1 /* $OpenBSD: sys_process.c,v 1.74 2016/11/07 00:26:33 guenther Exp $ */ 2 /* $NetBSD: sys_process.c,v 1.55 1996/05/15 06:17:47 tls Exp $ */ 3 4 /*- 5 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 6 * Copyright (c) 1982, 1986, 1989, 1993 7 * The Regents of the University of California. All rights reserved. 8 * (c) UNIX System Laboratories, Inc. 9 * All or some portions of this file are derived from material licensed 10 * to the University of California by American Telephone and Telegraph 11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 12 * the permission of UNIX System Laboratories, Inc. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 39 */ 40 41 /* 42 * References: 43 * (1) Bach's "The Design of the UNIX Operating System", 44 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 45 * (3) the "4.4BSD Programmer's Reference Manual" published 46 * by USENIX and O'Reilly & Associates. 47 * The 4.4BSD PRM does a reasonably good job of documenting what the various 48 * ptrace() requests should actually do, and its text is quoted several times 49 * in this file. 50 */ 51 52 #include <sys/param.h> 53 #include <sys/systm.h> 54 #include <sys/exec.h> 55 #include <sys/proc.h> 56 #include <sys/signalvar.h> 57 #include <sys/errno.h> 58 #include <sys/malloc.h> 59 #include <sys/ptrace.h> 60 #include <sys/uio.h> 61 #include <sys/sched.h> 62 63 #include <sys/mount.h> 64 #include <sys/syscallargs.h> 65 66 #include <uvm/uvm_extern.h> 67 68 #include <machine/reg.h> 69 70 int process_auxv_offset(struct proc *, struct process *, struct uio *); 71 72 #ifdef PTRACE 73 int global_ptrace; /* permit tracing of not children */ 74 /* 75 * Process debugging system call. 76 */ 77 int 78 sys_ptrace(struct proc *p, void *v, register_t *retval) 79 { 80 struct sys_ptrace_args /* { 81 syscallarg(int) req; 82 syscallarg(pid_t) pid; 83 syscallarg(caddr_t) addr; 84 syscallarg(int) data; 85 } */ *uap = v; 86 struct proc *t; /* target thread */ 87 struct process *tr; /* target process */ 88 struct uio uio; 89 struct iovec iov; 90 struct ptrace_io_desc piod; 91 struct ptrace_event pe; 92 struct ptrace_thread_state pts; 93 struct reg *regs; 94 #if defined (PT_SETFPREGS) || defined (PT_GETFPREGS) 95 struct fpreg *fpregs; 96 #endif 97 #if defined (PT_SETXMMREGS) || defined (PT_GETXMMREGS) 98 struct xmmregs *xmmregs; 99 #endif 100 #ifdef PT_WCOOKIE 101 register_t wcookie; 102 #endif 103 int error, write; 104 int temp; 105 int req = SCARG(uap, req); 106 int s; 107 108 /* "A foolish consistency..." XXX */ 109 switch (req) { 110 case PT_TRACE_ME: 111 t = p; 112 tr = t->p_p; 113 break; 114 115 /* calls that only operate on the PID */ 116 case PT_READ_I: 117 case PT_READ_D: 118 case PT_WRITE_I: 119 case PT_WRITE_D: 120 case PT_KILL: 121 case PT_ATTACH: 122 case PT_IO: 123 case PT_SET_EVENT_MASK: 124 case PT_GET_EVENT_MASK: 125 case PT_GET_PROCESS_STATE: 126 case PT_GET_THREAD_FIRST: 127 case PT_GET_THREAD_NEXT: 128 case PT_DETACH: 129 default: 130 /* Find the process we're supposed to be operating on. */ 131 if ((tr = prfind(SCARG(uap, pid))) == NULL) 132 return (ESRCH); 133 t = tr->ps_mainproc; /* XXX */ 134 break; 135 136 /* calls that accept a PID or a thread ID */ 137 case PT_CONTINUE: 138 #ifdef PT_STEP 139 case PT_STEP: 140 #endif 141 #ifdef PT_WCOOKIE 142 case PT_WCOOKIE: 143 #endif 144 case PT_GETREGS: 145 case PT_SETREGS: 146 #ifdef PT_GETFPREGS 147 case PT_GETFPREGS: 148 #endif 149 #ifdef PT_SETFPREGS 150 case PT_SETFPREGS: 151 #endif 152 #ifdef PT_GETXMMREGS 153 case PT_GETXMMREGS: 154 #endif 155 #ifdef PT_SETXMMREGS 156 case PT_SETXMMREGS: 157 #endif 158 if (SCARG(uap, pid) > THREAD_PID_OFFSET) { 159 t = pfind(SCARG(uap, pid) - THREAD_PID_OFFSET); 160 if (t == NULL) 161 return (ESRCH); 162 tr = t->p_p; 163 } else { 164 if ((tr = prfind(SCARG(uap, pid))) == NULL) 165 return (ESRCH); 166 t = tr->ps_mainproc; /* XXX */ 167 } 168 break; 169 } 170 171 if ((tr->ps_flags & PS_INEXEC) != 0) 172 return (EAGAIN); 173 174 /* Make sure we can operate on it. */ 175 switch (req) { 176 case PT_TRACE_ME: 177 /* Saying that you're being traced is always legal. */ 178 break; 179 180 case PT_ATTACH: 181 /* 182 * You can't attach to a process if: 183 * (1) it's the process that's doing the attaching, 184 */ 185 if (tr == p->p_p) 186 return (EINVAL); 187 188 /* 189 * (2) it's a system process 190 */ 191 if (ISSET(tr->ps_flags, PS_SYSTEM)) 192 return (EPERM); 193 194 /* 195 * (3) it's already being traced, or 196 */ 197 if (ISSET(tr->ps_flags, PS_TRACED)) 198 return (EBUSY); 199 200 /* 201 * (4) it's not owned by you, or the last exec 202 * gave us setuid/setgid privs (unless 203 * you're root), or... 204 * 205 * [Note: once PS_SUGID or PS_SUGIDEXEC gets set in 206 * execve(), they stay set until the process does 207 * another execve(). Hence this prevents a setuid 208 * process which revokes its special privileges using 209 * setuid() from being traced. This is good security.] 210 */ 211 if ((tr->ps_ucred->cr_ruid != p->p_ucred->cr_ruid || 212 ISSET(tr->ps_flags, PS_SUGIDEXEC | PS_SUGID)) && 213 (error = suser(p, 0)) != 0) 214 return (error); 215 216 /* 217 * (4.5) it's not a child of the tracing process. 218 */ 219 if (global_ptrace == 0 && !inferior(tr, p->p_p) && 220 (error = suser(p, 0)) != 0) 221 return (error); 222 223 /* 224 * (5) ...it's init, which controls the security level 225 * of the entire system, and the system was not 226 * compiled with permanently insecure mode turned 227 * on. 228 */ 229 if ((tr->ps_pid == 1) && (securelevel > -1)) 230 return (EPERM); 231 232 /* 233 * (6) it's an ancestor of the current process and 234 * not init (because that would create a loop in 235 * the process graph). 236 */ 237 if (tr->ps_pid != 1 && inferior(p->p_p, tr)) 238 return (EINVAL); 239 break; 240 241 case PT_READ_I: 242 case PT_READ_D: 243 case PT_WRITE_I: 244 case PT_WRITE_D: 245 case PT_IO: 246 case PT_CONTINUE: 247 case PT_KILL: 248 case PT_DETACH: 249 #ifdef PT_STEP 250 case PT_STEP: 251 #endif 252 case PT_SET_EVENT_MASK: 253 case PT_GET_EVENT_MASK: 254 case PT_GET_PROCESS_STATE: 255 case PT_GETREGS: 256 case PT_SETREGS: 257 #ifdef PT_GETFPREGS 258 case PT_GETFPREGS: 259 #endif 260 #ifdef PT_SETFPREGS 261 case PT_SETFPREGS: 262 #endif 263 #ifdef PT_GETXMMREGS 264 case PT_GETXMMREGS: 265 #endif 266 #ifdef PT_SETXMMREGS 267 case PT_SETXMMREGS: 268 #endif 269 #ifdef PT_WCOOKIE 270 case PT_WCOOKIE: 271 #endif 272 /* 273 * You can't do what you want to the process if: 274 * (1) It's not being traced at all, 275 */ 276 if (!ISSET(tr->ps_flags, PS_TRACED)) 277 return (EPERM); 278 279 /* 280 * (2) it's not being traced by _you_, or 281 */ 282 if (tr->ps_pptr != p->p_p) 283 return (EBUSY); 284 285 /* 286 * (3) it's not currently stopped. 287 */ 288 if (t->p_stat != SSTOP || !ISSET(tr->ps_flags, PS_WAITED)) 289 return (EBUSY); 290 break; 291 292 case PT_GET_THREAD_FIRST: 293 case PT_GET_THREAD_NEXT: 294 /* 295 * You can't do what you want to the process if: 296 * (1) It's not being traced at all, 297 */ 298 if (!ISSET(tr->ps_flags, PS_TRACED)) 299 return (EPERM); 300 301 /* 302 * (2) it's not being traced by _you_, or 303 */ 304 if (tr->ps_pptr != p->p_p) 305 return (EBUSY); 306 307 /* 308 * Do the work here because the request isn't actually 309 * associated with 't' 310 */ 311 if (SCARG(uap, data) != sizeof(pts)) 312 return (EINVAL); 313 314 if (req == PT_GET_THREAD_NEXT) { 315 error = copyin(SCARG(uap, addr), &pts, sizeof(pts)); 316 if (error) 317 return (error); 318 319 t = pfind(pts.pts_tid - THREAD_PID_OFFSET); 320 if (t == NULL || ISSET(t->p_flag, P_WEXIT)) 321 return (ESRCH); 322 if (t->p_p != tr) 323 return (EINVAL); 324 t = TAILQ_NEXT(t, p_thr_link); 325 } else { 326 t = TAILQ_FIRST(&tr->ps_threads); 327 } 328 329 if (t == NULL) 330 pts.pts_tid = -1; 331 else 332 pts.pts_tid = t->p_tid + THREAD_PID_OFFSET; 333 return (copyout(&pts, SCARG(uap, addr), sizeof(pts))); 334 335 default: /* It was not a legal request. */ 336 return (EINVAL); 337 } 338 339 /* Do single-step fixup if needed. */ 340 FIX_SSTEP(t); 341 342 /* Now do the operation. */ 343 write = 0; 344 *retval = 0; 345 346 switch (req) { 347 case PT_TRACE_ME: 348 /* Just set the trace flag. */ 349 atomic_setbits_int(&tr->ps_flags, PS_TRACED); 350 tr->ps_oppid = tr->ps_pptr->ps_pid; 351 if (tr->ps_ptstat == NULL) 352 tr->ps_ptstat = malloc(sizeof(*tr->ps_ptstat), 353 M_SUBPROC, M_WAITOK); 354 memset(tr->ps_ptstat, 0, sizeof(*tr->ps_ptstat)); 355 return (0); 356 357 case PT_WRITE_I: /* XXX no separate I and D spaces */ 358 case PT_WRITE_D: 359 write = 1; 360 temp = SCARG(uap, data); 361 case PT_READ_I: /* XXX no separate I and D spaces */ 362 case PT_READ_D: 363 /* write = 0 done above. */ 364 iov.iov_base = (caddr_t)&temp; 365 iov.iov_len = sizeof(int); 366 uio.uio_iov = &iov; 367 uio.uio_iovcnt = 1; 368 uio.uio_offset = (off_t)(vaddr_t)SCARG(uap, addr); 369 uio.uio_resid = sizeof(int); 370 uio.uio_segflg = UIO_SYSSPACE; 371 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 372 uio.uio_procp = p; 373 error = process_domem(p, tr, &uio, write ? PT_WRITE_I : 374 PT_READ_I); 375 if (write == 0) 376 *retval = temp; 377 return (error); 378 case PT_IO: 379 error = copyin(SCARG(uap, addr), &piod, sizeof(piod)); 380 if (error) 381 return (error); 382 iov.iov_base = piod.piod_addr; 383 iov.iov_len = piod.piod_len; 384 uio.uio_iov = &iov; 385 uio.uio_iovcnt = 1; 386 uio.uio_offset = (off_t)(vaddr_t)piod.piod_offs; 387 uio.uio_resid = piod.piod_len; 388 uio.uio_segflg = UIO_USERSPACE; 389 uio.uio_procp = p; 390 switch (piod.piod_op) { 391 case PIOD_READ_I: 392 req = PT_READ_I; 393 uio.uio_rw = UIO_READ; 394 break; 395 case PIOD_READ_D: 396 req = PT_READ_D; 397 uio.uio_rw = UIO_READ; 398 break; 399 case PIOD_WRITE_I: 400 req = PT_WRITE_I; 401 uio.uio_rw = UIO_WRITE; 402 break; 403 case PIOD_WRITE_D: 404 req = PT_WRITE_D; 405 uio.uio_rw = UIO_WRITE; 406 break; 407 case PIOD_READ_AUXV: 408 req = PT_READ_D; 409 uio.uio_rw = UIO_READ; 410 temp = tr->ps_emul->e_arglen * sizeof(char *); 411 if (uio.uio_offset > temp) 412 return (EIO); 413 if (uio.uio_resid > temp - uio.uio_offset) 414 uio.uio_resid = temp - uio.uio_offset; 415 piod.piod_len = iov.iov_len = uio.uio_resid; 416 error = process_auxv_offset(p, tr, &uio); 417 if (error) 418 return (error); 419 break; 420 default: 421 return (EINVAL); 422 } 423 error = process_domem(p, tr, &uio, req); 424 piod.piod_len -= uio.uio_resid; 425 (void) copyout(&piod, SCARG(uap, addr), sizeof(piod)); 426 return (error); 427 #ifdef PT_STEP 428 case PT_STEP: 429 /* 430 * From the 4.4BSD PRM: 431 * "Execution continues as in request PT_CONTINUE; however 432 * as soon as possible after execution of at least one 433 * instruction, execution stops again. [ ... ]" 434 */ 435 #endif 436 case PT_CONTINUE: 437 /* 438 * From the 4.4BSD PRM: 439 * "The data argument is taken as a signal number and the 440 * child's execution continues at location addr as if it 441 * incurred that signal. Normally the signal number will 442 * be either 0 to indicate that the signal that caused the 443 * stop should be ignored, or that value fetched out of 444 * the process's image indicating which signal caused 445 * the stop. If addr is (int *)1 then execution continues 446 * from where it stopped." 447 */ 448 449 if (SCARG(uap, pid) < THREAD_PID_OFFSET && tr->ps_single) 450 t = tr->ps_single; 451 452 /* Check that the data is a valid signal number or zero. */ 453 if (SCARG(uap, data) < 0 || SCARG(uap, data) >= NSIG) 454 return (EINVAL); 455 456 /* If the address parameter is not (int *)1, set the pc. */ 457 if ((int *)SCARG(uap, addr) != (int *)1) 458 if ((error = process_set_pc(t, SCARG(uap, addr))) != 0) 459 return error; 460 461 #ifdef PT_STEP 462 /* 463 * Arrange for a single-step, if that's requested and possible. 464 */ 465 error = process_sstep(t, req == PT_STEP); 466 if (error) 467 return error; 468 #endif 469 goto sendsig; 470 471 case PT_DETACH: 472 /* 473 * From the 4.4BSD PRM: 474 * "The data argument is taken as a signal number and the 475 * child's execution continues at location addr as if it 476 * incurred that signal. Normally the signal number will 477 * be either 0 to indicate that the signal that caused the 478 * stop should be ignored, or that value fetched out of 479 * the process's image indicating which signal caused 480 * the stop. If addr is (int *)1 then execution continues 481 * from where it stopped." 482 */ 483 484 if (SCARG(uap, pid) < THREAD_PID_OFFSET && tr->ps_single) 485 t = tr->ps_single; 486 487 /* Check that the data is a valid signal number or zero. */ 488 if (SCARG(uap, data) < 0 || SCARG(uap, data) >= NSIG) 489 return (EINVAL); 490 491 #ifdef PT_STEP 492 /* 493 * Stop single stepping. 494 */ 495 error = process_sstep(t, 0); 496 if (error) 497 return error; 498 #endif 499 500 /* give process back to original parent or init */ 501 if (tr->ps_oppid != tr->ps_pptr->ps_pid) { 502 struct process *ppr; 503 504 ppr = prfind(tr->ps_oppid); 505 proc_reparent(tr, ppr ? ppr : initprocess); 506 } 507 508 /* not being traced any more */ 509 tr->ps_oppid = 0; 510 atomic_clearbits_int(&tr->ps_flags, PS_TRACED|PS_WAITED); 511 512 sendsig: 513 memset(tr->ps_ptstat, 0, sizeof(*tr->ps_ptstat)); 514 515 /* Finally, deliver the requested signal (or none). */ 516 if (t->p_stat == SSTOP) { 517 t->p_xstat = SCARG(uap, data); 518 SCHED_LOCK(s); 519 setrunnable(t); 520 SCHED_UNLOCK(s); 521 } else { 522 if (SCARG(uap, data) != 0) 523 psignal(t, SCARG(uap, data)); 524 } 525 526 return (0); 527 528 case PT_KILL: 529 if (SCARG(uap, pid) < THREAD_PID_OFFSET && tr->ps_single) 530 t = tr->ps_single; 531 532 /* just send the process a KILL signal. */ 533 SCARG(uap, data) = SIGKILL; 534 goto sendsig; /* in PT_CONTINUE, above. */ 535 536 case PT_ATTACH: 537 /* 538 * As was done in procfs: 539 * Go ahead and set the trace flag. 540 * Save the old parent (it's reset in 541 * _DETACH, and also in kern_exit.c:wait4() 542 * Reparent the process so that the tracing 543 * proc gets to see all the action. 544 * Stop the target. 545 */ 546 atomic_setbits_int(&tr->ps_flags, PS_TRACED); 547 tr->ps_oppid = tr->ps_pptr->ps_pid; 548 if (tr->ps_pptr != p->p_p) 549 proc_reparent(tr, p->p_p); 550 if (tr->ps_ptstat == NULL) 551 tr->ps_ptstat = malloc(sizeof(*tr->ps_ptstat), 552 M_SUBPROC, M_WAITOK); 553 SCARG(uap, data) = SIGSTOP; 554 goto sendsig; 555 556 case PT_GET_EVENT_MASK: 557 if (SCARG(uap, data) != sizeof(pe)) 558 return (EINVAL); 559 memset(&pe, 0, sizeof(pe)); 560 pe.pe_set_event = tr->ps_ptmask; 561 return (copyout(&pe, SCARG(uap, addr), sizeof(pe))); 562 case PT_SET_EVENT_MASK: 563 if (SCARG(uap, data) != sizeof(pe)) 564 return (EINVAL); 565 if ((error = copyin(SCARG(uap, addr), &pe, sizeof(pe)))) 566 return (error); 567 tr->ps_ptmask = pe.pe_set_event; 568 return (0); 569 570 case PT_GET_PROCESS_STATE: 571 if (SCARG(uap, data) != sizeof(*tr->ps_ptstat)) 572 return (EINVAL); 573 574 if (tr->ps_single) 575 tr->ps_ptstat->pe_tid = 576 tr->ps_single->p_tid + THREAD_PID_OFFSET; 577 578 return (copyout(tr->ps_ptstat, SCARG(uap, addr), 579 sizeof(*tr->ps_ptstat))); 580 581 case PT_SETREGS: 582 KASSERT((p->p_flag & P_SYSTEM) == 0); 583 if ((error = process_checkioperm(p, tr)) != 0) 584 return (error); 585 586 regs = malloc(sizeof(*regs), M_TEMP, M_WAITOK); 587 error = copyin(SCARG(uap, addr), regs, sizeof(*regs)); 588 if (error == 0) { 589 error = process_write_regs(t, regs); 590 } 591 free(regs, M_TEMP, sizeof(*regs)); 592 return (error); 593 case PT_GETREGS: 594 KASSERT((p->p_flag & P_SYSTEM) == 0); 595 if ((error = process_checkioperm(p, tr)) != 0) 596 return (error); 597 598 regs = malloc(sizeof(*regs), M_TEMP, M_WAITOK); 599 error = process_read_regs(t, regs); 600 if (error == 0) 601 error = copyout(regs, 602 SCARG(uap, addr), sizeof (*regs)); 603 free(regs, M_TEMP, sizeof(*regs)); 604 return (error); 605 #ifdef PT_SETFPREGS 606 case PT_SETFPREGS: 607 KASSERT((p->p_flag & P_SYSTEM) == 0); 608 if ((error = process_checkioperm(p, tr)) != 0) 609 return (error); 610 611 fpregs = malloc(sizeof(*fpregs), M_TEMP, M_WAITOK); 612 error = copyin(SCARG(uap, addr), fpregs, sizeof(*fpregs)); 613 if (error == 0) { 614 error = process_write_fpregs(t, fpregs); 615 } 616 free(fpregs, M_TEMP, sizeof(*fpregs)); 617 return (error); 618 #endif 619 #ifdef PT_GETFPREGS 620 case PT_GETFPREGS: 621 KASSERT((p->p_flag & P_SYSTEM) == 0); 622 if ((error = process_checkioperm(p, tr)) != 0) 623 return (error); 624 625 fpregs = malloc(sizeof(*fpregs), M_TEMP, M_WAITOK); 626 error = process_read_fpregs(t, fpregs); 627 if (error == 0) 628 error = copyout(fpregs, 629 SCARG(uap, addr), sizeof(*fpregs)); 630 free(fpregs, M_TEMP, sizeof(*fpregs)); 631 return (error); 632 #endif 633 #ifdef PT_SETXMMREGS 634 case PT_SETXMMREGS: 635 KASSERT((p->p_flag & P_SYSTEM) == 0); 636 if ((error = process_checkioperm(p, tr)) != 0) 637 return (error); 638 639 xmmregs = malloc(sizeof(*xmmregs), M_TEMP, M_WAITOK); 640 error = copyin(SCARG(uap, addr), xmmregs, sizeof(*xmmregs)); 641 if (error == 0) { 642 error = process_write_xmmregs(t, xmmregs); 643 } 644 free(xmmregs, M_TEMP, sizeof(*xmmregs)); 645 return (error); 646 #endif 647 #ifdef PT_GETXMMREGS 648 case PT_GETXMMREGS: 649 KASSERT((p->p_flag & P_SYSTEM) == 0); 650 if ((error = process_checkioperm(p, tr)) != 0) 651 return (error); 652 653 xmmregs = malloc(sizeof(*xmmregs), M_TEMP, M_WAITOK); 654 error = process_read_xmmregs(t, xmmregs); 655 if (error == 0) 656 error = copyout(xmmregs, 657 SCARG(uap, addr), sizeof(*xmmregs)); 658 free(xmmregs, M_TEMP, sizeof(*xmmregs)); 659 return (error); 660 #endif 661 #ifdef PT_WCOOKIE 662 case PT_WCOOKIE: 663 wcookie = process_get_wcookie (t); 664 return (copyout(&wcookie, SCARG(uap, addr), 665 sizeof (register_t))); 666 #endif 667 } 668 669 #ifdef DIAGNOSTIC 670 panic("ptrace: impossible"); 671 #endif 672 return 0; 673 } 674 675 /* 676 * Check if a process is allowed to fiddle with the memory of another. 677 * 678 * p = tracer 679 * tr = tracee 680 * 681 * 1. You can't attach to a process not owned by you or one that has raised 682 * its privileges. 683 * 1a. ...unless you are root. 684 * 685 * 2. init is always off-limits because it can control the securelevel. 686 * 2a. ...unless securelevel is permanently set to insecure. 687 * 688 * 3. Processes that are in the process of doing an exec() are always 689 * off-limits because of the can of worms they are. Just wait a 690 * second. 691 */ 692 int 693 process_checkioperm(struct proc *p, struct process *tr) 694 { 695 int error; 696 697 if ((tr->ps_ucred->cr_ruid != p->p_ucred->cr_ruid || 698 ISSET(tr->ps_flags, PS_SUGIDEXEC | PS_SUGID)) && 699 (error = suser(p, 0)) != 0) 700 return (error); 701 702 if ((tr->ps_pid == 1) && (securelevel > -1)) 703 return (EPERM); 704 705 if (tr->ps_flags & PS_INEXEC) 706 return (EAGAIN); 707 708 return (0); 709 } 710 711 int 712 process_domem(struct proc *curp, struct process *tr, struct uio *uio, int req) 713 { 714 struct vmspace *vm; 715 int error; 716 vaddr_t addr; 717 vsize_t len; 718 719 len = uio->uio_resid; 720 if (len == 0) 721 return 0; 722 723 if ((error = process_checkioperm(curp, tr)) != 0) 724 return error; 725 726 /* XXXCDC: how should locking work here? */ 727 vm = tr->ps_vmspace; 728 if ((tr->ps_flags & PS_EXITING) || (vm->vm_refcnt < 1)) 729 return EFAULT; 730 addr = uio->uio_offset; 731 732 vm->vm_refcnt++; 733 734 error = uvm_io(&vm->vm_map, uio, 735 (uio->uio_rw == UIO_WRITE) ? UVM_IO_FIXPROT : 0); 736 737 uvmspace_free(vm); 738 739 if (error == 0 && req == PT_WRITE_I) 740 pmap_proc_iflush(tr, addr, len); 741 742 return error; 743 } 744 745 int 746 process_auxv_offset(struct proc *curp, struct process *tr, struct uio *uiop) 747 { 748 struct vmspace *vm; 749 struct ps_strings pss; 750 struct iovec iov; 751 struct uio uio; 752 int error; 753 754 iov.iov_base = &pss; 755 iov.iov_len = sizeof(pss); 756 uio.uio_iov = &iov; 757 uio.uio_iovcnt = 1; 758 uio.uio_offset = (off_t)tr->ps_strings; 759 uio.uio_resid = sizeof(pss); 760 uio.uio_segflg = UIO_SYSSPACE; 761 uio.uio_rw = UIO_READ; 762 uio.uio_procp = curp; 763 764 vm = tr->ps_vmspace; 765 if ((tr->ps_flags & PS_EXITING) || (vm->vm_refcnt < 1)) 766 return EFAULT; 767 768 vm->vm_refcnt++; 769 error = uvm_io(&vm->vm_map, &uio, 0); 770 uvmspace_free(vm); 771 772 if (error != 0) 773 return error; 774 775 if (pss.ps_envstr == NULL) 776 return EIO; 777 778 uiop->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + pss.ps_nenvstr + 1); 779 #ifdef MACHINE_STACK_GROWS_UP 780 if (uiop->uio_offset < (off_t)tr->ps_strings) 781 return EIO; 782 #else 783 if (uiop->uio_offset > (off_t)tr->ps_strings) 784 return EIO; 785 if ((uiop->uio_offset + uiop->uio_resid) > (off_t)tr->ps_strings) 786 uiop->uio_resid = (off_t)tr->ps_strings - uiop->uio_offset; 787 #endif 788 789 return 0; 790 } 791 #endif 792