1 /* $NetBSD: sys_ptrace_common.c,v 1.78 2020/02/22 09:24:05 maxv Exp $ */ 2 3 /*- 4 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Andrew Doran. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1989, 1993 34 * The Regents of the University of California. All rights reserved. 35 * (c) UNIX System Laboratories, Inc. 36 * All or some portions of this file are derived from material licensed 37 * to the University of California by American Telephone and Telegraph 38 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 39 * the permission of UNIX System Laboratories, Inc. 40 * 41 * This code is derived from software contributed to Berkeley by 42 * Jan-Simon Pendry. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 3. Neither the name of the University nor the names of its contributors 53 * may be used to endorse or promote products derived from this software 54 * without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 * 68 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 69 */ 70 71 /*- 72 * Copyright (c) 1993 Jan-Simon Pendry. 73 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 74 * 75 * This code is derived from software contributed to Berkeley by 76 * Jan-Simon Pendry. 77 * 78 * Redistribution and use in source and binary forms, with or without 79 * modification, are permitted provided that the following conditions 80 * are met: 81 * 1. Redistributions of source code must retain the above copyright 82 * notice, this list of conditions and the following disclaimer. 83 * 2. Redistributions in binary form must reproduce the above copyright 84 * notice, this list of conditions and the following disclaimer in the 85 * documentation and/or other materials provided with the distribution. 86 * 3. All advertising materials mentioning features or use of this software 87 * must display the following acknowledgement: 88 * This product includes software developed by the University of 89 * California, Berkeley and its contributors. 90 * 4. Neither the name of the University nor the names of its contributors 91 * may be used to endorse or promote products derived from this software 92 * without specific prior written permission. 93 * 94 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 97 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 98 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 99 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 100 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 101 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 104 * SUCH DAMAGE. 105 * 106 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 107 */ 108 109 /* 110 * References: 111 * (1) Bach's "The Design of the UNIX Operating System", 112 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 113 * (3) the "4.4BSD Programmer's Reference Manual" published 114 * by USENIX and O'Reilly & Associates. 115 * The 4.4BSD PRM does a reasonably good job of documenting what the various 116 * ptrace() requests should actually do, and its text is quoted several times 117 * in this file. 118 */ 119 120 #include <sys/cdefs.h> 121 __KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.78 2020/02/22 09:24:05 maxv Exp $"); 122 123 #ifdef _KERNEL_OPT 124 #include "opt_ptrace.h" 125 #include "opt_ktrace.h" 126 #include "opt_pax.h" 127 #include "opt_compat_netbsd32.h" 128 #endif 129 130 #if defined(__HAVE_COMPAT_NETBSD32) && !defined(COMPAT_NETBSD32) \ 131 && !defined(_RUMPKERNEL) 132 #define COMPAT_NETBSD32 133 #endif 134 135 #include <sys/param.h> 136 #include <sys/systm.h> 137 #include <sys/proc.h> 138 #include <sys/errno.h> 139 #include <sys/exec.h> 140 #include <sys/pax.h> 141 #include <sys/ptrace.h> 142 #include <sys/uio.h> 143 #include <sys/ras.h> 144 #include <sys/kmem.h> 145 #include <sys/kauth.h> 146 #include <sys/mount.h> 147 #include <sys/syscallargs.h> 148 #include <sys/module.h> 149 #include <sys/condvar.h> 150 #include <sys/mutex.h> 151 #include <sys/compat_stub.h> 152 153 #include <uvm/uvm_extern.h> 154 155 #include <machine/reg.h> 156 157 #ifdef PTRACE 158 # ifdef PTRACE_DEBUG 159 # define DPRINTF(a) uprintf a 160 # else 161 # define DPRINTF(a) 162 # endif 163 164 static kauth_listener_t ptrace_listener; 165 static int process_auxv_offset(struct proc *, struct uio *); 166 167 extern int user_va0_disable; 168 169 #if 0 170 static int ptrace_cbref; 171 static kmutex_t ptrace_mtx; 172 static kcondvar_t ptrace_cv; 173 #endif 174 175 #ifdef PT_GETREGS 176 # define case_PT_GETREGS case PT_GETREGS: 177 #else 178 # define case_PT_GETREGS 179 #endif 180 181 #ifdef PT_SETREGS 182 # define case_PT_SETREGS case PT_SETREGS: 183 #else 184 # define case_PT_SETREGS 185 #endif 186 187 #ifdef PT_GETFPREGS 188 # define case_PT_GETFPREGS case PT_GETFPREGS: 189 #else 190 # define case_PT_GETFPREGS 191 #endif 192 193 #ifdef PT_SETFPREGS 194 # define case_PT_SETFPREGS case PT_SETFPREGS: 195 #else 196 # define case_PT_SETFPREGS 197 #endif 198 199 #ifdef PT_GETDBREGS 200 # define case_PT_GETDBREGS case PT_GETDBREGS: 201 #else 202 # define case_PT_GETDBREGS 203 #endif 204 205 #ifdef PT_SETDBREGS 206 # define case_PT_SETDBREGS case PT_SETDBREGS: 207 #else 208 # define case_PT_SETDBREGS 209 #endif 210 211 #if defined(PT_SETREGS) || defined(PT_GETREGS) || \ 212 defined(PT_SETFPREGS) || defined(PT_GETFPREGS) || \ 213 defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 214 # define PT_REGISTERS 215 #endif 216 217 static int 218 ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 219 void *arg0, void *arg1, void *arg2, void *arg3) 220 { 221 struct proc *p; 222 int result; 223 #ifdef PT_SETDBREGS 224 extern int user_set_dbregs; 225 #endif 226 227 result = KAUTH_RESULT_DEFER; 228 p = arg0; 229 230 #if 0 231 mutex_enter(&ptrace_mtx); 232 ptrace_cbref++; 233 mutex_exit(&ptrace_mtx); 234 #endif 235 if (action != KAUTH_PROCESS_PTRACE) 236 goto out; 237 238 switch ((u_long)arg1) { 239 #ifdef PT_SETDBREGS 240 case_PT_SETDBREGS 241 if (kauth_cred_getuid(cred) != 0 && user_set_dbregs == 0) { 242 result = KAUTH_RESULT_DENY; 243 break; 244 } 245 #endif 246 /* FALLTHROUGH */ 247 case PT_TRACE_ME: 248 case PT_ATTACH: 249 case PT_WRITE_I: 250 case PT_WRITE_D: 251 case PT_READ_I: 252 case PT_READ_D: 253 case PT_IO: 254 case_PT_GETREGS 255 case_PT_SETREGS 256 case_PT_GETFPREGS 257 case_PT_SETFPREGS 258 case_PT_GETDBREGS 259 case PT_SET_EVENT_MASK: 260 case PT_GET_EVENT_MASK: 261 case PT_GET_PROCESS_STATE: 262 case PT_SET_SIGINFO: 263 case PT_GET_SIGINFO: 264 #ifdef __HAVE_PTRACE_MACHDEP 265 PTRACE_MACHDEP_REQUEST_CASES 266 #endif 267 if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) || 268 ISSET(p->p_flag, PK_SUGID)) { 269 break; 270 } 271 272 result = KAUTH_RESULT_ALLOW; 273 274 break; 275 276 #ifdef PT_STEP 277 case PT_STEP: 278 case PT_SETSTEP: 279 case PT_CLEARSTEP: 280 #endif 281 case PT_CONTINUE: 282 case PT_KILL: 283 case PT_DETACH: 284 case PT_LWPINFO: 285 case PT_SYSCALL: 286 case PT_SYSCALLEMU: 287 case PT_DUMPCORE: 288 case PT_RESUME: 289 case PT_SUSPEND: 290 case PT_STOP: 291 case PT_LWPSTATUS: 292 case PT_LWPNEXT: 293 result = KAUTH_RESULT_ALLOW; 294 break; 295 296 default: 297 break; 298 } 299 300 out: 301 #if 0 302 mutex_enter(&ptrace_mtx); 303 if (--ptrace_cbref == 0) 304 cv_broadcast(&ptrace_cv); 305 mutex_exit(&ptrace_mtx); 306 #endif 307 308 return result; 309 } 310 311 int 312 ptrace_init(void) 313 { 314 315 #if 0 316 mutex_init(&ptrace_mtx, MUTEX_DEFAULT, IPL_NONE); 317 cv_init(&ptrace_cv, "ptracecb"); 318 ptrace_cbref = 0; 319 #endif 320 ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 321 ptrace_listener_cb, NULL); 322 return 0; 323 } 324 325 int 326 ptrace_fini(void) 327 { 328 329 kauth_unlisten_scope(ptrace_listener); 330 331 #if 0 332 /* Make sure no-one is executing our kauth listener */ 333 334 mutex_enter(&ptrace_mtx); 335 while (ptrace_cbref != 0) 336 cv_wait(&ptrace_cv, &ptrace_mtx); 337 mutex_exit(&ptrace_mtx); 338 mutex_destroy(&ptrace_mtx); 339 cv_destroy(&ptrace_cv); 340 #endif 341 342 return 0; 343 } 344 345 static struct proc * 346 ptrace_find(struct lwp *l, int req, pid_t pid) 347 { 348 struct proc *t; 349 350 /* "A foolish consistency..." XXX */ 351 if (req == PT_TRACE_ME) { 352 t = l->l_proc; 353 mutex_enter(t->p_lock); 354 return t; 355 } 356 357 /* Find the process we're supposed to be operating on. */ 358 t = proc_find(pid); 359 if (t == NULL) 360 return NULL; 361 362 /* XXX-elad */ 363 mutex_enter(t->p_lock); 364 int error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, 365 t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 366 if (error) { 367 mutex_exit(t->p_lock); 368 return NULL; 369 } 370 return t; 371 } 372 373 static int 374 ptrace_allowed(struct lwp *l, int req, struct proc *t, struct proc *p, 375 bool *locked) 376 { 377 *locked = false; 378 379 /* 380 * Grab a reference on the process to prevent it from execing or 381 * exiting. 382 */ 383 if (!rw_tryenter(&t->p_reflock, RW_READER)) 384 return EBUSY; 385 386 *locked = true; 387 388 /* Make sure we can operate on it. */ 389 switch (req) { 390 case PT_TRACE_ME: 391 /* 392 * You can't say to the parent of a process to start tracing if: 393 * (1) the parent is initproc, 394 */ 395 if (p->p_pptr == initproc) 396 return EPERM; 397 398 /* 399 * (2) the process is initproc, or 400 */ 401 if (p == initproc) 402 return EPERM; 403 404 /* 405 * (3) the child is already traced. 406 */ 407 if (ISSET(p->p_slflag, PSL_TRACED)) 408 return EBUSY; 409 410 return 0; 411 412 case PT_ATTACH: 413 /* 414 * You can't attach to a process if: 415 * (1) it's the process that's doing the attaching, 416 */ 417 if (t == p) 418 return EINVAL; 419 420 /* 421 * (2) it's a system process, 422 */ 423 if (t->p_flag & PK_SYSTEM) 424 return EPERM; 425 426 /* 427 * (3) the tracer is initproc, 428 */ 429 if (p == initproc) 430 return EPERM; 431 432 /* 433 * (4) it's already being traced, 434 */ 435 if (ISSET(t->p_slflag, PSL_TRACED)) 436 return EBUSY; 437 438 /* 439 * (5) it's a vfork(2)ed parent of the current process, or 440 */ 441 if (ISSET(p->p_lflag, PL_PPWAIT) && p->p_pptr == t) 442 return EPERM; 443 444 /* 445 * (6) the tracer is chrooted, and its root directory is 446 * not at or above the root directory of the tracee 447 */ 448 mutex_exit(t->p_lock); /* XXXSMP */ 449 int tmp = proc_isunder(t, l); 450 mutex_enter(t->p_lock); /* XXXSMP */ 451 if (!tmp) 452 return EPERM; 453 return 0; 454 455 case PT_READ_I: 456 case PT_READ_D: 457 case PT_WRITE_I: 458 case PT_WRITE_D: 459 case PT_IO: 460 case PT_SET_SIGINFO: 461 case PT_GET_SIGINFO: 462 case_PT_GETREGS 463 case_PT_SETREGS 464 case_PT_GETFPREGS 465 case_PT_SETFPREGS 466 case_PT_GETDBREGS 467 case_PT_SETDBREGS 468 #ifdef __HAVE_PTRACE_MACHDEP 469 PTRACE_MACHDEP_REQUEST_CASES 470 #endif 471 /* 472 * You can't read/write the memory or registers of a process 473 * if the tracer is chrooted, and its root directory is not at 474 * or above the root directory of the tracee. 475 */ 476 mutex_exit(t->p_lock); /* XXXSMP */ 477 tmp = proc_isunder(t, l); 478 mutex_enter(t->p_lock); /* XXXSMP */ 479 if (!tmp) 480 return EPERM; 481 /*FALLTHROUGH*/ 482 483 case PT_CONTINUE: 484 case PT_KILL: 485 case PT_DETACH: 486 case PT_LWPINFO: 487 case PT_SYSCALL: 488 case PT_SYSCALLEMU: 489 case PT_DUMPCORE: 490 #ifdef PT_STEP 491 case PT_STEP: 492 case PT_SETSTEP: 493 case PT_CLEARSTEP: 494 #endif 495 case PT_SET_EVENT_MASK: 496 case PT_GET_EVENT_MASK: 497 case PT_GET_PROCESS_STATE: 498 case PT_RESUME: 499 case PT_SUSPEND: 500 case PT_STOP: 501 case PT_LWPSTATUS: 502 case PT_LWPNEXT: 503 /* 504 * You can't do what you want to the process if: 505 * (1) It's not being traced at all, 506 */ 507 if (!ISSET(t->p_slflag, PSL_TRACED)) 508 return EPERM; 509 510 /* 511 * (2) it's not being traced by _you_, or 512 */ 513 if (t->p_pptr != p) { 514 DPRINTF(("parent %d != %d\n", t->p_pptr->p_pid, 515 p->p_pid)); 516 return EBUSY; 517 } 518 519 /* 520 * (3) it's not currently stopped. 521 * 522 * As an exception allow PT_KILL and PT_STOP here. 523 */ 524 if (req != PT_KILL && req != PT_STOP && 525 (t->p_stat != SSTOP || !t->p_waited /* XXXSMP */)) { 526 DPRINTF(("stat %d flag %d\n", t->p_stat, 527 !t->p_waited)); 528 return EBUSY; 529 } 530 return 0; 531 532 default: /* It was not a legal request. */ 533 return EINVAL; 534 } 535 } 536 537 static int 538 ptrace_needs_hold(int req) 539 { 540 switch (req) { 541 #ifdef PT_STEP 542 case PT_STEP: 543 #endif 544 case PT_CONTINUE: 545 case PT_DETACH: 546 case PT_KILL: 547 case PT_SYSCALL: 548 case PT_SYSCALLEMU: 549 case PT_ATTACH: 550 case PT_TRACE_ME: 551 case PT_GET_SIGINFO: 552 case PT_SET_SIGINFO: 553 case PT_STOP: 554 return 1; 555 default: 556 return 0; 557 } 558 } 559 560 static int 561 ptrace_update_lwp(struct proc *t, struct lwp **lt, lwpid_t lid) 562 { 563 if (lid == 0 || lid == (*lt)->l_lid || t->p_nlwps == 1) 564 return 0; 565 566 mutex_enter(t->p_lock); 567 lwp_delref2(*lt); 568 569 *lt = lwp_find(t, lid); 570 if (*lt == NULL) { 571 mutex_exit(t->p_lock); 572 return ESRCH; 573 } 574 575 if ((*lt)->l_flag & LW_SYSTEM) { 576 mutex_exit(t->p_lock); 577 *lt = NULL; 578 return EINVAL; 579 } 580 581 lwp_addref(*lt); 582 mutex_exit(t->p_lock); 583 584 return 0; 585 } 586 587 static int 588 ptrace_get_siginfo(struct proc *t, struct ptrace_methods *ptm, void *addr, 589 size_t data) 590 { 591 struct ptrace_siginfo psi; 592 593 memset(&psi, 0, sizeof(psi)); 594 psi.psi_siginfo._info = t->p_sigctx.ps_info; 595 psi.psi_lwpid = t->p_sigctx.ps_lwp; 596 DPRINTF(("%s: lwp=%d signal=%d\n", __func__, psi.psi_lwpid, 597 psi.psi_siginfo.si_signo)); 598 599 return ptm->ptm_copyout_siginfo(&psi, addr, data); 600 } 601 602 static int 603 ptrace_set_siginfo(struct proc *t, struct lwp **lt, struct ptrace_methods *ptm, 604 void *addr, size_t data) 605 { 606 struct ptrace_siginfo psi; 607 608 int error = ptm->ptm_copyin_siginfo(&psi, addr, data); 609 if (error) 610 return error; 611 612 /* Check that the data is a valid signal number or zero. */ 613 if (psi.psi_siginfo.si_signo < 0 || psi.psi_siginfo.si_signo >= NSIG) 614 return EINVAL; 615 616 t->p_sigctx.ps_faked = true; 617 t->p_sigctx.ps_info = psi.psi_siginfo._info; 618 t->p_sigctx.ps_lwp = psi.psi_lwpid; 619 DPRINTF(("%s: lwp=%d signal=%d\n", __func__, psi.psi_lwpid, 620 psi.psi_siginfo.si_signo)); 621 return 0; 622 } 623 624 static int 625 ptrace_get_event_mask(struct proc *t, void *addr, size_t data) 626 { 627 struct ptrace_event pe; 628 629 if (data != sizeof(pe)) { 630 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pe))); 631 return EINVAL; 632 } 633 memset(&pe, 0, sizeof(pe)); 634 pe.pe_set_event = ISSET(t->p_slflag, PSL_TRACEFORK) ? 635 PTRACE_FORK : 0; 636 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK) ? 637 PTRACE_VFORK : 0; 638 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK_DONE) ? 639 PTRACE_VFORK_DONE : 0; 640 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_CREATE) ? 641 PTRACE_LWP_CREATE : 0; 642 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_EXIT) ? 643 PTRACE_LWP_EXIT : 0; 644 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEPOSIX_SPAWN) ? 645 PTRACE_POSIX_SPAWN : 0; 646 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 647 t->p_sigctx.ps_lwp, pe.pe_set_event)); 648 return copyout(&pe, addr, sizeof(pe)); 649 } 650 651 static int 652 ptrace_set_event_mask(struct proc *t, void *addr, size_t data) 653 { 654 struct ptrace_event pe; 655 int error; 656 657 if (data != sizeof(pe)) { 658 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pe))); 659 return EINVAL; 660 } 661 if ((error = copyin(addr, &pe, sizeof(pe))) != 0) 662 return error; 663 664 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 665 t->p_sigctx.ps_lwp, pe.pe_set_event)); 666 if (pe.pe_set_event & PTRACE_FORK) 667 SET(t->p_slflag, PSL_TRACEFORK); 668 else 669 CLR(t->p_slflag, PSL_TRACEFORK); 670 671 if (pe.pe_set_event & PTRACE_VFORK) 672 SET(t->p_slflag, PSL_TRACEVFORK); 673 else 674 CLR(t->p_slflag, PSL_TRACEVFORK); 675 676 if (pe.pe_set_event & PTRACE_VFORK_DONE) 677 SET(t->p_slflag, PSL_TRACEVFORK_DONE); 678 else 679 CLR(t->p_slflag, PSL_TRACEVFORK_DONE); 680 681 if (pe.pe_set_event & PTRACE_LWP_CREATE) 682 SET(t->p_slflag, PSL_TRACELWP_CREATE); 683 else 684 CLR(t->p_slflag, PSL_TRACELWP_CREATE); 685 686 if (pe.pe_set_event & PTRACE_LWP_EXIT) 687 SET(t->p_slflag, PSL_TRACELWP_EXIT); 688 else 689 CLR(t->p_slflag, PSL_TRACELWP_EXIT); 690 691 if (pe.pe_set_event & PTRACE_POSIX_SPAWN) 692 SET(t->p_slflag, PSL_TRACEPOSIX_SPAWN); 693 else 694 CLR(t->p_slflag, PSL_TRACEPOSIX_SPAWN); 695 696 return 0; 697 } 698 699 static int 700 ptrace_get_process_state(struct proc *t, void *addr, size_t data) 701 { 702 struct _ksiginfo *si; 703 struct ptrace_state ps; 704 705 if (data != sizeof(ps)) { 706 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(ps))); 707 return EINVAL; 708 } 709 710 if (t->p_sigctx.ps_info._signo != SIGTRAP || 711 (t->p_sigctx.ps_info._code != TRAP_CHLD && 712 t->p_sigctx.ps_info._code != TRAP_LWP)) { 713 memset(&ps, 0, sizeof(ps)); 714 } else { 715 si = &t->p_sigctx.ps_info; 716 717 KASSERT(si->_reason._ptrace_state._pe_report_event > 0); 718 KASSERT(si->_reason._ptrace_state._option._pe_other_pid > 0); 719 720 ps.pe_report_event = si->_reason._ptrace_state._pe_report_event; 721 722 CTASSERT(sizeof(ps.pe_other_pid) == sizeof(ps.pe_lwp)); 723 ps.pe_other_pid = 724 si->_reason._ptrace_state._option._pe_other_pid; 725 } 726 727 DPRINTF(("%s: lwp=%d event=%#x pid=%d lwp=%d\n", __func__, 728 t->p_sigctx.ps_lwp, ps.pe_report_event, 729 ps.pe_other_pid, ps.pe_lwp)); 730 return copyout(&ps, addr, sizeof(ps)); 731 } 732 733 static int 734 ptrace_lwpinfo(struct proc *t, struct lwp **lt, void *addr, size_t data) 735 { 736 struct ptrace_lwpinfo pl; 737 738 if (data != sizeof(pl)) { 739 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pl))); 740 return EINVAL; 741 } 742 int error = copyin(addr, &pl, sizeof(pl)); 743 if (error) 744 return error; 745 746 lwpid_t tmp = pl.pl_lwpid; 747 lwp_delref(*lt); 748 mutex_enter(t->p_lock); 749 if (tmp == 0) 750 *lt = lwp_find_first(t); 751 else { 752 *lt = lwp_find(t, tmp); 753 if (*lt == NULL) { 754 mutex_exit(t->p_lock); 755 return ESRCH; 756 } 757 *lt = LIST_NEXT(*lt, l_sibling); 758 } 759 760 while (*lt != NULL && (!lwp_alive(*lt) || 761 ((*lt)->l_flag & LW_SYSTEM) != 0)) 762 *lt = LIST_NEXT(*lt, l_sibling); 763 764 pl.pl_lwpid = 0; 765 pl.pl_event = 0; 766 if (*lt) { 767 lwp_addref(*lt); 768 pl.pl_lwpid = (*lt)->l_lid; 769 770 if ((*lt)->l_flag & LW_WSUSPEND) 771 pl.pl_event = PL_EVENT_SUSPENDED; 772 /* 773 * If we match the lwp, or it was sent to every lwp, 774 * we set PL_EVENT_SIGNAL. 775 * XXX: ps_lwp == 0 means everyone and noone, so 776 * check ps_signo too. 777 */ 778 else if ((*lt)->l_lid == t->p_sigctx.ps_lwp 779 || (t->p_sigctx.ps_lwp == 0 && 780 t->p_sigctx.ps_info._signo)) { 781 DPRINTF(("%s: lwp=%d siglwp=%d signo %d\n", __func__, 782 pl.pl_lwpid, t->p_sigctx.ps_lwp, 783 t->p_sigctx.ps_info._signo)); 784 pl.pl_event = PL_EVENT_SIGNAL; 785 } 786 } 787 mutex_exit(t->p_lock); 788 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 789 pl.pl_lwpid, pl.pl_event)); 790 791 return copyout(&pl, addr, sizeof(pl)); 792 } 793 794 static int 795 ptrace_lwpstatus(struct proc *t, struct ptrace_methods *ptm, struct lwp **lt, 796 void *addr, size_t data, bool next) 797 { 798 struct ptrace_lwpstatus pls; 799 struct lwp *l; 800 int error; 801 802 if (data > sizeof(pls) || data < sizeof(lwpid_t)) { 803 DPRINTF(("%s: invalid data: %zu < %zu < %zu\n", 804 __func__, sizeof(lwpid_t), data, sizeof(pls))); 805 return EINVAL; 806 } 807 error = copyin(addr, &pls.pl_lwpid, sizeof(lwpid_t)); 808 if (error) 809 return error; 810 811 if (next) { 812 lwp_delref(*lt); 813 lwpid_t tmp = pls.pl_lwpid; 814 mutex_enter(t->p_lock); 815 if (tmp == 0) 816 *lt = lwp_find_first(t); 817 else { 818 *lt = lwp_find(t, tmp); 819 if (*lt == NULL) { 820 mutex_exit(t->p_lock); 821 return ESRCH; 822 } 823 *lt = LIST_NEXT(*lt, l_sibling); 824 } 825 826 while (*lt != NULL && (!lwp_alive(*lt) || 827 ((*lt)->l_flag & LW_SYSTEM) != 0)) 828 *lt = LIST_NEXT(*lt, l_sibling); 829 830 if (*lt == NULL) { 831 memset(&pls, 0, sizeof(pls)); 832 mutex_exit(t->p_lock); 833 goto out; 834 } 835 lwp_addref(*lt); 836 mutex_exit(t->p_lock); 837 838 pls.pl_lwpid = (*lt)->l_lid; 839 } else { 840 if ((error = ptrace_update_lwp(t, lt, pls.pl_lwpid)) != 0) 841 return error; 842 } 843 844 l = *lt; 845 846 ptrace_read_lwpstatus(l, &pls); 847 848 out: 849 DPRINTF(("%s: lwp=%d sigpend=%02x%02x%02x%02x sigmask=%02x%02x%02x%02x " 850 "name='%s' private=%p\n", __func__, pls.pl_lwpid, 851 pls.pl_sigpend.__bits[0], pls.pl_sigpend.__bits[1], 852 pls.pl_sigpend.__bits[2], pls.pl_sigpend.__bits[3], 853 pls.pl_sigmask.__bits[0], pls.pl_sigmask.__bits[1], 854 pls.pl_sigmask.__bits[2], pls.pl_sigmask.__bits[3], 855 pls.pl_name, pls.pl_private)); 856 857 return ptm->ptm_copyout_lwpstatus(&pls, addr, data); 858 } 859 860 static int 861 ptrace_startstop(struct proc *t, struct lwp **lt, int rq, void *addr, 862 size_t data) 863 { 864 int error; 865 866 if ((error = ptrace_update_lwp(t, lt, data)) != 0) 867 return error; 868 869 DPRINTF(("%s: lwp=%d request=%d\n", __func__, (*lt)->l_lid, rq)); 870 lwp_lock(*lt); 871 if (rq == PT_SUSPEND) 872 (*lt)->l_flag |= LW_DBGSUSPEND; 873 else { 874 (*lt)->l_flag &= ~LW_DBGSUSPEND; 875 if ((*lt)->l_flag != LSSUSPENDED) 876 (*lt)->l_stat = LSSTOP; 877 } 878 lwp_unlock(*lt); 879 return 0; 880 } 881 882 #ifdef PT_REGISTERS 883 static int 884 ptrace_uio_dir(int req) 885 { 886 switch (req) { 887 case_PT_GETREGS 888 case_PT_GETFPREGS 889 case_PT_GETDBREGS 890 return UIO_READ; 891 case_PT_SETREGS 892 case_PT_SETFPREGS 893 case_PT_SETDBREGS 894 return UIO_WRITE; 895 default: 896 return -1; 897 } 898 } 899 900 static int 901 ptrace_regs(struct lwp *l, struct lwp **lt, int rq, struct ptrace_methods *ptm, 902 void *addr, size_t data) 903 { 904 int error; 905 struct proc *p, *t; 906 struct vmspace *vm; 907 908 p = l->l_proc; /* tracer */ 909 t = (*lt)->l_proc; /* traced */ 910 911 if ((error = ptrace_update_lwp(t, lt, data)) != 0) 912 return error; 913 914 int dir = ptrace_uio_dir(rq); 915 size_t size; 916 int (*func)(struct lwp *, struct lwp *, struct uio *); 917 918 DPRINTF(("%s: lwp=%d request=%d\n", __func__, l->l_lid, rq)); 919 920 switch (rq) { 921 #if defined(PT_SETREGS) || defined(PT_GETREGS) 922 case_PT_GETREGS 923 case_PT_SETREGS 924 if (!process_validregs(*lt)) 925 return EINVAL; 926 size = PROC_REGSZ(p); 927 func = ptm->ptm_doregs; 928 break; 929 #endif 930 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 931 case_PT_GETFPREGS 932 case_PT_SETFPREGS 933 if (!process_validfpregs(*lt)) 934 return EINVAL; 935 size = PROC_FPREGSZ(p); 936 func = ptm->ptm_dofpregs; 937 break; 938 #endif 939 #if defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 940 case_PT_GETDBREGS 941 case_PT_SETDBREGS 942 if (!process_validdbregs(*lt)) 943 return EINVAL; 944 size = PROC_DBREGSZ(p); 945 func = ptm->ptm_dodbregs; 946 break; 947 #endif 948 default: 949 return EINVAL; 950 } 951 952 error = proc_vmspace_getref(l->l_proc, &vm); 953 if (error) 954 return error; 955 956 struct uio uio; 957 struct iovec iov; 958 959 iov.iov_base = addr; 960 iov.iov_len = size; 961 uio.uio_iov = &iov; 962 uio.uio_iovcnt = 1; 963 uio.uio_offset = 0; 964 uio.uio_resid = iov.iov_len; 965 uio.uio_rw = dir; 966 uio.uio_vmspace = vm; 967 968 error = (*func)(l, *lt, &uio); 969 uvmspace_free(vm); 970 return error; 971 } 972 #endif 973 974 static int 975 ptrace_sendsig(struct lwp *l, int req, struct proc *t, struct lwp *lt, int signo, int resume_all) 976 { 977 ksiginfo_t ksi; 978 979 /* Finally, deliver the requested signal (or none). */ 980 if (t->p_stat == SSTOP) { 981 /* 982 * Unstop the process. If it needs to take a 983 * signal, make all efforts to ensure that at 984 * an LWP runs to see it. 985 */ 986 t->p_xsig = signo; 987 988 /* 989 * signo > 0 check prevents a potential panic, as 990 * sigismember(&...,0) is invalid check and signo 991 * can be equal to 0 as a special case of no-signal. 992 */ 993 if (signo > 0 && sigismember(&stopsigmask, signo)) { 994 t->p_waited = 0; 995 child_psignal(t, 0); 996 } else if (resume_all) 997 proc_unstop(t); 998 else 999 lwp_unstop(lt); 1000 return 0; 1001 } 1002 1003 KASSERT(req == PT_KILL || req == PT_STOP || req == PT_ATTACH); 1004 1005 KSI_INIT(&ksi); 1006 ksi.ksi_signo = signo; 1007 ksi.ksi_code = SI_USER; 1008 ksi.ksi_pid = l->l_proc->p_pid; 1009 ksi.ksi_uid = kauth_cred_geteuid(l->l_cred); 1010 1011 t->p_sigctx.ps_faked = false; 1012 1013 DPRINTF(("%s: pid=%d.%d signal=%d resume_all=%d\n", __func__, t->p_pid, 1014 lt->l_lid, signo, resume_all)); 1015 1016 return kpsignal2(t, &ksi); 1017 } 1018 1019 static int 1020 ptrace_dumpcore(struct lwp *lt, char *path, size_t len) 1021 { 1022 int error; 1023 if (path != NULL) { 1024 1025 if (len >= MAXPATHLEN) 1026 return EINVAL; 1027 1028 char *src = path; 1029 path = kmem_alloc(len + 1, KM_SLEEP); 1030 error = copyin(src, path, len); 1031 if (error) 1032 goto out; 1033 path[len] = '\0'; 1034 } 1035 DPRINTF(("%s: lwp=%d\n", __func__, lt->l_lid)); 1036 MODULE_HOOK_CALL(coredump_hook, (lt, path), 0, error); 1037 out: 1038 if (path) 1039 kmem_free(path, len + 1); 1040 return error; 1041 } 1042 1043 static int 1044 ptrace_doio(struct lwp *l, struct proc *t, struct lwp *lt, 1045 struct ptrace_io_desc *piod, void *addr, bool sysspace) 1046 { 1047 struct uio uio; 1048 struct iovec iov; 1049 int error, tmp; 1050 1051 error = 0; 1052 iov.iov_base = piod->piod_addr; 1053 iov.iov_len = piod->piod_len; 1054 uio.uio_iov = &iov; 1055 uio.uio_iovcnt = 1; 1056 uio.uio_offset = (off_t)(unsigned long)piod->piod_offs; 1057 uio.uio_resid = piod->piod_len; 1058 1059 DPRINTF(("%s: lwp=%d request=%d\n", __func__, l->l_lid, piod->piod_op)); 1060 1061 switch (piod->piod_op) { 1062 case PIOD_READ_D: 1063 case PIOD_READ_I: 1064 uio.uio_rw = UIO_READ; 1065 break; 1066 case PIOD_WRITE_D: 1067 case PIOD_WRITE_I: 1068 /* 1069 * Can't write to a RAS 1070 */ 1071 if (ras_lookup(t, addr) != (void *)-1) { 1072 return EACCES; 1073 } 1074 uio.uio_rw = UIO_WRITE; 1075 break; 1076 case PIOD_READ_AUXV: 1077 uio.uio_rw = UIO_READ; 1078 tmp = t->p_execsw->es_arglen; 1079 if (uio.uio_offset > tmp) 1080 return EIO; 1081 if (uio.uio_resid > tmp - uio.uio_offset) 1082 uio.uio_resid = tmp - uio.uio_offset; 1083 piod->piod_len = iov.iov_len = uio.uio_resid; 1084 error = process_auxv_offset(t, &uio); 1085 break; 1086 default: 1087 error = EINVAL; 1088 break; 1089 } 1090 1091 if (error) 1092 return error; 1093 1094 if (sysspace) { 1095 uio.uio_vmspace = vmspace_kernel(); 1096 } else { 1097 error = proc_vmspace_getref(l->l_proc, &uio.uio_vmspace); 1098 if (error) 1099 return error; 1100 } 1101 1102 error = process_domem(l, lt, &uio); 1103 if (!sysspace) 1104 uvmspace_free(uio.uio_vmspace); 1105 if (error) 1106 return error; 1107 piod->piod_len -= uio.uio_resid; 1108 return 0; 1109 } 1110 1111 int 1112 do_ptrace(struct ptrace_methods *ptm, struct lwp *l, int req, pid_t pid, 1113 void *addr, int data, register_t *retval) 1114 { 1115 struct proc *p = l->l_proc; 1116 struct lwp *lt = NULL; 1117 struct lwp *lt2; 1118 struct proc *t; /* target process */ 1119 struct ptrace_io_desc piod; 1120 int error, write, tmp, pheld; 1121 int signo = 0; 1122 int resume_all; 1123 bool locked; 1124 error = 0; 1125 1126 /* 1127 * If attaching or detaching, we need to get a write hold on the 1128 * proclist lock so that we can re-parent the target process. 1129 */ 1130 mutex_enter(proc_lock); 1131 1132 t = ptrace_find(l, req, pid); 1133 if (t == NULL) { 1134 mutex_exit(proc_lock); 1135 return ESRCH; 1136 } 1137 1138 pheld = 1; 1139 if ((error = ptrace_allowed(l, req, t, p, &locked)) != 0) 1140 goto out; 1141 1142 if ((error = kauth_authorize_process(l->l_cred, 1143 KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req), NULL, NULL)) != 0) 1144 goto out; 1145 1146 if ((lt = lwp_find_first(t)) == NULL) { 1147 error = ESRCH; 1148 goto out; 1149 } 1150 1151 /* Do single-step fixup if needed. */ 1152 FIX_SSTEP(t); 1153 KASSERT(lt != NULL); 1154 lwp_addref(lt); 1155 1156 /* 1157 * Which locks do we need held? XXX Ugly. 1158 */ 1159 if ((pheld = ptrace_needs_hold(req)) == 0) { 1160 mutex_exit(t->p_lock); 1161 mutex_exit(proc_lock); 1162 } 1163 1164 /* Now do the operation. */ 1165 write = 0; 1166 *retval = 0; 1167 tmp = 0; 1168 resume_all = 1; 1169 1170 switch (req) { 1171 case PT_TRACE_ME: 1172 /* Just set the trace flag. */ 1173 SET(t->p_slflag, PSL_TRACED); 1174 t->p_opptr = t->p_pptr; 1175 break; 1176 1177 /* 1178 * The I and D separate address space has been inherited from PDP-11. 1179 * The 16-bit UNIX started with a single address space per program, 1180 * but was extended to two 16-bit (2 x 64kb) address spaces. 1181 * 1182 * We no longer maintain this feature in maintained architectures, but 1183 * we keep the API for backward compatiblity. Currently the I and D 1184 * operations are exactly the same and not distinguished in debuggers. 1185 */ 1186 case PT_WRITE_I: 1187 case PT_WRITE_D: 1188 write = 1; 1189 tmp = data; 1190 /* FALLTHROUGH */ 1191 case PT_READ_I: 1192 case PT_READ_D: 1193 piod.piod_addr = &tmp; 1194 piod.piod_len = sizeof(tmp); 1195 piod.piod_offs = addr; 1196 piod.piod_op = write ? PIOD_WRITE_D : PIOD_READ_D; 1197 if ((error = ptrace_doio(l, t, lt, &piod, addr, true)) != 0) 1198 break; 1199 /* 1200 * For legacy reasons we treat here two results as success: 1201 * - incomplete transfer piod.piod_len < sizeof(tmp) 1202 * - no transfer piod.piod_len == 0 1203 * 1204 * This means that there is no way to determine whether 1205 * transfer operation was performed in PT_WRITE and PT_READ 1206 * calls. 1207 */ 1208 if (!write) 1209 *retval = tmp; 1210 break; 1211 1212 case PT_IO: 1213 if ((error = ptm->ptm_copyin_piod(&piod, addr, data)) != 0) 1214 break; 1215 if (piod.piod_len < 1) { 1216 error = EINVAL; 1217 break; 1218 } 1219 if ((error = ptrace_doio(l, t, lt, &piod, addr, false)) != 0) 1220 break; 1221 /* 1222 * For legacy reasons we treat here two results as success: 1223 * - incomplete transfer piod.piod_len < sizeof(tmp) 1224 * - no transfer piod.piod_len == 0 1225 */ 1226 error = ptm->ptm_copyout_piod(&piod, addr, data); 1227 break; 1228 1229 case PT_DUMPCORE: 1230 error = ptrace_dumpcore(lt, addr, data); 1231 break; 1232 1233 #ifdef PT_STEP 1234 case PT_STEP: 1235 /* 1236 * From the 4.4BSD PRM: 1237 * "Execution continues as in request PT_CONTINUE; however 1238 * as soon as possible after execution of at least one 1239 * instruction, execution stops again. [ ... ]" 1240 */ 1241 #endif 1242 case PT_CONTINUE: 1243 case PT_SYSCALL: 1244 case PT_DETACH: 1245 if (req == PT_SYSCALL) { 1246 if (!ISSET(t->p_slflag, PSL_SYSCALL)) { 1247 SET(t->p_slflag, PSL_SYSCALL); 1248 #ifdef __HAVE_SYSCALL_INTERN 1249 (*t->p_emul->e_syscall_intern)(t); 1250 #endif 1251 } 1252 } else { 1253 if (ISSET(t->p_slflag, PSL_SYSCALL)) { 1254 CLR(t->p_slflag, PSL_SYSCALL); 1255 #ifdef __HAVE_SYSCALL_INTERN 1256 (*t->p_emul->e_syscall_intern)(t); 1257 #endif 1258 } 1259 } 1260 t->p_trace_enabled = trace_is_enabled(t); 1261 1262 /* 1263 * Pick up the LWPID, if supplied. There are two cases: 1264 * data < 0 : step or continue single thread, lwp = -data 1265 * data > 0 in PT_STEP : step this thread, continue others 1266 * For operations other than PT_STEP, data > 0 means 1267 * data is the signo to deliver to the process. 1268 */ 1269 tmp = data; 1270 if (tmp >= 0) { 1271 #ifdef PT_STEP 1272 if (req == PT_STEP) 1273 signo = 0; 1274 else 1275 #endif 1276 { 1277 signo = tmp; 1278 tmp = 0; /* don't search for LWP */ 1279 } 1280 } else if (tmp == INT_MIN) { 1281 error = ESRCH; 1282 break; 1283 } else { 1284 tmp = -tmp; 1285 } 1286 1287 if (tmp > 0) { 1288 if (req == PT_DETACH) { 1289 error = EINVAL; 1290 break; 1291 } 1292 lwp_delref2 (lt); 1293 lt = lwp_find(t, tmp); 1294 if (lt == NULL) { 1295 error = ESRCH; 1296 break; 1297 } 1298 lwp_addref(lt); 1299 resume_all = 0; 1300 signo = 0; 1301 } 1302 1303 /* 1304 * From the 4.4BSD PRM: 1305 * "The data argument is taken as a signal number and the 1306 * child's execution continues at location addr as if it 1307 * incurred that signal. Normally the signal number will 1308 * be either 0 to indicate that the signal that caused the 1309 * stop should be ignored, or that value fetched out of 1310 * the process's image indicating which signal caused 1311 * the stop. If addr is (int *)1 then execution continues 1312 * from where it stopped." 1313 */ 1314 1315 /* Check that the data is a valid signal number or zero. */ 1316 if (signo < 0 || signo >= NSIG) { 1317 error = EINVAL; 1318 break; 1319 } 1320 1321 /* Prevent process deadlock */ 1322 if (resume_all) { 1323 #ifdef PT_STEP 1324 if (req == PT_STEP) { 1325 if (lt->l_flag & 1326 (LW_WSUSPEND | LW_DBGSUSPEND)) { 1327 error = EDEADLK; 1328 break; 1329 } 1330 } else 1331 #endif 1332 { 1333 error = EDEADLK; 1334 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1335 if ((lt2->l_flag & 1336 (LW_WSUSPEND | LW_DBGSUSPEND)) == 0 1337 ) { 1338 error = 0; 1339 break; 1340 } 1341 } 1342 if (error != 0) 1343 break; 1344 } 1345 } else { 1346 if (lt->l_flag & (LW_WSUSPEND | LW_DBGSUSPEND)) { 1347 error = EDEADLK; 1348 break; 1349 } 1350 } 1351 1352 /* 1353 * Reject setting program counter to 0x0 if VA0 is disabled. 1354 * 1355 * Not all kernels implement this feature to set Program 1356 * Counter in one go in PT_CONTINUE and similar operations. 1357 * This causes portability issues as passing address 0x0 1358 * on these kernels is no-operation, but can cause failure 1359 * in most cases on NetBSD. 1360 */ 1361 if (user_va0_disable && addr == 0) { 1362 error = EINVAL; 1363 break; 1364 } 1365 1366 /* If the address parameter is not (int *)1, set the pc. */ 1367 if ((int *)addr != (int *)1) { 1368 error = process_set_pc(lt, addr); 1369 if (error != 0) 1370 break; 1371 } 1372 #ifdef PT_STEP 1373 /* 1374 * Arrange for a single-step, if that's requested and possible. 1375 * More precisely, set the single step status as requested for 1376 * the requested thread, and clear it for other threads. 1377 */ 1378 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1379 if (ISSET(lt2->l_pflag, LP_SINGLESTEP)) { 1380 lwp_lock(lt2); 1381 process_sstep(lt2, 1); 1382 lwp_unlock(lt2); 1383 } else if (lt != lt2) { 1384 lwp_lock(lt2); 1385 process_sstep(lt2, 0); 1386 lwp_unlock(lt2); 1387 } 1388 } 1389 error = process_sstep(lt, 1390 ISSET(lt->l_pflag, LP_SINGLESTEP) || req == PT_STEP); 1391 if (error) 1392 break; 1393 #endif 1394 if (req == PT_DETACH) { 1395 CLR(t->p_slflag, PSL_TRACED|PSL_SYSCALL); 1396 1397 /* give process back to original parent or init */ 1398 if (t->p_opptr != t->p_pptr) { 1399 struct proc *pp = t->p_opptr; 1400 proc_reparent(t, pp ? pp : initproc); 1401 } 1402 1403 /* not being traced any more */ 1404 t->p_opptr = NULL; 1405 1406 /* clear single step */ 1407 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1408 CLR(lt2->l_pflag, LP_SINGLESTEP); 1409 } 1410 CLR(lt->l_pflag, LP_SINGLESTEP); 1411 } 1412 sendsig: 1413 error = ptrace_sendsig(l, req, t, lt, signo, resume_all); 1414 break; 1415 1416 case PT_SYSCALLEMU: 1417 if (!ISSET(t->p_slflag, PSL_SYSCALL) || t->p_stat != SSTOP) { 1418 error = EINVAL; 1419 break; 1420 } 1421 SET(t->p_slflag, PSL_SYSCALLEMU); 1422 break; 1423 1424 #ifdef PT_STEP 1425 case PT_SETSTEP: 1426 write = 1; 1427 1428 /* FALLTHROUGH */ 1429 case PT_CLEARSTEP: 1430 /* write = 0 done above. */ 1431 if ((error = ptrace_update_lwp(t, <, data)) != 0) 1432 break; 1433 1434 if (write) 1435 SET(lt->l_pflag, LP_SINGLESTEP); 1436 else 1437 CLR(lt->l_pflag, LP_SINGLESTEP); 1438 break; 1439 #endif 1440 1441 case PT_KILL: 1442 /* just send the process a KILL signal. */ 1443 signo = SIGKILL; 1444 goto sendsig; /* in PT_CONTINUE, above. */ 1445 1446 case PT_STOP: 1447 /* just send the process a STOP signal. */ 1448 signo = SIGSTOP; 1449 goto sendsig; /* in PT_CONTINUE, above. */ 1450 1451 case PT_ATTACH: 1452 /* 1453 * Go ahead and set the trace flag. 1454 * Save the old parent (it's reset in 1455 * _DETACH, and also in kern_exit.c:wait4() 1456 * Reparent the process so that the tracing 1457 * proc gets to see all the action. 1458 * Stop the target. 1459 */ 1460 proc_changeparent(t, p); 1461 signo = SIGSTOP; 1462 goto sendsig; 1463 1464 case PT_GET_EVENT_MASK: 1465 error = ptrace_get_event_mask(t, addr, data); 1466 break; 1467 1468 case PT_SET_EVENT_MASK: 1469 error = ptrace_set_event_mask(t, addr, data); 1470 break; 1471 1472 case PT_GET_PROCESS_STATE: 1473 error = ptrace_get_process_state(t, addr, data); 1474 break; 1475 1476 case PT_LWPINFO: 1477 error = ptrace_lwpinfo(t, <, addr, data); 1478 break; 1479 1480 case PT_SET_SIGINFO: 1481 error = ptrace_set_siginfo(t, <, ptm, addr, data); 1482 break; 1483 1484 case PT_GET_SIGINFO: 1485 error = ptrace_get_siginfo(t, ptm, addr, data); 1486 break; 1487 1488 case PT_RESUME: 1489 case PT_SUSPEND: 1490 error = ptrace_startstop(t, <, req, addr, data); 1491 break; 1492 1493 case PT_LWPSTATUS: 1494 error = ptrace_lwpstatus(t, ptm, <, addr, data, false); 1495 break; 1496 1497 case PT_LWPNEXT: 1498 error = ptrace_lwpstatus(t, ptm, <, addr, data, true); 1499 break; 1500 1501 #ifdef PT_REGISTERS 1502 case_PT_SETREGS 1503 case_PT_GETREGS 1504 case_PT_SETFPREGS 1505 case_PT_GETFPREGS 1506 case_PT_SETDBREGS 1507 case_PT_GETDBREGS 1508 error = ptrace_regs(l, <, req, ptm, addr, data); 1509 break; 1510 #endif 1511 1512 #ifdef __HAVE_PTRACE_MACHDEP 1513 PTRACE_MACHDEP_REQUEST_CASES 1514 error = ptrace_machdep_dorequest(l, lt, req, addr, data); 1515 break; 1516 #endif 1517 } 1518 1519 out: 1520 if (pheld) { 1521 mutex_exit(t->p_lock); 1522 mutex_exit(proc_lock); 1523 } 1524 if (lt != NULL) 1525 lwp_delref(lt); 1526 if (locked) 1527 rw_exit(&t->p_reflock); 1528 1529 return error; 1530 } 1531 1532 typedef int (*regrfunc_t)(struct lwp *, void *, size_t *); 1533 typedef int (*regwfunc_t)(struct lwp *, void *, size_t); 1534 1535 #ifdef PT_REGISTERS 1536 static int 1537 proc_regio(struct lwp *l, struct uio *uio, size_t ks, regrfunc_t r, 1538 regwfunc_t w) 1539 { 1540 char buf[1024]; 1541 int error; 1542 char *kv; 1543 size_t kl; 1544 1545 if (ks > sizeof(buf)) 1546 return E2BIG; 1547 1548 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)ks) 1549 return EINVAL; 1550 1551 kv = buf + uio->uio_offset; 1552 kl = ks - uio->uio_offset; 1553 1554 if (kl > uio->uio_resid) 1555 kl = uio->uio_resid; 1556 1557 error = (*r)(l, buf, &ks); 1558 if (error == 0) 1559 error = uiomove(kv, kl, uio); 1560 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1561 if (l->l_stat != LSSTOP) 1562 error = EBUSY; 1563 else 1564 error = (*w)(l, buf, ks); 1565 } 1566 1567 uio->uio_offset = 0; 1568 return error; 1569 } 1570 #endif 1571 1572 int 1573 process_doregs(struct lwp *curl /*tracer*/, 1574 struct lwp *l /*traced*/, 1575 struct uio *uio) 1576 { 1577 #if defined(PT_GETREGS) || defined(PT_SETREGS) 1578 size_t s; 1579 regrfunc_t r; 1580 regwfunc_t w; 1581 1582 #ifdef COMPAT_NETBSD32 1583 const bool pk32 = (curl->l_proc->p_flag & PK_32) != 0; 1584 1585 if (__predict_false(pk32)) { 1586 if ((l->l_proc->p_flag & PK_32) == 0) { 1587 // 32 bit tracer can't trace 64 bit process 1588 return EINVAL; 1589 } 1590 s = sizeof(process_reg32); 1591 r = __FPTRCAST(regrfunc_t, process_read_regs32); 1592 w = __FPTRCAST(regwfunc_t, process_write_regs32); 1593 } else 1594 #endif 1595 { 1596 s = sizeof(struct reg); 1597 r = __FPTRCAST(regrfunc_t, process_read_regs); 1598 w = __FPTRCAST(regwfunc_t, process_write_regs); 1599 } 1600 return proc_regio(l, uio, s, r, w); 1601 #else 1602 return EINVAL; 1603 #endif 1604 } 1605 1606 int 1607 process_validregs(struct lwp *l) 1608 { 1609 1610 #if defined(PT_SETREGS) || defined(PT_GETREGS) 1611 return (l->l_flag & LW_SYSTEM) == 0; 1612 #else 1613 return 0; 1614 #endif 1615 } 1616 1617 int 1618 process_dofpregs(struct lwp *curl /*tracer*/, 1619 struct lwp *l /*traced*/, 1620 struct uio *uio) 1621 { 1622 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 1623 size_t s; 1624 regrfunc_t r; 1625 regwfunc_t w; 1626 1627 #ifdef COMPAT_NETBSD32 1628 const bool pk32 = (curl->l_proc->p_flag & PK_32) != 0; 1629 1630 if (__predict_false(pk32)) { 1631 if ((l->l_proc->p_flag & PK_32) == 0) { 1632 // 32 bit tracer can't trace 64 bit process 1633 return EINVAL; 1634 } 1635 s = sizeof(process_fpreg32); 1636 r = (regrfunc_t)process_read_fpregs32; 1637 w = (regwfunc_t)process_write_fpregs32; 1638 } else 1639 #endif 1640 { 1641 s = sizeof(struct fpreg); 1642 r = (regrfunc_t)process_read_fpregs; 1643 w = (regwfunc_t)process_write_fpregs; 1644 } 1645 return proc_regio(l, uio, s, r, w); 1646 #else 1647 return EINVAL; 1648 #endif 1649 } 1650 1651 int 1652 process_validfpregs(struct lwp *l) 1653 { 1654 1655 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 1656 return (l->l_flag & LW_SYSTEM) == 0; 1657 #else 1658 return 0; 1659 #endif 1660 } 1661 1662 int 1663 process_dodbregs(struct lwp *curl /*tracer*/, 1664 struct lwp *l /*traced*/, 1665 struct uio *uio) 1666 { 1667 #if defined(PT_GETDBREGS) || defined(PT_SETDBREGS) 1668 size_t s; 1669 regrfunc_t r; 1670 regwfunc_t w; 1671 1672 #ifdef COMPAT_NETBSD32 1673 const bool pk32 = (curl->l_proc->p_flag & PK_32) != 0; 1674 1675 if (__predict_false(pk32)) { 1676 if ((l->l_proc->p_flag & PK_32) == 0) { 1677 // 32 bit tracer can't trace 64 bit process 1678 return EINVAL; 1679 } 1680 s = sizeof(process_dbreg32); 1681 r = (regrfunc_t)process_read_dbregs32; 1682 w = (regwfunc_t)process_write_dbregs32; 1683 } else 1684 #endif 1685 { 1686 s = sizeof(struct dbreg); 1687 r = (regrfunc_t)process_read_dbregs; 1688 w = (regwfunc_t)process_write_dbregs; 1689 } 1690 return proc_regio(l, uio, s, r, w); 1691 #else 1692 return EINVAL; 1693 #endif 1694 } 1695 1696 int 1697 process_validdbregs(struct lwp *l) 1698 { 1699 1700 #if defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 1701 return (l->l_flag & LW_SYSTEM) == 0; 1702 #else 1703 return 0; 1704 #endif 1705 } 1706 1707 static int 1708 process_auxv_offset(struct proc *p, struct uio *uio) 1709 { 1710 struct ps_strings pss; 1711 int error; 1712 off_t off = (off_t)p->p_psstrp; 1713 1714 if ((error = copyin_psstrings(p, &pss)) != 0) 1715 return error; 1716 1717 if (pss.ps_envstr == NULL) 1718 return EIO; 1719 1720 #ifdef COMPAT_NETBSD32 1721 if (p->p_flag & PK_32) 1722 uio->uio_offset += (off_t)((vaddr_t)pss.ps_envstr + 1723 sizeof(uint32_t) * (pss.ps_nenvstr + 1)); 1724 else 1725 #endif 1726 uio->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + 1727 pss.ps_nenvstr + 1); 1728 1729 #ifdef __MACHINE_STACK_GROWS_UP 1730 if (uio->uio_offset < off) 1731 return EIO; 1732 #else 1733 if (uio->uio_offset > off) 1734 return EIO; 1735 if ((uio->uio_offset + uio->uio_resid) > off) 1736 uio->uio_resid = off - uio->uio_offset; 1737 #endif 1738 return 0; 1739 } 1740 #endif /* PTRACE */ 1741 1742 MODULE(MODULE_CLASS_EXEC, ptrace_common, NULL); 1743 1744 static int 1745 ptrace_common_modcmd(modcmd_t cmd, void *arg) 1746 { 1747 int error; 1748 1749 switch (cmd) { 1750 case MODULE_CMD_INIT: 1751 error = ptrace_init(); 1752 break; 1753 case MODULE_CMD_FINI: 1754 error = ptrace_fini(); 1755 break; 1756 default: 1757 ptrace_hooks(); 1758 error = ENOTTY; 1759 break; 1760 } 1761 return error; 1762 } 1763