1 /* $NetBSD: sys_ptrace_common.c,v 1.12 2017/01/26 03:54:01 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Andrew Doran. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1989, 1993 34 * The Regents of the University of California. All rights reserved. 35 * (c) UNIX System Laboratories, Inc. 36 * All or some portions of this file are derived from material licensed 37 * to the University of California by American Telephone and Telegraph 38 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 39 * the permission of UNIX System Laboratories, Inc. 40 * 41 * This code is derived from software contributed to Berkeley by 42 * Jan-Simon Pendry. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 3. Neither the name of the University nor the names of its contributors 53 * may be used to endorse or promote products derived from this software 54 * without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 * 68 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 69 */ 70 71 /*- 72 * Copyright (c) 1993 Jan-Simon Pendry. 73 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 74 * 75 * This code is derived from software contributed to Berkeley by 76 * Jan-Simon Pendry. 77 * 78 * Redistribution and use in source and binary forms, with or without 79 * modification, are permitted provided that the following conditions 80 * are met: 81 * 1. Redistributions of source code must retain the above copyright 82 * notice, this list of conditions and the following disclaimer. 83 * 2. Redistributions in binary form must reproduce the above copyright 84 * notice, this list of conditions and the following disclaimer in the 85 * documentation and/or other materials provided with the distribution. 86 * 3. All advertising materials mentioning features or use of this software 87 * must display the following acknowledgement: 88 * This product includes software developed by the University of 89 * California, Berkeley and its contributors. 90 * 4. Neither the name of the University nor the names of its contributors 91 * may be used to endorse or promote products derived from this software 92 * without specific prior written permission. 93 * 94 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 97 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 98 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 99 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 100 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 101 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 104 * SUCH DAMAGE. 105 * 106 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 107 */ 108 109 /* 110 * References: 111 * (1) Bach's "The Design of the UNIX Operating System", 112 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 113 * (3) the "4.4BSD Programmer's Reference Manual" published 114 * by USENIX and O'Reilly & Associates. 115 * The 4.4BSD PRM does a reasonably good job of documenting what the various 116 * ptrace() requests should actually do, and its text is quoted several times 117 * in this file. 118 */ 119 120 #include <sys/cdefs.h> 121 __KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.12 2017/01/26 03:54:01 christos Exp $"); 122 123 #ifdef _KERNEL_OPT 124 #include "opt_ptrace.h" 125 #include "opt_ktrace.h" 126 #include "opt_pax.h" 127 #endif 128 129 #include <sys/param.h> 130 #include <sys/systm.h> 131 #include <sys/proc.h> 132 #include <sys/errno.h> 133 #include <sys/exec.h> 134 #include <sys/pax.h> 135 #include <sys/ptrace.h> 136 #include <sys/uio.h> 137 #include <sys/ras.h> 138 #include <sys/kmem.h> 139 #include <sys/kauth.h> 140 #include <sys/mount.h> 141 #include <sys/syscallargs.h> 142 #include <sys/module.h> 143 #include <sys/condvar.h> 144 #include <sys/mutex.h> 145 146 #include <uvm/uvm_extern.h> 147 148 #include <machine/reg.h> 149 150 #ifdef PTRACE 151 152 # ifdef DEBUG 153 # define DPRINTF(a) uprintf a 154 # else 155 # define DPRINTF(a) 156 # endif 157 158 static kauth_listener_t ptrace_listener; 159 static int process_auxv_offset(struct proc *, struct uio *); 160 161 #if 0 162 static int ptrace_cbref; 163 static kmutex_t ptrace_mtx; 164 static kcondvar_t ptrace_cv; 165 #endif 166 167 static int 168 ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 169 void *arg0, void *arg1, void *arg2, void *arg3) 170 { 171 struct proc *p; 172 int result; 173 174 result = KAUTH_RESULT_DEFER; 175 p = arg0; 176 177 #if 0 178 mutex_enter(&ptrace_mtx); 179 ptrace_cbref++; 180 mutex_exit(&ptrace_mtx); 181 #endif 182 if (action != KAUTH_PROCESS_PTRACE) 183 goto out; 184 185 switch ((u_long)arg1) { 186 case PT_TRACE_ME: 187 case PT_ATTACH: 188 case PT_WRITE_I: 189 case PT_WRITE_D: 190 case PT_READ_I: 191 case PT_READ_D: 192 case PT_IO: 193 #ifdef PT_GETREGS 194 case PT_GETREGS: 195 #endif 196 #ifdef PT_SETREGS 197 case PT_SETREGS: 198 #endif 199 #ifdef PT_GETFPREGS 200 case PT_GETFPREGS: 201 #endif 202 #ifdef PT_SETFPREGS 203 case PT_SETFPREGS: 204 #endif 205 #ifdef __HAVE_PTRACE_WATCHPOINTS 206 case PT_READ_WATCHPOINT: 207 case PT_WRITE_WATCHPOINT: 208 case PT_COUNT_WATCHPOINTS: 209 #endif 210 case PT_SET_EVENT_MASK: 211 case PT_GET_EVENT_MASK: 212 case PT_GET_PROCESS_STATE: 213 case PT_SET_SIGINFO: 214 case PT_GET_SIGINFO: 215 #ifdef __HAVE_PTRACE_MACHDEP 216 PTRACE_MACHDEP_REQUEST_CASES 217 #endif 218 if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) || 219 ISSET(p->p_flag, PK_SUGID)) { 220 break; 221 } 222 223 result = KAUTH_RESULT_ALLOW; 224 225 break; 226 227 #ifdef PT_STEP 228 case PT_STEP: 229 #endif 230 case PT_CONTINUE: 231 case PT_KILL: 232 case PT_DETACH: 233 case PT_LWPINFO: 234 case PT_SYSCALL: 235 case PT_SYSCALLEMU: 236 case PT_DUMPCORE: 237 result = KAUTH_RESULT_ALLOW; 238 break; 239 240 default: 241 break; 242 } 243 244 out: 245 #if 0 246 mutex_enter(&ptrace_mtx); 247 if (--ptrace_cbref == 0) 248 cv_broadcast(&ptrace_cv); 249 mutex_exit(&ptrace_mtx); 250 #endif 251 252 return result; 253 } 254 255 int 256 ptrace_init(void) 257 { 258 259 #if 0 260 mutex_init(&ptrace_mtx, MUTEX_DEFAULT, IPL_NONE); 261 cv_init(&ptrace_cv, "ptracecb"); 262 ptrace_cbref = 0; 263 #endif 264 ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 265 ptrace_listener_cb, NULL); 266 return 0; 267 } 268 269 int 270 ptrace_fini(void) 271 { 272 273 kauth_unlisten_scope(ptrace_listener); 274 275 #if 0 276 /* Make sure no-one is executing our kauth listener */ 277 278 mutex_enter(&ptrace_mtx); 279 while (ptrace_cbref != 0) 280 cv_wait(&ptrace_cv, &ptrace_mtx); 281 mutex_exit(&ptrace_mtx); 282 mutex_destroy(&ptrace_mtx); 283 cv_destroy(&ptrace_cv); 284 #endif 285 286 return 0; 287 } 288 289 int 290 do_ptrace(struct ptrace_methods *ptm, struct lwp *l, int req, pid_t pid, 291 void *addr, int data, register_t *retval) 292 { 293 struct proc *p = l->l_proc; 294 struct lwp *lt; 295 #ifdef PT_STEP 296 struct lwp *lt2; 297 #endif 298 struct proc *t; /* target process */ 299 struct uio uio; 300 struct iovec iov; 301 struct ptrace_io_desc piod; 302 struct ptrace_event pe; 303 struct ptrace_state ps; 304 struct ptrace_lwpinfo pl; 305 struct ptrace_siginfo psi; 306 #ifdef __HAVE_PTRACE_WATCHPOINTS 307 struct ptrace_watchpoint pw; 308 #endif 309 struct vmspace *vm; 310 int error, write, tmp, pheld; 311 int signo = 0; 312 int resume_all; 313 ksiginfo_t ksi; 314 char *path; 315 int len = 0; 316 error = 0; 317 318 /* 319 * If attaching or detaching, we need to get a write hold on the 320 * proclist lock so that we can re-parent the target process. 321 */ 322 mutex_enter(proc_lock); 323 324 /* "A foolish consistency..." XXX */ 325 if (req == PT_TRACE_ME) { 326 t = p; 327 mutex_enter(t->p_lock); 328 } else { 329 /* Find the process we're supposed to be operating on. */ 330 t = proc_find(pid); 331 if (t == NULL) { 332 mutex_exit(proc_lock); 333 return ESRCH; 334 } 335 336 /* XXX-elad */ 337 mutex_enter(t->p_lock); 338 error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, 339 t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 340 if (error) { 341 mutex_exit(proc_lock); 342 mutex_exit(t->p_lock); 343 return ESRCH; 344 } 345 } 346 347 /* 348 * Grab a reference on the process to prevent it from execing or 349 * exiting. 350 */ 351 if (!rw_tryenter(&t->p_reflock, RW_READER)) { 352 mutex_exit(proc_lock); 353 mutex_exit(t->p_lock); 354 return EBUSY; 355 } 356 357 /* Make sure we can operate on it. */ 358 switch (req) { 359 case PT_TRACE_ME: 360 /* Saying that you're being traced is always legal. */ 361 break; 362 363 case PT_ATTACH: 364 /* 365 * You can't attach to a process if: 366 * (1) it's the process that's doing the attaching, 367 */ 368 if (t->p_pid == p->p_pid) { 369 error = EINVAL; 370 break; 371 } 372 373 /* 374 * (2) it's a system process 375 */ 376 if (t->p_flag & PK_SYSTEM) { 377 error = EPERM; 378 break; 379 } 380 381 /* 382 * (3) it's already being traced, or 383 */ 384 if (ISSET(t->p_slflag, PSL_TRACED)) { 385 error = EBUSY; 386 break; 387 } 388 389 /* 390 * (4) the tracer is chrooted, and its root directory is 391 * not at or above the root directory of the tracee 392 */ 393 mutex_exit(t->p_lock); /* XXXSMP */ 394 tmp = proc_isunder(t, l); 395 mutex_enter(t->p_lock); /* XXXSMP */ 396 if (!tmp) { 397 error = EPERM; 398 break; 399 } 400 break; 401 402 case PT_READ_I: 403 case PT_READ_D: 404 case PT_WRITE_I: 405 case PT_WRITE_D: 406 case PT_IO: 407 #ifdef PT_GETREGS 408 case PT_GETREGS: 409 #endif 410 #ifdef PT_SETREGS 411 case PT_SETREGS: 412 #endif 413 #ifdef PT_GETFPREGS 414 case PT_GETFPREGS: 415 #endif 416 #ifdef PT_SETFPREGS 417 case PT_SETFPREGS: 418 #endif 419 #ifdef __HAVE_PTRACE_WATCHPOINTS 420 case PT_READ_WATCHPOINT: 421 case PT_WRITE_WATCHPOINT: 422 case PT_COUNT_WATCHPOINTS: 423 #endif 424 #ifdef __HAVE_PTRACE_MACHDEP 425 PTRACE_MACHDEP_REQUEST_CASES 426 #endif 427 /* 428 * You can't read/write the memory or registers of a process 429 * if the tracer is chrooted, and its root directory is not at 430 * or above the root directory of the tracee. 431 */ 432 mutex_exit(t->p_lock); /* XXXSMP */ 433 tmp = proc_isunder(t, l); 434 mutex_enter(t->p_lock); /* XXXSMP */ 435 if (!tmp) { 436 error = EPERM; 437 break; 438 } 439 /*FALLTHROUGH*/ 440 441 case PT_CONTINUE: 442 case PT_KILL: 443 case PT_DETACH: 444 case PT_LWPINFO: 445 case PT_SYSCALL: 446 case PT_SYSCALLEMU: 447 case PT_DUMPCORE: 448 #ifdef PT_STEP 449 case PT_STEP: 450 #endif 451 case PT_SET_EVENT_MASK: 452 case PT_GET_EVENT_MASK: 453 case PT_GET_PROCESS_STATE: 454 case PT_SET_SIGINFO: 455 case PT_GET_SIGINFO: 456 /* 457 * You can't do what you want to the process if: 458 * (1) It's not being traced at all, 459 */ 460 if (!ISSET(t->p_slflag, PSL_TRACED)) { 461 error = EPERM; 462 break; 463 } 464 465 /* 466 * (2) it's being traced by procfs (which has 467 * different signal delivery semantics), 468 */ 469 if (ISSET(t->p_slflag, PSL_FSTRACE)) { 470 DPRINTF(("file system traced\n")); 471 error = EBUSY; 472 break; 473 } 474 475 /* 476 * (3) it's not being traced by _you_, or 477 */ 478 if (t->p_pptr != p) { 479 DPRINTF(("parent %d != %d\n", t->p_pptr->p_pid, 480 p->p_pid)); 481 error = EBUSY; 482 break; 483 } 484 485 /* 486 * (4) it's not currently stopped. 487 */ 488 if (t->p_stat != SSTOP || !t->p_waited /* XXXSMP */) { 489 DPRINTF(("stat %d flag %d\n", t->p_stat, 490 !t->p_waited)); 491 error = EBUSY; 492 break; 493 } 494 break; 495 496 default: /* It was not a legal request. */ 497 error = EINVAL; 498 break; 499 } 500 501 if (error == 0) { 502 error = kauth_authorize_process(l->l_cred, 503 KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req), 504 NULL, NULL); 505 } 506 if (error == 0) { 507 lt = lwp_find_first(t); 508 if (lt == NULL) 509 error = ESRCH; 510 } 511 512 if (error != 0) { 513 mutex_exit(proc_lock); 514 mutex_exit(t->p_lock); 515 rw_exit(&t->p_reflock); 516 return error; 517 } 518 519 /* Do single-step fixup if needed. */ 520 FIX_SSTEP(t); 521 KASSERT(lt != NULL); 522 lwp_addref(lt); 523 524 /* 525 * Which locks do we need held? XXX Ugly. 526 */ 527 switch (req) { 528 #ifdef PT_STEP 529 case PT_STEP: 530 #endif 531 case PT_CONTINUE: 532 case PT_DETACH: 533 case PT_KILL: 534 case PT_SYSCALL: 535 case PT_SYSCALLEMU: 536 case PT_ATTACH: 537 case PT_TRACE_ME: 538 pheld = 1; 539 break; 540 default: 541 mutex_exit(proc_lock); 542 mutex_exit(t->p_lock); 543 pheld = 0; 544 break; 545 } 546 547 /* Now do the operation. */ 548 write = 0; 549 *retval = 0; 550 tmp = 0; 551 resume_all = 1; 552 553 switch (req) { 554 case PT_TRACE_ME: 555 /* Just set the trace flag. */ 556 SET(t->p_slflag, PSL_TRACED); 557 t->p_opptr = t->p_pptr; 558 break; 559 560 case PT_WRITE_I: /* XXX no separate I and D spaces */ 561 case PT_WRITE_D: 562 #if defined(__HAVE_RAS) 563 /* 564 * Can't write to a RAS 565 */ 566 if (ras_lookup(t, addr) != (void *)-1) { 567 error = EACCES; 568 break; 569 } 570 #endif 571 write = 1; 572 tmp = data; 573 /* FALLTHROUGH */ 574 575 case PT_READ_I: /* XXX no separate I and D spaces */ 576 case PT_READ_D: 577 /* write = 0 done above. */ 578 iov.iov_base = (void *)&tmp; 579 iov.iov_len = sizeof(tmp); 580 uio.uio_iov = &iov; 581 uio.uio_iovcnt = 1; 582 uio.uio_offset = (off_t)(unsigned long)addr; 583 uio.uio_resid = sizeof(tmp); 584 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 585 UIO_SETUP_SYSSPACE(&uio); 586 587 error = process_domem(l, lt, &uio); 588 if (!write) 589 *retval = tmp; 590 break; 591 592 case PT_IO: 593 error = ptm->ptm_copyinpiod(&piod, addr); 594 if (error) 595 break; 596 597 iov.iov_base = piod.piod_addr; 598 iov.iov_len = piod.piod_len; 599 uio.uio_iov = &iov; 600 uio.uio_iovcnt = 1; 601 uio.uio_offset = (off_t)(unsigned long)piod.piod_offs; 602 uio.uio_resid = piod.piod_len; 603 604 switch (piod.piod_op) { 605 case PIOD_READ_D: 606 case PIOD_READ_I: 607 uio.uio_rw = UIO_READ; 608 break; 609 case PIOD_WRITE_D: 610 case PIOD_WRITE_I: 611 /* 612 * Can't write to a RAS 613 */ 614 if (ras_lookup(t, addr) != (void *)-1) { 615 return EACCES; 616 } 617 uio.uio_rw = UIO_WRITE; 618 break; 619 case PIOD_READ_AUXV: 620 req = PT_READ_D; 621 uio.uio_rw = UIO_READ; 622 tmp = t->p_execsw->es_arglen; 623 if (uio.uio_offset > tmp) 624 return EIO; 625 if (uio.uio_resid > tmp - uio.uio_offset) 626 uio.uio_resid = tmp - uio.uio_offset; 627 piod.piod_len = iov.iov_len = uio.uio_resid; 628 error = process_auxv_offset(t, &uio); 629 break; 630 default: 631 error = EINVAL; 632 break; 633 } 634 if (error) 635 break; 636 error = proc_vmspace_getref(l->l_proc, &vm); 637 if (error) 638 break; 639 uio.uio_vmspace = vm; 640 641 error = process_domem(l, lt, &uio); 642 piod.piod_len -= uio.uio_resid; 643 (void) ptm->ptm_copyoutpiod(&piod, addr); 644 645 uvmspace_free(vm); 646 break; 647 648 case PT_DUMPCORE: 649 if ((path = addr) != NULL) { 650 char *dst; 651 len = data; 652 653 if (len < 0 || len >= MAXPATHLEN) { 654 error = EINVAL; 655 break; 656 } 657 dst = kmem_alloc(len + 1, KM_SLEEP); 658 if ((error = copyin(path, dst, len)) != 0) { 659 kmem_free(dst, len + 1); 660 break; 661 } 662 path = dst; 663 path[len] = '\0'; 664 } 665 error = (*coredump_vec)(lt, path); 666 if (path) 667 kmem_free(path, len + 1); 668 break; 669 670 #ifdef PT_STEP 671 case PT_STEP: 672 /* 673 * From the 4.4BSD PRM: 674 * "Execution continues as in request PT_CONTINUE; however 675 * as soon as possible after execution of at least one 676 * instruction, execution stops again. [ ... ]" 677 */ 678 #endif 679 case PT_CONTINUE: 680 case PT_SYSCALL: 681 case PT_DETACH: 682 if (req == PT_SYSCALL) { 683 if (!ISSET(t->p_slflag, PSL_SYSCALL)) { 684 SET(t->p_slflag, PSL_SYSCALL); 685 #ifdef __HAVE_SYSCALL_INTERN 686 (*t->p_emul->e_syscall_intern)(t); 687 #endif 688 } 689 } else { 690 if (ISSET(t->p_slflag, PSL_SYSCALL)) { 691 CLR(t->p_slflag, PSL_SYSCALL); 692 #ifdef __HAVE_SYSCALL_INTERN 693 (*t->p_emul->e_syscall_intern)(t); 694 #endif 695 } 696 } 697 t->p_trace_enabled = trace_is_enabled(t); 698 699 /* 700 * Pick up the LWPID, if supplied. There are two cases: 701 * data < 0 : step or continue single thread, lwp = -data 702 * data > 0 in PT_STEP : step this thread, continue others 703 * For operations other than PT_STEP, data > 0 means 704 * data is the signo to deliver to the process. 705 */ 706 tmp = data; 707 if (tmp >= 0) { 708 #ifdef PT_STEP 709 if (req == PT_STEP) 710 signo = 0; 711 else 712 #endif 713 { 714 signo = tmp; 715 tmp = 0; /* don't search for LWP */ 716 } 717 } else 718 tmp = -tmp; 719 720 if (tmp > 0) { 721 if (req == PT_DETACH) { 722 error = EINVAL; 723 break; 724 } 725 lwp_delref2 (lt); 726 lt = lwp_find(t, tmp); 727 if (lt == NULL) { 728 error = ESRCH; 729 break; 730 } 731 lwp_addref(lt); 732 resume_all = 0; 733 signo = 0; 734 } 735 736 /* 737 * From the 4.4BSD PRM: 738 * "The data argument is taken as a signal number and the 739 * child's execution continues at location addr as if it 740 * incurred that signal. Normally the signal number will 741 * be either 0 to indicate that the signal that caused the 742 * stop should be ignored, or that value fetched out of 743 * the process's image indicating which signal caused 744 * the stop. If addr is (int *)1 then execution continues 745 * from where it stopped." 746 */ 747 748 /* Check that the data is a valid signal number or zero. */ 749 if (signo < 0 || signo >= NSIG) { 750 error = EINVAL; 751 break; 752 } 753 754 /* If the address parameter is not (int *)1, set the pc. */ 755 if ((int *)addr != (int *)1) { 756 error = process_set_pc(lt, addr); 757 if (error != 0) 758 break; 759 } 760 #ifdef PT_STEP 761 /* 762 * Arrange for a single-step, if that's requested and possible. 763 * More precisely, set the single step status as requested for 764 * the requested thread, and clear it for other threads. 765 */ 766 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 767 if (lt != lt2) { 768 lwp_lock(lt2); 769 process_sstep(lt2, 0); 770 lwp_unlock(lt2); 771 } 772 } 773 error = process_sstep(lt, req == PT_STEP); 774 if (error) 775 break; 776 #endif 777 if (req == PT_DETACH) { 778 CLR(t->p_slflag, PSL_TRACED|PSL_FSTRACE|PSL_SYSCALL); 779 780 /* give process back to original parent or init */ 781 if (t->p_opptr != t->p_pptr) { 782 struct proc *pp = t->p_opptr; 783 proc_reparent(t, pp ? pp : initproc); 784 } 785 786 /* not being traced any more */ 787 t->p_opptr = NULL; 788 } 789 sendsig: 790 t->p_fpid = 0; 791 t->p_vfpid = 0; 792 t->p_vfpid_done = 0; 793 t->p_lwp_created = 0; 794 t->p_lwp_exited = 0; 795 /* Finally, deliver the requested signal (or none). */ 796 if (t->p_stat == SSTOP) { 797 /* 798 * Unstop the process. If it needs to take a 799 * signal, make all efforts to ensure that at 800 * an LWP runs to see it. 801 */ 802 t->p_xsig = signo; 803 if (resume_all) 804 proc_unstop(t); 805 else 806 lwp_unstop(lt); 807 } else if (t->p_sigctx.ps_faked) { 808 if (signo != t->p_sigctx.ps_info._signo) { 809 error = EINVAL; 810 break; 811 } 812 t->p_sigctx.ps_faked = false; 813 KSI_INIT_EMPTY(&ksi); 814 ksi.ksi_info = t->p_sigctx.ps_info; 815 ksi.ksi_lid = t->p_sigctx.ps_lwp; 816 kpsignal2(t, &ksi); 817 } else if (signo != 0) { 818 KSI_INIT_EMPTY(&ksi); 819 ksi.ksi_signo = signo; 820 kpsignal2(t, &ksi); 821 } 822 break; 823 824 case PT_SYSCALLEMU: 825 if (!ISSET(t->p_slflag, PSL_SYSCALL) || t->p_stat != SSTOP) { 826 error = EINVAL; 827 break; 828 } 829 SET(t->p_slflag, PSL_SYSCALLEMU); 830 break; 831 832 case PT_KILL: 833 /* just send the process a KILL signal. */ 834 signo = SIGKILL; 835 goto sendsig; /* in PT_CONTINUE, above. */ 836 837 case PT_ATTACH: 838 /* 839 * Go ahead and set the trace flag. 840 * Save the old parent (it's reset in 841 * _DETACH, and also in kern_exit.c:wait4() 842 * Reparent the process so that the tracing 843 * proc gets to see all the action. 844 * Stop the target. 845 */ 846 proc_changeparent(t, p); 847 signo = SIGSTOP; 848 goto sendsig; 849 850 case PT_GET_EVENT_MASK: 851 if (data != sizeof(pe)) { 852 DPRINTF(("ptrace(%d): %d != %zu\n", req, 853 data, sizeof(pe))); 854 error = EINVAL; 855 break; 856 } 857 memset(&pe, 0, sizeof(pe)); 858 pe.pe_set_event = ISSET(t->p_slflag, PSL_TRACEFORK) ? 859 PTRACE_FORK : 0; 860 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK) ? 861 PTRACE_VFORK : 0; 862 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK_DONE) ? 863 PTRACE_VFORK_DONE : 0; 864 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_CREATE) ? 865 PTRACE_LWP_CREATE : 0; 866 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_EXIT) ? 867 PTRACE_LWP_EXIT : 0; 868 error = copyout(&pe, addr, sizeof(pe)); 869 break; 870 871 case PT_SET_EVENT_MASK: 872 if (data != sizeof(pe)) { 873 DPRINTF(("ptrace(%d): %d != %zu\n", req, data, 874 sizeof(pe))); 875 error = EINVAL; 876 break; 877 } 878 if ((error = copyin(addr, &pe, sizeof(pe))) != 0) 879 return error; 880 if (pe.pe_set_event & PTRACE_FORK) 881 SET(t->p_slflag, PSL_TRACEFORK); 882 else 883 CLR(t->p_slflag, PSL_TRACEFORK); 884 #if notyet 885 if (pe.pe_set_event & PTRACE_VFORK) 886 SET(t->p_slflag, PSL_TRACEVFORK); 887 else 888 CLR(t->p_slflag, PSL_TRACEVFORK); 889 #else 890 if (pe.pe_set_event & PTRACE_VFORK) { 891 error = ENOTSUP; 892 break; 893 } 894 #endif 895 if (pe.pe_set_event & PTRACE_VFORK_DONE) 896 SET(t->p_slflag, PSL_TRACEVFORK_DONE); 897 else 898 CLR(t->p_slflag, PSL_TRACEVFORK_DONE); 899 if (pe.pe_set_event & PTRACE_LWP_CREATE) 900 SET(t->p_slflag, PSL_TRACELWP_CREATE); 901 else 902 CLR(t->p_slflag, PSL_TRACELWP_CREATE); 903 if (pe.pe_set_event & PTRACE_LWP_EXIT) 904 SET(t->p_slflag, PSL_TRACELWP_EXIT); 905 else 906 CLR(t->p_slflag, PSL_TRACELWP_EXIT); 907 break; 908 909 case PT_GET_PROCESS_STATE: 910 if (data != sizeof(ps)) { 911 DPRINTF(("ptrace(%d): %d != %zu\n", req, data, 912 sizeof(ps))); 913 error = EINVAL; 914 break; 915 } 916 memset(&ps, 0, sizeof(ps)); 917 if (t->p_fpid) { 918 ps.pe_report_event = PTRACE_FORK; 919 ps.pe_other_pid = t->p_fpid; 920 } else if (t->p_vfpid) { 921 ps.pe_report_event = PTRACE_VFORK; 922 ps.pe_other_pid = t->p_vfpid; 923 } else if (t->p_vfpid_done) { 924 ps.pe_report_event = PTRACE_VFORK_DONE; 925 ps.pe_other_pid = t->p_vfpid_done; 926 } else if (t->p_lwp_created) { 927 ps.pe_report_event = PTRACE_LWP_CREATE; 928 ps.pe_lwp = t->p_lwp_created; 929 } else if (t->p_lwp_exited) { 930 ps.pe_report_event = PTRACE_LWP_EXIT; 931 ps.pe_lwp = t->p_lwp_exited; 932 } 933 error = copyout(&ps, addr, sizeof(ps)); 934 break; 935 936 case PT_LWPINFO: 937 if (data != sizeof(pl)) { 938 DPRINTF(("ptrace(%d): %d != %zu\n", req, data, 939 sizeof(pl))); 940 error = EINVAL; 941 break; 942 } 943 error = copyin(addr, &pl, sizeof(pl)); 944 if (error) 945 break; 946 tmp = pl.pl_lwpid; 947 lwp_delref(lt); 948 mutex_enter(t->p_lock); 949 if (tmp == 0) 950 lt = lwp_find_first(t); 951 else { 952 lt = lwp_find(t, tmp); 953 if (lt == NULL) { 954 mutex_exit(t->p_lock); 955 error = ESRCH; 956 break; 957 } 958 lt = LIST_NEXT(lt, l_sibling); 959 } 960 while (lt != NULL && !lwp_alive(lt)) 961 lt = LIST_NEXT(lt, l_sibling); 962 pl.pl_lwpid = 0; 963 pl.pl_event = 0; 964 if (lt) { 965 lwp_addref(lt); 966 pl.pl_lwpid = lt->l_lid; 967 /* 968 * If we match the lwp, or it was sent to every lwp, 969 * we set PL_EVENT_SIGNAL. 970 * XXX: ps_lwp == 0 means everyone and noone, so 971 * check ps_signo too. 972 */ 973 if (lt->l_lid == t->p_sigctx.ps_lwp 974 || (t->p_sigctx.ps_lwp == 0 && 975 t->p_sigctx.ps_info._signo)) 976 pl.pl_event = PL_EVENT_SIGNAL; 977 } 978 mutex_exit(t->p_lock); 979 980 error = copyout(&pl, addr, sizeof(pl)); 981 break; 982 983 case PT_SET_SIGINFO: 984 if (data != sizeof(psi)) { 985 DPRINTF(("ptrace(%d): %d != %zu\n", req, data, 986 sizeof(psi))); 987 error = EINVAL; 988 break; 989 } 990 991 error = copyin(addr, &psi, sizeof(psi)); 992 if (error) 993 break; 994 995 /* Check that the data is a valid signal number or zero. */ 996 if (psi.psi_siginfo.si_signo < 0 || 997 psi.psi_siginfo.si_signo >= NSIG) { 998 error = EINVAL; 999 break; 1000 } 1001 1002 tmp = psi.psi_lwpid; 1003 if (tmp != 0) 1004 lwp_delref(lt); 1005 1006 mutex_enter(t->p_lock); 1007 1008 if (tmp != 0) { 1009 lt = lwp_find(t, tmp); 1010 if (lt == NULL) { 1011 mutex_exit(t->p_lock); 1012 error = ESRCH; 1013 break; 1014 } 1015 lwp_addref(lt); 1016 } 1017 1018 t->p_sigctx.ps_faked = true; 1019 t->p_sigctx.ps_info = psi.psi_siginfo._info; 1020 t->p_sigctx.ps_lwp = psi.psi_lwpid; 1021 mutex_exit(t->p_lock); 1022 break; 1023 1024 case PT_GET_SIGINFO: 1025 if (data != sizeof(psi)) { 1026 DPRINTF(("ptrace(%d): %d != %zu\n", req, data, 1027 sizeof(psi))); 1028 error = EINVAL; 1029 break; 1030 } 1031 mutex_enter(t->p_lock); 1032 psi.psi_siginfo._info = t->p_sigctx.ps_info; 1033 psi.psi_lwpid = t->p_sigctx.ps_lwp; 1034 mutex_exit(t->p_lock); 1035 1036 error = copyout(&psi, addr, sizeof(psi)); 1037 if (error) 1038 break; 1039 1040 break; 1041 1042 #ifdef PT_SETREGS 1043 case PT_SETREGS: 1044 write = 1; 1045 #endif 1046 #ifdef PT_GETREGS 1047 case PT_GETREGS: 1048 /* write = 0 done above. */ 1049 #endif 1050 #if defined(PT_SETREGS) || defined(PT_GETREGS) 1051 tmp = data; 1052 if (tmp != 0 && t->p_nlwps > 1) { 1053 lwp_delref(lt); 1054 mutex_enter(t->p_lock); 1055 lt = lwp_find(t, tmp); 1056 if (lt == NULL) { 1057 mutex_exit(t->p_lock); 1058 error = ESRCH; 1059 break; 1060 } 1061 lwp_addref(lt); 1062 mutex_exit(t->p_lock); 1063 } 1064 if (!process_validregs(lt)) 1065 error = EINVAL; 1066 else { 1067 error = proc_vmspace_getref(p, &vm); 1068 if (error) 1069 break; 1070 iov.iov_base = addr; 1071 iov.iov_len = PROC_REGSZ(p); 1072 uio.uio_iov = &iov; 1073 uio.uio_iovcnt = 1; 1074 uio.uio_offset = 0; 1075 uio.uio_resid = iov.iov_len; 1076 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 1077 uio.uio_vmspace = vm; 1078 1079 error = ptm->ptm_doregs(l, lt, &uio); 1080 uvmspace_free(vm); 1081 } 1082 break; 1083 #endif 1084 1085 #ifdef PT_SETFPREGS 1086 case PT_SETFPREGS: 1087 write = 1; 1088 /*FALLTHROUGH*/ 1089 #endif 1090 #ifdef PT_GETFPREGS 1091 case PT_GETFPREGS: 1092 /* write = 0 done above. */ 1093 #endif 1094 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 1095 tmp = data; 1096 if (tmp != 0 && t->p_nlwps > 1) { 1097 lwp_delref(lt); 1098 mutex_enter(t->p_lock); 1099 lt = lwp_find(t, tmp); 1100 if (lt == NULL) { 1101 mutex_exit(t->p_lock); 1102 error = ESRCH; 1103 break; 1104 } 1105 lwp_addref(lt); 1106 mutex_exit(t->p_lock); 1107 } 1108 if (!process_validfpregs(lt)) 1109 error = EINVAL; 1110 else { 1111 error = proc_vmspace_getref(p, &vm); 1112 if (error) 1113 break; 1114 iov.iov_base = addr; 1115 iov.iov_len = PROC_FPREGSZ(p); 1116 uio.uio_iov = &iov; 1117 uio.uio_iovcnt = 1; 1118 uio.uio_offset = 0; 1119 uio.uio_resid = iov.iov_len; 1120 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 1121 uio.uio_vmspace = vm; 1122 1123 error = ptm->ptm_dofpregs(l, lt, &uio); 1124 uvmspace_free(vm); 1125 } 1126 break; 1127 #endif 1128 1129 #ifdef __HAVE_PTRACE_WATCHPOINTS 1130 /* 1131 * The "write" variable is used as type of operation. 1132 * Possible values: 1133 * 0 - return the number of supported hardware watchpoints 1134 * 1 - set new watchpoint value 1135 * 2 - get existing watchpoint image 1136 */ 1137 case PT_WRITE_WATCHPOINT: 1138 write = 1; 1139 case PT_READ_WATCHPOINT: 1140 /* write = 0 done above */ 1141 1142 if (data != sizeof(pw)) { 1143 DPRINTF(("ptrace(%d): %d != %zu\n", req, 1144 data, sizeof(pe))); 1145 error = EINVAL; 1146 break; 1147 } 1148 error = copyin(addr, &pw, sizeof(pw)); 1149 if (error) 1150 break; 1151 tmp = pw.pw_lwpid; 1152 if (tmp != 0 && t->p_nlwps > 1) { 1153 lwp_delref(lt); 1154 mutex_enter(t->p_lock); 1155 lt = lwp_find(t, tmp); 1156 if (lt == NULL) { 1157 mutex_exit(t->p_lock); 1158 error = ESRCH; 1159 break; 1160 } 1161 lwp_addref(lt); 1162 mutex_exit(t->p_lock); 1163 } 1164 ++write; 1165 case PT_COUNT_WATCHPOINTS: 1166 if (!process_validwatchpoint(lt)) 1167 error = EINVAL; 1168 else { 1169 lwp_lock(lt); 1170 error = ptm->ptm_dowatchpoint(l, lt, write, &pw, addr, 1171 retval); 1172 lwp_unlock(lt); 1173 } 1174 break; 1175 #endif 1176 1177 #ifdef __HAVE_PTRACE_MACHDEP 1178 PTRACE_MACHDEP_REQUEST_CASES 1179 error = ptrace_machdep_dorequest(l, lt, req, addr, data); 1180 break; 1181 #endif 1182 } 1183 1184 if (pheld) { 1185 mutex_exit(t->p_lock); 1186 mutex_exit(proc_lock); 1187 } 1188 if (lt != NULL) 1189 lwp_delref(lt); 1190 rw_exit(&t->p_reflock); 1191 1192 return error; 1193 } 1194 1195 int 1196 process_doregs(struct lwp *curl /*tracer*/, 1197 struct lwp *l /*traced*/, 1198 struct uio *uio) 1199 { 1200 #if defined(PT_GETREGS) || defined(PT_SETREGS) 1201 int error; 1202 struct reg r; 1203 char *kv; 1204 int kl; 1205 1206 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 1207 return EINVAL; 1208 1209 kl = sizeof(r); 1210 kv = (char *)&r; 1211 1212 kv += uio->uio_offset; 1213 kl -= uio->uio_offset; 1214 if ((size_t)kl > uio->uio_resid) 1215 kl = uio->uio_resid; 1216 1217 error = process_read_regs(l, &r); 1218 if (error == 0) 1219 error = uiomove(kv, kl, uio); 1220 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1221 if (l->l_stat != LSSTOP) 1222 error = EBUSY; 1223 else 1224 error = process_write_regs(l, &r); 1225 } 1226 1227 uio->uio_offset = 0; 1228 return error; 1229 #else 1230 return EINVAL; 1231 #endif 1232 } 1233 1234 int 1235 process_validregs(struct lwp *l) 1236 { 1237 1238 #if defined(PT_SETREGS) || defined(PT_GETREGS) 1239 return (l->l_flag & LW_SYSTEM) == 0; 1240 #else 1241 return 0; 1242 #endif 1243 } 1244 1245 int 1246 process_dofpregs(struct lwp *curl /*tracer*/, 1247 struct lwp *l /*traced*/, 1248 struct uio *uio) 1249 { 1250 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 1251 int error; 1252 struct fpreg r; 1253 char *kv; 1254 size_t kl; 1255 1256 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) 1257 return EINVAL; 1258 1259 kl = sizeof(r); 1260 kv = (char *)&r; 1261 1262 kv += uio->uio_offset; 1263 kl -= uio->uio_offset; 1264 if (kl > uio->uio_resid) 1265 kl = uio->uio_resid; 1266 1267 error = process_read_fpregs(l, &r, &kl); 1268 if (error == 0) 1269 error = uiomove(kv, kl, uio); 1270 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1271 if (l->l_stat != LSSTOP) 1272 error = EBUSY; 1273 else 1274 error = process_write_fpregs(l, &r, kl); 1275 } 1276 uio->uio_offset = 0; 1277 return error; 1278 #else 1279 return EINVAL; 1280 #endif 1281 } 1282 1283 int 1284 process_validfpregs(struct lwp *l) 1285 { 1286 1287 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 1288 return (l->l_flag & LW_SYSTEM) == 0; 1289 #else 1290 return 0; 1291 #endif 1292 } 1293 1294 static int 1295 process_auxv_offset(struct proc *p, struct uio *uio) 1296 { 1297 struct ps_strings pss; 1298 int error; 1299 off_t off = (off_t)p->p_psstrp; 1300 1301 if ((error = copyin_psstrings(p, &pss)) != 0) 1302 return error; 1303 1304 if (pss.ps_envstr == NULL) 1305 return EIO; 1306 1307 uio->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + pss.ps_nenvstr + 1); 1308 #ifdef __MACHINE_STACK_GROWS_UP 1309 if (uio->uio_offset < off) 1310 return EIO; 1311 #else 1312 if (uio->uio_offset > off) 1313 return EIO; 1314 if ((uio->uio_offset + uio->uio_resid) > off) 1315 uio->uio_resid = off - uio->uio_offset; 1316 #endif 1317 return 0; 1318 } 1319 1320 int 1321 process_dowatchpoint(struct lwp *curl /*tracer*/, struct lwp *l /*traced*/, 1322 int operation, struct ptrace_watchpoint *pw, void *addr, 1323 register_t *retval) 1324 { 1325 1326 #ifdef __HAVE_PTRACE_WATCHPOINTS 1327 int error; 1328 1329 KASSERT(operation >= 0); 1330 KASSERT(operation <= 2); 1331 1332 switch (operation) { 1333 case 0: 1334 return process_count_watchpoints(l, retval); 1335 case 1: 1336 error = process_read_watchpoint(l, pw); 1337 if (error) 1338 return error; 1339 return copyout(pw, addr, sizeof(*pw)); 1340 default: 1341 return process_write_watchpoint(l, pw); 1342 } 1343 #else 1344 return EINVAL; 1345 #endif 1346 } 1347 1348 int 1349 process_validwatchpoint(struct lwp *l) 1350 { 1351 1352 #ifdef __HAVE_PTRACE_WATCHPOINTS 1353 return (l->l_flag & LW_SYSTEM) == 0; 1354 #else 1355 return 0; 1356 #endif 1357 } 1358 #endif /* PTRACE */ 1359 1360 MODULE(MODULE_CLASS_EXEC, ptrace_common, ""); 1361 1362 static int 1363 ptrace_common_modcmd(modcmd_t cmd, void *arg) 1364 { 1365 int error; 1366 1367 switch (cmd) { 1368 case MODULE_CMD_INIT: 1369 error = ptrace_init(); 1370 break; 1371 case MODULE_CMD_FINI: 1372 error = ptrace_fini(); 1373 break; 1374 default: 1375 ptrace_hooks(); 1376 error = ENOTTY; 1377 break; 1378 } 1379 return error; 1380 } 1381