1 /* $NetBSD: sys_ptrace_common.c,v 1.72 2019/11/17 02:22:14 rin Exp $ */ 2 3 /*- 4 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Andrew Doran. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1989, 1993 34 * The Regents of the University of California. All rights reserved. 35 * (c) UNIX System Laboratories, Inc. 36 * All or some portions of this file are derived from material licensed 37 * to the University of California by American Telephone and Telegraph 38 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 39 * the permission of UNIX System Laboratories, Inc. 40 * 41 * This code is derived from software contributed to Berkeley by 42 * Jan-Simon Pendry. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 3. Neither the name of the University nor the names of its contributors 53 * may be used to endorse or promote products derived from this software 54 * without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 * 68 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 69 */ 70 71 /*- 72 * Copyright (c) 1993 Jan-Simon Pendry. 73 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 74 * 75 * This code is derived from software contributed to Berkeley by 76 * Jan-Simon Pendry. 77 * 78 * Redistribution and use in source and binary forms, with or without 79 * modification, are permitted provided that the following conditions 80 * are met: 81 * 1. Redistributions of source code must retain the above copyright 82 * notice, this list of conditions and the following disclaimer. 83 * 2. Redistributions in binary form must reproduce the above copyright 84 * notice, this list of conditions and the following disclaimer in the 85 * documentation and/or other materials provided with the distribution. 86 * 3. All advertising materials mentioning features or use of this software 87 * must display the following acknowledgement: 88 * This product includes software developed by the University of 89 * California, Berkeley and its contributors. 90 * 4. Neither the name of the University nor the names of its contributors 91 * may be used to endorse or promote products derived from this software 92 * without specific prior written permission. 93 * 94 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 97 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 98 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 99 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 100 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 101 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 104 * SUCH DAMAGE. 105 * 106 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 107 */ 108 109 /* 110 * References: 111 * (1) Bach's "The Design of the UNIX Operating System", 112 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 113 * (3) the "4.4BSD Programmer's Reference Manual" published 114 * by USENIX and O'Reilly & Associates. 115 * The 4.4BSD PRM does a reasonably good job of documenting what the various 116 * ptrace() requests should actually do, and its text is quoted several times 117 * in this file. 118 */ 119 120 #include <sys/cdefs.h> 121 __KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.72 2019/11/17 02:22:14 rin Exp $"); 122 123 #ifdef _KERNEL_OPT 124 #include "opt_ptrace.h" 125 #include "opt_ktrace.h" 126 #include "opt_pax.h" 127 #include "opt_compat_netbsd32.h" 128 #endif 129 130 #if defined(__HAVE_COMPAT_NETBSD32) && !defined(COMPAT_NETBSD32) \ 131 && !defined(_RUMPKERNEL) 132 #define COMPAT_NETBSD32 133 #endif 134 135 #include <sys/param.h> 136 #include <sys/systm.h> 137 #include <sys/proc.h> 138 #include <sys/errno.h> 139 #include <sys/exec.h> 140 #include <sys/pax.h> 141 #include <sys/ptrace.h> 142 #include <sys/uio.h> 143 #include <sys/ras.h> 144 #include <sys/kmem.h> 145 #include <sys/kauth.h> 146 #include <sys/mount.h> 147 #include <sys/syscallargs.h> 148 #include <sys/module.h> 149 #include <sys/condvar.h> 150 #include <sys/mutex.h> 151 #include <sys/compat_stub.h> 152 153 #include <uvm/uvm_extern.h> 154 155 #include <machine/reg.h> 156 157 #ifdef PTRACE 158 # ifdef PTRACE_DEBUG 159 # define DPRINTF(a) uprintf a 160 # else 161 # define DPRINTF(a) 162 # endif 163 164 static kauth_listener_t ptrace_listener; 165 static int process_auxv_offset(struct proc *, struct uio *); 166 167 extern int user_va0_disable; 168 169 #if 0 170 static int ptrace_cbref; 171 static kmutex_t ptrace_mtx; 172 static kcondvar_t ptrace_cv; 173 #endif 174 175 #ifdef PT_GETREGS 176 # define case_PT_GETREGS case PT_GETREGS: 177 #else 178 # define case_PT_GETREGS 179 #endif 180 181 #ifdef PT_SETREGS 182 # define case_PT_SETREGS case PT_SETREGS: 183 #else 184 # define case_PT_SETREGS 185 #endif 186 187 #ifdef PT_GETFPREGS 188 # define case_PT_GETFPREGS case PT_GETFPREGS: 189 #else 190 # define case_PT_GETFPREGS 191 #endif 192 193 #ifdef PT_SETFPREGS 194 # define case_PT_SETFPREGS case PT_SETFPREGS: 195 #else 196 # define case_PT_SETFPREGS 197 #endif 198 199 #ifdef PT_GETDBREGS 200 # define case_PT_GETDBREGS case PT_GETDBREGS: 201 #else 202 # define case_PT_GETDBREGS 203 #endif 204 205 #ifdef PT_SETDBREGS 206 # define case_PT_SETDBREGS case PT_SETDBREGS: 207 #else 208 # define case_PT_SETDBREGS 209 #endif 210 211 #if defined(PT_SETREGS) || defined(PT_GETREGS) || \ 212 defined(PT_SETFPREGS) || defined(PT_GETFPREGS) || \ 213 defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 214 # define PT_REGISTERS 215 #endif 216 217 static int 218 ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 219 void *arg0, void *arg1, void *arg2, void *arg3) 220 { 221 struct proc *p; 222 int result; 223 #ifdef PT_SETDBREGS 224 extern int user_set_dbregs; 225 #endif 226 227 result = KAUTH_RESULT_DEFER; 228 p = arg0; 229 230 #if 0 231 mutex_enter(&ptrace_mtx); 232 ptrace_cbref++; 233 mutex_exit(&ptrace_mtx); 234 #endif 235 if (action != KAUTH_PROCESS_PTRACE) 236 goto out; 237 238 switch ((u_long)arg1) { 239 #ifdef PT_SETDBREGS 240 case_PT_SETDBREGS 241 if (kauth_cred_getuid(cred) != 0 && user_set_dbregs == 0) { 242 result = KAUTH_RESULT_DENY; 243 break; 244 } 245 #endif 246 /* FALLTHROUGH */ 247 case PT_TRACE_ME: 248 case PT_ATTACH: 249 case PT_WRITE_I: 250 case PT_WRITE_D: 251 case PT_READ_I: 252 case PT_READ_D: 253 case PT_IO: 254 case_PT_GETREGS 255 case_PT_SETREGS 256 case_PT_GETFPREGS 257 case_PT_SETFPREGS 258 case_PT_GETDBREGS 259 case PT_SET_EVENT_MASK: 260 case PT_GET_EVENT_MASK: 261 case PT_GET_PROCESS_STATE: 262 case PT_SET_SIGINFO: 263 case PT_GET_SIGINFO: 264 #ifdef __HAVE_PTRACE_MACHDEP 265 PTRACE_MACHDEP_REQUEST_CASES 266 #endif 267 if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) || 268 ISSET(p->p_flag, PK_SUGID)) { 269 break; 270 } 271 272 result = KAUTH_RESULT_ALLOW; 273 274 break; 275 276 #ifdef PT_STEP 277 case PT_STEP: 278 case PT_SETSTEP: 279 case PT_CLEARSTEP: 280 #endif 281 case PT_CONTINUE: 282 case PT_KILL: 283 case PT_DETACH: 284 case PT_LWPINFO: 285 case PT_SYSCALL: 286 case PT_SYSCALLEMU: 287 case PT_DUMPCORE: 288 case PT_RESUME: 289 case PT_SUSPEND: 290 case PT_STOP: 291 result = KAUTH_RESULT_ALLOW; 292 break; 293 294 default: 295 break; 296 } 297 298 out: 299 #if 0 300 mutex_enter(&ptrace_mtx); 301 if (--ptrace_cbref == 0) 302 cv_broadcast(&ptrace_cv); 303 mutex_exit(&ptrace_mtx); 304 #endif 305 306 return result; 307 } 308 309 int 310 ptrace_init(void) 311 { 312 313 #if 0 314 mutex_init(&ptrace_mtx, MUTEX_DEFAULT, IPL_NONE); 315 cv_init(&ptrace_cv, "ptracecb"); 316 ptrace_cbref = 0; 317 #endif 318 ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 319 ptrace_listener_cb, NULL); 320 return 0; 321 } 322 323 int 324 ptrace_fini(void) 325 { 326 327 kauth_unlisten_scope(ptrace_listener); 328 329 #if 0 330 /* Make sure no-one is executing our kauth listener */ 331 332 mutex_enter(&ptrace_mtx); 333 while (ptrace_cbref != 0) 334 cv_wait(&ptrace_cv, &ptrace_mtx); 335 mutex_exit(&ptrace_mtx); 336 mutex_destroy(&ptrace_mtx); 337 cv_destroy(&ptrace_cv); 338 #endif 339 340 return 0; 341 } 342 343 static struct proc * 344 ptrace_find(struct lwp *l, int req, pid_t pid) 345 { 346 struct proc *t; 347 348 /* "A foolish consistency..." XXX */ 349 if (req == PT_TRACE_ME) { 350 t = l->l_proc; 351 mutex_enter(t->p_lock); 352 return t; 353 } 354 355 /* Find the process we're supposed to be operating on. */ 356 t = proc_find(pid); 357 if (t == NULL) 358 return NULL; 359 360 /* XXX-elad */ 361 mutex_enter(t->p_lock); 362 int error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, 363 t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 364 if (error) { 365 mutex_exit(t->p_lock); 366 return NULL; 367 } 368 return t; 369 } 370 371 static int 372 ptrace_allowed(struct lwp *l, int req, struct proc *t, struct proc *p, 373 bool *locked) 374 { 375 *locked = false; 376 377 /* 378 * Grab a reference on the process to prevent it from execing or 379 * exiting. 380 */ 381 if (!rw_tryenter(&t->p_reflock, RW_READER)) 382 return EBUSY; 383 384 *locked = true; 385 386 /* Make sure we can operate on it. */ 387 switch (req) { 388 case PT_TRACE_ME: 389 /* 390 * You can't say to the parent of a process to start tracing if: 391 * (1) the parent is initproc, 392 */ 393 if (p->p_pptr == initproc) 394 return EPERM; 395 396 /* 397 * (2) the process is initproc, or 398 */ 399 if (p == initproc) 400 return EPERM; 401 402 /* 403 * (3) the child is already traced. 404 */ 405 if (ISSET(p->p_slflag, PSL_TRACED)) 406 return EBUSY; 407 408 return 0; 409 410 case PT_ATTACH: 411 /* 412 * You can't attach to a process if: 413 * (1) it's the process that's doing the attaching, 414 */ 415 if (t == p) 416 return EINVAL; 417 418 /* 419 * (2) it's a system process, 420 */ 421 if (t->p_flag & PK_SYSTEM) 422 return EPERM; 423 424 /* 425 * (3) the tracer is initproc, 426 */ 427 if (p == initproc) 428 return EPERM; 429 430 /* 431 * (4) it's already being traced, 432 */ 433 if (ISSET(t->p_slflag, PSL_TRACED)) 434 return EBUSY; 435 436 /* 437 * (5) it's a vfork(2)ed parent of the current process, or 438 */ 439 if (ISSET(p->p_lflag, PL_PPWAIT) && p->p_pptr == t) 440 return EPERM; 441 442 /* 443 * (6) the tracer is chrooted, and its root directory is 444 * not at or above the root directory of the tracee 445 */ 446 mutex_exit(t->p_lock); /* XXXSMP */ 447 int tmp = proc_isunder(t, l); 448 mutex_enter(t->p_lock); /* XXXSMP */ 449 if (!tmp) 450 return EPERM; 451 return 0; 452 453 case PT_READ_I: 454 case PT_READ_D: 455 case PT_WRITE_I: 456 case PT_WRITE_D: 457 case PT_IO: 458 case PT_SET_SIGINFO: 459 case PT_GET_SIGINFO: 460 case_PT_GETREGS 461 case_PT_SETREGS 462 case_PT_GETFPREGS 463 case_PT_SETFPREGS 464 case_PT_GETDBREGS 465 case_PT_SETDBREGS 466 #ifdef __HAVE_PTRACE_MACHDEP 467 PTRACE_MACHDEP_REQUEST_CASES 468 #endif 469 /* 470 * You can't read/write the memory or registers of a process 471 * if the tracer is chrooted, and its root directory is not at 472 * or above the root directory of the tracee. 473 */ 474 mutex_exit(t->p_lock); /* XXXSMP */ 475 tmp = proc_isunder(t, l); 476 mutex_enter(t->p_lock); /* XXXSMP */ 477 if (!tmp) 478 return EPERM; 479 /*FALLTHROUGH*/ 480 481 case PT_CONTINUE: 482 case PT_KILL: 483 case PT_DETACH: 484 case PT_LWPINFO: 485 case PT_SYSCALL: 486 case PT_SYSCALLEMU: 487 case PT_DUMPCORE: 488 #ifdef PT_STEP 489 case PT_STEP: 490 case PT_SETSTEP: 491 case PT_CLEARSTEP: 492 #endif 493 case PT_SET_EVENT_MASK: 494 case PT_GET_EVENT_MASK: 495 case PT_GET_PROCESS_STATE: 496 case PT_RESUME: 497 case PT_SUSPEND: 498 case PT_STOP: 499 /* 500 * You can't do what you want to the process if: 501 * (1) It's not being traced at all, 502 */ 503 if (!ISSET(t->p_slflag, PSL_TRACED)) 504 return EPERM; 505 506 /* 507 * (2) it's not being traced by _you_, or 508 */ 509 if (t->p_pptr != p) { 510 DPRINTF(("parent %d != %d\n", t->p_pptr->p_pid, 511 p->p_pid)); 512 return EBUSY; 513 } 514 515 /* 516 * (3) it's not currently stopped. 517 * 518 * As an exception allow PT_KILL and PT_STOP here. 519 */ 520 if (req != PT_KILL && req != PT_STOP && 521 (t->p_stat != SSTOP || !t->p_waited /* XXXSMP */)) { 522 DPRINTF(("stat %d flag %d\n", t->p_stat, 523 !t->p_waited)); 524 return EBUSY; 525 } 526 return 0; 527 528 default: /* It was not a legal request. */ 529 return EINVAL; 530 } 531 } 532 533 static int 534 ptrace_needs_hold(int req) 535 { 536 switch (req) { 537 #ifdef PT_STEP 538 case PT_STEP: 539 #endif 540 case PT_CONTINUE: 541 case PT_DETACH: 542 case PT_KILL: 543 case PT_SYSCALL: 544 case PT_SYSCALLEMU: 545 case PT_ATTACH: 546 case PT_TRACE_ME: 547 case PT_GET_SIGINFO: 548 case PT_SET_SIGINFO: 549 case PT_STOP: 550 return 1; 551 default: 552 return 0; 553 } 554 } 555 556 static int 557 ptrace_update_lwp(struct proc *t, struct lwp **lt, lwpid_t lid) 558 { 559 if (lid == 0 || lid == (*lt)->l_lid || t->p_nlwps == 1) 560 return 0; 561 562 mutex_enter(t->p_lock); 563 lwp_delref2(*lt); 564 565 *lt = lwp_find(t, lid); 566 if (*lt == NULL) { 567 mutex_exit(t->p_lock); 568 return ESRCH; 569 } 570 571 if ((*lt)->l_flag & LW_SYSTEM) { 572 mutex_exit(t->p_lock); 573 *lt = NULL; 574 return EINVAL; 575 } 576 577 lwp_addref(*lt); 578 mutex_exit(t->p_lock); 579 580 return 0; 581 } 582 583 static int 584 ptrace_get_siginfo(struct proc *t, struct ptrace_methods *ptm, void *addr, 585 size_t data) 586 { 587 struct ptrace_siginfo psi; 588 589 memset(&psi, 0, sizeof(psi)); 590 psi.psi_siginfo._info = t->p_sigctx.ps_info; 591 psi.psi_lwpid = t->p_sigctx.ps_lwp; 592 DPRINTF(("%s: lwp=%d signal=%d\n", __func__, psi.psi_lwpid, 593 psi.psi_siginfo.si_signo)); 594 595 return ptm->ptm_copyout_siginfo(&psi, addr, data); 596 } 597 598 static int 599 ptrace_set_siginfo(struct proc *t, struct lwp **lt, struct ptrace_methods *ptm, 600 void *addr, size_t data) 601 { 602 struct ptrace_siginfo psi; 603 604 int error = ptm->ptm_copyin_siginfo(&psi, addr, data); 605 if (error) 606 return error; 607 608 /* Check that the data is a valid signal number or zero. */ 609 if (psi.psi_siginfo.si_signo < 0 || psi.psi_siginfo.si_signo >= NSIG) 610 return EINVAL; 611 612 t->p_sigctx.ps_faked = true; 613 t->p_sigctx.ps_info = psi.psi_siginfo._info; 614 t->p_sigctx.ps_lwp = psi.psi_lwpid; 615 DPRINTF(("%s: lwp=%d signal=%d\n", __func__, psi.psi_lwpid, 616 psi.psi_siginfo.si_signo)); 617 return 0; 618 } 619 620 static int 621 ptrace_get_event_mask(struct proc *t, void *addr, size_t data) 622 { 623 struct ptrace_event pe; 624 625 if (data != sizeof(pe)) { 626 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pe))); 627 return EINVAL; 628 } 629 memset(&pe, 0, sizeof(pe)); 630 pe.pe_set_event = ISSET(t->p_slflag, PSL_TRACEFORK) ? 631 PTRACE_FORK : 0; 632 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK) ? 633 PTRACE_VFORK : 0; 634 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK_DONE) ? 635 PTRACE_VFORK_DONE : 0; 636 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_CREATE) ? 637 PTRACE_LWP_CREATE : 0; 638 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_EXIT) ? 639 PTRACE_LWP_EXIT : 0; 640 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEPOSIX_SPAWN) ? 641 PTRACE_POSIX_SPAWN : 0; 642 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 643 t->p_sigctx.ps_lwp, pe.pe_set_event)); 644 return copyout(&pe, addr, sizeof(pe)); 645 } 646 647 static int 648 ptrace_set_event_mask(struct proc *t, void *addr, size_t data) 649 { 650 struct ptrace_event pe; 651 int error; 652 653 if (data != sizeof(pe)) { 654 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pe))); 655 return EINVAL; 656 } 657 if ((error = copyin(addr, &pe, sizeof(pe))) != 0) 658 return error; 659 660 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 661 t->p_sigctx.ps_lwp, pe.pe_set_event)); 662 if (pe.pe_set_event & PTRACE_FORK) 663 SET(t->p_slflag, PSL_TRACEFORK); 664 else 665 CLR(t->p_slflag, PSL_TRACEFORK); 666 667 if (pe.pe_set_event & PTRACE_VFORK) 668 SET(t->p_slflag, PSL_TRACEVFORK); 669 else 670 CLR(t->p_slflag, PSL_TRACEVFORK); 671 672 if (pe.pe_set_event & PTRACE_VFORK_DONE) 673 SET(t->p_slflag, PSL_TRACEVFORK_DONE); 674 else 675 CLR(t->p_slflag, PSL_TRACEVFORK_DONE); 676 677 if (pe.pe_set_event & PTRACE_LWP_CREATE) 678 SET(t->p_slflag, PSL_TRACELWP_CREATE); 679 else 680 CLR(t->p_slflag, PSL_TRACELWP_CREATE); 681 682 if (pe.pe_set_event & PTRACE_LWP_EXIT) 683 SET(t->p_slflag, PSL_TRACELWP_EXIT); 684 else 685 CLR(t->p_slflag, PSL_TRACELWP_EXIT); 686 687 if (pe.pe_set_event & PTRACE_POSIX_SPAWN) 688 SET(t->p_slflag, PSL_TRACEPOSIX_SPAWN); 689 else 690 CLR(t->p_slflag, PSL_TRACEPOSIX_SPAWN); 691 692 return 0; 693 } 694 695 static int 696 ptrace_get_process_state(struct proc *t, void *addr, size_t data) 697 { 698 struct _ksiginfo *si; 699 struct ptrace_state ps; 700 701 if (data != sizeof(ps)) { 702 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(ps))); 703 return EINVAL; 704 } 705 706 if (t->p_sigctx.ps_info._signo != SIGTRAP || 707 (t->p_sigctx.ps_info._code != TRAP_CHLD && 708 t->p_sigctx.ps_info._code != TRAP_LWP)) { 709 memset(&ps, 0, sizeof(ps)); 710 } else { 711 si = &t->p_sigctx.ps_info; 712 713 KASSERT(si->_reason._ptrace_state._pe_report_event > 0); 714 KASSERT(si->_reason._ptrace_state._option._pe_other_pid > 0); 715 716 ps.pe_report_event = si->_reason._ptrace_state._pe_report_event; 717 718 CTASSERT(sizeof(ps.pe_other_pid) == sizeof(ps.pe_lwp)); 719 ps.pe_other_pid = 720 si->_reason._ptrace_state._option._pe_other_pid; 721 } 722 723 DPRINTF(("%s: lwp=%d event=%#x pid=%d lwp=%d\n", __func__, 724 t->p_sigctx.ps_lwp, ps.pe_report_event, 725 ps.pe_other_pid, ps.pe_lwp)); 726 return copyout(&ps, addr, sizeof(ps)); 727 } 728 729 static int 730 ptrace_lwpinfo(struct proc *t, struct lwp **lt, void *addr, size_t data) 731 { 732 struct ptrace_lwpinfo pl; 733 734 if (data != sizeof(pl)) { 735 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pl))); 736 return EINVAL; 737 } 738 int error = copyin(addr, &pl, sizeof(pl)); 739 if (error) 740 return error; 741 742 lwpid_t tmp = pl.pl_lwpid; 743 lwp_delref(*lt); 744 mutex_enter(t->p_lock); 745 if (tmp == 0) 746 *lt = lwp_find_first(t); 747 else { 748 *lt = lwp_find(t, tmp); 749 if (*lt == NULL) { 750 mutex_exit(t->p_lock); 751 return ESRCH; 752 } 753 *lt = LIST_NEXT(*lt, l_sibling); 754 } 755 756 while (*lt != NULL && !lwp_alive(*lt)) 757 *lt = LIST_NEXT(*lt, l_sibling); 758 759 pl.pl_lwpid = 0; 760 pl.pl_event = 0; 761 if (*lt) { 762 lwp_addref(*lt); 763 pl.pl_lwpid = (*lt)->l_lid; 764 765 if ((*lt)->l_flag & LW_WSUSPEND) 766 pl.pl_event = PL_EVENT_SUSPENDED; 767 /* 768 * If we match the lwp, or it was sent to every lwp, 769 * we set PL_EVENT_SIGNAL. 770 * XXX: ps_lwp == 0 means everyone and noone, so 771 * check ps_signo too. 772 */ 773 else if ((*lt)->l_lid == t->p_sigctx.ps_lwp 774 || (t->p_sigctx.ps_lwp == 0 && 775 t->p_sigctx.ps_info._signo)) { 776 DPRINTF(("%s: lwp=%d siglwp=%d signo %d\n", __func__, 777 pl.pl_lwpid, t->p_sigctx.ps_lwp, 778 t->p_sigctx.ps_info._signo)); 779 pl.pl_event = PL_EVENT_SIGNAL; 780 } 781 } 782 mutex_exit(t->p_lock); 783 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 784 pl.pl_lwpid, pl.pl_event)); 785 786 return copyout(&pl, addr, sizeof(pl)); 787 } 788 789 static int 790 ptrace_startstop(struct proc *t, struct lwp **lt, int rq, void *addr, 791 size_t data) 792 { 793 int error; 794 795 if ((error = ptrace_update_lwp(t, lt, data)) != 0) 796 return error; 797 798 DPRINTF(("%s: lwp=%d request=%d\n", __func__, (*lt)->l_lid, rq)); 799 lwp_lock(*lt); 800 if (rq == PT_SUSPEND) 801 (*lt)->l_flag |= LW_DBGSUSPEND; 802 else { 803 (*lt)->l_flag &= ~LW_DBGSUSPEND; 804 if ((*lt)->l_flag != LSSUSPENDED) 805 (*lt)->l_stat = LSSTOP; 806 } 807 lwp_unlock(*lt); 808 return 0; 809 } 810 811 #ifdef PT_REGISTERS 812 static int 813 ptrace_uio_dir(int req) 814 { 815 switch (req) { 816 case_PT_GETREGS 817 case_PT_GETFPREGS 818 case_PT_GETDBREGS 819 return UIO_READ; 820 case_PT_SETREGS 821 case_PT_SETFPREGS 822 case_PT_SETDBREGS 823 return UIO_WRITE; 824 default: 825 return -1; 826 } 827 } 828 829 static int 830 ptrace_regs(struct lwp *l, struct lwp **lt, int rq, struct ptrace_methods *ptm, 831 void *addr, size_t data) 832 { 833 int error; 834 struct proc *t = (*lt)->l_proc; 835 struct vmspace *vm; 836 837 if ((error = ptrace_update_lwp(t, lt, data)) != 0) 838 return error; 839 840 int dir = ptrace_uio_dir(rq); 841 size_t size; 842 int (*func)(struct lwp *, struct lwp *, struct uio *); 843 844 DPRINTF(("%s: lwp=%d request=%d\n", __func__, l->l_lid, rq)); 845 846 switch (rq) { 847 #if defined(PT_SETREGS) || defined(PT_GETREGS) 848 case_PT_GETREGS 849 case_PT_SETREGS 850 if (!process_validregs(*lt)) 851 return EINVAL; 852 size = PROC_REGSZ(t); 853 func = ptm->ptm_doregs; 854 break; 855 #endif 856 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 857 case_PT_GETFPREGS 858 case_PT_SETFPREGS 859 if (!process_validfpregs(*lt)) 860 return EINVAL; 861 size = PROC_FPREGSZ(t); 862 func = ptm->ptm_dofpregs; 863 break; 864 #endif 865 #if defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 866 case_PT_GETDBREGS 867 case_PT_SETDBREGS 868 if (!process_validdbregs(*lt)) 869 return EINVAL; 870 size = PROC_DBREGSZ(t); 871 func = ptm->ptm_dodbregs; 872 break; 873 #endif 874 default: 875 return EINVAL; 876 } 877 878 error = proc_vmspace_getref(l->l_proc, &vm); 879 if (error) 880 return error; 881 882 struct uio uio; 883 struct iovec iov; 884 885 iov.iov_base = addr; 886 iov.iov_len = size; 887 uio.uio_iov = &iov; 888 uio.uio_iovcnt = 1; 889 uio.uio_offset = 0; 890 uio.uio_resid = iov.iov_len; 891 uio.uio_rw = dir; 892 uio.uio_vmspace = vm; 893 894 error = (*func)(l, *lt, &uio); 895 uvmspace_free(vm); 896 return error; 897 } 898 #endif 899 900 static int 901 ptrace_sendsig(struct lwp *l, int req, struct proc *t, struct lwp *lt, int signo, int resume_all) 902 { 903 ksiginfo_t ksi; 904 905 /* Finally, deliver the requested signal (or none). */ 906 if (t->p_stat == SSTOP) { 907 /* 908 * Unstop the process. If it needs to take a 909 * signal, make all efforts to ensure that at 910 * an LWP runs to see it. 911 */ 912 t->p_xsig = signo; 913 914 /* 915 * signo > 0 check prevents a potential panic, as 916 * sigismember(&...,0) is invalid check and signo 917 * can be equal to 0 as a special case of no-signal. 918 */ 919 if (signo > 0 && sigismember(&stopsigmask, signo)) { 920 t->p_waited = 0; 921 child_psignal(t, 0); 922 } else if (resume_all) 923 proc_unstop(t); 924 else 925 lwp_unstop(lt); 926 return 0; 927 } 928 929 KASSERT(req == PT_KILL || req == PT_STOP || req == PT_ATTACH); 930 931 KSI_INIT(&ksi); 932 ksi.ksi_signo = signo; 933 ksi.ksi_code = SI_USER; 934 ksi.ksi_pid = l->l_proc->p_pid; 935 ksi.ksi_uid = kauth_cred_geteuid(l->l_cred); 936 937 t->p_sigctx.ps_faked = false; 938 939 DPRINTF(("%s: pid=%d.%d signal=%d resume_all=%d\n", __func__, t->p_pid, 940 lt->l_lid, signo, resume_all)); 941 942 return kpsignal2(t, &ksi); 943 } 944 945 static int 946 ptrace_dumpcore(struct lwp *lt, char *path, size_t len) 947 { 948 int error; 949 if (path != NULL) { 950 951 if (len >= MAXPATHLEN) 952 return EINVAL; 953 954 char *src = path; 955 path = kmem_alloc(len + 1, KM_SLEEP); 956 error = copyin(src, path, len); 957 if (error) 958 goto out; 959 path[len] = '\0'; 960 } 961 DPRINTF(("%s: lwp=%d\n", __func__, lt->l_lid)); 962 MODULE_HOOK_CALL(coredump_hook, (lt, path), 0, error); 963 out: 964 if (path) 965 kmem_free(path, len + 1); 966 return error; 967 } 968 969 static int 970 ptrace_doio(struct lwp *l, struct proc *t, struct lwp *lt, 971 struct ptrace_io_desc *piod, void *addr, bool sysspace) 972 { 973 struct uio uio; 974 struct iovec iov; 975 int error, tmp; 976 977 error = 0; 978 iov.iov_base = piod->piod_addr; 979 iov.iov_len = piod->piod_len; 980 uio.uio_iov = &iov; 981 uio.uio_iovcnt = 1; 982 uio.uio_offset = (off_t)(unsigned long)piod->piod_offs; 983 uio.uio_resid = piod->piod_len; 984 985 DPRINTF(("%s: lwp=%d request=%d\n", __func__, l->l_lid, piod->piod_op)); 986 987 switch (piod->piod_op) { 988 case PIOD_READ_D: 989 case PIOD_READ_I: 990 uio.uio_rw = UIO_READ; 991 break; 992 case PIOD_WRITE_D: 993 case PIOD_WRITE_I: 994 /* 995 * Can't write to a RAS 996 */ 997 if (ras_lookup(t, addr) != (void *)-1) { 998 return EACCES; 999 } 1000 uio.uio_rw = UIO_WRITE; 1001 break; 1002 case PIOD_READ_AUXV: 1003 uio.uio_rw = UIO_READ; 1004 tmp = t->p_execsw->es_arglen; 1005 if (uio.uio_offset > tmp) 1006 return EIO; 1007 if (uio.uio_resid > tmp - uio.uio_offset) 1008 uio.uio_resid = tmp - uio.uio_offset; 1009 piod->piod_len = iov.iov_len = uio.uio_resid; 1010 error = process_auxv_offset(t, &uio); 1011 break; 1012 default: 1013 error = EINVAL; 1014 break; 1015 } 1016 1017 if (error) 1018 return error; 1019 1020 if (sysspace) { 1021 uio.uio_vmspace = vmspace_kernel(); 1022 } else { 1023 error = proc_vmspace_getref(l->l_proc, &uio.uio_vmspace); 1024 if (error) 1025 return error; 1026 } 1027 1028 error = process_domem(l, lt, &uio); 1029 if (!sysspace) 1030 uvmspace_free(uio.uio_vmspace); 1031 if (error) 1032 return error; 1033 piod->piod_len -= uio.uio_resid; 1034 return 0; 1035 } 1036 1037 int 1038 do_ptrace(struct ptrace_methods *ptm, struct lwp *l, int req, pid_t pid, 1039 void *addr, int data, register_t *retval) 1040 { 1041 struct proc *p = l->l_proc; 1042 struct lwp *lt = NULL; 1043 struct lwp *lt2; 1044 struct proc *t; /* target process */ 1045 struct ptrace_io_desc piod; 1046 int error, write, tmp, pheld; 1047 int signo = 0; 1048 int resume_all; 1049 bool locked; 1050 error = 0; 1051 1052 /* 1053 * If attaching or detaching, we need to get a write hold on the 1054 * proclist lock so that we can re-parent the target process. 1055 */ 1056 mutex_enter(proc_lock); 1057 1058 t = ptrace_find(l, req, pid); 1059 if (t == NULL) { 1060 mutex_exit(proc_lock); 1061 return ESRCH; 1062 } 1063 1064 pheld = 1; 1065 if ((error = ptrace_allowed(l, req, t, p, &locked)) != 0) 1066 goto out; 1067 1068 if ((error = kauth_authorize_process(l->l_cred, 1069 KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req), NULL, NULL)) != 0) 1070 goto out; 1071 1072 if ((lt = lwp_find_first(t)) == NULL) { 1073 error = ESRCH; 1074 goto out; 1075 } 1076 1077 /* Do single-step fixup if needed. */ 1078 FIX_SSTEP(t); 1079 KASSERT(lt != NULL); 1080 lwp_addref(lt); 1081 1082 /* 1083 * Which locks do we need held? XXX Ugly. 1084 */ 1085 if ((pheld = ptrace_needs_hold(req)) == 0) { 1086 mutex_exit(t->p_lock); 1087 mutex_exit(proc_lock); 1088 } 1089 1090 /* Now do the operation. */ 1091 write = 0; 1092 *retval = 0; 1093 tmp = 0; 1094 resume_all = 1; 1095 1096 switch (req) { 1097 case PT_TRACE_ME: 1098 /* Just set the trace flag. */ 1099 SET(t->p_slflag, PSL_TRACED); 1100 t->p_opptr = t->p_pptr; 1101 break; 1102 1103 /* 1104 * The I and D separate address space has been inherited from PDP-11. 1105 * The 16-bit UNIX started with a single address space per program, 1106 * but was extended to two 16-bit (2 x 64kb) address spaces. 1107 * 1108 * We no longer maintain this feature in maintained architectures, but 1109 * we keep the API for backward compatiblity. Currently the I and D 1110 * operations are exactly the same and not distinguished in debuggers. 1111 */ 1112 case PT_WRITE_I: 1113 case PT_WRITE_D: 1114 write = 1; 1115 tmp = data; 1116 /* FALLTHROUGH */ 1117 case PT_READ_I: 1118 case PT_READ_D: 1119 piod.piod_addr = &tmp; 1120 piod.piod_len = sizeof(tmp); 1121 piod.piod_offs = addr; 1122 piod.piod_op = write ? PIOD_WRITE_D : PIOD_READ_D; 1123 if ((error = ptrace_doio(l, t, lt, &piod, addr, true)) != 0) 1124 break; 1125 /* 1126 * For legacy reasons we treat here two results as success: 1127 * - incomplete transfer piod.piod_len < sizeof(tmp) 1128 * - no transfer piod.piod_len == 0 1129 * 1130 * This means that there is no way to determine whether 1131 * transfer operation was performed in PT_WRITE and PT_READ 1132 * calls. 1133 */ 1134 if (!write) 1135 *retval = tmp; 1136 break; 1137 1138 case PT_IO: 1139 if ((error = ptm->ptm_copyin_piod(&piod, addr, data)) != 0) 1140 break; 1141 if (piod.piod_len < 1) { 1142 error = EINVAL; 1143 break; 1144 } 1145 if ((error = ptrace_doio(l, t, lt, &piod, addr, false)) != 0) 1146 break; 1147 /* 1148 * For legacy reasons we treat here two results as success: 1149 * - incomplete transfer piod.piod_len < sizeof(tmp) 1150 * - no transfer piod.piod_len == 0 1151 */ 1152 error = ptm->ptm_copyout_piod(&piod, addr, data); 1153 break; 1154 1155 case PT_DUMPCORE: 1156 error = ptrace_dumpcore(lt, addr, data); 1157 break; 1158 1159 #ifdef PT_STEP 1160 case PT_STEP: 1161 /* 1162 * From the 4.4BSD PRM: 1163 * "Execution continues as in request PT_CONTINUE; however 1164 * as soon as possible after execution of at least one 1165 * instruction, execution stops again. [ ... ]" 1166 */ 1167 #endif 1168 case PT_CONTINUE: 1169 case PT_SYSCALL: 1170 case PT_DETACH: 1171 if (req == PT_SYSCALL) { 1172 if (!ISSET(t->p_slflag, PSL_SYSCALL)) { 1173 SET(t->p_slflag, PSL_SYSCALL); 1174 #ifdef __HAVE_SYSCALL_INTERN 1175 (*t->p_emul->e_syscall_intern)(t); 1176 #endif 1177 } 1178 } else { 1179 if (ISSET(t->p_slflag, PSL_SYSCALL)) { 1180 CLR(t->p_slflag, PSL_SYSCALL); 1181 #ifdef __HAVE_SYSCALL_INTERN 1182 (*t->p_emul->e_syscall_intern)(t); 1183 #endif 1184 } 1185 } 1186 t->p_trace_enabled = trace_is_enabled(t); 1187 1188 /* 1189 * Pick up the LWPID, if supplied. There are two cases: 1190 * data < 0 : step or continue single thread, lwp = -data 1191 * data > 0 in PT_STEP : step this thread, continue others 1192 * For operations other than PT_STEP, data > 0 means 1193 * data is the signo to deliver to the process. 1194 */ 1195 tmp = data; 1196 if (tmp >= 0) { 1197 #ifdef PT_STEP 1198 if (req == PT_STEP) 1199 signo = 0; 1200 else 1201 #endif 1202 { 1203 signo = tmp; 1204 tmp = 0; /* don't search for LWP */ 1205 } 1206 } else if (tmp == INT_MIN) { 1207 error = ESRCH; 1208 break; 1209 } else { 1210 tmp = -tmp; 1211 } 1212 1213 if (tmp > 0) { 1214 if (req == PT_DETACH) { 1215 error = EINVAL; 1216 break; 1217 } 1218 lwp_delref2 (lt); 1219 lt = lwp_find(t, tmp); 1220 if (lt == NULL) { 1221 error = ESRCH; 1222 break; 1223 } 1224 lwp_addref(lt); 1225 resume_all = 0; 1226 signo = 0; 1227 } 1228 1229 /* 1230 * From the 4.4BSD PRM: 1231 * "The data argument is taken as a signal number and the 1232 * child's execution continues at location addr as if it 1233 * incurred that signal. Normally the signal number will 1234 * be either 0 to indicate that the signal that caused the 1235 * stop should be ignored, or that value fetched out of 1236 * the process's image indicating which signal caused 1237 * the stop. If addr is (int *)1 then execution continues 1238 * from where it stopped." 1239 */ 1240 1241 /* Check that the data is a valid signal number or zero. */ 1242 if (signo < 0 || signo >= NSIG) { 1243 error = EINVAL; 1244 break; 1245 } 1246 1247 /* Prevent process deadlock */ 1248 if (resume_all) { 1249 #ifdef PT_STEP 1250 if (req == PT_STEP) { 1251 if (lt->l_flag & 1252 (LW_WSUSPEND | LW_DBGSUSPEND)) { 1253 error = EDEADLK; 1254 break; 1255 } 1256 } else 1257 #endif 1258 { 1259 error = EDEADLK; 1260 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1261 if ((lt2->l_flag & 1262 (LW_WSUSPEND | LW_DBGSUSPEND)) == 0 1263 ) { 1264 error = 0; 1265 break; 1266 } 1267 } 1268 if (error != 0) 1269 break; 1270 } 1271 } else { 1272 if (lt->l_flag & (LW_WSUSPEND | LW_DBGSUSPEND)) { 1273 error = EDEADLK; 1274 break; 1275 } 1276 } 1277 1278 /* 1279 * Reject setting program counter to 0x0 if VA0 is disabled. 1280 * 1281 * Not all kernels implement this feature to set Program 1282 * Counter in one go in PT_CONTINUE and similar operations. 1283 * This causes portability issues as passing address 0x0 1284 * on these kernels is no-operation, but can cause failure 1285 * in most cases on NetBSD. 1286 */ 1287 if (user_va0_disable && addr == 0) { 1288 error = EINVAL; 1289 break; 1290 } 1291 1292 /* If the address parameter is not (int *)1, set the pc. */ 1293 if ((int *)addr != (int *)1) { 1294 error = process_set_pc(lt, addr); 1295 if (error != 0) 1296 break; 1297 } 1298 #ifdef PT_STEP 1299 /* 1300 * Arrange for a single-step, if that's requested and possible. 1301 * More precisely, set the single step status as requested for 1302 * the requested thread, and clear it for other threads. 1303 */ 1304 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1305 if (ISSET(lt2->l_pflag, LP_SINGLESTEP)) { 1306 lwp_lock(lt2); 1307 process_sstep(lt2, 1); 1308 lwp_unlock(lt2); 1309 } else if (lt != lt2) { 1310 lwp_lock(lt2); 1311 process_sstep(lt2, 0); 1312 lwp_unlock(lt2); 1313 } 1314 } 1315 error = process_sstep(lt, 1316 ISSET(lt->l_pflag, LP_SINGLESTEP) || req == PT_STEP); 1317 if (error) 1318 break; 1319 #endif 1320 if (req == PT_DETACH) { 1321 CLR(t->p_slflag, PSL_TRACED|PSL_SYSCALL); 1322 1323 /* give process back to original parent or init */ 1324 if (t->p_opptr != t->p_pptr) { 1325 struct proc *pp = t->p_opptr; 1326 proc_reparent(t, pp ? pp : initproc); 1327 } 1328 1329 /* not being traced any more */ 1330 t->p_opptr = NULL; 1331 1332 /* clear single step */ 1333 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1334 CLR(lt2->l_pflag, LP_SINGLESTEP); 1335 } 1336 CLR(lt->l_pflag, LP_SINGLESTEP); 1337 } 1338 sendsig: 1339 error = ptrace_sendsig(l, req, t, lt, signo, resume_all); 1340 break; 1341 1342 case PT_SYSCALLEMU: 1343 if (!ISSET(t->p_slflag, PSL_SYSCALL) || t->p_stat != SSTOP) { 1344 error = EINVAL; 1345 break; 1346 } 1347 SET(t->p_slflag, PSL_SYSCALLEMU); 1348 break; 1349 1350 #ifdef PT_STEP 1351 case PT_SETSTEP: 1352 write = 1; 1353 1354 /* FALLTHROUGH */ 1355 case PT_CLEARSTEP: 1356 /* write = 0 done above. */ 1357 if ((error = ptrace_update_lwp(t, <, data)) != 0) 1358 break; 1359 1360 if (write) 1361 SET(lt->l_pflag, LP_SINGLESTEP); 1362 else 1363 CLR(lt->l_pflag, LP_SINGLESTEP); 1364 break; 1365 #endif 1366 1367 case PT_KILL: 1368 /* just send the process a KILL signal. */ 1369 signo = SIGKILL; 1370 goto sendsig; /* in PT_CONTINUE, above. */ 1371 1372 case PT_STOP: 1373 /* just send the process a STOP signal. */ 1374 signo = SIGSTOP; 1375 goto sendsig; /* in PT_CONTINUE, above. */ 1376 1377 case PT_ATTACH: 1378 /* 1379 * Go ahead and set the trace flag. 1380 * Save the old parent (it's reset in 1381 * _DETACH, and also in kern_exit.c:wait4() 1382 * Reparent the process so that the tracing 1383 * proc gets to see all the action. 1384 * Stop the target. 1385 */ 1386 proc_changeparent(t, p); 1387 signo = SIGSTOP; 1388 goto sendsig; 1389 1390 case PT_GET_EVENT_MASK: 1391 error = ptrace_get_event_mask(t, addr, data); 1392 break; 1393 1394 case PT_SET_EVENT_MASK: 1395 error = ptrace_set_event_mask(t, addr, data); 1396 break; 1397 1398 case PT_GET_PROCESS_STATE: 1399 error = ptrace_get_process_state(t, addr, data); 1400 break; 1401 1402 case PT_LWPINFO: 1403 error = ptrace_lwpinfo(t, <, addr, data); 1404 break; 1405 1406 case PT_SET_SIGINFO: 1407 error = ptrace_set_siginfo(t, <, ptm, addr, data); 1408 break; 1409 1410 case PT_GET_SIGINFO: 1411 error = ptrace_get_siginfo(t, ptm, addr, data); 1412 break; 1413 1414 case PT_RESUME: 1415 case PT_SUSPEND: 1416 error = ptrace_startstop(t, <, req, addr, data); 1417 break; 1418 1419 #ifdef PT_REGISTERS 1420 case_PT_SETREGS 1421 case_PT_GETREGS 1422 case_PT_SETFPREGS 1423 case_PT_GETFPREGS 1424 case_PT_SETDBREGS 1425 case_PT_GETDBREGS 1426 error = ptrace_regs(l, <, req, ptm, addr, data); 1427 break; 1428 #endif 1429 1430 #ifdef __HAVE_PTRACE_MACHDEP 1431 PTRACE_MACHDEP_REQUEST_CASES 1432 error = ptrace_machdep_dorequest(l, lt, req, addr, data); 1433 break; 1434 #endif 1435 } 1436 1437 out: 1438 if (pheld) { 1439 mutex_exit(t->p_lock); 1440 mutex_exit(proc_lock); 1441 } 1442 if (lt != NULL) 1443 lwp_delref(lt); 1444 if (locked) 1445 rw_exit(&t->p_reflock); 1446 1447 return error; 1448 } 1449 1450 typedef int (*regrfunc_t)(struct lwp *, void *, size_t *); 1451 typedef int (*regwfunc_t)(struct lwp *, void *, size_t); 1452 1453 #ifdef PT_REGISTERS 1454 static int 1455 proc_regio(struct lwp *l, struct uio *uio, size_t ks, regrfunc_t r, 1456 regwfunc_t w) 1457 { 1458 char buf[1024]; 1459 int error; 1460 char *kv; 1461 size_t kl; 1462 1463 if (ks > sizeof(buf)) 1464 return E2BIG; 1465 1466 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)ks) 1467 return EINVAL; 1468 1469 kv = buf + uio->uio_offset; 1470 kl = ks - uio->uio_offset; 1471 1472 if (kl > uio->uio_resid) 1473 kl = uio->uio_resid; 1474 1475 error = (*r)(l, buf, &ks); 1476 if (error == 0) 1477 error = uiomove(kv, kl, uio); 1478 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1479 if (l->l_stat != LSSTOP) 1480 error = EBUSY; 1481 else 1482 error = (*w)(l, buf, ks); 1483 } 1484 1485 uio->uio_offset = 0; 1486 return error; 1487 } 1488 #endif 1489 1490 int 1491 process_doregs(struct lwp *curl /*tracer*/, 1492 struct lwp *l /*traced*/, 1493 struct uio *uio) 1494 { 1495 #if defined(PT_GETREGS) || defined(PT_SETREGS) 1496 size_t s; 1497 regrfunc_t r; 1498 regwfunc_t w; 1499 1500 #ifdef COMPAT_NETBSD32 1501 const bool pk32 = (curl->l_proc->p_flag & PK_32) != 0; 1502 1503 if (__predict_false(pk32)) { 1504 if ((l->l_proc->p_flag & PK_32) == 0) { 1505 // 32 bit tracer can't trace 64 bit process 1506 return EINVAL; 1507 } 1508 s = sizeof(process_reg32); 1509 r = __FPTRCAST(regrfunc_t, process_read_regs32); 1510 w = __FPTRCAST(regwfunc_t, process_write_regs32); 1511 } else 1512 #endif 1513 { 1514 s = sizeof(struct reg); 1515 r = __FPTRCAST(regrfunc_t, process_read_regs); 1516 w = __FPTRCAST(regwfunc_t, process_write_regs); 1517 } 1518 return proc_regio(l, uio, s, r, w); 1519 #else 1520 return EINVAL; 1521 #endif 1522 } 1523 1524 int 1525 process_validregs(struct lwp *l) 1526 { 1527 1528 #if defined(PT_SETREGS) || defined(PT_GETREGS) 1529 return (l->l_flag & LW_SYSTEM) == 0; 1530 #else 1531 return 0; 1532 #endif 1533 } 1534 1535 int 1536 process_dofpregs(struct lwp *curl /*tracer*/, 1537 struct lwp *l /*traced*/, 1538 struct uio *uio) 1539 { 1540 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 1541 size_t s; 1542 regrfunc_t r; 1543 regwfunc_t w; 1544 1545 #ifdef COMPAT_NETBSD32 1546 const bool pk32 = (curl->l_proc->p_flag & PK_32) != 0; 1547 1548 if (__predict_false(pk32)) { 1549 if ((l->l_proc->p_flag & PK_32) == 0) { 1550 // 32 bit tracer can't trace 64 bit process 1551 return EINVAL; 1552 } 1553 s = sizeof(process_fpreg32); 1554 r = (regrfunc_t)process_read_fpregs32; 1555 w = (regwfunc_t)process_write_fpregs32; 1556 } else 1557 #endif 1558 { 1559 s = sizeof(struct fpreg); 1560 r = (regrfunc_t)process_read_fpregs; 1561 w = (regwfunc_t)process_write_fpregs; 1562 } 1563 return proc_regio(l, uio, s, r, w); 1564 #else 1565 return EINVAL; 1566 #endif 1567 } 1568 1569 int 1570 process_validfpregs(struct lwp *l) 1571 { 1572 1573 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 1574 return (l->l_flag & LW_SYSTEM) == 0; 1575 #else 1576 return 0; 1577 #endif 1578 } 1579 1580 int 1581 process_dodbregs(struct lwp *curl /*tracer*/, 1582 struct lwp *l /*traced*/, 1583 struct uio *uio) 1584 { 1585 #if defined(PT_GETDBREGS) || defined(PT_SETDBREGS) 1586 size_t s; 1587 regrfunc_t r; 1588 regwfunc_t w; 1589 1590 #ifdef COMPAT_NETBSD32 1591 const bool pk32 = (curl->l_proc->p_flag & PK_32) != 0; 1592 1593 if (__predict_false(pk32)) { 1594 if ((l->l_proc->p_flag & PK_32) == 0) { 1595 // 32 bit tracer can't trace 64 bit process 1596 return EINVAL; 1597 } 1598 s = sizeof(process_dbreg32); 1599 r = (regrfunc_t)process_read_dbregs32; 1600 w = (regwfunc_t)process_write_dbregs32; 1601 } else 1602 #endif 1603 { 1604 s = sizeof(struct dbreg); 1605 r = (regrfunc_t)process_read_dbregs; 1606 w = (regwfunc_t)process_write_dbregs; 1607 } 1608 return proc_regio(l, uio, s, r, w); 1609 #else 1610 return EINVAL; 1611 #endif 1612 } 1613 1614 int 1615 process_validdbregs(struct lwp *l) 1616 { 1617 1618 #if defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 1619 return (l->l_flag & LW_SYSTEM) == 0; 1620 #else 1621 return 0; 1622 #endif 1623 } 1624 1625 static int 1626 process_auxv_offset(struct proc *p, struct uio *uio) 1627 { 1628 struct ps_strings pss; 1629 int error; 1630 off_t off = (off_t)p->p_psstrp; 1631 1632 if ((error = copyin_psstrings(p, &pss)) != 0) 1633 return error; 1634 1635 if (pss.ps_envstr == NULL) 1636 return EIO; 1637 1638 #ifdef COMPAT_NETBSD32 1639 if (p->p_flag & PK_32) 1640 uio->uio_offset += (off_t)((vaddr_t)pss.ps_envstr + 1641 sizeof(uint32_t) * (pss.ps_nenvstr + 1)); 1642 else 1643 #endif 1644 uio->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + 1645 pss.ps_nenvstr + 1); 1646 1647 #ifdef __MACHINE_STACK_GROWS_UP 1648 if (uio->uio_offset < off) 1649 return EIO; 1650 #else 1651 if (uio->uio_offset > off) 1652 return EIO; 1653 if ((uio->uio_offset + uio->uio_resid) > off) 1654 uio->uio_resid = off - uio->uio_offset; 1655 #endif 1656 return 0; 1657 } 1658 #endif /* PTRACE */ 1659 1660 MODULE(MODULE_CLASS_EXEC, ptrace_common, NULL); 1661 1662 static int 1663 ptrace_common_modcmd(modcmd_t cmd, void *arg) 1664 { 1665 int error; 1666 1667 switch (cmd) { 1668 case MODULE_CMD_INIT: 1669 error = ptrace_init(); 1670 break; 1671 case MODULE_CMD_FINI: 1672 error = ptrace_fini(); 1673 break; 1674 default: 1675 ptrace_hooks(); 1676 error = ENOTTY; 1677 break; 1678 } 1679 return error; 1680 } 1681