1 /* $OpenBSD: sys_process.c,v 1.100 2024/10/01 08:28:34 claudio Exp $ */ 2 /* $NetBSD: sys_process.c,v 1.55 1996/05/15 06:17:47 tls Exp $ */ 3 4 /*- 5 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 6 * Copyright (c) 1982, 1986, 1989, 1993 7 * The Regents of the University of California. All rights reserved. 8 * (c) UNIX System Laboratories, Inc. 9 * All or some portions of this file are derived from material licensed 10 * to the University of California by American Telephone and Telegraph 11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 12 * the permission of UNIX System Laboratories, Inc. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 39 */ 40 41 /* 42 * References: 43 * (1) Bach's "The Design of the UNIX Operating System", 44 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 45 * (3) the "4.4BSD Programmer's Reference Manual" published 46 * by USENIX and O'Reilly & Associates. 47 * The 4.4BSD PRM does a reasonably good job of documenting what the various 48 * ptrace() requests should actually do, and its text is quoted several times 49 * in this file. 50 */ 51 52 #include <sys/param.h> 53 #include <sys/systm.h> 54 #include <sys/exec.h> 55 #include <sys/proc.h> 56 #include <sys/signalvar.h> 57 #include <sys/errno.h> 58 #include <sys/malloc.h> 59 #include <sys/ptrace.h> 60 #include <sys/uio.h> 61 #include <sys/sched.h> 62 #include <sys/exec_elf.h> 63 64 #include <sys/mount.h> 65 #include <sys/syscallargs.h> 66 67 #include <uvm/uvm_extern.h> 68 69 #include <machine/reg.h> 70 71 #ifdef PTRACE 72 73 static inline int process_checktracestate(struct process *_curpr, 74 struct process *_tr, struct proc *_t); 75 static inline struct process *process_tprfind(pid_t _tpid, struct proc **_tp); 76 77 int ptrace_ctrl(struct proc *, int, pid_t, caddr_t, int); 78 int ptrace_ustate(struct proc *, int, pid_t, void *, int, register_t *); 79 int ptrace_kstate(struct proc *, int, pid_t, void *); 80 81 int global_ptrace; /* permit tracing of not children */ 82 83 84 /* 85 * Process debugging system call. 86 */ 87 int 88 sys_ptrace(struct proc *p, void *v, register_t *retval) 89 { 90 struct sys_ptrace_args /* { 91 syscallarg(int) req; 92 syscallarg(pid_t) pid; 93 syscallarg(caddr_t) addr; 94 syscallarg(int) data; 95 } */ *uap = v; 96 int req = SCARG(uap, req); 97 pid_t pid = SCARG(uap, pid); 98 caddr_t uaddr = SCARG(uap, addr); /* userspace */ 99 void *kaddr = NULL; /* kernelspace */ 100 int data = SCARG(uap, data); 101 union { 102 struct ptrace_thread_state u_pts; 103 struct ptrace_io_desc u_piod; 104 struct ptrace_event u_pe; 105 struct ptrace_state u_ps; 106 register_t u_wcookie; 107 register_t u_pacmask[2]; 108 } u; 109 int size = 0; 110 enum { NONE, IN, IN_ALLOC, OUT, OUT_ALLOC, IN_OUT } mode; 111 int kstate = 0; 112 int error; 113 114 *retval = 0; 115 116 /* Figure out what sort of copyin/out operations we'll do */ 117 switch (req) { 118 case PT_TRACE_ME: 119 case PT_CONTINUE: 120 case PT_KILL: 121 case PT_ATTACH: 122 case PT_DETACH: 123 #ifdef PT_STEP 124 case PT_STEP: 125 #endif 126 /* control operations do no copyin/out; dispatch directly */ 127 return ptrace_ctrl(p, req, pid, uaddr, data); 128 129 case PT_READ_I: 130 case PT_READ_D: 131 case PT_WRITE_I: 132 case PT_WRITE_D: 133 mode = NONE; 134 break; 135 case PT_IO: 136 mode = IN_OUT; 137 size = sizeof u.u_piod; 138 data = size; /* suppress the data == size check */ 139 break; 140 case PT_GET_THREAD_FIRST: 141 mode = OUT; 142 size = sizeof u.u_pts; 143 kstate = 1; 144 break; 145 case PT_GET_THREAD_NEXT: 146 mode = IN_OUT; 147 size = sizeof u.u_pts; 148 kstate = 1; 149 break; 150 case PT_GET_EVENT_MASK: 151 mode = OUT; 152 size = sizeof u.u_pe; 153 kstate = 1; 154 break; 155 case PT_SET_EVENT_MASK: 156 mode = IN; 157 size = sizeof u.u_pe; 158 kstate = 1; 159 break; 160 case PT_GET_PROCESS_STATE: 161 mode = OUT; 162 size = sizeof u.u_ps; 163 kstate = 1; 164 break; 165 case PT_GETREGS: 166 mode = OUT_ALLOC; 167 size = sizeof(struct reg); 168 break; 169 case PT_SETREGS: 170 mode = IN_ALLOC; 171 size = sizeof(struct reg); 172 break; 173 #ifdef PT_GETFPREGS 174 case PT_GETFPREGS: 175 mode = OUT_ALLOC; 176 size = sizeof(struct fpreg); 177 break; 178 #endif 179 #ifdef PT_SETFPREGS 180 case PT_SETFPREGS: 181 mode = IN_ALLOC; 182 size = sizeof(struct fpreg); 183 break; 184 #endif 185 #ifdef PT_GETXMMREGS 186 case PT_GETXMMREGS: 187 mode = OUT_ALLOC; 188 size = sizeof(struct xmmregs); 189 break; 190 #endif 191 #ifdef PT_SETXMMREGS 192 case PT_SETXMMREGS: 193 mode = IN_ALLOC; 194 size = sizeof(struct xmmregs); 195 break; 196 #endif 197 #ifdef PT_WCOOKIE 198 case PT_WCOOKIE: 199 mode = OUT; 200 size = sizeof u.u_wcookie; 201 data = size; /* suppress the data == size check */ 202 break; 203 #endif 204 #ifdef PT_PACMASK 205 case PT_PACMASK: 206 mode = OUT; 207 size = sizeof u.u_pacmask; 208 break; 209 #endif 210 default: 211 return EINVAL; 212 } 213 214 215 /* Now do any copyin()s and allocations in a consistent manner */ 216 switch (mode) { 217 case NONE: 218 kaddr = uaddr; 219 break; 220 case IN: 221 case IN_OUT: 222 case OUT: 223 KASSERT(size <= sizeof u); 224 if (data != size) 225 return EINVAL; 226 if (mode == OUT) 227 memset(&u, 0, size); 228 else { /* IN or IN_OUT */ 229 if ((error = copyin(uaddr, &u, size))) 230 return error; 231 } 232 kaddr = &u; 233 break; 234 case IN_ALLOC: 235 kaddr = malloc(size, M_TEMP, M_WAITOK); 236 if ((error = copyin(uaddr, kaddr, size))) { 237 free(kaddr, M_TEMP, size); 238 return error; 239 } 240 break; 241 case OUT_ALLOC: 242 kaddr = malloc(size, M_TEMP, M_WAITOK | M_ZERO); 243 break; 244 } 245 246 if (kstate) 247 error = ptrace_kstate(p, req, pid, kaddr); 248 else 249 error = ptrace_ustate(p, req, pid, kaddr, data, retval); 250 251 /* Do any copyout()s and frees */ 252 if (error == 0) { 253 switch (mode) { 254 case NONE: 255 case IN: 256 case IN_ALLOC: 257 break; 258 case IN_OUT: 259 case OUT: 260 error = copyout(&u, uaddr, size); 261 if (req == PT_IO) { 262 /* historically, errors here are ignored */ 263 error = 0; 264 } 265 break; 266 case OUT_ALLOC: 267 error = copyout(kaddr, uaddr, size); 268 break; 269 } 270 } 271 272 if (mode == IN_ALLOC || mode == OUT_ALLOC) 273 free(kaddr, M_TEMP, size); 274 return error; 275 } 276 277 /* 278 * ptrace control requests: attach, detach, continue, kill, single-step, etc 279 */ 280 int 281 ptrace_ctrl(struct proc *p, int req, pid_t pid, caddr_t addr, int data) 282 { 283 struct proc *t; /* target thread */ 284 struct process *tr; /* target process */ 285 int error = 0; 286 287 switch (req) { 288 case PT_TRACE_ME: 289 /* Just set the trace flag. */ 290 tr = p->p_p; 291 if (ISSET(tr->ps_flags, PS_TRACED)) 292 return EBUSY; 293 atomic_setbits_int(&tr->ps_flags, PS_TRACED); 294 tr->ps_oppid = tr->ps_ppid; 295 if (tr->ps_ptstat == NULL) 296 tr->ps_ptstat = malloc(sizeof(*tr->ps_ptstat), 297 M_SUBPROC, M_WAITOK); 298 memset(tr->ps_ptstat, 0, sizeof(*tr->ps_ptstat)); 299 return 0; 300 301 /* calls that only operate on the PID */ 302 case PT_KILL: 303 case PT_ATTACH: 304 case PT_DETACH: 305 /* Find the process we're supposed to be operating on. */ 306 if ((tr = prfind(pid)) == NULL) { 307 error = ESRCH; 308 goto fail; 309 } 310 t = TAILQ_FIRST(&tr->ps_threads); 311 break; 312 313 /* calls that accept a PID or a thread ID */ 314 case PT_CONTINUE: 315 #ifdef PT_STEP 316 case PT_STEP: 317 #endif 318 if ((tr = process_tprfind(pid, &t)) == NULL) { 319 error = ESRCH; 320 goto fail; 321 } 322 break; 323 } 324 325 /* Check permissions/state */ 326 if (req != PT_ATTACH) { 327 /* Check that the data is a valid signal number or zero. */ 328 if (req != PT_KILL && (data < 0 || data >= NSIG)) { 329 error = EINVAL; 330 goto fail; 331 } 332 333 /* Most operations require the target to already be traced */ 334 if ((error = process_checktracestate(p->p_p, tr, t))) 335 goto fail; 336 337 /* Do single-step fixup if needed. */ 338 FIX_SSTEP(t); 339 } else { 340 /* 341 * PT_ATTACH is the opposite; you can't attach to a process if: 342 * (1) it's the process that's doing the attaching, 343 */ 344 if (tr == p->p_p) { 345 error = EINVAL; 346 goto fail; 347 } 348 349 /* 350 * (2) it's a system process 351 */ 352 if (ISSET(tr->ps_flags, PS_SYSTEM)) { 353 error = EPERM; 354 goto fail; 355 } 356 357 /* 358 * (3) it's already being traced, or 359 */ 360 if (ISSET(tr->ps_flags, PS_TRACED)) { 361 error = EBUSY; 362 goto fail; 363 } 364 365 /* 366 * (4) it's in the middle of execve(2) 367 */ 368 if (ISSET(tr->ps_flags, PS_INEXEC)) { 369 error = EAGAIN; 370 goto fail; 371 } 372 373 /* 374 * (5) it's not owned by you, or the last exec 375 * gave us setuid/setgid privs (unless 376 * you're root), or... 377 * 378 * [Note: once PS_SUGID or PS_SUGIDEXEC gets set in 379 * execve(), they stay set until the process does 380 * another execve(). Hence this prevents a setuid 381 * process which revokes its special privileges using 382 * setuid() from being traced. This is good security.] 383 */ 384 if ((tr->ps_ucred->cr_ruid != p->p_ucred->cr_ruid || 385 ISSET(tr->ps_flags, PS_SUGIDEXEC | PS_SUGID)) && 386 (error = suser(p)) != 0) 387 goto fail; 388 389 /* 390 * (5.5) it's not a child of the tracing process. 391 */ 392 if (global_ptrace == 0 && !inferior(tr, p->p_p) && 393 (error = suser(p)) != 0) 394 goto fail; 395 396 /* 397 * (6) ...it's init, which controls the security level 398 * of the entire system, and the system was not 399 * compiled with permanently insecure mode turned 400 * on. 401 */ 402 if ((tr->ps_pid == 1) && (securelevel > -1)) { 403 error = EPERM; 404 goto fail; 405 } 406 407 /* 408 * (7) it's an ancestor of the current process and 409 * not init (because that would create a loop in 410 * the process graph). 411 */ 412 if (tr->ps_pid != 1 && inferior(p->p_p, tr)) { 413 error = EINVAL; 414 goto fail; 415 } 416 } 417 418 switch (req) { 419 420 #ifdef PT_STEP 421 case PT_STEP: 422 /* 423 * From the 4.4BSD PRM: 424 * "Execution continues as in request PT_CONTINUE; however 425 * as soon as possible after execution of at least one 426 * instruction, execution stops again. [ ... ]" 427 */ 428 #endif 429 case PT_CONTINUE: 430 /* 431 * From the 4.4BSD PRM: 432 * "The data argument is taken as a signal number and the 433 * child's execution continues at location addr as if it 434 * incurred that signal. Normally the signal number will 435 * be either 0 to indicate that the signal that caused the 436 * stop should be ignored, or that value fetched out of 437 * the process's image indicating which signal caused 438 * the stop. If addr is (int *)1 then execution continues 439 * from where it stopped." 440 */ 441 442 if (pid < THREAD_PID_OFFSET && tr->ps_single) 443 t = tr->ps_single; 444 else if (t == tr->ps_single) 445 atomic_setbits_int(&t->p_flag, P_TRACESINGLE); 446 else { 447 error = EINVAL; 448 goto fail; 449 } 450 451 452 /* If the address parameter is not (int *)1, set the pc. */ 453 if ((int *)addr != (int *)1) 454 if ((error = process_set_pc(t, addr)) != 0) 455 goto fail; 456 457 #ifdef PT_STEP 458 /* 459 * Arrange for a single-step, if that's requested and possible. 460 */ 461 error = process_sstep(t, req == PT_STEP); 462 if (error) 463 goto fail; 464 #endif 465 goto sendsig; 466 467 case PT_DETACH: 468 /* 469 * From the 4.4BSD PRM: 470 * "The data argument is taken as a signal number and the 471 * child's execution continues at location addr as if it 472 * incurred that signal. Normally the signal number will 473 * be either 0 to indicate that the signal that caused the 474 * stop should be ignored, or that value fetched out of 475 * the process's image indicating which signal caused 476 * the stop. If addr is (int *)1 then execution continues 477 * from where it stopped." 478 */ 479 480 if (pid < THREAD_PID_OFFSET && tr->ps_single) 481 t = tr->ps_single; 482 483 #ifdef PT_STEP 484 /* 485 * Stop single stepping. 486 */ 487 error = process_sstep(t, 0); 488 if (error) 489 goto fail; 490 #endif 491 492 process_untrace(tr); 493 atomic_clearbits_int(&tr->ps_flags, PS_WAITED); 494 495 sendsig: 496 memset(tr->ps_ptstat, 0, sizeof(*tr->ps_ptstat)); 497 498 /* Finally, deliver the requested signal (or none). */ 499 if (t->p_stat == SSTOP) { 500 tr->ps_xsig = data; 501 SCHED_LOCK(); 502 unsleep(t); 503 setrunnable(t); 504 SCHED_UNLOCK(); 505 } else { 506 if (data != 0) 507 psignal(t, data); 508 } 509 break; 510 511 case PT_KILL: 512 if (pid < THREAD_PID_OFFSET && tr->ps_single) 513 t = tr->ps_single; 514 515 /* just send the process a KILL signal. */ 516 data = SIGKILL; 517 goto sendsig; /* in PT_CONTINUE, above. */ 518 519 case PT_ATTACH: 520 /* 521 * As was done in procfs: 522 * Go ahead and set the trace flag. 523 * Save the old parent (it's reset in 524 * _DETACH, and also in kern_exit.c:wait4() 525 * Reparent the process so that the tracing 526 * proc gets to see all the action. 527 * Stop the target. 528 */ 529 atomic_setbits_int(&tr->ps_flags, PS_TRACED); 530 tr->ps_oppid = tr->ps_ppid; 531 process_reparent(tr, p->p_p); 532 if (tr->ps_ptstat == NULL) 533 tr->ps_ptstat = malloc(sizeof(*tr->ps_ptstat), 534 M_SUBPROC, M_WAITOK); 535 data = SIGSTOP; 536 goto sendsig; 537 default: 538 KASSERTMSG(0, "%s: unhandled request %d", __func__, req); 539 break; 540 } 541 542 fail: 543 return error; 544 } 545 546 /* 547 * ptrace kernel-state requests: thread list, event mask, process state 548 */ 549 int 550 ptrace_kstate(struct proc *p, int req, pid_t pid, void *addr) 551 { 552 struct process *tr; /* target process */ 553 struct ptrace_event *pe = addr; 554 int error; 555 556 KASSERT((p->p_flag & P_SYSTEM) == 0); 557 558 /* Find the process we're supposed to be operating on. */ 559 if ((tr = prfind(pid)) == NULL) 560 return ESRCH; 561 562 if ((error = process_checktracestate(p->p_p, tr, NULL))) 563 return error; 564 565 switch (req) { 566 case PT_GET_THREAD_FIRST: 567 case PT_GET_THREAD_NEXT: 568 { 569 struct ptrace_thread_state *pts = addr; 570 struct proc *t; 571 572 if (req == PT_GET_THREAD_NEXT) { 573 t = tfind_user(pts->pts_tid, tr); 574 if (t == NULL || ISSET(t->p_flag, P_WEXIT)) 575 return ESRCH; 576 t = TAILQ_NEXT(t, p_thr_link); 577 } else { 578 t = TAILQ_FIRST(&tr->ps_threads); 579 } 580 581 if (t == NULL) 582 pts->pts_tid = -1; 583 else 584 pts->pts_tid = t->p_tid + THREAD_PID_OFFSET; 585 return 0; 586 } 587 } 588 589 switch (req) { 590 case PT_GET_EVENT_MASK: 591 pe->pe_set_event = tr->ps_ptmask; 592 break; 593 case PT_SET_EVENT_MASK: 594 tr->ps_ptmask = pe->pe_set_event; 595 break; 596 case PT_GET_PROCESS_STATE: 597 if (tr->ps_single) 598 tr->ps_ptstat->pe_tid = 599 tr->ps_single->p_tid + THREAD_PID_OFFSET; 600 memcpy(addr, tr->ps_ptstat, sizeof *tr->ps_ptstat); 601 break; 602 default: 603 KASSERTMSG(0, "%s: unhandled request %d", __func__, req); 604 break; 605 } 606 607 return 0; 608 } 609 610 /* 611 * ptrace user-state requests: memory access, registers, stack cookie 612 */ 613 int 614 ptrace_ustate(struct proc *p, int req, pid_t pid, void *addr, int data, 615 register_t *retval) 616 { 617 struct proc *t; /* target thread */ 618 struct process *tr; /* target process */ 619 struct uio uio; 620 struct iovec iov; 621 int error, write; 622 int temp = 0; 623 624 KASSERT((p->p_flag & P_SYSTEM) == 0); 625 626 /* Accept either PID or TID */ 627 if ((tr = process_tprfind(pid, &t)) == NULL) 628 return ESRCH; 629 630 if ((error = process_checktracestate(p->p_p, tr, t))) 631 return error; 632 633 FIX_SSTEP(t); 634 635 /* Now do the operation. */ 636 write = 0; 637 638 if ((error = process_checkioperm(p, tr)) != 0) 639 return error; 640 641 switch (req) { 642 case PT_WRITE_I: /* XXX no separate I and D spaces */ 643 case PT_WRITE_D: 644 write = 1; 645 temp = data; 646 case PT_READ_I: /* XXX no separate I and D spaces */ 647 case PT_READ_D: 648 /* write = 0 done above. */ 649 iov.iov_base = (caddr_t)&temp; 650 iov.iov_len = sizeof(int); 651 uio.uio_iov = &iov; 652 uio.uio_iovcnt = 1; 653 uio.uio_offset = (off_t)(vaddr_t)addr; 654 uio.uio_resid = sizeof(int); 655 uio.uio_segflg = UIO_SYSSPACE; 656 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 657 uio.uio_procp = p; 658 error = process_domem(p, tr, &uio, write ? PT_WRITE_I : 659 PT_READ_I); 660 if (write == 0) 661 *retval = temp; 662 return error; 663 664 case PT_IO: 665 { 666 struct ptrace_io_desc *piod = addr; 667 668 iov.iov_base = piod->piod_addr; 669 iov.iov_len = piod->piod_len; 670 uio.uio_iov = &iov; 671 uio.uio_iovcnt = 1; 672 uio.uio_offset = (off_t)(vaddr_t)piod->piod_offs; 673 uio.uio_resid = piod->piod_len; 674 uio.uio_segflg = UIO_USERSPACE; 675 uio.uio_procp = p; 676 switch (piod->piod_op) { 677 case PIOD_READ_I: 678 req = PT_READ_I; 679 uio.uio_rw = UIO_READ; 680 break; 681 case PIOD_READ_D: 682 req = PT_READ_D; 683 uio.uio_rw = UIO_READ; 684 break; 685 case PIOD_WRITE_I: 686 req = PT_WRITE_I; 687 uio.uio_rw = UIO_WRITE; 688 break; 689 case PIOD_WRITE_D: 690 req = PT_WRITE_D; 691 uio.uio_rw = UIO_WRITE; 692 break; 693 case PIOD_READ_AUXV: 694 req = PT_READ_D; 695 uio.uio_rw = UIO_READ; 696 temp = ELF_AUX_WORDS * sizeof(char *); 697 if (uio.uio_offset > temp) 698 return EIO; 699 if (uio.uio_resid > temp - uio.uio_offset) 700 uio.uio_resid = temp - uio.uio_offset; 701 piod->piod_len = iov.iov_len = uio.uio_resid; 702 uio.uio_offset += tr->ps_auxinfo; 703 #ifdef MACHINE_STACK_GROWS_UP 704 if (uio.uio_offset < (off_t)tr->ps_strings) 705 return EIO; 706 #else 707 if (uio.uio_offset > (off_t)tr->ps_strings) 708 return EIO; 709 if ((uio.uio_offset + uio.uio_resid) > 710 (off_t)tr->ps_strings) 711 uio.uio_resid = (off_t)tr->ps_strings - 712 uio.uio_offset; 713 #endif 714 break; 715 default: 716 return EINVAL; 717 } 718 error = process_domem(p, tr, &uio, req); 719 piod->piod_len -= uio.uio_resid; 720 return error; 721 } 722 723 case PT_SETREGS: 724 return process_write_regs(t, addr); 725 case PT_GETREGS: 726 return process_read_regs(t, addr); 727 728 #ifdef PT_SETFPREGS 729 case PT_SETFPREGS: 730 return process_write_fpregs(t, addr); 731 #endif 732 #ifdef PT_SETFPREGS 733 case PT_GETFPREGS: 734 return process_read_fpregs(t, addr); 735 #endif 736 #ifdef PT_SETXMMREGS 737 case PT_SETXMMREGS: 738 return process_write_xmmregs(t, addr); 739 #endif 740 #ifdef PT_SETXMMREGS 741 case PT_GETXMMREGS: 742 return process_read_xmmregs(t, addr); 743 #endif 744 #ifdef PT_WCOOKIE 745 case PT_WCOOKIE: 746 *(register_t *)addr = process_get_wcookie(t); 747 return 0; 748 #endif 749 #ifdef PT_PACMASK 750 case PT_PACMASK: 751 ((register_t *)addr)[0] = process_get_pacmask(t); 752 ((register_t *)addr)[1] = process_get_pacmask(t); 753 return 0; 754 #endif 755 default: 756 KASSERTMSG(0, "%s: unhandled request %d", __func__, req); 757 break; 758 } 759 760 return 0; 761 } 762 763 764 /* 765 * Helper for doing "it could be a PID or TID" lookup. On failure 766 * returns NULL; on success returns the selected process and sets *tp 767 * to an appropriate thread in that process. 768 */ 769 static inline struct process * 770 process_tprfind(pid_t tpid, struct proc **tp) 771 { 772 if (tpid > THREAD_PID_OFFSET) { 773 struct proc *t = tfind(tpid - THREAD_PID_OFFSET); 774 775 if (t == NULL) 776 return NULL; 777 *tp = t; 778 return t->p_p; 779 } else { 780 struct process *tr = prfind(tpid); 781 782 if (tr == NULL) 783 return NULL; 784 *tp = TAILQ_FIRST(&tr->ps_threads); 785 return tr; 786 } 787 } 788 789 790 /* 791 * Check whether 'tr' is currently traced by 'curpr' and in a state 792 * to be manipulated. If 't' is supplied then it must be stopped and 793 * waited for. 794 */ 795 static inline int 796 process_checktracestate(struct process *curpr, struct process *tr, 797 struct proc *t) 798 { 799 /* 800 * You can't do what you want to the process if: 801 * (1) It's not being traced at all, 802 */ 803 if (!ISSET(tr->ps_flags, PS_TRACED)) 804 return EPERM; 805 806 /* 807 * (2) it's not being traced by _you_, or 808 */ 809 if (tr->ps_pptr != curpr) 810 return EBUSY; 811 812 /* 813 * (3) it's in the middle of execve(2) 814 */ 815 if (ISSET(tr->ps_flags, PS_INEXEC)) 816 return EAGAIN; 817 818 /* 819 * (4) if a thread was specified and it's not currently stopped. 820 */ 821 if (t != NULL && 822 (t->p_stat != SSTOP || !ISSET(tr->ps_flags, PS_WAITED))) 823 return EBUSY; 824 825 return 0; 826 } 827 828 #endif /* PTRACE */ 829 830 /* 831 * Check if a process is allowed to fiddle with the memory of another. 832 * 833 * p = tracer 834 * tr = tracee 835 * 836 * 1. You can't attach to a process not owned by you or one that has raised 837 * its privileges. 838 * 1a. ...unless you are root. 839 * 840 * 2. init is always off-limits because it can control the securelevel. 841 * 2a. ...unless securelevel is permanently set to insecure. 842 * 843 * 3. Processes that are in the process of doing an exec() are always 844 * off-limits because of the can of worms they are. Just wait a 845 * second. 846 */ 847 int 848 process_checkioperm(struct proc *p, struct process *tr) 849 { 850 int error; 851 852 if ((tr->ps_ucred->cr_ruid != p->p_ucred->cr_ruid || 853 ISSET(tr->ps_flags, PS_SUGIDEXEC | PS_SUGID)) && 854 (error = suser(p)) != 0) 855 return (error); 856 857 if ((tr->ps_pid == 1) && (securelevel > -1)) 858 return (EPERM); 859 860 if (ISSET(tr->ps_flags, PS_INEXEC)) 861 return (EAGAIN); 862 863 return (0); 864 } 865 866 int 867 process_domem(struct proc *curp, struct process *tr, struct uio *uio, int req) 868 { 869 struct vmspace *vm; 870 int error; 871 vaddr_t addr; 872 vsize_t len; 873 874 len = uio->uio_resid; 875 if (len == 0) 876 return 0; 877 878 if ((error = process_checkioperm(curp, tr)) != 0) 879 return error; 880 881 vm = tr->ps_vmspace; 882 if ((tr->ps_flags & PS_EXITING) || (vm->vm_refcnt < 1)) 883 return EFAULT; 884 addr = uio->uio_offset; 885 886 uvmspace_addref(vm); 887 888 error = uvm_io(&vm->vm_map, uio, UVM_IO_FIXPROT); 889 890 uvmspace_free(vm); 891 892 if (error == 0 && req == PT_WRITE_I) 893 pmap_proc_iflush(tr, addr, len); 894 895 return error; 896 } 897