1 /* $NetBSD: sys_ptrace_common.c,v 1.8 2017/01/06 22:53:17 kamil Exp $ */ 2 3 /*- 4 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Andrew Doran. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1989, 1993 34 * The Regents of the University of California. All rights reserved. 35 * (c) UNIX System Laboratories, Inc. 36 * All or some portions of this file are derived from material licensed 37 * to the University of California by American Telephone and Telegraph 38 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 39 * the permission of UNIX System Laboratories, Inc. 40 * 41 * This code is derived from software contributed to Berkeley by 42 * Jan-Simon Pendry. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 3. Neither the name of the University nor the names of its contributors 53 * may be used to endorse or promote products derived from this software 54 * without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 * 68 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 69 */ 70 71 /*- 72 * Copyright (c) 1993 Jan-Simon Pendry. 73 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 74 * 75 * This code is derived from software contributed to Berkeley by 76 * Jan-Simon Pendry. 77 * 78 * Redistribution and use in source and binary forms, with or without 79 * modification, are permitted provided that the following conditions 80 * are met: 81 * 1. Redistributions of source code must retain the above copyright 82 * notice, this list of conditions and the following disclaimer. 83 * 2. Redistributions in binary form must reproduce the above copyright 84 * notice, this list of conditions and the following disclaimer in the 85 * documentation and/or other materials provided with the distribution. 86 * 3. All advertising materials mentioning features or use of this software 87 * must display the following acknowledgement: 88 * This product includes software developed by the University of 89 * California, Berkeley and its contributors. 90 * 4. Neither the name of the University nor the names of its contributors 91 * may be used to endorse or promote products derived from this software 92 * without specific prior written permission. 93 * 94 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 97 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 98 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 99 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 100 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 101 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 104 * SUCH DAMAGE. 105 * 106 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 107 */ 108 109 /* 110 * References: 111 * (1) Bach's "The Design of the UNIX Operating System", 112 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 113 * (3) the "4.4BSD Programmer's Reference Manual" published 114 * by USENIX and O'Reilly & Associates. 115 * The 4.4BSD PRM does a reasonably good job of documenting what the various 116 * ptrace() requests should actually do, and its text is quoted several times 117 * in this file. 118 */ 119 120 #include <sys/cdefs.h> 121 __KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.8 2017/01/06 22:53:17 kamil Exp $"); 122 123 #ifdef _KERNEL_OPT 124 #include "opt_ptrace.h" 125 #include "opt_ktrace.h" 126 #include "opt_pax.h" 127 #endif 128 129 #include <sys/param.h> 130 #include <sys/systm.h> 131 #include <sys/proc.h> 132 #include <sys/errno.h> 133 #include <sys/exec.h> 134 #include <sys/pax.h> 135 #include <sys/ptrace.h> 136 #include <sys/uio.h> 137 #include <sys/ras.h> 138 #include <sys/kmem.h> 139 #include <sys/kauth.h> 140 #include <sys/mount.h> 141 #include <sys/syscallargs.h> 142 #include <sys/module.h> 143 #include <sys/condvar.h> 144 #include <sys/mutex.h> 145 146 #include <uvm/uvm_extern.h> 147 148 #include <machine/reg.h> 149 150 #ifdef PTRACE 151 152 # ifdef DEBUG 153 # define DPRINTF(a) uprintf a 154 # else 155 # define DPRINTF(a) 156 # endif 157 158 static kauth_listener_t ptrace_listener; 159 static int process_auxv_offset(struct proc *, struct uio *); 160 161 #if 0 162 static int ptrace_cbref; 163 static kmutex_t ptrace_mtx; 164 static kcondvar_t ptrace_cv; 165 #endif 166 167 static int 168 ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 169 void *arg0, void *arg1, void *arg2, void *arg3) 170 { 171 struct proc *p; 172 int result; 173 174 result = KAUTH_RESULT_DEFER; 175 p = arg0; 176 177 #if 0 178 mutex_enter(&ptrace_mtx); 179 ptrace_cbref++; 180 mutex_exit(&ptrace_mtx); 181 #endif 182 if (action != KAUTH_PROCESS_PTRACE) 183 goto out; 184 185 switch ((u_long)arg1) { 186 case PT_TRACE_ME: 187 case PT_ATTACH: 188 case PT_WRITE_I: 189 case PT_WRITE_D: 190 case PT_READ_I: 191 case PT_READ_D: 192 case PT_IO: 193 #ifdef PT_GETREGS 194 case PT_GETREGS: 195 #endif 196 #ifdef PT_SETREGS 197 case PT_SETREGS: 198 #endif 199 #ifdef PT_GETFPREGS 200 case PT_GETFPREGS: 201 #endif 202 #ifdef PT_SETFPREGS 203 case PT_SETFPREGS: 204 #endif 205 #ifdef __HAVE_PTRACE_WATCHPOINTS 206 case PT_READ_WATCHPOINT: 207 case PT_WRITE_WATCHPOINT: 208 case PT_COUNT_WATCHPOINTS: 209 #endif 210 case PT_SET_EVENT_MASK: 211 case PT_GET_EVENT_MASK: 212 case PT_GET_PROCESS_STATE: 213 case PT_SET_SIGINFO: 214 case PT_GET_SIGINFO: 215 #ifdef __HAVE_PTRACE_MACHDEP 216 PTRACE_MACHDEP_REQUEST_CASES 217 #endif 218 if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) || 219 ISSET(p->p_flag, PK_SUGID)) { 220 break; 221 } 222 223 result = KAUTH_RESULT_ALLOW; 224 225 break; 226 227 #ifdef PT_STEP 228 case PT_STEP: 229 #endif 230 case PT_CONTINUE: 231 case PT_KILL: 232 case PT_DETACH: 233 case PT_LWPINFO: 234 case PT_SYSCALL: 235 case PT_SYSCALLEMU: 236 case PT_DUMPCORE: 237 result = KAUTH_RESULT_ALLOW; 238 break; 239 240 default: 241 break; 242 } 243 244 out: 245 #if 0 246 mutex_enter(&ptrace_mtx); 247 if (--ptrace_cbref == 0) 248 cv_broadcast(&ptrace_cv); 249 mutex_exit(&ptrace_mtx); 250 #endif 251 252 return result; 253 } 254 255 int 256 ptrace_init(void) 257 { 258 259 #if 0 260 mutex_init(&ptrace_mtx, MUTEX_DEFAULT, IPL_NONE); 261 cv_init(&ptrace_cv, "ptracecb"); 262 ptrace_cbref = 0; 263 #endif 264 ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 265 ptrace_listener_cb, NULL); 266 return 0; 267 } 268 269 int 270 ptrace_fini(void) 271 { 272 273 kauth_unlisten_scope(ptrace_listener); 274 275 #if 0 276 /* Make sure no-one is executing our kauth listener */ 277 278 mutex_enter(&ptrace_mtx); 279 while (ptrace_cbref != 0) 280 cv_wait(&ptrace_cv, &ptrace_mtx); 281 mutex_exit(&ptrace_mtx); 282 mutex_destroy(&ptrace_mtx); 283 cv_destroy(&ptrace_cv); 284 #endif 285 286 return 0; 287 } 288 289 int 290 do_ptrace(struct ptrace_methods *ptm, struct lwp *l, int req, pid_t pid, 291 void *addr, int data, register_t *retval) 292 { 293 struct proc *p = l->l_proc; 294 struct lwp *lt; 295 #ifdef PT_STEP 296 struct lwp *lt2; 297 #endif 298 struct proc *t; /* target process */ 299 struct uio uio; 300 struct iovec iov; 301 struct ptrace_io_desc piod; 302 struct ptrace_event pe; 303 struct ptrace_state ps; 304 struct ptrace_lwpinfo pl; 305 struct ptrace_siginfo psi; 306 #ifdef __HAVE_PTRACE_WATCHPOINTS 307 struct ptrace_watchpoint pw; 308 #endif 309 struct vmspace *vm; 310 int error, write, tmp, pheld; 311 int signo = 0; 312 int resume_all; 313 ksiginfo_t ksi; 314 char *path; 315 int len = 0; 316 error = 0; 317 318 /* 319 * If attaching or detaching, we need to get a write hold on the 320 * proclist lock so that we can re-parent the target process. 321 */ 322 mutex_enter(proc_lock); 323 324 /* "A foolish consistency..." XXX */ 325 if (req == PT_TRACE_ME) { 326 t = p; 327 mutex_enter(t->p_lock); 328 } else { 329 /* Find the process we're supposed to be operating on. */ 330 t = proc_find(pid); 331 if (t == NULL) { 332 mutex_exit(proc_lock); 333 return ESRCH; 334 } 335 336 /* XXX-elad */ 337 mutex_enter(t->p_lock); 338 error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, 339 t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 340 if (error) { 341 mutex_exit(proc_lock); 342 mutex_exit(t->p_lock); 343 return ESRCH; 344 } 345 } 346 347 /* 348 * Grab a reference on the process to prevent it from execing or 349 * exiting. 350 */ 351 if (!rw_tryenter(&t->p_reflock, RW_READER)) { 352 mutex_exit(proc_lock); 353 mutex_exit(t->p_lock); 354 return EBUSY; 355 } 356 357 /* Make sure we can operate on it. */ 358 switch (req) { 359 case PT_TRACE_ME: 360 /* Saying that you're being traced is always legal. */ 361 break; 362 363 case PT_ATTACH: 364 /* 365 * You can't attach to a process if: 366 * (1) it's the process that's doing the attaching, 367 */ 368 if (t->p_pid == p->p_pid) { 369 error = EINVAL; 370 break; 371 } 372 373 /* 374 * (2) it's a system process 375 */ 376 if (t->p_flag & PK_SYSTEM) { 377 error = EPERM; 378 break; 379 } 380 381 /* 382 * (3) it's already being traced, or 383 */ 384 if (ISSET(t->p_slflag, PSL_TRACED)) { 385 error = EBUSY; 386 break; 387 } 388 389 /* 390 * (4) the tracer is chrooted, and its root directory is 391 * not at or above the root directory of the tracee 392 */ 393 mutex_exit(t->p_lock); /* XXXSMP */ 394 tmp = proc_isunder(t, l); 395 mutex_enter(t->p_lock); /* XXXSMP */ 396 if (!tmp) { 397 error = EPERM; 398 break; 399 } 400 break; 401 402 case PT_READ_I: 403 case PT_READ_D: 404 case PT_WRITE_I: 405 case PT_WRITE_D: 406 case PT_IO: 407 #ifdef PT_GETREGS 408 case PT_GETREGS: 409 #endif 410 #ifdef PT_SETREGS 411 case PT_SETREGS: 412 #endif 413 #ifdef PT_GETFPREGS 414 case PT_GETFPREGS: 415 #endif 416 #ifdef PT_SETFPREGS 417 case PT_SETFPREGS: 418 #endif 419 #ifdef __HAVE_PTRACE_WATCHPOINTS 420 case PT_READ_WATCHPOINT: 421 case PT_WRITE_WATCHPOINT: 422 case PT_COUNT_WATCHPOINTS: 423 #endif 424 #ifdef __HAVE_PTRACE_MACHDEP 425 PTRACE_MACHDEP_REQUEST_CASES 426 #endif 427 /* 428 * You can't read/write the memory or registers of a process 429 * if the tracer is chrooted, and its root directory is not at 430 * or above the root directory of the tracee. 431 */ 432 mutex_exit(t->p_lock); /* XXXSMP */ 433 tmp = proc_isunder(t, l); 434 mutex_enter(t->p_lock); /* XXXSMP */ 435 if (!tmp) { 436 error = EPERM; 437 break; 438 } 439 /*FALLTHROUGH*/ 440 441 case PT_CONTINUE: 442 case PT_KILL: 443 case PT_DETACH: 444 case PT_LWPINFO: 445 case PT_SYSCALL: 446 case PT_SYSCALLEMU: 447 case PT_DUMPCORE: 448 #ifdef PT_STEP 449 case PT_STEP: 450 #endif 451 case PT_SET_EVENT_MASK: 452 case PT_GET_EVENT_MASK: 453 case PT_GET_PROCESS_STATE: 454 case PT_SET_SIGINFO: 455 case PT_GET_SIGINFO: 456 /* 457 * You can't do what you want to the process if: 458 * (1) It's not being traced at all, 459 */ 460 if (!ISSET(t->p_slflag, PSL_TRACED)) { 461 error = EPERM; 462 break; 463 } 464 465 /* 466 * (2) it's being traced by procfs (which has 467 * different signal delivery semantics), 468 */ 469 if (ISSET(t->p_slflag, PSL_FSTRACE)) { 470 DPRINTF(("file system traced\n")); 471 error = EBUSY; 472 break; 473 } 474 475 /* 476 * (3) it's not being traced by _you_, or 477 */ 478 if (t->p_pptr != p) { 479 DPRINTF(("parent %d != %d\n", t->p_pptr->p_pid, 480 p->p_pid)); 481 error = EBUSY; 482 break; 483 } 484 485 /* 486 * (4) it's not currently stopped. 487 */ 488 if (t->p_stat != SSTOP || !t->p_waited /* XXXSMP */) { 489 DPRINTF(("stat %d flag %d\n", t->p_stat, 490 !t->p_waited)); 491 error = EBUSY; 492 break; 493 } 494 break; 495 496 default: /* It was not a legal request. */ 497 error = EINVAL; 498 break; 499 } 500 501 if (error == 0) { 502 error = kauth_authorize_process(l->l_cred, 503 KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req), 504 NULL, NULL); 505 } 506 if (error == 0) { 507 lt = lwp_find_first(t); 508 if (lt == NULL) 509 error = ESRCH; 510 } 511 512 if (error != 0) { 513 mutex_exit(proc_lock); 514 mutex_exit(t->p_lock); 515 rw_exit(&t->p_reflock); 516 return error; 517 } 518 519 /* Do single-step fixup if needed. */ 520 FIX_SSTEP(t); 521 KASSERT(lt != NULL); 522 lwp_addref(lt); 523 524 /* 525 * Which locks do we need held? XXX Ugly. 526 */ 527 switch (req) { 528 #ifdef PT_STEP 529 case PT_STEP: 530 #endif 531 case PT_CONTINUE: 532 case PT_DETACH: 533 case PT_KILL: 534 case PT_SYSCALL: 535 case PT_SYSCALLEMU: 536 case PT_ATTACH: 537 case PT_TRACE_ME: 538 pheld = 1; 539 break; 540 default: 541 mutex_exit(proc_lock); 542 mutex_exit(t->p_lock); 543 pheld = 0; 544 break; 545 } 546 547 /* Now do the operation. */ 548 write = 0; 549 *retval = 0; 550 tmp = 0; 551 resume_all = 1; 552 553 switch (req) { 554 case PT_TRACE_ME: 555 /* Just set the trace flag. */ 556 SET(t->p_slflag, PSL_TRACED); 557 t->p_opptr = t->p_pptr; 558 break; 559 560 case PT_WRITE_I: /* XXX no separate I and D spaces */ 561 case PT_WRITE_D: 562 #if defined(__HAVE_RAS) 563 /* 564 * Can't write to a RAS 565 */ 566 if (ras_lookup(t, addr) != (void *)-1) { 567 error = EACCES; 568 break; 569 } 570 #endif 571 write = 1; 572 tmp = data; 573 /* FALLTHROUGH */ 574 575 case PT_READ_I: /* XXX no separate I and D spaces */ 576 case PT_READ_D: 577 /* write = 0 done above. */ 578 iov.iov_base = (void *)&tmp; 579 iov.iov_len = sizeof(tmp); 580 uio.uio_iov = &iov; 581 uio.uio_iovcnt = 1; 582 uio.uio_offset = (off_t)(unsigned long)addr; 583 uio.uio_resid = sizeof(tmp); 584 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 585 UIO_SETUP_SYSSPACE(&uio); 586 587 error = process_domem(l, lt, &uio); 588 if (!write) 589 *retval = tmp; 590 break; 591 592 case PT_IO: 593 error = ptm->ptm_copyinpiod(&piod, addr); 594 if (error) 595 break; 596 597 iov.iov_base = piod.piod_addr; 598 iov.iov_len = piod.piod_len; 599 uio.uio_iov = &iov; 600 uio.uio_iovcnt = 1; 601 uio.uio_offset = (off_t)(unsigned long)piod.piod_offs; 602 uio.uio_resid = piod.piod_len; 603 604 switch (piod.piod_op) { 605 case PIOD_READ_D: 606 case PIOD_READ_I: 607 uio.uio_rw = UIO_READ; 608 break; 609 case PIOD_WRITE_D: 610 case PIOD_WRITE_I: 611 /* 612 * Can't write to a RAS 613 */ 614 if (ras_lookup(t, addr) != (void *)-1) { 615 return EACCES; 616 } 617 uio.uio_rw = UIO_WRITE; 618 break; 619 case PIOD_READ_AUXV: 620 req = PT_READ_D; 621 uio.uio_rw = UIO_READ; 622 tmp = t->p_execsw->es_arglen * PROC_PTRSZ(t); 623 if (uio.uio_offset > tmp) 624 return EIO; 625 if (uio.uio_resid > tmp - uio.uio_offset) 626 uio.uio_resid = tmp - uio.uio_offset; 627 piod.piod_len = iov.iov_len = uio.uio_resid; 628 error = process_auxv_offset(t, &uio); 629 if (error) 630 return error; 631 break; 632 default: 633 error = EINVAL; 634 break; 635 } 636 if (error) 637 break; 638 error = proc_vmspace_getref(l->l_proc, &vm); 639 if (error) 640 break; 641 uio.uio_vmspace = vm; 642 643 error = process_domem(l, lt, &uio); 644 piod.piod_len -= uio.uio_resid; 645 (void) ptm->ptm_copyoutpiod(&piod, addr); 646 647 uvmspace_free(vm); 648 break; 649 650 case PT_DUMPCORE: 651 if ((path = addr) != NULL) { 652 char *dst; 653 len = data; 654 655 if (len < 0 || len >= MAXPATHLEN) { 656 error = EINVAL; 657 break; 658 } 659 dst = kmem_alloc(len + 1, KM_SLEEP); 660 if ((error = copyin(path, dst, len)) != 0) { 661 kmem_free(dst, len + 1); 662 break; 663 } 664 path = dst; 665 path[len] = '\0'; 666 } 667 error = (*coredump_vec)(lt, path); 668 if (path) 669 kmem_free(path, len + 1); 670 break; 671 672 #ifdef PT_STEP 673 case PT_STEP: 674 /* 675 * From the 4.4BSD PRM: 676 * "Execution continues as in request PT_CONTINUE; however 677 * as soon as possible after execution of at least one 678 * instruction, execution stops again. [ ... ]" 679 */ 680 #endif 681 case PT_CONTINUE: 682 case PT_SYSCALL: 683 case PT_DETACH: 684 if (req == PT_SYSCALL) { 685 if (!ISSET(t->p_slflag, PSL_SYSCALL)) { 686 SET(t->p_slflag, PSL_SYSCALL); 687 #ifdef __HAVE_SYSCALL_INTERN 688 (*t->p_emul->e_syscall_intern)(t); 689 #endif 690 } 691 } else { 692 if (ISSET(t->p_slflag, PSL_SYSCALL)) { 693 CLR(t->p_slflag, PSL_SYSCALL); 694 #ifdef __HAVE_SYSCALL_INTERN 695 (*t->p_emul->e_syscall_intern)(t); 696 #endif 697 } 698 } 699 t->p_trace_enabled = trace_is_enabled(t); 700 701 /* 702 * Pick up the LWPID, if supplied. There are two cases: 703 * data < 0 : step or continue single thread, lwp = -data 704 * data > 0 in PT_STEP : step this thread, continue others 705 * For operations other than PT_STEP, data > 0 means 706 * data is the signo to deliver to the process. 707 */ 708 tmp = data; 709 if (tmp >= 0) { 710 #ifdef PT_STEP 711 if (req == PT_STEP) 712 signo = 0; 713 else 714 #endif 715 { 716 signo = tmp; 717 tmp = 0; /* don't search for LWP */ 718 } 719 } else 720 tmp = -tmp; 721 722 if (tmp > 0) { 723 if (req == PT_DETACH) { 724 error = EINVAL; 725 break; 726 } 727 lwp_delref2 (lt); 728 lt = lwp_find(t, tmp); 729 if (lt == NULL) { 730 error = ESRCH; 731 break; 732 } 733 lwp_addref(lt); 734 resume_all = 0; 735 signo = 0; 736 } 737 738 /* 739 * From the 4.4BSD PRM: 740 * "The data argument is taken as a signal number and the 741 * child's execution continues at location addr as if it 742 * incurred that signal. Normally the signal number will 743 * be either 0 to indicate that the signal that caused the 744 * stop should be ignored, or that value fetched out of 745 * the process's image indicating which signal caused 746 * the stop. If addr is (int *)1 then execution continues 747 * from where it stopped." 748 */ 749 750 /* Check that the data is a valid signal number or zero. */ 751 if (signo < 0 || signo >= NSIG) { 752 error = EINVAL; 753 break; 754 } 755 756 /* If the address parameter is not (int *)1, set the pc. */ 757 if ((int *)addr != (int *)1) { 758 error = process_set_pc(lt, addr); 759 if (error != 0) 760 break; 761 } 762 #ifdef PT_STEP 763 /* 764 * Arrange for a single-step, if that's requested and possible. 765 * More precisely, set the single step status as requested for 766 * the requested thread, and clear it for other threads. 767 */ 768 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 769 if (lt != lt2) { 770 lwp_lock(lt2); 771 process_sstep(lt2, 0); 772 lwp_unlock(lt2); 773 } 774 } 775 error = process_sstep(lt, req == PT_STEP); 776 if (error) 777 break; 778 #endif 779 if (req == PT_DETACH) { 780 CLR(t->p_slflag, PSL_TRACED|PSL_FSTRACE|PSL_SYSCALL); 781 782 /* give process back to original parent or init */ 783 if (t->p_opptr != t->p_pptr) { 784 struct proc *pp = t->p_opptr; 785 proc_reparent(t, pp ? pp : initproc); 786 } 787 788 /* not being traced any more */ 789 t->p_opptr = NULL; 790 } 791 sendsig: 792 t->p_fpid = 0; 793 /* Finally, deliver the requested signal (or none). */ 794 if (t->p_stat == SSTOP) { 795 /* 796 * Unstop the process. If it needs to take a 797 * signal, make all efforts to ensure that at 798 * an LWP runs to see it. 799 */ 800 t->p_xsig = signo; 801 if (resume_all) 802 proc_unstop(t); 803 else 804 lwp_unstop(lt); 805 } else if (t->p_sigctx.ps_faked) { 806 if (signo != t->p_sigctx.ps_info._signo) { 807 error = EINVAL; 808 break; 809 } 810 t->p_sigctx.ps_faked = false; 811 KSI_INIT_EMPTY(&ksi); 812 ksi.ksi_info = t->p_sigctx.ps_info; 813 ksi.ksi_lid = t->p_sigctx.ps_lwp; 814 kpsignal2(t, &ksi); 815 } else if (signo != 0) { 816 KSI_INIT_EMPTY(&ksi); 817 ksi.ksi_signo = signo; 818 kpsignal2(t, &ksi); 819 } 820 break; 821 822 case PT_SYSCALLEMU: 823 if (!ISSET(t->p_slflag, PSL_SYSCALL) || t->p_stat != SSTOP) { 824 error = EINVAL; 825 break; 826 } 827 SET(t->p_slflag, PSL_SYSCALLEMU); 828 break; 829 830 case PT_KILL: 831 /* just send the process a KILL signal. */ 832 signo = SIGKILL; 833 goto sendsig; /* in PT_CONTINUE, above. */ 834 835 case PT_ATTACH: 836 /* 837 * Go ahead and set the trace flag. 838 * Save the old parent (it's reset in 839 * _DETACH, and also in kern_exit.c:wait4() 840 * Reparent the process so that the tracing 841 * proc gets to see all the action. 842 * Stop the target. 843 */ 844 proc_changeparent(t, p); 845 signo = SIGSTOP; 846 goto sendsig; 847 848 case PT_GET_EVENT_MASK: 849 if (data != sizeof(pe)) { 850 DPRINTF(("ptrace(%d): %d != %zu\n", req, 851 data, sizeof(pe))); 852 error = EINVAL; 853 break; 854 } 855 memset(&pe, 0, sizeof(pe)); 856 pe.pe_set_event = ISSET(t->p_slflag, PSL_TRACEFORK) ? 857 PTRACE_FORK : 0; 858 error = copyout(&pe, addr, sizeof(pe)); 859 break; 860 861 case PT_SET_EVENT_MASK: 862 if (data != sizeof(pe)) { 863 DPRINTF(("ptrace(%d): %d != %zu\n", req, data, 864 sizeof(pe))); 865 error = EINVAL; 866 break; 867 } 868 if ((error = copyin(addr, &pe, sizeof(pe))) != 0) 869 return error; 870 if (pe.pe_set_event & PTRACE_FORK) 871 SET(t->p_slflag, PSL_TRACEFORK); 872 else 873 CLR(t->p_slflag, PSL_TRACEFORK); 874 break; 875 876 case PT_GET_PROCESS_STATE: 877 if (data != sizeof(ps)) { 878 DPRINTF(("ptrace(%d): %d != %zu\n", req, data, 879 sizeof(ps))); 880 error = EINVAL; 881 break; 882 } 883 memset(&ps, 0, sizeof(ps)); 884 if (t->p_fpid) { 885 ps.pe_report_event = PTRACE_FORK; 886 ps.pe_other_pid = t->p_fpid; 887 } 888 error = copyout(&ps, addr, sizeof(ps)); 889 break; 890 891 case PT_LWPINFO: 892 if (data != sizeof(pl)) { 893 DPRINTF(("ptrace(%d): %d != %zu\n", req, data, 894 sizeof(pl))); 895 error = EINVAL; 896 break; 897 } 898 error = copyin(addr, &pl, sizeof(pl)); 899 if (error) 900 break; 901 tmp = pl.pl_lwpid; 902 lwp_delref(lt); 903 mutex_enter(t->p_lock); 904 if (tmp == 0) 905 lt = lwp_find_first(t); 906 else { 907 lt = lwp_find(t, tmp); 908 if (lt == NULL) { 909 mutex_exit(t->p_lock); 910 error = ESRCH; 911 break; 912 } 913 lt = LIST_NEXT(lt, l_sibling); 914 } 915 while (lt != NULL && !lwp_alive(lt)) 916 lt = LIST_NEXT(lt, l_sibling); 917 pl.pl_lwpid = 0; 918 pl.pl_event = 0; 919 if (lt) { 920 lwp_addref(lt); 921 pl.pl_lwpid = lt->l_lid; 922 /* 923 * If we match the lwp, or it was sent to every lwp, 924 * we set PL_EVENT_SIGNAL. 925 * XXX: ps_lwp == 0 means everyone and noone, so 926 * check ps_signo too. 927 */ 928 if (lt->l_lid == t->p_sigctx.ps_lwp 929 || (t->p_sigctx.ps_lwp == 0 && 930 t->p_sigctx.ps_info._signo)) 931 pl.pl_event = PL_EVENT_SIGNAL; 932 } 933 mutex_exit(t->p_lock); 934 935 error = copyout(&pl, addr, sizeof(pl)); 936 break; 937 938 case PT_SET_SIGINFO: 939 if (data != sizeof(psi)) { 940 DPRINTF(("ptrace(%d): %d != %zu\n", req, data, 941 sizeof(psi))); 942 error = EINVAL; 943 break; 944 } 945 946 error = copyin(addr, &psi, sizeof(psi)); 947 if (error) 948 break; 949 950 /* Check that the data is a valid signal number or zero. */ 951 if (psi.psi_siginfo.si_signo < 0 || 952 psi.psi_siginfo.si_signo >= NSIG) { 953 error = EINVAL; 954 break; 955 } 956 957 tmp = psi.psi_lwpid; 958 if (tmp != 0) 959 lwp_delref(lt); 960 961 mutex_enter(t->p_lock); 962 963 if (tmp != 0) { 964 lt = lwp_find(t, tmp); 965 if (lt == NULL) { 966 mutex_exit(t->p_lock); 967 error = ESRCH; 968 break; 969 } 970 lwp_addref(lt); 971 } 972 973 t->p_sigctx.ps_faked = true; 974 t->p_sigctx.ps_info = psi.psi_siginfo._info; 975 t->p_sigctx.ps_lwp = psi.psi_lwpid; 976 mutex_exit(t->p_lock); 977 break; 978 979 case PT_GET_SIGINFO: 980 if (data != sizeof(psi)) { 981 DPRINTF(("ptrace(%d): %d != %zu\n", req, data, 982 sizeof(psi))); 983 error = EINVAL; 984 break; 985 } 986 mutex_enter(t->p_lock); 987 psi.psi_siginfo._info = t->p_sigctx.ps_info; 988 psi.psi_lwpid = t->p_sigctx.ps_lwp; 989 mutex_exit(t->p_lock); 990 991 error = copyout(&psi, addr, sizeof(psi)); 992 if (error) 993 break; 994 995 break; 996 997 #ifdef PT_SETREGS 998 case PT_SETREGS: 999 write = 1; 1000 #endif 1001 #ifdef PT_GETREGS 1002 case PT_GETREGS: 1003 /* write = 0 done above. */ 1004 #endif 1005 #if defined(PT_SETREGS) || defined(PT_GETREGS) 1006 tmp = data; 1007 if (tmp != 0 && t->p_nlwps > 1) { 1008 lwp_delref(lt); 1009 mutex_enter(t->p_lock); 1010 lt = lwp_find(t, tmp); 1011 if (lt == NULL) { 1012 mutex_exit(t->p_lock); 1013 error = ESRCH; 1014 break; 1015 } 1016 lwp_addref(lt); 1017 mutex_exit(t->p_lock); 1018 } 1019 if (!process_validregs(lt)) 1020 error = EINVAL; 1021 else { 1022 error = proc_vmspace_getref(p, &vm); 1023 if (error) 1024 break; 1025 iov.iov_base = addr; 1026 iov.iov_len = PROC_REGSZ(p); 1027 uio.uio_iov = &iov; 1028 uio.uio_iovcnt = 1; 1029 uio.uio_offset = 0; 1030 uio.uio_resid = iov.iov_len; 1031 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 1032 uio.uio_vmspace = vm; 1033 1034 error = ptm->ptm_doregs(l, lt, &uio); 1035 uvmspace_free(vm); 1036 } 1037 break; 1038 #endif 1039 1040 #ifdef PT_SETFPREGS 1041 case PT_SETFPREGS: 1042 write = 1; 1043 /*FALLTHROUGH*/ 1044 #endif 1045 #ifdef PT_GETFPREGS 1046 case PT_GETFPREGS: 1047 /* write = 0 done above. */ 1048 #endif 1049 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 1050 tmp = data; 1051 if (tmp != 0 && t->p_nlwps > 1) { 1052 lwp_delref(lt); 1053 mutex_enter(t->p_lock); 1054 lt = lwp_find(t, tmp); 1055 if (lt == NULL) { 1056 mutex_exit(t->p_lock); 1057 error = ESRCH; 1058 break; 1059 } 1060 lwp_addref(lt); 1061 mutex_exit(t->p_lock); 1062 } 1063 if (!process_validfpregs(lt)) 1064 error = EINVAL; 1065 else { 1066 error = proc_vmspace_getref(p, &vm); 1067 if (error) 1068 break; 1069 iov.iov_base = addr; 1070 iov.iov_len = PROC_FPREGSZ(p); 1071 uio.uio_iov = &iov; 1072 uio.uio_iovcnt = 1; 1073 uio.uio_offset = 0; 1074 uio.uio_resid = iov.iov_len; 1075 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 1076 uio.uio_vmspace = vm; 1077 1078 error = ptm->ptm_dofpregs(l, lt, &uio); 1079 uvmspace_free(vm); 1080 } 1081 break; 1082 #endif 1083 1084 #ifdef __HAVE_PTRACE_WATCHPOINTS 1085 /* 1086 * The "write" variable is used as type of operation. 1087 * Possible values: 1088 * 0 - return the number of supported hardware watchpoints 1089 * 1 - set new watchpoint value 1090 * 2 - get existing watchpoint image 1091 */ 1092 case PT_WRITE_WATCHPOINT: 1093 write = 1; 1094 case PT_READ_WATCHPOINT: 1095 /* write = 0 done above */ 1096 1097 if (data != sizeof(pw)) { 1098 DPRINTF(("ptrace(%d): %d != %zu\n", req, 1099 data, sizeof(pe))); 1100 error = EINVAL; 1101 break; 1102 } 1103 error = copyin(addr, &pw, sizeof(pw)); 1104 if (error) 1105 break; 1106 tmp = pw.pw_lwpid; 1107 if (tmp != 0 && t->p_nlwps > 1) { 1108 lwp_delref(lt); 1109 mutex_enter(t->p_lock); 1110 lt = lwp_find(t, tmp); 1111 if (lt == NULL) { 1112 mutex_exit(t->p_lock); 1113 error = ESRCH; 1114 break; 1115 } 1116 lwp_addref(lt); 1117 mutex_exit(t->p_lock); 1118 } 1119 ++write; 1120 case PT_COUNT_WATCHPOINTS: 1121 if (!process_validwatchpoint(lt)) 1122 error = EINVAL; 1123 else { 1124 lwp_lock(lt); 1125 error = ptm->ptm_dowatchpoint(l, lt, write, &pw, addr, 1126 retval); 1127 lwp_unlock(lt); 1128 } 1129 break; 1130 #endif 1131 1132 #ifdef __HAVE_PTRACE_MACHDEP 1133 PTRACE_MACHDEP_REQUEST_CASES 1134 error = ptrace_machdep_dorequest(l, lt, req, addr, data); 1135 break; 1136 #endif 1137 } 1138 1139 if (pheld) { 1140 mutex_exit(t->p_lock); 1141 mutex_exit(proc_lock); 1142 } 1143 if (lt != NULL) 1144 lwp_delref(lt); 1145 rw_exit(&t->p_reflock); 1146 1147 return error; 1148 } 1149 1150 int 1151 process_doregs(struct lwp *curl /*tracer*/, 1152 struct lwp *l /*traced*/, 1153 struct uio *uio) 1154 { 1155 #if defined(PT_GETREGS) || defined(PT_SETREGS) 1156 int error; 1157 struct reg r; 1158 char *kv; 1159 int kl; 1160 1161 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 1162 return EINVAL; 1163 1164 kl = sizeof(r); 1165 kv = (char *)&r; 1166 1167 kv += uio->uio_offset; 1168 kl -= uio->uio_offset; 1169 if ((size_t)kl > uio->uio_resid) 1170 kl = uio->uio_resid; 1171 1172 error = process_read_regs(l, &r); 1173 if (error == 0) 1174 error = uiomove(kv, kl, uio); 1175 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1176 if (l->l_stat != LSSTOP) 1177 error = EBUSY; 1178 else 1179 error = process_write_regs(l, &r); 1180 } 1181 1182 uio->uio_offset = 0; 1183 return error; 1184 #else 1185 return EINVAL; 1186 #endif 1187 } 1188 1189 int 1190 process_validregs(struct lwp *l) 1191 { 1192 1193 #if defined(PT_SETREGS) || defined(PT_GETREGS) 1194 return (l->l_flag & LW_SYSTEM) == 0; 1195 #else 1196 return 0; 1197 #endif 1198 } 1199 1200 int 1201 process_dofpregs(struct lwp *curl /*tracer*/, 1202 struct lwp *l /*traced*/, 1203 struct uio *uio) 1204 { 1205 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 1206 int error; 1207 struct fpreg r; 1208 char *kv; 1209 size_t kl; 1210 1211 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 1212 return EINVAL; 1213 1214 kl = sizeof(r); 1215 kv = (char *)&r; 1216 1217 kv += uio->uio_offset; 1218 kl -= uio->uio_offset; 1219 if (kl > uio->uio_resid) 1220 kl = uio->uio_resid; 1221 1222 error = process_read_fpregs(l, &r, &kl); 1223 if (error == 0) 1224 error = uiomove(kv, kl, uio); 1225 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1226 if (l->l_stat != LSSTOP) 1227 error = EBUSY; 1228 else 1229 error = process_write_fpregs(l, &r, kl); 1230 } 1231 uio->uio_offset = 0; 1232 return error; 1233 #else 1234 return EINVAL; 1235 #endif 1236 } 1237 1238 int 1239 process_validfpregs(struct lwp *l) 1240 { 1241 1242 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 1243 return (l->l_flag & LW_SYSTEM) == 0; 1244 #else 1245 return 0; 1246 #endif 1247 } 1248 1249 static int 1250 process_auxv_offset(struct proc *p, struct uio *uio) 1251 { 1252 struct ps_strings pss; 1253 int error; 1254 off_t off = (off_t)p->p_psstrp; 1255 1256 if ((error = copyin_psstrings(p, &pss)) != 0) 1257 return error; 1258 1259 if (pss.ps_envstr == NULL) 1260 return EIO; 1261 1262 uio->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + pss.ps_nenvstr + 1); 1263 #ifdef __MACHINE_STACK_GROWS_UP 1264 if (uio->uio_offset < off) 1265 return EIO; 1266 #else 1267 if (uio->uio_offset > off) 1268 return EIO; 1269 if ((uio->uio_offset + uio->uio_resid) > off) 1270 uio->uio_resid = off - uio->uio_offset; 1271 #endif 1272 return 0; 1273 } 1274 1275 int 1276 process_dowatchpoint(struct lwp *curl /*tracer*/, struct lwp *l /*traced*/, 1277 int operation, struct ptrace_watchpoint *pw, void *addr, 1278 register_t *retval) 1279 { 1280 1281 #ifdef __HAVE_PTRACE_WATCHPOINTS 1282 int error; 1283 1284 KASSERT(operation >= 0); 1285 KASSERT(operation <= 2); 1286 1287 switch (operation) { 1288 case 0: 1289 return process_count_watchpoints(l, retval); 1290 case 1: 1291 error = process_read_watchpoint(l, pw); 1292 if (error) 1293 return error; 1294 return copyout(pw, addr, sizeof(*pw)); 1295 default: 1296 return process_write_watchpoint(l, pw); 1297 } 1298 #else 1299 return EINVAL; 1300 #endif 1301 } 1302 1303 int 1304 process_validwatchpoint(struct lwp *l) 1305 { 1306 1307 #ifdef __HAVE_PTRACE_WATCHPOINTS 1308 return (l->l_flag & LW_SYSTEM) == 0; 1309 #else 1310 return 0; 1311 #endif 1312 } 1313 #endif /* PTRACE */ 1314 1315 MODULE(MODULE_CLASS_EXEC, ptrace_common, ""); 1316 1317 static int 1318 ptrace_common_modcmd(modcmd_t cmd, void *arg) 1319 { 1320 int error; 1321 1322 switch (cmd) { 1323 case MODULE_CMD_INIT: 1324 error = ptrace_init(); 1325 break; 1326 case MODULE_CMD_FINI: 1327 error = ptrace_fini(); 1328 break; 1329 default: 1330 ptrace_hooks(); 1331 error = ENOTTY; 1332 break; 1333 } 1334 return error; 1335 } 1336