1 /* $NetBSD: sys_ptrace_common.c,v 1.92 2021/08/09 20:49:10 andvar Exp $ */ 2 3 /*- 4 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Andrew Doran. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1989, 1993 34 * The Regents of the University of California. All rights reserved. 35 * (c) UNIX System Laboratories, Inc. 36 * All or some portions of this file are derived from material licensed 37 * to the University of California by American Telephone and Telegraph 38 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 39 * the permission of UNIX System Laboratories, Inc. 40 * 41 * This code is derived from software contributed to Berkeley by 42 * Jan-Simon Pendry. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 3. Neither the name of the University nor the names of its contributors 53 * may be used to endorse or promote products derived from this software 54 * without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 * 68 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 69 */ 70 71 /*- 72 * Copyright (c) 1993 Jan-Simon Pendry. 73 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 74 * 75 * This code is derived from software contributed to Berkeley by 76 * Jan-Simon Pendry. 77 * 78 * Redistribution and use in source and binary forms, with or without 79 * modification, are permitted provided that the following conditions 80 * are met: 81 * 1. Redistributions of source code must retain the above copyright 82 * notice, this list of conditions and the following disclaimer. 83 * 2. Redistributions in binary form must reproduce the above copyright 84 * notice, this list of conditions and the following disclaimer in the 85 * documentation and/or other materials provided with the distribution. 86 * 3. All advertising materials mentioning features or use of this software 87 * must display the following acknowledgement: 88 * This product includes software developed by the University of 89 * California, Berkeley and its contributors. 90 * 4. Neither the name of the University nor the names of its contributors 91 * may be used to endorse or promote products derived from this software 92 * without specific prior written permission. 93 * 94 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 97 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 98 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 99 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 100 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 101 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 104 * SUCH DAMAGE. 105 * 106 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 107 */ 108 109 #include <sys/cdefs.h> 110 __KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.92 2021/08/09 20:49:10 andvar Exp $"); 111 112 #ifdef _KERNEL_OPT 113 #include "opt_ptrace.h" 114 #include "opt_ktrace.h" 115 #include "opt_pax.h" 116 #include "opt_compat_netbsd32.h" 117 #endif 118 119 #if defined(__HAVE_COMPAT_NETBSD32) && !defined(COMPAT_NETBSD32) \ 120 && !defined(_RUMPKERNEL) 121 #define COMPAT_NETBSD32 122 #endif 123 124 #include <sys/param.h> 125 #include <sys/systm.h> 126 #include <sys/proc.h> 127 #include <sys/errno.h> 128 #include <sys/exec.h> 129 #include <sys/pax.h> 130 #include <sys/ptrace.h> 131 #include <sys/uio.h> 132 #include <sys/ras.h> 133 #include <sys/kmem.h> 134 #include <sys/kauth.h> 135 #include <sys/mount.h> 136 #include <sys/syscallargs.h> 137 #include <sys/module.h> 138 #include <sys/condvar.h> 139 #include <sys/mutex.h> 140 #include <sys/compat_stub.h> 141 142 #include <uvm/uvm_extern.h> 143 144 #include <machine/reg.h> 145 146 # ifdef PTRACE_DEBUG 147 # define DPRINTF(a) uprintf a 148 # else 149 # define DPRINTF(a) 150 # endif 151 152 static kauth_listener_t ptrace_listener; 153 static int process_auxv_offset(struct proc *, struct uio *); 154 155 extern int user_va0_disable; 156 157 #if 0 158 static int ptrace_cbref; 159 static kmutex_t ptrace_mtx; 160 static kcondvar_t ptrace_cv; 161 #endif 162 163 #ifdef PT_GETREGS 164 # define case_PT_GETREGS case PT_GETREGS: 165 #else 166 # define case_PT_GETREGS 167 #endif 168 169 #ifdef PT_SETREGS 170 # define case_PT_SETREGS case PT_SETREGS: 171 #else 172 # define case_PT_SETREGS 173 #endif 174 175 #ifdef PT_GETFPREGS 176 # define case_PT_GETFPREGS case PT_GETFPREGS: 177 #else 178 # define case_PT_GETFPREGS 179 #endif 180 181 #ifdef PT_SETFPREGS 182 # define case_PT_SETFPREGS case PT_SETFPREGS: 183 #else 184 # define case_PT_SETFPREGS 185 #endif 186 187 #ifdef PT_GETDBREGS 188 # define case_PT_GETDBREGS case PT_GETDBREGS: 189 #else 190 # define case_PT_GETDBREGS 191 #endif 192 193 #ifdef PT_SETDBREGS 194 # define case_PT_SETDBREGS case PT_SETDBREGS: 195 #else 196 # define case_PT_SETDBREGS 197 #endif 198 199 static int 200 ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 201 void *arg0, void *arg1, void *arg2, void *arg3) 202 { 203 struct proc *p; 204 int result; 205 #ifdef PT_SETDBREGS 206 extern int user_set_dbregs; 207 #endif 208 209 result = KAUTH_RESULT_DEFER; 210 p = arg0; 211 212 #if 0 213 mutex_enter(&ptrace_mtx); 214 ptrace_cbref++; 215 mutex_exit(&ptrace_mtx); 216 #endif 217 if (action != KAUTH_PROCESS_PTRACE) 218 goto out; 219 220 switch ((u_long)arg1) { 221 #ifdef PT_SETDBREGS 222 case_PT_SETDBREGS 223 if (kauth_cred_getuid(cred) != 0 && user_set_dbregs == 0) { 224 result = KAUTH_RESULT_DENY; 225 break; 226 } 227 #endif 228 /* FALLTHROUGH */ 229 case PT_TRACE_ME: 230 case PT_ATTACH: 231 case PT_WRITE_I: 232 case PT_WRITE_D: 233 case PT_READ_I: 234 case PT_READ_D: 235 case PT_IO: 236 case_PT_GETREGS 237 case_PT_SETREGS 238 case_PT_GETFPREGS 239 case_PT_SETFPREGS 240 case_PT_GETDBREGS 241 case PT_SET_EVENT_MASK: 242 case PT_GET_EVENT_MASK: 243 case PT_GET_PROCESS_STATE: 244 case PT_SET_SIGINFO: 245 case PT_GET_SIGINFO: 246 #ifdef __HAVE_PTRACE_MACHDEP 247 PTRACE_MACHDEP_REQUEST_CASES 248 #endif 249 if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) || 250 ISSET(p->p_flag, PK_SUGID)) { 251 break; 252 } 253 254 result = KAUTH_RESULT_ALLOW; 255 256 break; 257 258 #ifdef PT_STEP 259 case PT_STEP: 260 case PT_SETSTEP: 261 case PT_CLEARSTEP: 262 #endif 263 case PT_CONTINUE: 264 case PT_KILL: 265 case PT_DETACH: 266 case PT_LWPINFO: 267 case PT_SYSCALL: 268 case PT_SYSCALLEMU: 269 case PT_DUMPCORE: 270 case PT_RESUME: 271 case PT_SUSPEND: 272 case PT_STOP: 273 case PT_LWPSTATUS: 274 case PT_LWPNEXT: 275 case PT_SET_SIGPASS: 276 case PT_GET_SIGPASS: 277 result = KAUTH_RESULT_ALLOW; 278 break; 279 280 default: 281 break; 282 } 283 284 out: 285 #if 0 286 mutex_enter(&ptrace_mtx); 287 if (--ptrace_cbref == 0) 288 cv_broadcast(&ptrace_cv); 289 mutex_exit(&ptrace_mtx); 290 #endif 291 292 return result; 293 } 294 295 static struct proc * 296 ptrace_find(struct lwp *l, int req, pid_t pid) 297 { 298 struct proc *t; 299 300 /* "A foolish consistency..." XXX */ 301 if (req == PT_TRACE_ME) { 302 t = l->l_proc; 303 mutex_enter(t->p_lock); 304 return t; 305 } 306 307 /* Find the process we're supposed to be operating on. */ 308 t = proc_find(pid); 309 if (t == NULL) 310 return NULL; 311 312 /* XXX-elad */ 313 mutex_enter(t->p_lock); 314 int error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, 315 t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 316 if (error) { 317 mutex_exit(t->p_lock); 318 return NULL; 319 } 320 return t; 321 } 322 323 static int 324 ptrace_allowed(struct lwp *l, int req, struct proc *t, struct proc *p, 325 bool *locked) 326 { 327 *locked = false; 328 329 /* 330 * Grab a reference on the process to prevent it from execing or 331 * exiting. 332 */ 333 if (!rw_tryenter(&t->p_reflock, RW_READER)) 334 return EBUSY; 335 336 *locked = true; 337 338 /* Make sure we can operate on it. */ 339 switch (req) { 340 case PT_TRACE_ME: 341 /* 342 * You can't say to the parent of a process to start tracing if: 343 * (1) the parent is initproc, 344 */ 345 if (p->p_pptr == initproc) 346 return EPERM; 347 348 /* 349 * (2) the process is initproc, or 350 */ 351 if (p == initproc) 352 return EPERM; 353 354 /* 355 * (3) the child is already traced. 356 */ 357 if (ISSET(p->p_slflag, PSL_TRACED)) 358 return EBUSY; 359 360 return 0; 361 362 case PT_ATTACH: 363 /* 364 * You can't attach to a process if: 365 * (1) it's the process that's doing the attaching, 366 */ 367 if (t == p) 368 return EINVAL; 369 370 /* 371 * (2) it's a system process, 372 */ 373 if (t->p_flag & PK_SYSTEM) 374 return EPERM; 375 376 /* 377 * (3) the tracer is initproc, 378 */ 379 if (p == initproc) 380 return EPERM; 381 382 /* 383 * (4) it's already being traced, 384 */ 385 if (ISSET(t->p_slflag, PSL_TRACED)) 386 return EBUSY; 387 388 /* 389 * (5) it's a vfork(2)ed parent of the current process, or 390 */ 391 if (ISSET(p->p_lflag, PL_PPWAIT) && p->p_pptr == t) 392 return EPERM; 393 394 /* 395 * (6) the tracer is chrooted, and its root directory is 396 * not at or above the root directory of the tracee 397 */ 398 mutex_exit(t->p_lock); /* XXXSMP */ 399 int tmp = proc_isunder(t, l); 400 mutex_enter(t->p_lock); /* XXXSMP */ 401 if (!tmp) 402 return EPERM; 403 return 0; 404 405 case PT_READ_I: 406 case PT_READ_D: 407 case PT_WRITE_I: 408 case PT_WRITE_D: 409 case PT_IO: 410 case PT_SET_SIGINFO: 411 case PT_GET_SIGINFO: 412 case_PT_GETREGS 413 case_PT_SETREGS 414 case_PT_GETFPREGS 415 case_PT_SETFPREGS 416 case_PT_GETDBREGS 417 case_PT_SETDBREGS 418 #ifdef __HAVE_PTRACE_MACHDEP 419 PTRACE_MACHDEP_REQUEST_CASES 420 #endif 421 /* 422 * You can't read/write the memory or registers of a process 423 * if the tracer is chrooted, and its root directory is not at 424 * or above the root directory of the tracee. 425 */ 426 mutex_exit(t->p_lock); /* XXXSMP */ 427 tmp = proc_isunder(t, l); 428 mutex_enter(t->p_lock); /* XXXSMP */ 429 if (!tmp) 430 return EPERM; 431 /*FALLTHROUGH*/ 432 433 case PT_CONTINUE: 434 case PT_KILL: 435 case PT_DETACH: 436 case PT_LWPINFO: 437 case PT_SYSCALL: 438 case PT_SYSCALLEMU: 439 case PT_DUMPCORE: 440 #ifdef PT_STEP 441 case PT_STEP: 442 case PT_SETSTEP: 443 case PT_CLEARSTEP: 444 #endif 445 case PT_SET_EVENT_MASK: 446 case PT_GET_EVENT_MASK: 447 case PT_GET_PROCESS_STATE: 448 case PT_RESUME: 449 case PT_SUSPEND: 450 case PT_STOP: 451 case PT_LWPSTATUS: 452 case PT_LWPNEXT: 453 case PT_SET_SIGPASS: 454 case PT_GET_SIGPASS: 455 /* 456 * You can't do what you want to the process if: 457 * (1) It's not being traced at all, 458 */ 459 if (!ISSET(t->p_slflag, PSL_TRACED)) 460 return EPERM; 461 462 /* 463 * (2) it's not being traced by _you_, or 464 */ 465 if (t->p_pptr != p) { 466 DPRINTF(("parent %d != %d\n", t->p_pptr->p_pid, 467 p->p_pid)); 468 return EBUSY; 469 } 470 471 /* 472 * (3) it's not currently stopped. 473 * 474 * As an exception allow PT_KILL and PT_STOP here. 475 */ 476 if (req != PT_KILL && req != PT_STOP && 477 (t->p_stat != SSTOP || !t->p_waited /* XXXSMP */)) { 478 DPRINTF(("stat %d flag %d\n", t->p_stat, 479 !t->p_waited)); 480 return EBUSY; 481 } 482 return 0; 483 484 default: /* It was not a legal request. */ 485 return EINVAL; 486 } 487 } 488 489 static int 490 ptrace_needs_hold(int req) 491 { 492 switch (req) { 493 #ifdef PT_STEP 494 case PT_STEP: 495 #endif 496 case PT_CONTINUE: 497 case PT_DETACH: 498 case PT_KILL: 499 case PT_SYSCALL: 500 case PT_SYSCALLEMU: 501 case PT_ATTACH: 502 case PT_TRACE_ME: 503 case PT_GET_SIGINFO: 504 case PT_SET_SIGINFO: 505 case PT_STOP: 506 return 1; 507 default: 508 return 0; 509 } 510 } 511 512 static int 513 ptrace_get_siginfo(struct proc *t, struct ptrace_methods *ptm, void *addr, 514 size_t data) 515 { 516 struct ptrace_siginfo psi; 517 518 memset(&psi, 0, sizeof(psi)); 519 psi.psi_siginfo._info = t->p_sigctx.ps_info; 520 psi.psi_lwpid = t->p_sigctx.ps_lwp; 521 DPRINTF(("%s: lwp=%d signal=%d\n", __func__, psi.psi_lwpid, 522 psi.psi_siginfo.si_signo)); 523 524 return ptm->ptm_copyout_siginfo(&psi, addr, data); 525 } 526 527 static int 528 ptrace_set_siginfo(struct proc *t, struct lwp **lt, struct ptrace_methods *ptm, 529 void *addr, size_t data) 530 { 531 struct ptrace_siginfo psi; 532 533 int error = ptm->ptm_copyin_siginfo(&psi, addr, data); 534 if (error) 535 return error; 536 537 /* Check that the data is a valid signal number or zero. */ 538 if (psi.psi_siginfo.si_signo < 0 || psi.psi_siginfo.si_signo >= NSIG) 539 return EINVAL; 540 541 t->p_sigctx.ps_faked = true; 542 t->p_sigctx.ps_info = psi.psi_siginfo._info; 543 t->p_sigctx.ps_lwp = psi.psi_lwpid; 544 DPRINTF(("%s: lwp=%d signal=%d\n", __func__, psi.psi_lwpid, 545 psi.psi_siginfo.si_signo)); 546 return 0; 547 } 548 549 static int 550 ptrace_get_sigpass(struct proc *t, void *addr, size_t data) 551 { 552 sigset_t set; 553 554 if (data > sizeof(set) || data <= 0) { 555 DPRINTF(("%s: invalid data: %zu < %zu <= 0\n", 556 __func__, sizeof(set), data)); 557 return EINVAL; 558 } 559 560 set = t->p_sigctx.ps_sigpass; 561 562 return copyout(&set, addr, data); 563 } 564 565 static int 566 ptrace_set_sigpass(struct proc *t, void *addr, size_t data) 567 { 568 sigset_t set; 569 int error; 570 571 if (data > sizeof(set) || data <= 0) { 572 DPRINTF(("%s: invalid data: %zu < %zu <= 0\n", 573 __func__, sizeof(set), data)); 574 return EINVAL; 575 } 576 577 memset(&set, 0, sizeof(set)); 578 579 if ((error = copyin(addr, &set, data))) 580 return error; 581 582 /* We catch SIGSTOP and cannot intercept SIGKILL. */ 583 sigminusset(&sigcantmask, &set); 584 585 t->p_sigctx.ps_sigpass = set; 586 587 return 0; 588 } 589 590 static int 591 ptrace_get_event_mask(struct proc *t, void *addr, size_t data) 592 { 593 struct ptrace_event pe; 594 595 if (data != sizeof(pe)) { 596 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pe))); 597 return EINVAL; 598 } 599 memset(&pe, 0, sizeof(pe)); 600 pe.pe_set_event = ISSET(t->p_slflag, PSL_TRACEFORK) ? 601 PTRACE_FORK : 0; 602 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK) ? 603 PTRACE_VFORK : 0; 604 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK_DONE) ? 605 PTRACE_VFORK_DONE : 0; 606 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_CREATE) ? 607 PTRACE_LWP_CREATE : 0; 608 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_EXIT) ? 609 PTRACE_LWP_EXIT : 0; 610 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEPOSIX_SPAWN) ? 611 PTRACE_POSIX_SPAWN : 0; 612 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 613 t->p_sigctx.ps_lwp, pe.pe_set_event)); 614 return copyout(&pe, addr, sizeof(pe)); 615 } 616 617 static int 618 ptrace_set_event_mask(struct proc *t, void *addr, size_t data) 619 { 620 struct ptrace_event pe; 621 int error; 622 623 if (data != sizeof(pe)) { 624 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pe))); 625 return EINVAL; 626 } 627 if ((error = copyin(addr, &pe, sizeof(pe))) != 0) 628 return error; 629 630 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 631 t->p_sigctx.ps_lwp, pe.pe_set_event)); 632 if (pe.pe_set_event & PTRACE_FORK) 633 SET(t->p_slflag, PSL_TRACEFORK); 634 else 635 CLR(t->p_slflag, PSL_TRACEFORK); 636 637 if (pe.pe_set_event & PTRACE_VFORK) 638 SET(t->p_slflag, PSL_TRACEVFORK); 639 else 640 CLR(t->p_slflag, PSL_TRACEVFORK); 641 642 if (pe.pe_set_event & PTRACE_VFORK_DONE) 643 SET(t->p_slflag, PSL_TRACEVFORK_DONE); 644 else 645 CLR(t->p_slflag, PSL_TRACEVFORK_DONE); 646 647 if (pe.pe_set_event & PTRACE_LWP_CREATE) 648 SET(t->p_slflag, PSL_TRACELWP_CREATE); 649 else 650 CLR(t->p_slflag, PSL_TRACELWP_CREATE); 651 652 if (pe.pe_set_event & PTRACE_LWP_EXIT) 653 SET(t->p_slflag, PSL_TRACELWP_EXIT); 654 else 655 CLR(t->p_slflag, PSL_TRACELWP_EXIT); 656 657 if (pe.pe_set_event & PTRACE_POSIX_SPAWN) 658 SET(t->p_slflag, PSL_TRACEPOSIX_SPAWN); 659 else 660 CLR(t->p_slflag, PSL_TRACEPOSIX_SPAWN); 661 662 return 0; 663 } 664 665 static int 666 ptrace_get_process_state(struct proc *t, void *addr, size_t data) 667 { 668 struct _ksiginfo *si; 669 struct ptrace_state ps; 670 671 if (data != sizeof(ps)) { 672 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(ps))); 673 return EINVAL; 674 } 675 676 if (t->p_sigctx.ps_info._signo != SIGTRAP || 677 (t->p_sigctx.ps_info._code != TRAP_CHLD && 678 t->p_sigctx.ps_info._code != TRAP_LWP)) { 679 memset(&ps, 0, sizeof(ps)); 680 } else { 681 si = &t->p_sigctx.ps_info; 682 683 KASSERT(si->_reason._ptrace_state._pe_report_event > 0); 684 KASSERT(si->_reason._ptrace_state._option._pe_other_pid > 0); 685 686 ps.pe_report_event = si->_reason._ptrace_state._pe_report_event; 687 688 CTASSERT(sizeof(ps.pe_other_pid) == sizeof(ps.pe_lwp)); 689 ps.pe_other_pid = 690 si->_reason._ptrace_state._option._pe_other_pid; 691 } 692 693 DPRINTF(("%s: lwp=%d event=%#x pid=%d lwp=%d\n", __func__, 694 t->p_sigctx.ps_lwp, ps.pe_report_event, 695 ps.pe_other_pid, ps.pe_lwp)); 696 return copyout(&ps, addr, sizeof(ps)); 697 } 698 699 static int 700 ptrace_lwpinfo(struct proc *t, struct lwp **lt, void *addr, size_t data) 701 { 702 struct ptrace_lwpinfo pl; 703 704 if (data != sizeof(pl)) { 705 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pl))); 706 return EINVAL; 707 } 708 int error = copyin(addr, &pl, sizeof(pl)); 709 if (error) 710 return error; 711 712 lwpid_t tmp = pl.pl_lwpid; 713 lwp_delref(*lt); 714 mutex_enter(t->p_lock); 715 if (tmp == 0) 716 *lt = lwp_find_first(t); 717 else { 718 *lt = lwp_find(t, tmp); 719 if (*lt == NULL) { 720 mutex_exit(t->p_lock); 721 return ESRCH; 722 } 723 *lt = LIST_NEXT(*lt, l_sibling); 724 } 725 726 while (*lt != NULL && (!lwp_alive(*lt) || 727 ((*lt)->l_flag & LW_SYSTEM) != 0)) 728 *lt = LIST_NEXT(*lt, l_sibling); 729 730 pl.pl_lwpid = 0; 731 pl.pl_event = 0; 732 if (*lt) { 733 lwp_addref(*lt); 734 pl.pl_lwpid = (*lt)->l_lid; 735 736 if ((*lt)->l_flag & LW_WSUSPEND) 737 pl.pl_event = PL_EVENT_SUSPENDED; 738 /* 739 * If we match the lwp, or it was sent to every lwp, 740 * we set PL_EVENT_SIGNAL. 741 * XXX: ps_lwp == 0 means everyone and noone, so 742 * check ps_signo too. 743 */ 744 else if ((*lt)->l_lid == t->p_sigctx.ps_lwp 745 || (t->p_sigctx.ps_lwp == 0 && 746 t->p_sigctx.ps_info._signo)) { 747 DPRINTF(("%s: lwp=%d siglwp=%d signo %d\n", __func__, 748 pl.pl_lwpid, t->p_sigctx.ps_lwp, 749 t->p_sigctx.ps_info._signo)); 750 pl.pl_event = PL_EVENT_SIGNAL; 751 } 752 } 753 mutex_exit(t->p_lock); 754 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 755 pl.pl_lwpid, pl.pl_event)); 756 757 return copyout(&pl, addr, sizeof(pl)); 758 } 759 760 static int 761 ptrace_lwpstatus(struct proc *t, struct ptrace_methods *ptm, struct lwp **lt, 762 void *addr, size_t data, bool next) 763 { 764 struct ptrace_lwpstatus pls; 765 struct lwp *l; 766 int error; 767 768 if (data > sizeof(pls) || data < sizeof(lwpid_t)) { 769 DPRINTF(("%s: invalid data: %zu < %zu < %zu\n", 770 __func__, sizeof(lwpid_t), data, sizeof(pls))); 771 return EINVAL; 772 } 773 error = copyin(addr, &pls.pl_lwpid, sizeof(lwpid_t)); 774 if (error) 775 return error; 776 777 if (next) { 778 lwp_delref(*lt); 779 lwpid_t tmp = pls.pl_lwpid; 780 mutex_enter(t->p_lock); 781 if (tmp == 0) 782 *lt = lwp_find_first(t); 783 else { 784 *lt = lwp_find(t, tmp); 785 if (*lt == NULL) { 786 mutex_exit(t->p_lock); 787 return ESRCH; 788 } 789 *lt = LIST_NEXT(*lt, l_sibling); 790 } 791 792 while (*lt != NULL && (!lwp_alive(*lt) || 793 ((*lt)->l_flag & LW_SYSTEM) != 0)) 794 *lt = LIST_NEXT(*lt, l_sibling); 795 796 if (*lt == NULL) { 797 memset(&pls, 0, sizeof(pls)); 798 mutex_exit(t->p_lock); 799 goto out; 800 } 801 lwp_addref(*lt); 802 mutex_exit(t->p_lock); 803 804 pls.pl_lwpid = (*lt)->l_lid; 805 } else { 806 if ((error = ptrace_update_lwp(t, lt, pls.pl_lwpid)) != 0) 807 return error; 808 } 809 810 l = *lt; 811 812 ptrace_read_lwpstatus(l, &pls); 813 814 out: 815 DPRINTF(("%s: lwp=%d sigpend=%02x%02x%02x%02x sigmask=%02x%02x%02x%02x " 816 "name='%s' private=%p\n", __func__, pls.pl_lwpid, 817 pls.pl_sigpend.__bits[0], pls.pl_sigpend.__bits[1], 818 pls.pl_sigpend.__bits[2], pls.pl_sigpend.__bits[3], 819 pls.pl_sigmask.__bits[0], pls.pl_sigmask.__bits[1], 820 pls.pl_sigmask.__bits[2], pls.pl_sigmask.__bits[3], 821 pls.pl_name, pls.pl_private)); 822 823 return ptm->ptm_copyout_lwpstatus(&pls, addr, data); 824 } 825 826 static int 827 ptrace_startstop(struct proc *t, struct lwp **lt, int rq, void *addr, 828 size_t data) 829 { 830 int error; 831 832 if ((error = ptrace_update_lwp(t, lt, data)) != 0) 833 return error; 834 835 DPRINTF(("%s: lwp=%d request=%d\n", __func__, (*lt)->l_lid, rq)); 836 lwp_lock(*lt); 837 if (rq == PT_SUSPEND) 838 (*lt)->l_flag |= LW_DBGSUSPEND; 839 else { 840 (*lt)->l_flag &= ~LW_DBGSUSPEND; 841 if ((*lt)->l_flag != LSSUSPENDED) 842 (*lt)->l_stat = LSSTOP; 843 } 844 lwp_unlock(*lt); 845 return 0; 846 } 847 848 #ifdef PT_REGISTERS 849 static int 850 ptrace_uio_dir(int req) 851 { 852 switch (req) { 853 case_PT_GETREGS 854 case_PT_GETFPREGS 855 case_PT_GETDBREGS 856 return UIO_READ; 857 case_PT_SETREGS 858 case_PT_SETFPREGS 859 case_PT_SETDBREGS 860 return UIO_WRITE; 861 default: 862 return -1; 863 } 864 } 865 866 static int 867 ptrace_regs(struct lwp *l, struct lwp **lt, int rq, struct ptrace_methods *ptm, 868 void *addr, size_t data) 869 { 870 int error; 871 struct proc *p, *t; 872 struct vmspace *vm; 873 874 p = l->l_proc; /* tracer */ 875 t = (*lt)->l_proc; /* traced */ 876 877 if ((error = ptrace_update_lwp(t, lt, data)) != 0) 878 return error; 879 880 int dir = ptrace_uio_dir(rq); 881 size_t size; 882 int (*func)(struct lwp *, struct lwp *, struct uio *); 883 884 DPRINTF(("%s: lwp=%d request=%d\n", __func__, l->l_lid, rq)); 885 886 switch (rq) { 887 #if defined(PT_SETREGS) || defined(PT_GETREGS) 888 case_PT_GETREGS 889 case_PT_SETREGS 890 if (!process_validregs(*lt)) 891 return EINVAL; 892 size = PROC_REGSZ(p); 893 func = ptm->ptm_doregs; 894 break; 895 #endif 896 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 897 case_PT_GETFPREGS 898 case_PT_SETFPREGS 899 if (!process_validfpregs(*lt)) 900 return EINVAL; 901 size = PROC_FPREGSZ(p); 902 func = ptm->ptm_dofpregs; 903 break; 904 #endif 905 #if defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 906 case_PT_GETDBREGS 907 case_PT_SETDBREGS 908 if (!process_validdbregs(*lt)) 909 return EINVAL; 910 size = PROC_DBREGSZ(p); 911 func = ptm->ptm_dodbregs; 912 break; 913 #endif 914 default: 915 return EINVAL; 916 } 917 918 error = proc_vmspace_getref(l->l_proc, &vm); 919 if (error) 920 return error; 921 922 struct uio uio; 923 struct iovec iov; 924 925 iov.iov_base = addr; 926 iov.iov_len = size; 927 uio.uio_iov = &iov; 928 uio.uio_iovcnt = 1; 929 uio.uio_offset = 0; 930 uio.uio_resid = iov.iov_len; 931 uio.uio_rw = dir; 932 uio.uio_vmspace = vm; 933 934 error = (*func)(l, *lt, &uio); 935 uvmspace_free(vm); 936 return error; 937 } 938 #endif 939 940 static int 941 ptrace_sendsig(struct lwp *l, int req, struct proc *t, struct lwp *lt, int signo, int resume_all) 942 { 943 ksiginfo_t ksi; 944 945 /* Finally, deliver the requested signal (or none). */ 946 if (t->p_stat == SSTOP) { 947 /* 948 * Unstop the process. If it needs to take a 949 * signal, make all efforts to ensure that at 950 * an LWP runs to see it. 951 */ 952 t->p_xsig = signo; 953 954 /* 955 * signo > 0 check prevents a potential panic, as 956 * sigismember(&...,0) is invalid check and signo 957 * can be equal to 0 as a special case of no-signal. 958 */ 959 if (signo > 0 && sigismember(&stopsigmask, signo)) { 960 t->p_waited = 0; 961 child_psignal(t, 0); 962 } else if (resume_all) 963 proc_unstop(t); 964 else 965 lwp_unstop(lt); 966 return 0; 967 } 968 969 KASSERT(req == PT_KILL || req == PT_STOP || req == PT_ATTACH); 970 971 KSI_INIT(&ksi); 972 ksi.ksi_signo = signo; 973 ksi.ksi_code = SI_USER; 974 ksi.ksi_pid = l->l_proc->p_pid; 975 ksi.ksi_uid = kauth_cred_geteuid(l->l_cred); 976 977 t->p_sigctx.ps_faked = false; 978 979 DPRINTF(("%s: pid=%d.%d signal=%d resume_all=%d\n", __func__, t->p_pid, 980 lt->l_lid, signo, resume_all)); 981 982 return kpsignal2(t, &ksi); 983 } 984 985 static int 986 ptrace_dumpcore(struct lwp *lt, char *path, size_t len) 987 { 988 int error; 989 if (path != NULL) { 990 991 if (len >= MAXPATHLEN) 992 return EINVAL; 993 994 char *src = path; 995 path = kmem_alloc(len + 1, KM_SLEEP); 996 error = copyin(src, path, len); 997 if (error) 998 goto out; 999 path[len] = '\0'; 1000 } 1001 DPRINTF(("%s: lwp=%d\n", __func__, lt->l_lid)); 1002 MODULE_HOOK_CALL(coredump_hook, (lt, path), 0, error); 1003 out: 1004 if (path) 1005 kmem_free(path, len + 1); 1006 return error; 1007 } 1008 1009 static int 1010 ptrace_doio(struct lwp *l, struct proc *t, struct lwp *lt, 1011 struct ptrace_io_desc *piod, void *addr, bool sysspace) 1012 { 1013 struct uio uio; 1014 struct iovec iov; 1015 int error, tmp; 1016 1017 error = 0; 1018 iov.iov_base = piod->piod_addr; 1019 iov.iov_len = piod->piod_len; 1020 uio.uio_iov = &iov; 1021 uio.uio_iovcnt = 1; 1022 uio.uio_offset = (off_t)(unsigned long)piod->piod_offs; 1023 uio.uio_resid = piod->piod_len; 1024 1025 DPRINTF(("%s: lwp=%d request=%d\n", __func__, l->l_lid, piod->piod_op)); 1026 1027 switch (piod->piod_op) { 1028 case PIOD_READ_D: 1029 case PIOD_READ_I: 1030 uio.uio_rw = UIO_READ; 1031 break; 1032 case PIOD_WRITE_D: 1033 case PIOD_WRITE_I: 1034 /* 1035 * Can't write to a RAS 1036 */ 1037 if (ras_lookup(t, addr) != (void *)-1) { 1038 return EACCES; 1039 } 1040 uio.uio_rw = UIO_WRITE; 1041 break; 1042 case PIOD_READ_AUXV: 1043 uio.uio_rw = UIO_READ; 1044 tmp = t->p_execsw->es_arglen; 1045 if (uio.uio_offset > tmp) 1046 return EIO; 1047 if (uio.uio_resid > tmp - uio.uio_offset) 1048 uio.uio_resid = tmp - uio.uio_offset; 1049 piod->piod_len = iov.iov_len = uio.uio_resid; 1050 error = process_auxv_offset(t, &uio); 1051 break; 1052 default: 1053 error = EINVAL; 1054 break; 1055 } 1056 1057 if (error) 1058 return error; 1059 1060 if (sysspace) { 1061 uio.uio_vmspace = vmspace_kernel(); 1062 } else { 1063 error = proc_vmspace_getref(l->l_proc, &uio.uio_vmspace); 1064 if (error) 1065 return error; 1066 } 1067 1068 error = process_domem(l, lt, &uio); 1069 if (!sysspace) 1070 uvmspace_free(uio.uio_vmspace); 1071 if (error) 1072 return error; 1073 piod->piod_len -= uio.uio_resid; 1074 return 0; 1075 } 1076 1077 int 1078 do_ptrace(struct ptrace_methods *ptm, struct lwp *l, int req, pid_t pid, 1079 void *addr, int data, register_t *retval) 1080 { 1081 struct proc *p = l->l_proc; 1082 struct lwp *lt = NULL; 1083 struct lwp *lt2; 1084 struct proc *t; /* target process */ 1085 struct ptrace_io_desc piod; 1086 int error, write, tmp, pheld; 1087 int signo = 0; 1088 int resume_all; 1089 bool locked; 1090 error = 0; 1091 1092 /* 1093 * If attaching or detaching, we need to get a write hold on the 1094 * proclist lock so that we can re-parent the target process. 1095 */ 1096 mutex_enter(&proc_lock); 1097 1098 t = ptrace_find(l, req, pid); 1099 if (t == NULL) { 1100 mutex_exit(&proc_lock); 1101 return ESRCH; 1102 } 1103 1104 pheld = 1; 1105 if ((error = ptrace_allowed(l, req, t, p, &locked)) != 0) 1106 goto out; 1107 1108 if ((error = kauth_authorize_process(l->l_cred, 1109 KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req), NULL, NULL)) != 0) 1110 goto out; 1111 1112 if ((lt = lwp_find_first(t)) == NULL) { 1113 error = ESRCH; 1114 goto out; 1115 } 1116 1117 /* Do single-step fixup if needed. */ 1118 FIX_SSTEP(t); 1119 KASSERT(lt != NULL); 1120 lwp_addref(lt); 1121 1122 /* 1123 * Which locks do we need held? XXX Ugly. 1124 */ 1125 if ((pheld = ptrace_needs_hold(req)) == 0) { 1126 mutex_exit(t->p_lock); 1127 mutex_exit(&proc_lock); 1128 } 1129 1130 /* Now do the operation. */ 1131 write = 0; 1132 *retval = 0; 1133 tmp = 0; 1134 resume_all = 1; 1135 1136 switch (req) { 1137 case PT_TRACE_ME: 1138 /* Just set the trace flag. */ 1139 SET(t->p_slflag, PSL_TRACED); 1140 t->p_opptr = t->p_pptr; 1141 break; 1142 1143 /* 1144 * The I and D separate address space has been inherited from PDP-11. 1145 * The 16-bit UNIX started with a single address space per program, 1146 * but was extended to two 16-bit (2 x 64kb) address spaces. 1147 * 1148 * We no longer maintain this feature in maintained architectures, but 1149 * we keep the API for backward compatibility. Currently the I and D 1150 * operations are exactly the same and not distinguished in debuggers. 1151 */ 1152 case PT_WRITE_I: 1153 case PT_WRITE_D: 1154 write = 1; 1155 tmp = data; 1156 /* FALLTHROUGH */ 1157 case PT_READ_I: 1158 case PT_READ_D: 1159 piod.piod_addr = &tmp; 1160 piod.piod_len = sizeof(tmp); 1161 piod.piod_offs = addr; 1162 piod.piod_op = write ? PIOD_WRITE_D : PIOD_READ_D; 1163 if ((error = ptrace_doio(l, t, lt, &piod, addr, true)) != 0) 1164 break; 1165 /* 1166 * For legacy reasons we treat here two results as success: 1167 * - incomplete transfer piod.piod_len < sizeof(tmp) 1168 * - no transfer piod.piod_len == 0 1169 * 1170 * This means that there is no way to determine whether 1171 * transfer operation was performed in PT_WRITE and PT_READ 1172 * calls. 1173 */ 1174 if (!write) 1175 *retval = tmp; 1176 break; 1177 1178 case PT_IO: 1179 if ((error = ptm->ptm_copyin_piod(&piod, addr, data)) != 0) 1180 break; 1181 if (piod.piod_len < 1) { 1182 error = EINVAL; 1183 break; 1184 } 1185 if ((error = ptrace_doio(l, t, lt, &piod, addr, false)) != 0) 1186 break; 1187 /* 1188 * For legacy reasons we treat here two results as success: 1189 * - incomplete transfer piod.piod_len < sizeof(tmp) 1190 * - no transfer piod.piod_len == 0 1191 */ 1192 error = ptm->ptm_copyout_piod(&piod, addr, data); 1193 break; 1194 1195 case PT_DUMPCORE: 1196 error = ptrace_dumpcore(lt, addr, data); 1197 break; 1198 1199 #ifdef PT_STEP 1200 case PT_STEP: 1201 /* 1202 * From the 4.4BSD PRM: 1203 * "Execution continues as in request PT_CONTINUE; however 1204 * as soon as possible after execution of at least one 1205 * instruction, execution stops again. [ ... ]" 1206 */ 1207 #endif 1208 case PT_CONTINUE: 1209 case PT_SYSCALL: 1210 case PT_DETACH: 1211 if (req == PT_SYSCALL) { 1212 if (!ISSET(t->p_slflag, PSL_SYSCALL)) { 1213 SET(t->p_slflag, PSL_SYSCALL); 1214 #ifdef __HAVE_SYSCALL_INTERN 1215 (*t->p_emul->e_syscall_intern)(t); 1216 #endif 1217 } 1218 } else { 1219 if (ISSET(t->p_slflag, PSL_SYSCALL)) { 1220 CLR(t->p_slflag, PSL_SYSCALL); 1221 #ifdef __HAVE_SYSCALL_INTERN 1222 (*t->p_emul->e_syscall_intern)(t); 1223 #endif 1224 } 1225 } 1226 t->p_trace_enabled = trace_is_enabled(t); 1227 1228 /* 1229 * Pick up the LWPID, if supplied. There are two cases: 1230 * data < 0 : step or continue single thread, lwp = -data 1231 * data > 0 in PT_STEP : step this thread, continue others 1232 * For operations other than PT_STEP, data > 0 means 1233 * data is the signo to deliver to the process. 1234 */ 1235 tmp = data; 1236 if (tmp >= 0) { 1237 #ifdef PT_STEP 1238 if (req == PT_STEP) 1239 signo = 0; 1240 else 1241 #endif 1242 { 1243 signo = tmp; 1244 tmp = 0; /* don't search for LWP */ 1245 } 1246 } else if (tmp == INT_MIN) { 1247 error = ESRCH; 1248 break; 1249 } else { 1250 tmp = -tmp; 1251 } 1252 1253 if (tmp > 0) { 1254 if (req == PT_DETACH) { 1255 error = EINVAL; 1256 break; 1257 } 1258 lwp_delref2 (lt); 1259 lt = lwp_find(t, tmp); 1260 if (lt == NULL) { 1261 error = ESRCH; 1262 break; 1263 } 1264 lwp_addref(lt); 1265 resume_all = 0; 1266 signo = 0; 1267 } 1268 1269 /* 1270 * From the 4.4BSD PRM: 1271 * "The data argument is taken as a signal number and the 1272 * child's execution continues at location addr as if it 1273 * incurred that signal. Normally the signal number will 1274 * be either 0 to indicate that the signal that caused the 1275 * stop should be ignored, or that value fetched out of 1276 * the process's image indicating which signal caused 1277 * the stop. If addr is (int *)1 then execution continues 1278 * from where it stopped." 1279 */ 1280 1281 /* Check that the data is a valid signal number or zero. */ 1282 if (signo < 0 || signo >= NSIG) { 1283 error = EINVAL; 1284 break; 1285 } 1286 1287 /* Prevent process deadlock */ 1288 if (resume_all) { 1289 #ifdef PT_STEP 1290 if (req == PT_STEP) { 1291 if (lt->l_flag & 1292 (LW_WSUSPEND | LW_DBGSUSPEND)) { 1293 error = EDEADLK; 1294 break; 1295 } 1296 } else 1297 #endif 1298 { 1299 error = EDEADLK; 1300 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1301 if ((lt2->l_flag & 1302 (LW_WSUSPEND | LW_DBGSUSPEND)) == 0 1303 ) { 1304 error = 0; 1305 break; 1306 } 1307 } 1308 if (error != 0) 1309 break; 1310 } 1311 } else { 1312 if (lt->l_flag & (LW_WSUSPEND | LW_DBGSUSPEND)) { 1313 error = EDEADLK; 1314 break; 1315 } 1316 } 1317 1318 /* 1319 * Reject setting program counter to 0x0 if VA0 is disabled. 1320 * 1321 * Not all kernels implement this feature to set Program 1322 * Counter in one go in PT_CONTINUE and similar operations. 1323 * This causes portability issues as passing address 0x0 1324 * on these kernels is no-operation, but can cause failure 1325 * in most cases on NetBSD. 1326 */ 1327 if (user_va0_disable && addr == 0) { 1328 error = EINVAL; 1329 break; 1330 } 1331 1332 /* If the address parameter is not (int *)1, set the pc. */ 1333 if ((int *)addr != (int *)1) { 1334 error = process_set_pc(lt, addr); 1335 if (error != 0) 1336 break; 1337 } 1338 #ifdef PT_STEP 1339 /* 1340 * Arrange for a single-step, if that's requested and possible. 1341 * More precisely, set the single step status as requested for 1342 * the requested thread, and clear it for other threads. 1343 */ 1344 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1345 error = process_sstep(lt2, 1346 ISSET(lt2->l_pflag, LP_SINGLESTEP)); 1347 if (error) 1348 break; 1349 } 1350 if (error) 1351 break; 1352 error = process_sstep(lt, 1353 ISSET(lt->l_pflag, LP_SINGLESTEP) || req == PT_STEP); 1354 if (error) 1355 break; 1356 #endif 1357 if (req == PT_DETACH) { 1358 CLR(t->p_slflag, 1359 PSL_TRACED|PSL_TRACEDCHILD|PSL_SYSCALL); 1360 1361 /* clear sigpass mask */ 1362 sigemptyset(&t->p_sigctx.ps_sigpass); 1363 1364 /* give process back to original parent or init */ 1365 if (t->p_opptr != t->p_pptr) { 1366 struct proc *pp = t->p_opptr; 1367 proc_reparent(t, pp ? pp : initproc); 1368 } 1369 1370 /* not being traced any more */ 1371 t->p_opptr = NULL; 1372 1373 /* clear single step */ 1374 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1375 CLR(lt2->l_pflag, LP_SINGLESTEP); 1376 } 1377 CLR(lt->l_pflag, LP_SINGLESTEP); 1378 } 1379 sendsig: 1380 error = ptrace_sendsig(l, req, t, lt, signo, resume_all); 1381 break; 1382 1383 case PT_SYSCALLEMU: 1384 if (!ISSET(t->p_slflag, PSL_SYSCALL) || t->p_stat != SSTOP) { 1385 error = EINVAL; 1386 break; 1387 } 1388 SET(t->p_slflag, PSL_SYSCALLEMU); 1389 break; 1390 1391 #ifdef PT_STEP 1392 case PT_SETSTEP: 1393 write = 1; 1394 1395 /* FALLTHROUGH */ 1396 case PT_CLEARSTEP: 1397 /* write = 0 done above. */ 1398 if ((error = ptrace_update_lwp(t, <, data)) != 0) 1399 break; 1400 1401 if (write) 1402 SET(lt->l_pflag, LP_SINGLESTEP); 1403 else 1404 CLR(lt->l_pflag, LP_SINGLESTEP); 1405 break; 1406 #endif 1407 1408 case PT_KILL: 1409 /* just send the process a KILL signal. */ 1410 signo = SIGKILL; 1411 goto sendsig; /* in PT_CONTINUE, above. */ 1412 1413 case PT_STOP: 1414 /* just send the process a STOP signal. */ 1415 signo = SIGSTOP; 1416 goto sendsig; /* in PT_CONTINUE, above. */ 1417 1418 case PT_ATTACH: 1419 /* 1420 * Go ahead and set the trace flag. 1421 * Save the old parent (it's reset in 1422 * _DETACH, and also in kern_exit.c:wait4() 1423 * Reparent the process so that the tracing 1424 * proc gets to see all the action. 1425 * Stop the target. 1426 */ 1427 proc_changeparent(t, p); 1428 signo = SIGSTOP; 1429 goto sendsig; 1430 1431 case PT_GET_EVENT_MASK: 1432 error = ptrace_get_event_mask(t, addr, data); 1433 break; 1434 1435 case PT_SET_EVENT_MASK: 1436 error = ptrace_set_event_mask(t, addr, data); 1437 break; 1438 1439 case PT_GET_PROCESS_STATE: 1440 error = ptrace_get_process_state(t, addr, data); 1441 break; 1442 1443 case PT_LWPINFO: 1444 error = ptrace_lwpinfo(t, <, addr, data); 1445 break; 1446 1447 case PT_SET_SIGINFO: 1448 error = ptrace_set_siginfo(t, <, ptm, addr, data); 1449 break; 1450 1451 case PT_GET_SIGINFO: 1452 error = ptrace_get_siginfo(t, ptm, addr, data); 1453 break; 1454 1455 case PT_RESUME: 1456 case PT_SUSPEND: 1457 error = ptrace_startstop(t, <, req, addr, data); 1458 break; 1459 1460 case PT_LWPSTATUS: 1461 error = ptrace_lwpstatus(t, ptm, <, addr, data, false); 1462 break; 1463 1464 case PT_LWPNEXT: 1465 error = ptrace_lwpstatus(t, ptm, <, addr, data, true); 1466 break; 1467 1468 case PT_SET_SIGPASS: 1469 error = ptrace_set_sigpass(t, addr, data); 1470 break; 1471 1472 case PT_GET_SIGPASS: 1473 error = ptrace_get_sigpass(t, addr, data); 1474 break; 1475 1476 #ifdef PT_REGISTERS 1477 case_PT_SETREGS 1478 case_PT_GETREGS 1479 case_PT_SETFPREGS 1480 case_PT_GETFPREGS 1481 case_PT_SETDBREGS 1482 case_PT_GETDBREGS 1483 error = ptrace_regs(l, <, req, ptm, addr, data); 1484 break; 1485 #endif 1486 1487 #ifdef __HAVE_PTRACE_MACHDEP 1488 PTRACE_MACHDEP_REQUEST_CASES 1489 error = ptrace_machdep_dorequest(l, <, req, addr, data); 1490 break; 1491 #endif 1492 } 1493 1494 out: 1495 if (pheld) { 1496 mutex_exit(t->p_lock); 1497 mutex_exit(&proc_lock); 1498 } 1499 if (lt != NULL) 1500 lwp_delref(lt); 1501 if (locked) 1502 rw_exit(&t->p_reflock); 1503 1504 return error; 1505 } 1506 1507 static int 1508 process_auxv_offset(struct proc *p, struct uio *uio) 1509 { 1510 struct ps_strings pss; 1511 int error; 1512 off_t off = (off_t)p->p_psstrp; 1513 1514 if ((error = copyin_psstrings(p, &pss)) != 0) 1515 return error; 1516 1517 if (pss.ps_envstr == NULL) 1518 return EIO; 1519 1520 #ifdef COMPAT_NETBSD32 1521 if (p->p_flag & PK_32) 1522 uio->uio_offset += (off_t)((vaddr_t)pss.ps_envstr + 1523 sizeof(uint32_t) * (pss.ps_nenvstr + 1)); 1524 else 1525 #endif 1526 uio->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + 1527 pss.ps_nenvstr + 1); 1528 1529 #ifdef __MACHINE_STACK_GROWS_UP 1530 if (uio->uio_offset < off) 1531 return EIO; 1532 #else 1533 if (uio->uio_offset > off) 1534 return EIO; 1535 if ((uio->uio_offset + uio->uio_resid) > off) 1536 uio->uio_resid = off - uio->uio_offset; 1537 #endif 1538 return 0; 1539 } 1540 1541 MODULE(MODULE_CLASS_EXEC, ptrace_common, NULL); 1542 1543 static int 1544 ptrace_common_init(void) 1545 { 1546 1547 #if 0 1548 mutex_init(&ptrace_mtx, MUTEX_DEFAULT, IPL_NONE); 1549 cv_init(&ptrace_cv, "ptracecb"); 1550 ptrace_cbref = 0; 1551 #endif 1552 ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 1553 ptrace_listener_cb, NULL); 1554 return 0; 1555 } 1556 1557 static int 1558 ptrace_common_fini(void) 1559 { 1560 1561 kauth_unlisten_scope(ptrace_listener); 1562 1563 #if 0 1564 /* Make sure no-one is executing our kauth listener */ 1565 1566 mutex_enter(&ptrace_mtx); 1567 while (ptrace_cbref != 0) 1568 cv_wait(&ptrace_cv, &ptrace_mtx); 1569 mutex_exit(&ptrace_mtx); 1570 mutex_destroy(&ptrace_mtx); 1571 cv_destroy(&ptrace_cv); 1572 #endif 1573 1574 return 0; 1575 } 1576 1577 static int 1578 ptrace_common_modcmd(modcmd_t cmd, void *arg) 1579 { 1580 int error; 1581 1582 switch (cmd) { 1583 case MODULE_CMD_INIT: 1584 error = ptrace_common_init(); 1585 break; 1586 case MODULE_CMD_FINI: 1587 error = ptrace_common_fini(); 1588 break; 1589 default: 1590 ptrace_hooks(); 1591 error = ENOTTY; 1592 break; 1593 } 1594 return error; 1595 } 1596