 839 } 840 if ((error = copyin(addr, &pe, sizeof(pe))) != 0) 841 return error; 842 if (pe.pe_set_event & PTRACE_FORK) 843 SET(t->p_slflag, PSL_TRACEFORK); 844 else 845 CLR(t->p_slflag, PSL_TRACEFORK); 846 break; 847 848 case PT_GET_PROCESS_STATE: 849 if (data != sizeof(ps)) { 850 DPRINTF(("ptrace(%d): %d != %zu\n", req, data, 851 sizeof(ps))); 852 error = EINVAL; 853 break; 854 } 855 memset(&ps, 0, sizeof(ps)); 856 if (t->p_fpid) { 857 ps.pe_report_event = PTRACE_FORK; 858 ps.pe_other_pid = t->p_fpid; 859 } 860 error = copyout(&ps, addr, sizeof(ps)); 861 break; 862 863 case PT_LWPINFO: 864 if (data != sizeof(pl)) { 865 DPRINTF(("ptrace(%d): %d != %zu\n", req, data, 866 sizeof(pl))); 867 error = EINVAL; 868 break; 869 } 870 error = copyin(addr, &pl, sizeof(pl)); 871 if (error) 872 break; 873 tmp = pl.pl_lwpid; 874 lwp_delref(lt); 875 mutex_enter(t->p_lock); 876 if (tmp == 0) 877 lt = lwp_find_first(t); 878 else { 879 lt = lwp_find(t, tmp); 880 if (lt == NULL) { 881 mutex_exit(t->p_lock); 882 error = ESRCH; 883 break; 884 } 885 lt = LIST_NEXT(lt, l_sibling); 886 } 887 while (lt != NULL && !lwp_alive(lt)) 888 lt = LIST_NEXT(lt, l_sibling); 889 pl.pl_lwpid = 0; 890 pl.pl_event = 0; 891 if (lt) { 892 lwp_addref(lt); 893 pl.pl_lwpid = lt->l_lid; 894 /* 895 * If we match the lwp, or it was sent to every lwp, 896 * we set PL_EVENT_SIGNAL. 897 * XXX: ps_lwp == 0 means everyone and noone, so 898 * check ps_signo too. 899 */ 900 if (lt->l_lid == t->p_sigctx.ps_lwp 901 || (t->p_sigctx.ps_lwp == 0 && t->p_sigctx.ps_signo)) 902 pl.pl_event = PL_EVENT_SIGNAL; 903 } 904 mutex_exit(t->p_lock); 905 906 error = copyout(&pl, addr, sizeof(pl)); 907 break; 908 909 #ifdef PT_SETREGS 910 case PT_SETREGS: 911 write = 1; 912 #endif 913 #ifdef PT_GETREGS 914 case PT_GETREGS: 915 /* write = 0 done above. */ 916 #endif 917 #if defined(PT_SETREGS) || defined(PT_GETREGS) 918 tmp = data; 919 if (tmp != 0 && t->p_nlwps > 1) { 920 lwp_delref(lt); 921 mutex_enter(t->p_lock); 922 lt = lwp_find(t, tmp); 923 if (lt == NULL) { 924 mutex_exit(t->p_lock); 925 error = ESRCH; 926 break; 927 } 928 lwp_addref(lt); 929 mutex_exit(t->p_lock); 930 } 931 if (!process_validregs(lt)) 932 error = EINVAL; 933 else { 934 error = proc_vmspace_getref(p, &vm); 935 if (error) 936 break; 937 iov.iov_base = addr; 938 iov.iov_len = PROC_REGSZ(p); 939 uio.uio_iov = &iov; 940 uio.uio_iovcnt = 1; 941 uio.uio_offset = 0; 942 uio.uio_resid = iov.iov_len; 943 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 944 uio.uio_vmspace = vm; 945 946 error = ptm->ptm_doregs(l, lt, &uio); 947 uvmspace_free(vm); 948 } 949 break; 950 #endif 951 952 #ifdef PT_SETFPREGS 953 case PT_SETFPREGS: 954 write = 1; 955 /*FALLTHROUGH*/ 956 #endif 957 #ifdef PT_GETFPREGS 958 case PT_GETFPREGS: 959 /* write = 0 done above. */ 960 #endif 961 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 962 tmp = data; 963 if (tmp != 0 && t->p_nlwps > 1) { 964 lwp_delref(lt); 965 mutex_enter(t->p_lock); 966 lt = lwp_find(t, tmp); 967 if (lt == NULL) { 968 mutex_exit(t->p_lock); 969 error = ESRCH; 970 break; 971 } 972 lwp_addref(lt); 973 mutex_exit(t->p_lock); 974 } 975 if (!process_validfpregs(lt)) 976 error = EINVAL; 977 else { 978 error = proc_vmspace_getref(p, &vm); 979 if (error) 980 break; 981 iov.iov_base = addr; 982 iov.iov_len = PROC_FPREGSZ(p); 983 uio.uio_iov = &iov; 984 uio.uio_iovcnt = 1; 985 uio.uio_offset = 0; 986 uio.uio_resid = iov.iov_len; 987 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 988 uio.uio_vmspace = vm; 989 990 error = ptm->ptm_dofpregs(l, lt, &uio); 991 uvmspace_free(vm); 992 } 993 break; 994 #endif 995 996 #ifdef __HAVE_PTRACE_MACHDEP 997 PTRACE_MACHDEP_REQUEST_CASES 998 error = ptrace_machdep_dorequest(l, lt, req, addr, data); 999 break; 1000 #endif 1001 } 1002 1003 if (pheld) { 1004 mutex_exit(t->p_lock); 1005 mutex_exit(proc_lock); 1006 } 1007 if (lt != NULL) 1008 lwp_delref(lt); 1009 rw_exit(&t->p_reflock); 1010 1011 return error; 1012 } 1013 1014 int 1015 process_doregs(struct lwp *curl /*tracer*/, 1016 struct lwp *l /*traced*/, 1017 struct uio *uio) 1018 { 1019 #if defined(PT_GETREGS) || defined(PT_SETREGS) 1020 int error; 1021 struct reg r; 1022 char *kv; 1023 int kl; 1024 1025 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 1026 return EINVAL; 1027 1028 kl = sizeof(r); 1029 kv = (char *)&r; 1030 1031 kv += uio->uio_offset; 1032 kl -= uio->uio_offset; 1033 if ((size_t)kl > uio->uio_resid) 1034 kl = uio->uio_resid; 1035 1036 error = process_read_regs(l, &r); 1037 if (error == 0) 1038 error = uiomove(kv, kl, uio); 1039 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1040 if (l->l_stat != LSSTOP) 1041 error = EBUSY; 1042 else 1043 error = process_write_regs(l, &r); 1044 } 1045 1046 uio->uio_offset = 0; 1047 return error; 1048 #else 1049 return EINVAL; 1050 #endif 1051 } 1052 1053 int 1054 process_validregs(struct lwp *l) 1055 { 1056 1057 #if defined(PT_SETREGS) || defined(PT_GETREGS) 1058 return (l->l_flag & LW_SYSTEM) == 0; 1059 #else 1060 return 0; 1061 #endif 1062 } 1063 1064 int 1065 process_dofpregs(struct lwp *curl /*tracer*/, 1066 struct lwp *l /*traced*/, 1067 struct uio *uio) 1068 { 1069 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 1070 int error; 1071 struct fpreg r; 1072 char *kv; 1073 size_t kl; 1074 1075 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 1076 return EINVAL; 1077 1078 kl = sizeof(r); 1079 kv = (char *)&r; 1080 1081 kv += uio->uio_offset; 1082 kl -= uio->uio_offset; 1083 if (kl > uio->uio_resid) 1084 kl = uio->uio_resid; 1085 1086 error = process_read_fpregs(l, &r, &kl); 1087 if (error == 0) 1088 error = uiomove(kv, kl, uio); 1089 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1090 if (l->l_stat != LSSTOP) 1091 error = EBUSY; 1092 else 1093 error = process_write_fpregs(l, &r, kl); 1094 } 1095 uio->uio_offset = 0; 1096 return error; 1097 #else 1098 return EINVAL; 1099 #endif 1100 } 1101 1102 int 1103 process_validfpregs(struct lwp *l) 1104 { 1105 1106 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 1107 return (l->l_flag & LW_SYSTEM) == 0; 1108 #else 1109 return 0; 1110 #endif 1111 } 1112 1113 static int 1114 process_auxv_offset(struct proc *p, struct uio *uio) 1115 { 1116 struct ps_strings pss; 1117 int error; 1118 off_t off = (off_t)p->p_psstrp; 1119 1120 if ((error = copyin_psstrings(p, &pss)) != 0) 1121 return error; 1122 1123 if (pss.ps_envstr == NULL) 1124 return EIO; 1125 1126 uio->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + pss.ps_nenvstr + 1); 1127 #ifdef __MACHINE_STACK_GROWS_UP 1128 if (uio->uio_offset < off) 1129 return EIO; 1130 #else 1131 if (uio->uio_offset > off) 1132 return EIO; 1133 if ((uio->uio_offset + uio->uio_resid) > off) 1134 uio->uio_resid = off - uio->uio_offset; 1135 #endif 1136 return 0; 1137 } 1138 #endif /* PTRACE */ 1139 1140 MODULE(MODULE_CLASS_EXEC, ptrace_common, ""); 1141 1142 static int 1143 ptrace_common_modcmd(modcmd_t cmd, void *arg) 1144 { 1145 int error; 1146 1147 switch (cmd) { 1148 case MODULE_CMD_INIT: 1149 error = ptrace_init(); 1150 break; 1151 case MODULE_CMD_FINI: 1152 error = ptrace_fini(); 1153 break; 1154 default: 1155 ptrace_hooks(); 1156 error = ENOTTY; 1157 break; 1158 } 1159 return error; 1160 } 1161 1162