1 /* $OpenBSD: sys_process.c,v 1.69 2016/05/31 22:34:53 jca Exp $ */ 2 /* $NetBSD: sys_process.c,v 1.55 1996/05/15 06:17:47 tls Exp $ */ 3 4 /*- 5 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 6 * Copyright (c) 1982, 1986, 1989, 1993 7 * The Regents of the University of California. All rights reserved. 8 * (c) UNIX System Laboratories, Inc. 9 * All or some portions of this file are derived from material licensed 10 * to the University of California by American Telephone and Telegraph 11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 12 * the permission of UNIX System Laboratories, Inc. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 39 */ 40 41 /* 42 * References: 43 * (1) Bach's "The Design of the UNIX Operating System", 44 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 45 * (3) the "4.4BSD Programmer's Reference Manual" published 46 * by USENIX and O'Reilly & Associates. 47 * The 4.4BSD PRM does a reasonably good job of documenting what the various 48 * ptrace() requests should actually do, and its text is quoted several times 49 * in this file. 50 */ 51 52 #include <sys/param.h> 53 #include <sys/systm.h> 54 #include <sys/exec.h> 55 #include <sys/proc.h> 56 #include <sys/signalvar.h> 57 #include <sys/errno.h> 58 #include <sys/malloc.h> 59 #include <sys/ptrace.h> 60 #include <sys/uio.h> 61 #include <sys/sched.h> 62 63 #include <sys/mount.h> 64 #include <sys/syscallargs.h> 65 66 #include <uvm/uvm_extern.h> 67 68 #include <machine/reg.h> 69 70 int process_auxv_offset(struct proc *, struct proc *, struct uio *); 71 72 #ifdef PTRACE 73 int global_ptrace; /* permit tracing of not children */ 74 /* 75 * Process debugging system call. 76 */ 77 int 78 sys_ptrace(struct proc *p, void *v, register_t *retval) 79 { 80 struct sys_ptrace_args /* { 81 syscallarg(int) req; 82 syscallarg(pid_t) pid; 83 syscallarg(caddr_t) addr; 84 syscallarg(int) data; 85 } */ *uap = v; 86 struct proc *t; /* target thread */ 87 struct process *tr; /* target process */ 88 struct uio uio; 89 struct iovec iov; 90 struct ptrace_io_desc piod; 91 struct ptrace_event pe; 92 struct ptrace_thread_state pts; 93 struct reg *regs; 94 #if defined (PT_SETFPREGS) || defined (PT_GETFPREGS) 95 struct fpreg *fpregs; 96 #endif 97 #if defined (PT_SETXMMREGS) || defined (PT_GETXMMREGS) 98 struct xmmregs *xmmregs; 99 #endif 100 #ifdef PT_WCOOKIE 101 register_t wcookie; 102 #endif 103 int error, write; 104 int temp; 105 int req = SCARG(uap, req); 106 int s; 107 108 /* "A foolish consistency..." XXX */ 109 switch (req) { 110 case PT_TRACE_ME: 111 t = p; 112 break; 113 114 /* calls that only operate on the PID */ 115 case PT_READ_I: 116 case PT_READ_D: 117 case PT_WRITE_I: 118 case PT_WRITE_D: 119 case PT_KILL: 120 case PT_ATTACH: 121 case PT_IO: 122 case PT_SET_EVENT_MASK: 123 case PT_GET_EVENT_MASK: 124 case PT_GET_PROCESS_STATE: 125 case PT_GET_THREAD_FIRST: 126 case PT_GET_THREAD_NEXT: 127 default: 128 /* Find the process we're supposed to be operating on. */ 129 if ((t = pfind(SCARG(uap, pid))) == NULL) 130 return (ESRCH); 131 if (t->p_flag & P_THREAD) 132 return (ESRCH); 133 break; 134 135 /* calls that accept a PID or a thread ID */ 136 case PT_CONTINUE: 137 case PT_DETACH: 138 #ifdef PT_STEP 139 case PT_STEP: 140 #endif 141 case PT_GETREGS: 142 case PT_SETREGS: 143 #ifdef PT_GETFPREGS 144 case PT_GETFPREGS: 145 #endif 146 #ifdef PT_SETFPREGS 147 case PT_SETFPREGS: 148 #endif 149 #ifdef PT_GETXMMREGS 150 case PT_GETXMMREGS: 151 #endif 152 #ifdef PT_SETXMMREGS 153 case PT_SETXMMREGS: 154 #endif 155 if (SCARG(uap, pid) > THREAD_PID_OFFSET) { 156 t = pfind(SCARG(uap, pid) - THREAD_PID_OFFSET); 157 if (t == NULL) 158 return (ESRCH); 159 } else { 160 if ((t = pfind(SCARG(uap, pid))) == NULL) 161 return (ESRCH); 162 if (t->p_flag & P_THREAD) 163 return (ESRCH); 164 } 165 break; 166 } 167 tr = t->p_p; 168 169 if ((tr->ps_flags & PS_INEXEC) != 0) 170 return (EAGAIN); 171 172 /* Make sure we can operate on it. */ 173 switch (req) { 174 case PT_TRACE_ME: 175 /* Saying that you're being traced is always legal. */ 176 break; 177 178 case PT_ATTACH: 179 /* 180 * You can't attach to a process if: 181 * (1) it's the process that's doing the attaching, 182 */ 183 if (tr == p->p_p) 184 return (EINVAL); 185 186 /* 187 * (2) it's a system process 188 */ 189 if (ISSET(tr->ps_flags, PS_SYSTEM)) 190 return (EPERM); 191 192 /* 193 * (3) it's already being traced, or 194 */ 195 if (ISSET(tr->ps_flags, PS_TRACED)) 196 return (EBUSY); 197 198 /* 199 * (4) it's not owned by you, or the last exec 200 * gave us setuid/setgid privs (unless 201 * you're root), or... 202 * 203 * [Note: once PS_SUGID or PS_SUGIDEXEC gets set in 204 * execve(), they stay set until the process does 205 * another execve(). Hence this prevents a setuid 206 * process which revokes its special privileges using 207 * setuid() from being traced. This is good security.] 208 */ 209 if ((tr->ps_ucred->cr_ruid != p->p_ucred->cr_ruid || 210 ISSET(tr->ps_flags, PS_SUGIDEXEC | PS_SUGID)) && 211 (error = suser(p, 0)) != 0) 212 return (error); 213 214 /* 215 * (4.5) it's not a child of the tracing process. 216 */ 217 if (global_ptrace == 0 && !inferior(tr, p->p_p) && 218 (error = suser(p, 0)) != 0) 219 return (error); 220 221 /* 222 * (5) ...it's init, which controls the security level 223 * of the entire system, and the system was not 224 * compiled with permanently insecure mode turned 225 * on. 226 */ 227 if ((tr->ps_pid == 1) && (securelevel > -1)) 228 return (EPERM); 229 230 /* 231 * (6) it's an ancestor of the current process and 232 * not init (because that would create a loop in 233 * the process graph). 234 */ 235 if (tr->ps_pid != 1 && inferior(p->p_p, tr)) 236 return (EINVAL); 237 break; 238 239 case PT_READ_I: 240 case PT_READ_D: 241 case PT_WRITE_I: 242 case PT_WRITE_D: 243 case PT_IO: 244 case PT_CONTINUE: 245 case PT_KILL: 246 case PT_DETACH: 247 #ifdef PT_STEP 248 case PT_STEP: 249 #endif 250 case PT_SET_EVENT_MASK: 251 case PT_GET_EVENT_MASK: 252 case PT_GET_PROCESS_STATE: 253 case PT_GETREGS: 254 case PT_SETREGS: 255 #ifdef PT_GETFPREGS 256 case PT_GETFPREGS: 257 #endif 258 #ifdef PT_SETFPREGS 259 case PT_SETFPREGS: 260 #endif 261 #ifdef PT_GETXMMREGS 262 case PT_GETXMMREGS: 263 #endif 264 #ifdef PT_SETXMMREGS 265 case PT_SETXMMREGS: 266 #endif 267 #ifdef PT_WCOOKIE 268 case PT_WCOOKIE: 269 #endif 270 /* 271 * You can't do what you want to the process if: 272 * (1) It's not being traced at all, 273 */ 274 if (!ISSET(tr->ps_flags, PS_TRACED)) 275 return (EPERM); 276 277 /* 278 * (2) it's not being traced by _you_, or 279 */ 280 if (tr->ps_pptr != p->p_p) 281 return (EBUSY); 282 283 /* 284 * (3) it's not currently stopped. 285 */ 286 if (t->p_stat != SSTOP || !ISSET(tr->ps_flags, PS_WAITED)) 287 return (EBUSY); 288 break; 289 290 case PT_GET_THREAD_FIRST: 291 case PT_GET_THREAD_NEXT: 292 /* 293 * You can't do what you want to the process if: 294 * (1) It's not being traced at all, 295 */ 296 if (!ISSET(tr->ps_flags, PS_TRACED)) 297 return (EPERM); 298 299 /* 300 * (2) it's not being traced by _you_, or 301 */ 302 if (tr->ps_pptr != p->p_p) 303 return (EBUSY); 304 305 /* 306 * Do the work here because the request isn't actually 307 * associated with 't' 308 */ 309 if (SCARG(uap, data) != sizeof(pts)) 310 return (EINVAL); 311 312 if (req == PT_GET_THREAD_NEXT) { 313 error = copyin(SCARG(uap, addr), &pts, sizeof(pts)); 314 if (error) 315 return (error); 316 317 t = pfind(pts.pts_tid - THREAD_PID_OFFSET); 318 if (t == NULL || ISSET(t->p_flag, P_WEXIT)) 319 return (ESRCH); 320 if (t->p_p != tr) 321 return (EINVAL); 322 t = TAILQ_NEXT(t, p_thr_link); 323 } else { 324 t = TAILQ_FIRST(&tr->ps_threads); 325 } 326 327 if (t == NULL) 328 pts.pts_tid = -1; 329 else 330 pts.pts_tid = t->p_pid + THREAD_PID_OFFSET; 331 return (copyout(&pts, SCARG(uap, addr), sizeof(pts))); 332 333 default: /* It was not a legal request. */ 334 return (EINVAL); 335 } 336 337 /* Do single-step fixup if needed. */ 338 FIX_SSTEP(t); 339 340 /* Now do the operation. */ 341 write = 0; 342 *retval = 0; 343 344 switch (req) { 345 case PT_TRACE_ME: 346 /* Just set the trace flag. */ 347 atomic_setbits_int(&tr->ps_flags, PS_TRACED); 348 tr->ps_oppid = tr->ps_pptr->ps_pid; 349 if (tr->ps_ptstat == NULL) 350 tr->ps_ptstat = malloc(sizeof(*tr->ps_ptstat), 351 M_SUBPROC, M_WAITOK); 352 memset(tr->ps_ptstat, 0, sizeof(*tr->ps_ptstat)); 353 return (0); 354 355 case PT_WRITE_I: /* XXX no separate I and D spaces */ 356 case PT_WRITE_D: 357 write = 1; 358 temp = SCARG(uap, data); 359 case PT_READ_I: /* XXX no separate I and D spaces */ 360 case PT_READ_D: 361 /* write = 0 done above. */ 362 iov.iov_base = (caddr_t)&temp; 363 iov.iov_len = sizeof(int); 364 uio.uio_iov = &iov; 365 uio.uio_iovcnt = 1; 366 uio.uio_offset = (off_t)(vaddr_t)SCARG(uap, addr); 367 uio.uio_resid = sizeof(int); 368 uio.uio_segflg = UIO_SYSSPACE; 369 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 370 uio.uio_procp = p; 371 error = process_domem(p, t, &uio, write ? PT_WRITE_I : 372 PT_READ_I); 373 if (write == 0) 374 *retval = temp; 375 return (error); 376 case PT_IO: 377 error = copyin(SCARG(uap, addr), &piod, sizeof(piod)); 378 if (error) 379 return (error); 380 iov.iov_base = piod.piod_addr; 381 iov.iov_len = piod.piod_len; 382 uio.uio_iov = &iov; 383 uio.uio_iovcnt = 1; 384 uio.uio_offset = (off_t)(vaddr_t)piod.piod_offs; 385 uio.uio_resid = piod.piod_len; 386 uio.uio_segflg = UIO_USERSPACE; 387 uio.uio_procp = p; 388 switch (piod.piod_op) { 389 case PIOD_READ_I: 390 req = PT_READ_I; 391 uio.uio_rw = UIO_READ; 392 break; 393 case PIOD_READ_D: 394 req = PT_READ_D; 395 uio.uio_rw = UIO_READ; 396 break; 397 case PIOD_WRITE_I: 398 req = PT_WRITE_I; 399 uio.uio_rw = UIO_WRITE; 400 break; 401 case PIOD_WRITE_D: 402 req = PT_WRITE_D; 403 uio.uio_rw = UIO_WRITE; 404 break; 405 case PIOD_READ_AUXV: 406 req = PT_READ_D; 407 uio.uio_rw = UIO_READ; 408 temp = tr->ps_emul->e_arglen * sizeof(char *); 409 if (uio.uio_offset > temp) 410 return (EIO); 411 if (uio.uio_resid > temp - uio.uio_offset) 412 uio.uio_resid = temp - uio.uio_offset; 413 piod.piod_len = iov.iov_len = uio.uio_resid; 414 error = process_auxv_offset(p, t, &uio); 415 if (error) 416 return (error); 417 break; 418 default: 419 return (EINVAL); 420 } 421 error = process_domem(p, t, &uio, req); 422 piod.piod_len -= uio.uio_resid; 423 (void) copyout(&piod, SCARG(uap, addr), sizeof(piod)); 424 return (error); 425 #ifdef PT_STEP 426 case PT_STEP: 427 /* 428 * From the 4.4BSD PRM: 429 * "Execution continues as in request PT_CONTINUE; however 430 * as soon as possible after execution of at least one 431 * instruction, execution stops again. [ ... ]" 432 */ 433 #endif 434 case PT_CONTINUE: 435 /* 436 * From the 4.4BSD PRM: 437 * "The data argument is taken as a signal number and the 438 * child's execution continues at location addr as if it 439 * incurred that signal. Normally the signal number will 440 * be either 0 to indicate that the signal that caused the 441 * stop should be ignored, or that value fetched out of 442 * the process's image indicating which signal caused 443 * the stop. If addr is (int *)1 then execution continues 444 * from where it stopped." 445 */ 446 447 if (SCARG(uap, pid) < THREAD_PID_OFFSET && tr->ps_single) 448 t = tr->ps_single; 449 450 /* Check that the data is a valid signal number or zero. */ 451 if (SCARG(uap, data) < 0 || SCARG(uap, data) >= NSIG) 452 return (EINVAL); 453 454 /* If the address parameter is not (int *)1, set the pc. */ 455 if ((int *)SCARG(uap, addr) != (int *)1) 456 if ((error = process_set_pc(t, SCARG(uap, addr))) != 0) 457 goto relebad; 458 459 #ifdef PT_STEP 460 /* 461 * Arrange for a single-step, if that's requested and possible. 462 */ 463 error = process_sstep(t, req == PT_STEP); 464 if (error) 465 goto relebad; 466 #endif 467 goto sendsig; 468 469 case PT_DETACH: 470 /* 471 * From the 4.4BSD PRM: 472 * "The data argument is taken as a signal number and the 473 * child's execution continues at location addr as if it 474 * incurred that signal. Normally the signal number will 475 * be either 0 to indicate that the signal that caused the 476 * stop should be ignored, or that value fetched out of 477 * the process's image indicating which signal caused 478 * the stop. If addr is (int *)1 then execution continues 479 * from where it stopped." 480 */ 481 482 if (SCARG(uap, pid) < THREAD_PID_OFFSET && tr->ps_single) 483 t = tr->ps_single; 484 485 /* Check that the data is a valid signal number or zero. */ 486 if (SCARG(uap, data) < 0 || SCARG(uap, data) >= NSIG) 487 return (EINVAL); 488 489 #ifdef PT_STEP 490 /* 491 * Stop single stepping. 492 */ 493 error = process_sstep(t, 0); 494 if (error) 495 goto relebad; 496 #endif 497 498 /* give process back to original parent or init */ 499 if (tr->ps_oppid != tr->ps_pptr->ps_pid) { 500 struct process *ppr; 501 502 ppr = prfind(tr->ps_oppid); 503 proc_reparent(tr, ppr ? ppr : initprocess); 504 } 505 506 /* not being traced any more */ 507 tr->ps_oppid = 0; 508 atomic_clearbits_int(&tr->ps_flags, PS_TRACED|PS_WAITED); 509 510 sendsig: 511 memset(tr->ps_ptstat, 0, sizeof(*tr->ps_ptstat)); 512 513 /* Finally, deliver the requested signal (or none). */ 514 if (t->p_stat == SSTOP) { 515 t->p_xstat = SCARG(uap, data); 516 SCHED_LOCK(s); 517 setrunnable(t); 518 SCHED_UNLOCK(s); 519 } else { 520 if (SCARG(uap, data) != 0) 521 psignal(t, SCARG(uap, data)); 522 } 523 524 return (0); 525 526 relebad: 527 return (error); 528 529 case PT_KILL: 530 if (SCARG(uap, pid) < THREAD_PID_OFFSET && tr->ps_single) 531 t = tr->ps_single; 532 533 /* just send the process a KILL signal. */ 534 SCARG(uap, data) = SIGKILL; 535 goto sendsig; /* in PT_CONTINUE, above. */ 536 537 case PT_ATTACH: 538 /* 539 * As was done in procfs: 540 * Go ahead and set the trace flag. 541 * Save the old parent (it's reset in 542 * _DETACH, and also in kern_exit.c:wait4() 543 * Reparent the process so that the tracing 544 * proc gets to see all the action. 545 * Stop the target. 546 */ 547 atomic_setbits_int(&tr->ps_flags, PS_TRACED); 548 tr->ps_oppid = tr->ps_pptr->ps_pid; 549 if (tr->ps_pptr != p->p_p) 550 proc_reparent(tr, p->p_p); 551 if (tr->ps_ptstat == NULL) 552 tr->ps_ptstat = malloc(sizeof(*tr->ps_ptstat), 553 M_SUBPROC, M_WAITOK); 554 SCARG(uap, data) = SIGSTOP; 555 goto sendsig; 556 557 case PT_GET_EVENT_MASK: 558 if (SCARG(uap, data) != sizeof(pe)) 559 return (EINVAL); 560 memset(&pe, 0, sizeof(pe)); 561 pe.pe_set_event = tr->ps_ptmask; 562 return (copyout(&pe, SCARG(uap, addr), sizeof(pe))); 563 case PT_SET_EVENT_MASK: 564 if (SCARG(uap, data) != sizeof(pe)) 565 return (EINVAL); 566 if ((error = copyin(SCARG(uap, addr), &pe, sizeof(pe)))) 567 return (error); 568 tr->ps_ptmask = pe.pe_set_event; 569 return (0); 570 571 case PT_GET_PROCESS_STATE: 572 if (SCARG(uap, data) != sizeof(*tr->ps_ptstat)) 573 return (EINVAL); 574 575 if (tr->ps_single) 576 tr->ps_ptstat->pe_tid = 577 tr->ps_single->p_pid + THREAD_PID_OFFSET; 578 579 return (copyout(tr->ps_ptstat, SCARG(uap, addr), 580 sizeof(*tr->ps_ptstat))); 581 582 case PT_SETREGS: 583 KASSERT((p->p_flag & P_SYSTEM) == 0); 584 if ((error = process_checkioperm(p, tr)) != 0) 585 return (error); 586 587 regs = malloc(sizeof(*regs), M_TEMP, M_WAITOK); 588 error = copyin(SCARG(uap, addr), regs, sizeof(*regs)); 589 if (error == 0) { 590 error = process_write_regs(t, regs); 591 } 592 free(regs, M_TEMP, sizeof(*regs)); 593 return (error); 594 case PT_GETREGS: 595 KASSERT((p->p_flag & P_SYSTEM) == 0); 596 if ((error = process_checkioperm(p, tr)) != 0) 597 return (error); 598 599 regs = malloc(sizeof(*regs), M_TEMP, M_WAITOK); 600 error = process_read_regs(t, regs); 601 if (error == 0) 602 error = copyout(regs, 603 SCARG(uap, addr), sizeof (*regs)); 604 free(regs, M_TEMP, sizeof(*regs)); 605 return (error); 606 #ifdef PT_SETFPREGS 607 case PT_SETFPREGS: 608 KASSERT((p->p_flag & P_SYSTEM) == 0); 609 if ((error = process_checkioperm(p, tr)) != 0) 610 return (error); 611 612 fpregs = malloc(sizeof(*fpregs), M_TEMP, M_WAITOK); 613 error = copyin(SCARG(uap, addr), fpregs, sizeof(*fpregs)); 614 if (error == 0) { 615 error = process_write_fpregs(t, fpregs); 616 } 617 free(fpregs, M_TEMP, sizeof(*fpregs)); 618 return (error); 619 #endif 620 #ifdef PT_GETFPREGS 621 case PT_GETFPREGS: 622 KASSERT((p->p_flag & P_SYSTEM) == 0); 623 if ((error = process_checkioperm(p, tr)) != 0) 624 return (error); 625 626 fpregs = malloc(sizeof(*fpregs), M_TEMP, M_WAITOK); 627 error = process_read_fpregs(t, fpregs); 628 if (error == 0) 629 error = copyout(fpregs, 630 SCARG(uap, addr), sizeof(*fpregs)); 631 free(fpregs, M_TEMP, sizeof(*fpregs)); 632 return (error); 633 #endif 634 #ifdef PT_SETXMMREGS 635 case PT_SETXMMREGS: 636 KASSERT((p->p_flag & P_SYSTEM) == 0); 637 if ((error = process_checkioperm(p, tr)) != 0) 638 return (error); 639 640 xmmregs = malloc(sizeof(*xmmregs), M_TEMP, M_WAITOK); 641 error = copyin(SCARG(uap, addr), xmmregs, sizeof(*xmmregs)); 642 if (error == 0) { 643 error = process_write_xmmregs(t, xmmregs); 644 } 645 free(xmmregs, M_TEMP, sizeof(*xmmregs)); 646 return (error); 647 #endif 648 #ifdef PT_GETXMMREGS 649 case PT_GETXMMREGS: 650 KASSERT((p->p_flag & P_SYSTEM) == 0); 651 if ((error = process_checkioperm(p, tr)) != 0) 652 return (error); 653 654 xmmregs = malloc(sizeof(*xmmregs), M_TEMP, M_WAITOK); 655 error = process_read_xmmregs(t, xmmregs); 656 if (error == 0) 657 error = copyout(xmmregs, 658 SCARG(uap, addr), sizeof(*xmmregs)); 659 free(xmmregs, M_TEMP, sizeof(*xmmregs)); 660 return (error); 661 #endif 662 #ifdef PT_WCOOKIE 663 case PT_WCOOKIE: 664 wcookie = process_get_wcookie (t); 665 return (copyout(&wcookie, SCARG(uap, addr), 666 sizeof (register_t))); 667 #endif 668 } 669 670 #ifdef DIAGNOSTIC 671 panic("ptrace: impossible"); 672 #endif 673 return 0; 674 } 675 #endif /* PTRACE */ 676 677 /* 678 * Check if a process is allowed to fiddle with the memory of another. 679 * 680 * p = tracer 681 * tr = tracee 682 * 683 * 1. You can't attach to a process not owned by you or one that has raised 684 * its privileges. 685 * 1a. ...unless you are root. 686 * 687 * 2. init is always off-limits because it can control the securelevel. 688 * 2a. ...unless securelevel is permanently set to insecure. 689 * 690 * 3. Processes that are in the process of doing an exec() are always 691 * off-limits because of the can of worms they are. Just wait a 692 * second. 693 */ 694 int 695 process_checkioperm(struct proc *p, struct process *tr) 696 { 697 int error; 698 699 if ((tr->ps_ucred->cr_ruid != p->p_ucred->cr_ruid || 700 ISSET(tr->ps_flags, PS_SUGIDEXEC | PS_SUGID)) && 701 (error = suser(p, 0)) != 0) 702 return (error); 703 704 if ((tr->ps_pid == 1) && (securelevel > -1)) 705 return (EPERM); 706 707 if (tr->ps_flags & PS_INEXEC) 708 return (EAGAIN); 709 710 return (0); 711 } 712 713 int 714 process_domem(struct proc *curp, struct proc *p, struct uio *uio, int req) 715 { 716 struct vmspace *vm; 717 int error; 718 vaddr_t addr; 719 vsize_t len; 720 721 len = uio->uio_resid; 722 if (len == 0) 723 return (0); 724 725 if ((error = process_checkioperm(curp, p->p_p)) != 0) 726 return (error); 727 728 /* XXXCDC: how should locking work here? */ 729 if ((p->p_p->ps_flags & PS_EXITING) || (p->p_vmspace->vm_refcnt < 1)) 730 return(EFAULT); 731 addr = uio->uio_offset; 732 733 vm = p->p_vmspace; 734 vm->vm_refcnt++; 735 736 error = uvm_io(&vm->vm_map, uio, 737 (uio->uio_rw == UIO_WRITE) ? UVM_IO_FIXPROT : 0); 738 739 uvmspace_free(vm); 740 741 if (error == 0 && req == PT_WRITE_I) 742 pmap_proc_iflush(p, addr, len); 743 744 return (error); 745 } 746 747 #ifdef PTRACE 748 int 749 process_auxv_offset(struct proc *curp, struct proc *p, struct uio *uiop) 750 { 751 struct process *pr = p->p_p; 752 struct ps_strings pss; 753 struct iovec iov; 754 struct uio uio; 755 int error; 756 757 iov.iov_base = &pss; 758 iov.iov_len = sizeof(pss); 759 uio.uio_iov = &iov; 760 uio.uio_iovcnt = 1; 761 uio.uio_offset = (off_t)pr->ps_strings; 762 uio.uio_resid = sizeof(pss); 763 uio.uio_segflg = UIO_SYSSPACE; 764 uio.uio_rw = UIO_READ; 765 uio.uio_procp = curp; 766 767 if ((error = uvm_io(&p->p_vmspace->vm_map, &uio, 0)) != 0) 768 return (error); 769 770 if (pss.ps_envstr == NULL) 771 return (EIO); 772 773 uiop->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + pss.ps_nenvstr + 1); 774 #ifdef MACHINE_STACK_GROWS_UP 775 if (uiop->uio_offset < (off_t)pr->ps_strings) 776 return (EIO); 777 #else 778 if (uiop->uio_offset > (off_t)pr->ps_strings) 779 return (EIO); 780 if ((uiop->uio_offset + uiop->uio_resid) > (off_t)pr->ps_strings) 781 uiop->uio_resid = (off_t)pr->ps_strings - uiop->uio_offset; 782 #endif 783 784 return (0); 785 } 786 #endif 787