1 /* $NetBSD: sys_ptrace_common.c,v 1.54 2019/05/25 03:20:43 kamil Exp $ */ 2 3 /*- 4 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Andrew Doran. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1989, 1993 34 * The Regents of the University of California. All rights reserved. 35 * (c) UNIX System Laboratories, Inc. 36 * All or some portions of this file are derived from material licensed 37 * to the University of California by American Telephone and Telegraph 38 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 39 * the permission of UNIX System Laboratories, Inc. 40 * 41 * This code is derived from software contributed to Berkeley by 42 * Jan-Simon Pendry. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 3. Neither the name of the University nor the names of its contributors 53 * may be used to endorse or promote products derived from this software 54 * without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 * 68 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 69 */ 70 71 /*- 72 * Copyright (c) 1993 Jan-Simon Pendry. 73 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 74 * 75 * This code is derived from software contributed to Berkeley by 76 * Jan-Simon Pendry. 77 * 78 * Redistribution and use in source and binary forms, with or without 79 * modification, are permitted provided that the following conditions 80 * are met: 81 * 1. Redistributions of source code must retain the above copyright 82 * notice, this list of conditions and the following disclaimer. 83 * 2. Redistributions in binary form must reproduce the above copyright 84 * notice, this list of conditions and the following disclaimer in the 85 * documentation and/or other materials provided with the distribution. 86 * 3. All advertising materials mentioning features or use of this software 87 * must display the following acknowledgement: 88 * This product includes software developed by the University of 89 * California, Berkeley and its contributors. 90 * 4. Neither the name of the University nor the names of its contributors 91 * may be used to endorse or promote products derived from this software 92 * without specific prior written permission. 93 * 94 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 97 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 98 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 99 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 100 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 101 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 104 * SUCH DAMAGE. 105 * 106 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 107 */ 108 109 /* 110 * References: 111 * (1) Bach's "The Design of the UNIX Operating System", 112 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 113 * (3) the "4.4BSD Programmer's Reference Manual" published 114 * by USENIX and O'Reilly & Associates. 115 * The 4.4BSD PRM does a reasonably good job of documenting what the various 116 * ptrace() requests should actually do, and its text is quoted several times 117 * in this file. 118 */ 119 120 #include <sys/cdefs.h> 121 __KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.54 2019/05/25 03:20:43 kamil Exp $"); 122 123 #ifdef _KERNEL_OPT 124 #include "opt_ptrace.h" 125 #include "opt_ktrace.h" 126 #include "opt_pax.h" 127 #include "opt_compat_netbsd32.h" 128 #endif 129 130 #if defined(__HAVE_COMPAT_NETBSD32) && !defined(COMPAT_NETBSD32) \ 131 && !defined(_RUMPKERNEL) 132 #define COMPAT_NETBSD32 133 #endif 134 135 #include <sys/param.h> 136 #include <sys/systm.h> 137 #include <sys/proc.h> 138 #include <sys/errno.h> 139 #include <sys/exec.h> 140 #include <sys/pax.h> 141 #include <sys/ptrace.h> 142 #include <sys/uio.h> 143 #include <sys/ras.h> 144 #include <sys/kmem.h> 145 #include <sys/kauth.h> 146 #include <sys/mount.h> 147 #include <sys/syscallargs.h> 148 #include <sys/module.h> 149 #include <sys/condvar.h> 150 #include <sys/mutex.h> 151 152 #include <uvm/uvm_extern.h> 153 154 #include <machine/reg.h> 155 156 #ifdef PTRACE 157 # ifdef PTRACE_DEBUG 158 # define DPRINTF(a) uprintf a 159 # else 160 # define DPRINTF(a) 161 # endif 162 163 static kauth_listener_t ptrace_listener; 164 static int process_auxv_offset(struct proc *, struct uio *); 165 166 extern int user_va0_disable; 167 168 #if 0 169 static int ptrace_cbref; 170 static kmutex_t ptrace_mtx; 171 static kcondvar_t ptrace_cv; 172 #endif 173 174 #ifdef PT_GETREGS 175 # define case_PT_GETREGS case PT_GETREGS: 176 #else 177 # define case_PT_GETREGS 178 #endif 179 180 #ifdef PT_SETREGS 181 # define case_PT_SETREGS case PT_SETREGS: 182 #else 183 # define case_PT_SETREGS 184 #endif 185 186 #ifdef PT_GETFPREGS 187 # define case_PT_GETFPREGS case PT_GETFPREGS: 188 #else 189 # define case_PT_GETFPREGS 190 #endif 191 192 #ifdef PT_SETFPREGS 193 # define case_PT_SETFPREGS case PT_SETFPREGS: 194 #else 195 # define case_PT_SETFPREGS 196 #endif 197 198 #ifdef PT_GETDBREGS 199 # define case_PT_GETDBREGS case PT_GETDBREGS: 200 #else 201 # define case_PT_GETDBREGS 202 #endif 203 204 #ifdef PT_SETDBREGS 205 # define case_PT_SETDBREGS case PT_SETDBREGS: 206 #else 207 # define case_PT_SETDBREGS 208 #endif 209 210 #if defined(PT_SETREGS) || defined(PT_GETREGS) || \ 211 defined(PT_SETFPREGS) || defined(PT_GETFPREGS) || \ 212 defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 213 # define PT_REGISTERS 214 #endif 215 216 static int 217 ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 218 void *arg0, void *arg1, void *arg2, void *arg3) 219 { 220 struct proc *p; 221 int result; 222 #ifdef PT_SETDBREGS 223 extern int user_set_dbregs; 224 #endif 225 226 result = KAUTH_RESULT_DEFER; 227 p = arg0; 228 229 #if 0 230 mutex_enter(&ptrace_mtx); 231 ptrace_cbref++; 232 mutex_exit(&ptrace_mtx); 233 #endif 234 if (action != KAUTH_PROCESS_PTRACE) 235 goto out; 236 237 switch ((u_long)arg1) { 238 #ifdef PT_SETDBREGS 239 case_PT_SETDBREGS 240 if (kauth_cred_getuid(cred) != 0 && user_set_dbregs == 0) { 241 result = KAUTH_RESULT_DENY; 242 break; 243 } 244 #endif 245 /* FALLTHROUGH */ 246 case PT_TRACE_ME: 247 case PT_ATTACH: 248 case PT_WRITE_I: 249 case PT_WRITE_D: 250 case PT_READ_I: 251 case PT_READ_D: 252 case PT_IO: 253 case_PT_GETREGS 254 case_PT_SETREGS 255 case_PT_GETFPREGS 256 case_PT_SETFPREGS 257 case_PT_GETDBREGS 258 case PT_SET_EVENT_MASK: 259 case PT_GET_EVENT_MASK: 260 case PT_GET_PROCESS_STATE: 261 case PT_SET_SIGINFO: 262 case PT_GET_SIGINFO: 263 #ifdef __HAVE_PTRACE_MACHDEP 264 PTRACE_MACHDEP_REQUEST_CASES 265 #endif 266 if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) || 267 ISSET(p->p_flag, PK_SUGID)) { 268 break; 269 } 270 271 result = KAUTH_RESULT_ALLOW; 272 273 break; 274 275 #ifdef PT_STEP 276 case PT_STEP: 277 case PT_SETSTEP: 278 case PT_CLEARSTEP: 279 #endif 280 case PT_CONTINUE: 281 case PT_KILL: 282 case PT_DETACH: 283 case PT_LWPINFO: 284 case PT_SYSCALL: 285 case PT_SYSCALLEMU: 286 case PT_DUMPCORE: 287 case PT_RESUME: 288 case PT_SUSPEND: 289 result = KAUTH_RESULT_ALLOW; 290 break; 291 292 default: 293 break; 294 } 295 296 out: 297 #if 0 298 mutex_enter(&ptrace_mtx); 299 if (--ptrace_cbref == 0) 300 cv_broadcast(&ptrace_cv); 301 mutex_exit(&ptrace_mtx); 302 #endif 303 304 return result; 305 } 306 307 int 308 ptrace_init(void) 309 { 310 311 #if 0 312 mutex_init(&ptrace_mtx, MUTEX_DEFAULT, IPL_NONE); 313 cv_init(&ptrace_cv, "ptracecb"); 314 ptrace_cbref = 0; 315 #endif 316 ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 317 ptrace_listener_cb, NULL); 318 return 0; 319 } 320 321 int 322 ptrace_fini(void) 323 { 324 325 kauth_unlisten_scope(ptrace_listener); 326 327 #if 0 328 /* Make sure no-one is executing our kauth listener */ 329 330 mutex_enter(&ptrace_mtx); 331 while (ptrace_cbref != 0) 332 cv_wait(&ptrace_cv, &ptrace_mtx); 333 mutex_exit(&ptrace_mtx); 334 mutex_destroy(&ptrace_mtx); 335 cv_destroy(&ptrace_cv); 336 #endif 337 338 return 0; 339 } 340 341 static struct proc * 342 ptrace_find(struct lwp *l, int req, pid_t pid) 343 { 344 struct proc *t; 345 346 /* "A foolish consistency..." XXX */ 347 if (req == PT_TRACE_ME) { 348 t = l->l_proc; 349 mutex_enter(t->p_lock); 350 return t; 351 } 352 353 /* Find the process we're supposed to be operating on. */ 354 t = proc_find(pid); 355 if (t == NULL) 356 return NULL; 357 358 /* XXX-elad */ 359 mutex_enter(t->p_lock); 360 int error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, 361 t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 362 if (error) { 363 mutex_exit(t->p_lock); 364 return NULL; 365 } 366 return t; 367 } 368 369 static int 370 ptrace_allowed(struct lwp *l, int req, struct proc *t, struct proc *p) 371 { 372 /* 373 * Grab a reference on the process to prevent it from execing or 374 * exiting. 375 */ 376 if (!rw_tryenter(&t->p_reflock, RW_READER)) 377 return EBUSY; 378 379 /* Make sure we can operate on it. */ 380 switch (req) { 381 case PT_TRACE_ME: 382 /* 383 * You can't say to the parent of a process to start tracing if: 384 * (1) the parent is initproc, 385 */ 386 if (p->p_pptr == initproc) 387 return EPERM; 388 389 /* 390 * (2) the process is initproc, or 391 */ 392 if (p == initproc) 393 return EPERM; 394 395 /* 396 * (3) the child is already traced. 397 */ 398 if (ISSET(p->p_slflag, PSL_TRACED)) 399 return EBUSY; 400 401 return 0; 402 403 case PT_ATTACH: 404 /* 405 * You can't attach to a process if: 406 * (1) it's the process that's doing the attaching, 407 */ 408 if (t == p) 409 return EINVAL; 410 411 /* 412 * (2) it's a system process, 413 */ 414 if (t->p_flag & PK_SYSTEM) 415 return EPERM; 416 417 /* 418 * (3) the tracer is initproc, 419 */ 420 if (p == initproc) 421 return EPERM; 422 423 /* 424 * (4) it's already being traced, 425 */ 426 if (ISSET(t->p_slflag, PSL_TRACED)) 427 return EBUSY; 428 429 /* 430 * (5) it's a vfork(2)ed parent of the current process, or 431 */ 432 if (ISSET(p->p_lflag, PL_PPWAIT) && p->p_pptr == t) 433 return EPERM; 434 435 /* 436 * (6) the tracer is chrooted, and its root directory is 437 * not at or above the root directory of the tracee 438 */ 439 mutex_exit(t->p_lock); /* XXXSMP */ 440 int tmp = proc_isunder(t, l); 441 mutex_enter(t->p_lock); /* XXXSMP */ 442 if (!tmp) 443 return EPERM; 444 return 0; 445 446 case PT_READ_I: 447 case PT_READ_D: 448 case PT_WRITE_I: 449 case PT_WRITE_D: 450 case PT_IO: 451 case PT_SET_SIGINFO: 452 case PT_GET_SIGINFO: 453 case_PT_GETREGS 454 case_PT_SETREGS 455 case_PT_GETFPREGS 456 case_PT_SETFPREGS 457 case_PT_GETDBREGS 458 case_PT_SETDBREGS 459 #ifdef __HAVE_PTRACE_MACHDEP 460 PTRACE_MACHDEP_REQUEST_CASES 461 #endif 462 /* 463 * You can't read/write the memory or registers of a process 464 * if the tracer is chrooted, and its root directory is not at 465 * or above the root directory of the tracee. 466 */ 467 mutex_exit(t->p_lock); /* XXXSMP */ 468 tmp = proc_isunder(t, l); 469 mutex_enter(t->p_lock); /* XXXSMP */ 470 if (!tmp) 471 return EPERM; 472 /*FALLTHROUGH*/ 473 474 case PT_CONTINUE: 475 case PT_KILL: 476 case PT_DETACH: 477 case PT_LWPINFO: 478 case PT_SYSCALL: 479 case PT_SYSCALLEMU: 480 case PT_DUMPCORE: 481 #ifdef PT_STEP 482 case PT_STEP: 483 case PT_SETSTEP: 484 case PT_CLEARSTEP: 485 #endif 486 case PT_SET_EVENT_MASK: 487 case PT_GET_EVENT_MASK: 488 case PT_GET_PROCESS_STATE: 489 case PT_RESUME: 490 case PT_SUSPEND: 491 /* 492 * You can't do what you want to the process if: 493 * (1) It's not being traced at all, 494 */ 495 if (!ISSET(t->p_slflag, PSL_TRACED)) 496 return EPERM; 497 498 /* 499 * (2) it's not being traced by _you_, or 500 */ 501 if (t->p_pptr != p) { 502 DPRINTF(("parent %d != %d\n", t->p_pptr->p_pid, 503 p->p_pid)); 504 return EBUSY; 505 } 506 507 /* 508 * (3) it's not currently stopped. 509 */ 510 if (t->p_stat != SSTOP || !t->p_waited /* XXXSMP */) { 511 DPRINTF(("stat %d flag %d\n", t->p_stat, 512 !t->p_waited)); 513 return EBUSY; 514 } 515 return 0; 516 517 default: /* It was not a legal request. */ 518 return EINVAL; 519 } 520 } 521 522 static int 523 ptrace_needs_hold(int req) 524 { 525 switch (req) { 526 #ifdef PT_STEP 527 case PT_STEP: 528 #endif 529 case PT_CONTINUE: 530 case PT_DETACH: 531 case PT_KILL: 532 case PT_SYSCALL: 533 case PT_SYSCALLEMU: 534 case PT_ATTACH: 535 case PT_TRACE_ME: 536 case PT_GET_SIGINFO: 537 case PT_SET_SIGINFO: 538 return 1; 539 default: 540 return 0; 541 } 542 } 543 544 static int 545 ptrace_update_lwp(struct proc *t, struct lwp **lt, lwpid_t lid) 546 { 547 if (lid == 0 || lid == (*lt)->l_lid || t->p_nlwps == 1) 548 return 0; 549 550 lwp_delref(*lt); 551 552 mutex_enter(t->p_lock); 553 *lt = lwp_find(t, lid); 554 if (*lt == NULL) { 555 mutex_exit(t->p_lock); 556 return ESRCH; 557 } 558 559 if ((*lt)->l_flag & LW_SYSTEM) { 560 *lt = NULL; 561 return EINVAL; 562 } 563 564 lwp_addref(*lt); 565 mutex_exit(t->p_lock); 566 567 return 0; 568 } 569 570 static int 571 ptrace_get_siginfo(struct proc *t, struct ptrace_methods *ptm, void *addr, 572 size_t data) 573 { 574 struct ptrace_siginfo psi; 575 576 memset(&psi, 0, sizeof(psi)); 577 psi.psi_siginfo._info = t->p_sigctx.ps_info; 578 psi.psi_lwpid = t->p_sigctx.ps_lwp; 579 DPRINTF(("%s: lwp=%d signal=%d\n", __func__, psi.psi_lwpid, 580 psi.psi_siginfo.si_signo)); 581 582 return ptm->ptm_copyout_siginfo(&psi, addr, data); 583 } 584 585 static int 586 ptrace_set_siginfo(struct proc *t, struct lwp **lt, struct ptrace_methods *ptm, 587 void *addr, size_t data) 588 { 589 struct ptrace_siginfo psi; 590 591 int error = ptm->ptm_copyin_siginfo(&psi, addr, data); 592 if (error) 593 return error; 594 595 /* Check that the data is a valid signal number or zero. */ 596 if (psi.psi_siginfo.si_signo < 0 || psi.psi_siginfo.si_signo >= NSIG) 597 return EINVAL; 598 599 if ((error = ptrace_update_lwp(t, lt, psi.psi_lwpid)) != 0) 600 return error; 601 602 t->p_sigctx.ps_faked = true; 603 t->p_sigctx.ps_info = psi.psi_siginfo._info; 604 t->p_sigctx.ps_lwp = psi.psi_lwpid; 605 DPRINTF(("%s: lwp=%d signal=%d\n", __func__, psi.psi_lwpid, 606 psi.psi_siginfo.si_signo)); 607 return 0; 608 } 609 610 static int 611 ptrace_get_event_mask(struct proc *t, void *addr, size_t data) 612 { 613 struct ptrace_event pe; 614 615 if (data != sizeof(pe)) { 616 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pe))); 617 return EINVAL; 618 } 619 memset(&pe, 0, sizeof(pe)); 620 pe.pe_set_event = ISSET(t->p_slflag, PSL_TRACEFORK) ? 621 PTRACE_FORK : 0; 622 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK) ? 623 PTRACE_VFORK : 0; 624 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK_DONE) ? 625 PTRACE_VFORK_DONE : 0; 626 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_CREATE) ? 627 PTRACE_LWP_CREATE : 0; 628 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_EXIT) ? 629 PTRACE_LWP_EXIT : 0; 630 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 631 t->p_sigctx.ps_lwp, pe.pe_set_event)); 632 return copyout(&pe, addr, sizeof(pe)); 633 } 634 635 static int 636 ptrace_set_event_mask(struct proc *t, void *addr, size_t data) 637 { 638 struct ptrace_event pe; 639 int error; 640 641 if (data != sizeof(pe)) { 642 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pe))); 643 return EINVAL; 644 } 645 if ((error = copyin(addr, &pe, sizeof(pe))) != 0) 646 return error; 647 648 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 649 t->p_sigctx.ps_lwp, pe.pe_set_event)); 650 if (pe.pe_set_event & PTRACE_FORK) 651 SET(t->p_slflag, PSL_TRACEFORK); 652 else 653 CLR(t->p_slflag, PSL_TRACEFORK); 654 655 if (pe.pe_set_event & PTRACE_VFORK) 656 SET(t->p_slflag, PSL_TRACEVFORK); 657 else 658 CLR(t->p_slflag, PSL_TRACEVFORK); 659 660 if (pe.pe_set_event & PTRACE_VFORK_DONE) 661 SET(t->p_slflag, PSL_TRACEVFORK_DONE); 662 else 663 CLR(t->p_slflag, PSL_TRACEVFORK_DONE); 664 665 if (pe.pe_set_event & PTRACE_LWP_CREATE) 666 SET(t->p_slflag, PSL_TRACELWP_CREATE); 667 else 668 CLR(t->p_slflag, PSL_TRACELWP_CREATE); 669 670 if (pe.pe_set_event & PTRACE_LWP_EXIT) 671 SET(t->p_slflag, PSL_TRACELWP_EXIT); 672 else 673 CLR(t->p_slflag, PSL_TRACELWP_EXIT); 674 return 0; 675 } 676 677 static int 678 ptrace_get_process_state(struct proc *t, void *addr, size_t data) 679 { 680 struct ptrace_state ps; 681 682 if (data != sizeof(ps)) { 683 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(ps))); 684 return EINVAL; 685 } 686 memset(&ps, 0, sizeof(ps)); 687 688 if (t->p_fpid) { 689 ps.pe_report_event = PTRACE_FORK; 690 ps.pe_other_pid = t->p_fpid; 691 } else if (t->p_vfpid) { 692 ps.pe_report_event = PTRACE_VFORK; 693 ps.pe_other_pid = t->p_vfpid; 694 } else if (t->p_vfpid_done) { 695 ps.pe_report_event = PTRACE_VFORK_DONE; 696 ps.pe_other_pid = t->p_vfpid_done; 697 } else if (t->p_lwp_created) { 698 ps.pe_report_event = PTRACE_LWP_CREATE; 699 ps.pe_lwp = t->p_lwp_created; 700 } else if (t->p_lwp_exited) { 701 ps.pe_report_event = PTRACE_LWP_EXIT; 702 ps.pe_lwp = t->p_lwp_exited; 703 } 704 DPRINTF(("%s: lwp=%d event=%#x pid=%d lwp=%d\n", __func__, 705 t->p_sigctx.ps_lwp, ps.pe_report_event, 706 ps.pe_other_pid, ps.pe_lwp)); 707 return copyout(&ps, addr, sizeof(ps)); 708 } 709 710 static int 711 ptrace_lwpinfo(struct proc *t, struct lwp **lt, void *addr, size_t data) 712 { 713 struct ptrace_lwpinfo pl; 714 715 if (data != sizeof(pl)) { 716 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pl))); 717 return EINVAL; 718 } 719 int error = copyin(addr, &pl, sizeof(pl)); 720 if (error) 721 return error; 722 723 lwpid_t tmp = pl.pl_lwpid; 724 lwp_delref(*lt); 725 mutex_enter(t->p_lock); 726 if (tmp == 0) 727 *lt = lwp_find_first(t); 728 else { 729 *lt = lwp_find(t, tmp); 730 if (*lt == NULL) { 731 mutex_exit(t->p_lock); 732 return ESRCH; 733 } 734 *lt = LIST_NEXT(*lt, l_sibling); 735 } 736 737 while (*lt != NULL && !lwp_alive(*lt)) 738 *lt = LIST_NEXT(*lt, l_sibling); 739 740 pl.pl_lwpid = 0; 741 pl.pl_event = 0; 742 if (*lt) { 743 lwp_addref(*lt); 744 pl.pl_lwpid = (*lt)->l_lid; 745 746 if ((*lt)->l_flag & LW_WSUSPEND) 747 pl.pl_event = PL_EVENT_SUSPENDED; 748 /* 749 * If we match the lwp, or it was sent to every lwp, 750 * we set PL_EVENT_SIGNAL. 751 * XXX: ps_lwp == 0 means everyone and noone, so 752 * check ps_signo too. 753 */ 754 else if ((*lt)->l_lid == t->p_sigctx.ps_lwp 755 || (t->p_sigctx.ps_lwp == 0 && 756 t->p_sigctx.ps_info._signo)) { 757 DPRINTF(("%s: lwp=%d siglwp=%d signo %d\n", __func__, 758 pl.pl_lwpid, t->p_sigctx.ps_lwp, 759 t->p_sigctx.ps_info._signo)); 760 pl.pl_event = PL_EVENT_SIGNAL; 761 } 762 } 763 mutex_exit(t->p_lock); 764 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 765 pl.pl_lwpid, pl.pl_event)); 766 767 return copyout(&pl, addr, sizeof(pl)); 768 } 769 770 static int 771 ptrace_startstop(struct proc *t, struct lwp **lt, int rq, void *addr, 772 size_t data) 773 { 774 int error; 775 776 if ((error = ptrace_update_lwp(t, lt, data)) != 0) 777 return error; 778 779 DPRINTF(("%s: lwp=%d request=%d\n", __func__, (*lt)->l_lid, rq)); 780 lwp_lock(*lt); 781 if (rq == PT_SUSPEND) 782 (*lt)->l_flag |= LW_WSUSPEND; 783 else 784 (*lt)->l_flag &= ~LW_WSUSPEND; 785 lwp_unlock(*lt); 786 return 0; 787 } 788 789 #ifdef PT_REGISTERS 790 static int 791 ptrace_uio_dir(int req) 792 { 793 switch (req) { 794 case_PT_GETREGS 795 case_PT_GETFPREGS 796 case_PT_GETDBREGS 797 return UIO_READ; 798 case_PT_SETREGS 799 case_PT_SETFPREGS 800 case_PT_SETDBREGS 801 return UIO_WRITE; 802 default: 803 return -1; 804 } 805 } 806 807 static int 808 ptrace_regs(struct lwp *l, struct lwp **lt, int rq, struct ptrace_methods *ptm, 809 void *addr, size_t data) 810 { 811 int error; 812 struct proc *t = (*lt)->l_proc; 813 struct vmspace *vm; 814 815 if ((error = ptrace_update_lwp(t, lt, data)) != 0) 816 return error; 817 818 int dir = ptrace_uio_dir(rq); 819 size_t size; 820 int (*func)(struct lwp *, struct lwp *, struct uio *); 821 822 DPRINTF(("%s: lwp=%d request=%d\n", __func__, l->l_lid, rq)); 823 824 switch (rq) { 825 #if defined(PT_SETREGS) || defined(PT_GETREGS) 826 case_PT_GETREGS 827 case_PT_SETREGS 828 if (!process_validregs(*lt)) 829 return EINVAL; 830 size = PROC_REGSZ(t); 831 func = ptm->ptm_doregs; 832 break; 833 #endif 834 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 835 case_PT_GETFPREGS 836 case_PT_SETFPREGS 837 if (!process_validfpregs(*lt)) 838 return EINVAL; 839 size = PROC_FPREGSZ(t); 840 func = ptm->ptm_dofpregs; 841 break; 842 #endif 843 #if defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 844 case_PT_GETDBREGS 845 case_PT_SETDBREGS 846 if (!process_validdbregs(*lt)) 847 return EINVAL; 848 size = PROC_DBREGSZ(t); 849 func = ptm->ptm_dodbregs; 850 break; 851 #endif 852 default: 853 return EINVAL; 854 } 855 856 error = proc_vmspace_getref(l->l_proc, &vm); 857 if (error) 858 return error; 859 860 struct uio uio; 861 struct iovec iov; 862 863 iov.iov_base = addr; 864 iov.iov_len = size; 865 uio.uio_iov = &iov; 866 uio.uio_iovcnt = 1; 867 uio.uio_offset = 0; 868 uio.uio_resid = iov.iov_len; 869 uio.uio_rw = dir; 870 uio.uio_vmspace = vm; 871 872 error = (*func)(l, *lt, &uio); 873 uvmspace_free(vm); 874 return error; 875 } 876 #endif 877 878 static int 879 ptrace_sendsig(struct proc *t, struct lwp *lt, int signo, int resume_all) 880 { 881 ksiginfo_t ksi; 882 883 t->p_fpid = 0; 884 t->p_vfpid = 0; 885 t->p_vfpid_done = 0; 886 t->p_lwp_created = 0; 887 t->p_lwp_exited = 0; 888 889 /* Finally, deliver the requested signal (or none). */ 890 if (t->p_stat == SSTOP) { 891 /* 892 * Unstop the process. If it needs to take a 893 * signal, make all efforts to ensure that at 894 * an LWP runs to see it. 895 */ 896 t->p_xsig = signo; 897 898 /* 899 * signo > 0 check prevents a potential panic, as 900 * sigismember(&...,0) is invalid check and signo 901 * can be equal to 0 as a special case of no-signal. 902 */ 903 if (signo > 0 && sigismember(&stopsigmask, signo)) { 904 t->p_waited = 0; 905 child_psignal(t, 0); 906 } else if (resume_all) 907 proc_unstop(t); 908 else 909 lwp_unstop(lt); 910 return 0; 911 } 912 913 KSI_INIT_EMPTY(&ksi); 914 if (t->p_sigctx.ps_faked) { 915 if (signo != t->p_sigctx.ps_info._signo) 916 return EINVAL; 917 t->p_sigctx.ps_faked = false; 918 ksi.ksi_info = t->p_sigctx.ps_info; 919 ksi.ksi_lid = t->p_sigctx.ps_lwp; 920 } else if (signo == 0) { 921 return 0; 922 } else { 923 ksi.ksi_signo = signo; 924 } 925 DPRINTF(("%s: pid=%d.%d signal=%d resume_all=%d\n", __func__, t->p_pid, 926 t->p_sigctx.ps_lwp, signo, resume_all)); 927 928 kpsignal2(t, &ksi); 929 return 0; 930 } 931 932 static int 933 ptrace_dumpcore(struct lwp *lt, char *path, size_t len) 934 { 935 int error; 936 if (path != NULL) { 937 938 if (len >= MAXPATHLEN) 939 return EINVAL; 940 941 char *src = path; 942 path = kmem_alloc(len + 1, KM_SLEEP); 943 error = copyin(src, path, len); 944 if (error) 945 goto out; 946 path[len] = '\0'; 947 } 948 DPRINTF(("%s: lwp=%d\n", __func__, lt->l_lid)); 949 error = (*coredump_vec)(lt, path); 950 out: 951 if (path) 952 kmem_free(path, len + 1); 953 return error; 954 } 955 956 static int 957 ptrace_doio(struct lwp *l, struct proc *t, struct lwp *lt, 958 struct ptrace_io_desc *piod, void *addr, bool sysspace) 959 { 960 struct uio uio; 961 struct iovec iov; 962 int error, tmp; 963 964 error = 0; 965 iov.iov_base = piod->piod_addr; 966 iov.iov_len = piod->piod_len; 967 uio.uio_iov = &iov; 968 uio.uio_iovcnt = 1; 969 uio.uio_offset = (off_t)(unsigned long)piod->piod_offs; 970 uio.uio_resid = piod->piod_len; 971 972 DPRINTF(("%s: lwp=%d request=%d\n", __func__, l->l_lid, piod->piod_op)); 973 974 switch (piod->piod_op) { 975 case PIOD_READ_D: 976 case PIOD_READ_I: 977 uio.uio_rw = UIO_READ; 978 break; 979 case PIOD_WRITE_D: 980 case PIOD_WRITE_I: 981 /* 982 * Can't write to a RAS 983 */ 984 if (ras_lookup(t, addr) != (void *)-1) { 985 return EACCES; 986 } 987 uio.uio_rw = UIO_WRITE; 988 break; 989 case PIOD_READ_AUXV: 990 uio.uio_rw = UIO_READ; 991 tmp = t->p_execsw->es_arglen; 992 if (uio.uio_offset > tmp) 993 return EIO; 994 if (uio.uio_resid > tmp - uio.uio_offset) 995 uio.uio_resid = tmp - uio.uio_offset; 996 piod->piod_len = iov.iov_len = uio.uio_resid; 997 error = process_auxv_offset(t, &uio); 998 break; 999 default: 1000 error = EINVAL; 1001 break; 1002 } 1003 1004 if (error) 1005 return error; 1006 1007 if (sysspace) { 1008 uio.uio_vmspace = vmspace_kernel(); 1009 } else { 1010 error = proc_vmspace_getref(l->l_proc, &uio.uio_vmspace); 1011 if (error) 1012 return error; 1013 } 1014 1015 error = process_domem(l, lt, &uio); 1016 if (!sysspace) 1017 uvmspace_free(uio.uio_vmspace); 1018 if (error) 1019 return error; 1020 piod->piod_len -= uio.uio_resid; 1021 return 0; 1022 } 1023 1024 int 1025 do_ptrace(struct ptrace_methods *ptm, struct lwp *l, int req, pid_t pid, 1026 void *addr, int data, register_t *retval) 1027 { 1028 struct proc *p = l->l_proc; 1029 struct lwp *lt = NULL; 1030 struct lwp *lt2; 1031 struct proc *t; /* target process */ 1032 struct ptrace_io_desc piod; 1033 int error, write, tmp, pheld; 1034 int signo = 0; 1035 int resume_all; 1036 error = 0; 1037 1038 /* 1039 * If attaching or detaching, we need to get a write hold on the 1040 * proclist lock so that we can re-parent the target process. 1041 */ 1042 mutex_enter(proc_lock); 1043 1044 t = ptrace_find(l, req, pid); 1045 if (t == NULL) { 1046 mutex_exit(proc_lock); 1047 return ESRCH; 1048 } 1049 1050 pheld = 1; 1051 if ((error = ptrace_allowed(l, req, t, p)) != 0) 1052 goto out; 1053 1054 if ((error = kauth_authorize_process(l->l_cred, 1055 KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req), NULL, NULL)) != 0) 1056 goto out; 1057 1058 if ((lt = lwp_find_first(t)) == NULL) { 1059 error = ESRCH; 1060 goto out; 1061 } 1062 1063 /* Do single-step fixup if needed. */ 1064 FIX_SSTEP(t); 1065 KASSERT(lt != NULL); 1066 lwp_addref(lt); 1067 1068 /* 1069 * Which locks do we need held? XXX Ugly. 1070 */ 1071 if ((pheld = ptrace_needs_hold(req)) == 0) { 1072 mutex_exit(t->p_lock); 1073 mutex_exit(proc_lock); 1074 } 1075 1076 /* Now do the operation. */ 1077 write = 0; 1078 *retval = 0; 1079 tmp = 0; 1080 resume_all = 1; 1081 1082 switch (req) { 1083 case PT_TRACE_ME: 1084 /* Just set the trace flag. */ 1085 SET(t->p_slflag, PSL_TRACED); 1086 t->p_opptr = t->p_pptr; 1087 break; 1088 1089 /* 1090 * The I and D separate address space has been inherited from PDP-11. 1091 * The 16-bit UNIX started with a single address space per program, 1092 * but was extended to two 16-bit (2 x 64kb) address spaces. 1093 * 1094 * We no longer maintain this feature in maintained architectures, but 1095 * we keep the API for backward compatiblity. Currently the I and D 1096 * operations are exactly the same and not distinguished in debuggers. 1097 */ 1098 case PT_WRITE_I: 1099 case PT_WRITE_D: 1100 write = 1; 1101 tmp = data; 1102 /* FALLTHROUGH */ 1103 case PT_READ_I: 1104 case PT_READ_D: 1105 piod.piod_addr = &tmp; 1106 piod.piod_len = sizeof(tmp); 1107 piod.piod_offs = addr; 1108 piod.piod_op = write ? PIOD_WRITE_D : PIOD_READ_D; 1109 if ((error = ptrace_doio(l, t, lt, &piod, addr, true)) != 0) 1110 break; 1111 /* 1112 * For legacy reasons we treat here two results as success: 1113 * - incomplete transfer piod.piod_len < sizeof(tmp) 1114 * - no transfer piod.piod_len == 0 1115 * 1116 * This means that there is no way to determine whether 1117 * transfer operation was performed in PT_WRITE and PT_READ 1118 * calls. 1119 */ 1120 if (!write) 1121 *retval = tmp; 1122 break; 1123 1124 case PT_IO: 1125 if ((error = ptm->ptm_copyin_piod(&piod, addr, data)) != 0) 1126 break; 1127 if (piod.piod_len < 1) { 1128 error = EINVAL; 1129 break; 1130 } 1131 if ((error = ptrace_doio(l, t, lt, &piod, addr, false)) != 0) 1132 break; 1133 /* 1134 * For legacy reasons we treat here two results as success: 1135 * - incomplete transfer piod.piod_len < sizeof(tmp) 1136 * - no transfer piod.piod_len == 0 1137 */ 1138 error = ptm->ptm_copyout_piod(&piod, addr, data); 1139 break; 1140 1141 case PT_DUMPCORE: 1142 error = ptrace_dumpcore(lt, addr, data); 1143 break; 1144 1145 #ifdef PT_STEP 1146 case PT_STEP: 1147 /* 1148 * From the 4.4BSD PRM: 1149 * "Execution continues as in request PT_CONTINUE; however 1150 * as soon as possible after execution of at least one 1151 * instruction, execution stops again. [ ... ]" 1152 */ 1153 #endif 1154 case PT_CONTINUE: 1155 case PT_SYSCALL: 1156 case PT_DETACH: 1157 if (req == PT_SYSCALL) { 1158 if (!ISSET(t->p_slflag, PSL_SYSCALL)) { 1159 SET(t->p_slflag, PSL_SYSCALL); 1160 #ifdef __HAVE_SYSCALL_INTERN 1161 (*t->p_emul->e_syscall_intern)(t); 1162 #endif 1163 } 1164 } else { 1165 if (ISSET(t->p_slflag, PSL_SYSCALL)) { 1166 CLR(t->p_slflag, PSL_SYSCALL); 1167 #ifdef __HAVE_SYSCALL_INTERN 1168 (*t->p_emul->e_syscall_intern)(t); 1169 #endif 1170 } 1171 } 1172 t->p_trace_enabled = trace_is_enabled(t); 1173 1174 /* 1175 * Pick up the LWPID, if supplied. There are two cases: 1176 * data < 0 : step or continue single thread, lwp = -data 1177 * data > 0 in PT_STEP : step this thread, continue others 1178 * For operations other than PT_STEP, data > 0 means 1179 * data is the signo to deliver to the process. 1180 */ 1181 tmp = data; 1182 if (tmp >= 0) { 1183 #ifdef PT_STEP 1184 if (req == PT_STEP) 1185 signo = 0; 1186 else 1187 #endif 1188 { 1189 signo = tmp; 1190 tmp = 0; /* don't search for LWP */ 1191 } 1192 } else 1193 tmp = -tmp; 1194 1195 if (tmp > 0) { 1196 if (req == PT_DETACH) { 1197 error = EINVAL; 1198 break; 1199 } 1200 lwp_delref2 (lt); 1201 lt = lwp_find(t, tmp); 1202 if (lt == NULL) { 1203 error = ESRCH; 1204 break; 1205 } 1206 lwp_addref(lt); 1207 resume_all = 0; 1208 signo = 0; 1209 } 1210 1211 /* 1212 * From the 4.4BSD PRM: 1213 * "The data argument is taken as a signal number and the 1214 * child's execution continues at location addr as if it 1215 * incurred that signal. Normally the signal number will 1216 * be either 0 to indicate that the signal that caused the 1217 * stop should be ignored, or that value fetched out of 1218 * the process's image indicating which signal caused 1219 * the stop. If addr is (int *)1 then execution continues 1220 * from where it stopped." 1221 */ 1222 1223 /* Check that the data is a valid signal number or zero. */ 1224 if (signo < 0 || signo >= NSIG) { 1225 error = EINVAL; 1226 break; 1227 } 1228 1229 /* Prevent process deadlock */ 1230 if (resume_all) { 1231 #ifdef PT_STEP 1232 if (req == PT_STEP) { 1233 if (lt->l_flag & LW_WSUSPEND) { 1234 error = EDEADLK; 1235 break; 1236 } 1237 } else 1238 #endif 1239 { 1240 error = EDEADLK; 1241 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1242 if ((lt2->l_flag & LW_WSUSPEND) == 0) { 1243 error = 0; 1244 break; 1245 } 1246 } 1247 if (error != 0) 1248 break; 1249 } 1250 } else { 1251 if (lt->l_flag & LW_WSUSPEND) { 1252 error = EDEADLK; 1253 break; 1254 } 1255 } 1256 1257 /* 1258 * Reject setting program cunter to 0x0 if VA0 is disabled. 1259 * 1260 * Not all kernels implement this feature to set Program 1261 * Counter in one go in PT_CONTINUE and similar operations. 1262 * This causes portability issues as passing address 0x0 1263 * on these kernels is no-operation, but can cause failure 1264 * in most cases on NetBSD. 1265 */ 1266 if (user_va0_disable && addr == 0) { 1267 error = EINVAL; 1268 break; 1269 } 1270 1271 /* If the address parameter is not (int *)1, set the pc. */ 1272 if ((int *)addr != (int *)1) { 1273 error = process_set_pc(lt, addr); 1274 if (error != 0) 1275 break; 1276 } 1277 #ifdef PT_STEP 1278 /* 1279 * Arrange for a single-step, if that's requested and possible. 1280 * More precisely, set the single step status as requested for 1281 * the requested thread, and clear it for other threads. 1282 */ 1283 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1284 if (ISSET(lt2->l_pflag, LP_SINGLESTEP)) { 1285 lwp_lock(lt2); 1286 process_sstep(lt2, 1); 1287 lwp_unlock(lt2); 1288 } else if (lt != lt2) { 1289 lwp_lock(lt2); 1290 process_sstep(lt2, 0); 1291 lwp_unlock(lt2); 1292 } 1293 } 1294 error = process_sstep(lt, 1295 ISSET(lt->l_pflag, LP_SINGLESTEP) || req == PT_STEP); 1296 if (error) 1297 break; 1298 #endif 1299 if (req == PT_DETACH) { 1300 CLR(t->p_slflag, PSL_TRACED|PSL_SYSCALL); 1301 1302 /* give process back to original parent or init */ 1303 if (t->p_opptr != t->p_pptr) { 1304 struct proc *pp = t->p_opptr; 1305 proc_reparent(t, pp ? pp : initproc); 1306 } 1307 1308 /* not being traced any more */ 1309 t->p_opptr = NULL; 1310 1311 /* clear single step */ 1312 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1313 CLR(lt2->l_pflag, LP_SINGLESTEP); 1314 } 1315 CLR(lt->l_pflag, LP_SINGLESTEP); 1316 } 1317 sendsig: 1318 error = ptrace_sendsig(t, lt, signo, resume_all); 1319 break; 1320 1321 case PT_SYSCALLEMU: 1322 if (!ISSET(t->p_slflag, PSL_SYSCALL) || t->p_stat != SSTOP) { 1323 error = EINVAL; 1324 break; 1325 } 1326 SET(t->p_slflag, PSL_SYSCALLEMU); 1327 break; 1328 1329 #ifdef PT_STEP 1330 case PT_SETSTEP: 1331 write = 1; 1332 1333 /* FALLTHROUGH */ 1334 case PT_CLEARSTEP: 1335 /* write = 0 done above. */ 1336 if ((error = ptrace_update_lwp(t, <, data)) != 0) 1337 break; 1338 1339 if (write) 1340 SET(lt->l_pflag, LP_SINGLESTEP); 1341 else 1342 CLR(lt->l_pflag, LP_SINGLESTEP); 1343 break; 1344 #endif 1345 1346 case PT_KILL: 1347 /* just send the process a KILL signal. */ 1348 signo = SIGKILL; 1349 goto sendsig; /* in PT_CONTINUE, above. */ 1350 1351 case PT_ATTACH: 1352 /* 1353 * Go ahead and set the trace flag. 1354 * Save the old parent (it's reset in 1355 * _DETACH, and also in kern_exit.c:wait4() 1356 * Reparent the process so that the tracing 1357 * proc gets to see all the action. 1358 * Stop the target. 1359 */ 1360 proc_changeparent(t, p); 1361 signo = SIGSTOP; 1362 goto sendsig; 1363 1364 case PT_GET_EVENT_MASK: 1365 error = ptrace_get_event_mask(t, addr, data); 1366 break; 1367 1368 case PT_SET_EVENT_MASK: 1369 error = ptrace_set_event_mask(t, addr, data); 1370 break; 1371 1372 case PT_GET_PROCESS_STATE: 1373 error = ptrace_get_process_state(t, addr, data); 1374 break; 1375 1376 case PT_LWPINFO: 1377 error = ptrace_lwpinfo(t, <, addr, data); 1378 break; 1379 1380 case PT_SET_SIGINFO: 1381 error = ptrace_set_siginfo(t, <, ptm, addr, data); 1382 break; 1383 1384 case PT_GET_SIGINFO: 1385 error = ptrace_get_siginfo(t, ptm, addr, data); 1386 break; 1387 1388 case PT_RESUME: 1389 case PT_SUSPEND: 1390 error = ptrace_startstop(t, <, req, addr, data); 1391 break; 1392 1393 #ifdef PT_REGISTERS 1394 case_PT_SETREGS 1395 case_PT_GETREGS 1396 case_PT_SETFPREGS 1397 case_PT_GETFPREGS 1398 case_PT_SETDBREGS 1399 case_PT_GETDBREGS 1400 error = ptrace_regs(l, <, req, ptm, addr, data); 1401 break; 1402 #endif 1403 1404 #ifdef __HAVE_PTRACE_MACHDEP 1405 PTRACE_MACHDEP_REQUEST_CASES 1406 error = ptrace_machdep_dorequest(l, lt, req, addr, data); 1407 break; 1408 #endif 1409 } 1410 1411 out: 1412 if (pheld) { 1413 mutex_exit(t->p_lock); 1414 mutex_exit(proc_lock); 1415 } 1416 if (lt != NULL) 1417 lwp_delref(lt); 1418 rw_exit(&t->p_reflock); 1419 1420 return error; 1421 } 1422 1423 typedef int (*regrfunc_t)(struct lwp *, void *, size_t *); 1424 typedef int (*regwfunc_t)(struct lwp *, void *, size_t); 1425 1426 #ifdef PT_REGISTERS 1427 static int 1428 proc_regio(struct lwp *l, struct uio *uio, size_t ks, regrfunc_t r, 1429 regwfunc_t w) 1430 { 1431 char buf[1024]; 1432 int error; 1433 char *kv; 1434 size_t kl; 1435 1436 if (ks > sizeof(buf)) 1437 return E2BIG; 1438 1439 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)ks) 1440 return EINVAL; 1441 1442 kv = buf + uio->uio_offset; 1443 kl = ks - uio->uio_offset; 1444 1445 if (kl > uio->uio_resid) 1446 kl = uio->uio_resid; 1447 1448 error = (*r)(l, buf, &ks); 1449 if (error == 0) 1450 error = uiomove(kv, kl, uio); 1451 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1452 if (l->l_stat != LSSTOP) 1453 error = EBUSY; 1454 else 1455 error = (*w)(l, buf, ks); 1456 } 1457 1458 uio->uio_offset = 0; 1459 return error; 1460 } 1461 #endif 1462 1463 int 1464 process_doregs(struct lwp *curl /*tracer*/, 1465 struct lwp *l /*traced*/, 1466 struct uio *uio) 1467 { 1468 #if defined(PT_GETREGS) || defined(PT_SETREGS) 1469 size_t s; 1470 regrfunc_t r; 1471 regwfunc_t w; 1472 1473 #ifdef COMPAT_NETBSD32 1474 const bool pk32 = (l->l_proc->p_flag & PK_32) != 0; 1475 1476 if (__predict_false(pk32)) { 1477 s = sizeof(process_reg32); 1478 r = (regrfunc_t)process_read_regs32; 1479 w = (regwfunc_t)process_write_regs32; 1480 } else 1481 #endif 1482 { 1483 s = sizeof(struct reg); 1484 r = (regrfunc_t)process_read_regs; 1485 w = (regwfunc_t)process_write_regs; 1486 } 1487 return proc_regio(l, uio, s, r, w); 1488 #else 1489 return EINVAL; 1490 #endif 1491 } 1492 1493 int 1494 process_validregs(struct lwp *l) 1495 { 1496 1497 #if defined(PT_SETREGS) || defined(PT_GETREGS) 1498 return (l->l_flag & LW_SYSTEM) == 0; 1499 #else 1500 return 0; 1501 #endif 1502 } 1503 1504 int 1505 process_dofpregs(struct lwp *curl /*tracer*/, 1506 struct lwp *l /*traced*/, 1507 struct uio *uio) 1508 { 1509 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 1510 size_t s; 1511 regrfunc_t r; 1512 regwfunc_t w; 1513 1514 #ifdef COMPAT_NETBSD32 1515 const bool pk32 = (l->l_proc->p_flag & PK_32) != 0; 1516 1517 if (__predict_false(pk32)) { 1518 s = sizeof(process_fpreg32); 1519 r = (regrfunc_t)process_read_fpregs32; 1520 w = (regwfunc_t)process_write_fpregs32; 1521 } else 1522 #endif 1523 { 1524 s = sizeof(struct fpreg); 1525 r = (regrfunc_t)process_read_fpregs; 1526 w = (regwfunc_t)process_write_fpregs; 1527 } 1528 return proc_regio(l, uio, s, r, w); 1529 #else 1530 return EINVAL; 1531 #endif 1532 } 1533 1534 int 1535 process_validfpregs(struct lwp *l) 1536 { 1537 1538 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 1539 return (l->l_flag & LW_SYSTEM) == 0; 1540 #else 1541 return 0; 1542 #endif 1543 } 1544 1545 int 1546 process_dodbregs(struct lwp *curl /*tracer*/, 1547 struct lwp *l /*traced*/, 1548 struct uio *uio) 1549 { 1550 #if defined(PT_GETDBREGS) || defined(PT_SETDBREGS) 1551 size_t s; 1552 regrfunc_t r; 1553 regwfunc_t w; 1554 1555 #ifdef COMPAT_NETBSD32 1556 const bool pk32 = (l->l_proc->p_flag & PK_32) != 0; 1557 1558 if (__predict_false(pk32)) { 1559 s = sizeof(process_dbreg32); 1560 r = (regrfunc_t)process_read_dbregs32; 1561 w = (regwfunc_t)process_write_dbregs32; 1562 } else 1563 #endif 1564 { 1565 s = sizeof(struct dbreg); 1566 r = (regrfunc_t)process_read_dbregs; 1567 w = (regwfunc_t)process_write_dbregs; 1568 } 1569 return proc_regio(l, uio, s, r, w); 1570 #else 1571 return EINVAL; 1572 #endif 1573 } 1574 1575 int 1576 process_validdbregs(struct lwp *l) 1577 { 1578 1579 #if defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 1580 return (l->l_flag & LW_SYSTEM) == 0; 1581 #else 1582 return 0; 1583 #endif 1584 } 1585 1586 static int 1587 process_auxv_offset(struct proc *p, struct uio *uio) 1588 { 1589 struct ps_strings pss; 1590 int error; 1591 off_t off = (off_t)p->p_psstrp; 1592 1593 if ((error = copyin_psstrings(p, &pss)) != 0) 1594 return error; 1595 1596 if (pss.ps_envstr == NULL) 1597 return EIO; 1598 1599 uio->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + pss.ps_nenvstr + 1); 1600 #ifdef __MACHINE_STACK_GROWS_UP 1601 if (uio->uio_offset < off) 1602 return EIO; 1603 #else 1604 if (uio->uio_offset > off) 1605 return EIO; 1606 if ((uio->uio_offset + uio->uio_resid) > off) 1607 uio->uio_resid = off - uio->uio_offset; 1608 #endif 1609 return 0; 1610 } 1611 #endif /* PTRACE */ 1612 1613 MODULE(MODULE_CLASS_EXEC, ptrace_common, NULL); 1614 1615 static int 1616 ptrace_common_modcmd(modcmd_t cmd, void *arg) 1617 { 1618 int error; 1619 1620 switch (cmd) { 1621 case MODULE_CMD_INIT: 1622 error = ptrace_init(); 1623 break; 1624 case MODULE_CMD_FINI: 1625 error = ptrace_fini(); 1626 break; 1627 default: 1628 ptrace_hooks(); 1629 error = ENOTTY; 1630 break; 1631 } 1632 return error; 1633 } 1634