1 /* $NetBSD: procfs_mem.c,v 1.27 2000/11/24 18:58:37 chs Exp $ */ 2 3 /* 4 * Copyright (c) 1993 Jan-Simon Pendry 5 * Copyright (c) 1993 Sean Eric Fagan 6 * Copyright (c) 1993 7 * The Regents of the University of California. All rights reserved. 8 * 9 * This code is derived from software contributed to Berkeley by 10 * Jan-Simon Pendry and Sean Eric Fagan. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. All advertising materials mentioning features or use of this software 21 * must display the following acknowledgement: 22 * This product includes software developed by the University of 23 * California, Berkeley and its contributors. 24 * 4. Neither the name of the University nor the names of its contributors 25 * may be used to endorse or promote products derived from this software 26 * without specific prior written permission. 27 * 28 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 31 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 * SUCH DAMAGE. 39 * 40 * @(#)procfs_mem.c 8.5 (Berkeley) 6/15/94 41 */ 42 43 /* 44 * This is a lightly hacked and merged version 45 * of sef's pread/pwrite functions 46 */ 47 48 #include <sys/param.h> 49 #include <sys/systm.h> 50 #include <sys/time.h> 51 #include <sys/kernel.h> 52 #include <sys/proc.h> 53 #include <sys/vnode.h> 54 55 #include <miscfs/procfs/procfs.h> 56 57 #include <uvm/uvm_extern.h> 58 59 #define ISSET(t, f) ((t) & (f)) 60 61 /* 62 * Copy data in and out of the target process. 63 * We do this by mapping the process's page into 64 * the kernel and then doing a uiomove direct 65 * from the kernel address space. 66 */ 67 int 68 procfs_domem(curp, p, pfs, uio) 69 struct proc *curp; /* tracer */ 70 struct proc *p; /* traced */ 71 struct pfsnode *pfs; 72 struct uio *uio; 73 { 74 int error; 75 76 size_t len; 77 vaddr_t addr; 78 79 len = uio->uio_resid; 80 81 if (len == 0) 82 return (0); 83 84 addr = uio->uio_offset; 85 86 if ((error = procfs_checkioperm(curp, p)) != 0) 87 return (error); 88 89 /* XXXCDC: how should locking work here? */ 90 if ((p->p_flag & P_WEXIT) || (p->p_vmspace->vm_refcnt < 1)) 91 return(EFAULT); 92 p->p_vmspace->vm_refcnt++; /* XXX */ 93 error = uvm_io(&p->p_vmspace->vm_map, uio); 94 uvmspace_free(p->p_vmspace); 95 96 #ifdef PMAP_NEED_PROCWR 97 if (uio->uio_rw == UIO_WRITE) 98 pmap_procwr(p, addr, len); 99 #endif 100 return (error); 101 } 102 103 /* 104 * Ensure that a process has permission to perform I/O on another. 105 * Arguments: 106 * p The process wishing to do the I/O (the tracer). 107 * t The process who's memory/registers will be read/written. 108 */ 109 int 110 procfs_checkioperm(p, t) 111 struct proc *p, *t; 112 { 113 int error; 114 115 /* 116 * You cannot attach to a processes mem/regs if: 117 * 118 * (1) it's not owned by you, or is set-id on exec 119 * (unless you're root), or... 120 */ 121 if ((t->p_cred->p_ruid != p->p_cred->p_ruid || 122 ISSET(t->p_flag, P_SUGID)) && 123 (error = suser(p->p_ucred, &p->p_acflag)) != 0) 124 return (error); 125 126 /* 127 * (2) ...it's init, which controls the security level 128 * of the entire system, and the system was not 129 * compiled with permanetly insecure mode turned on. 130 */ 131 if (t == initproc && securelevel > -1) 132 return (EPERM); 133 134 /* 135 * (3) the tracer is chrooted, and its root directory is 136 * not at or above the root directory of the tracee 137 */ 138 139 if (!proc_isunder(t, p)) 140 return EPERM; 141 142 return (0); 143 } 144