Home | History | Annotate | Download | only in netbsd32
History log of /src/sys/compat/netbsd32/netbsd32_ptrace.c
RevisionDateAuthorComments
 1.9  07-Sep-2021  riastradh sys/compat: Memset zero before copyout.

Just in case of uninitialized padding which would lead to kernel
stack disclosure. If the compiler can prove the memset redundant
then it can optimize it away; otherwise better safe than sorry.
 1.8  24-Dec-2019  kamil Introduce PT_LWPSTATUS + PT_LWPNEXT, obsolete PT_LWPINFO

PT_LWPINFO is a legacy ptrace(2) operation that was originally intended
to retrieve the thread (LWP) information inside a traced process.

It has a number of flaws and is confused with PT_LWPINFO from FreeBSD.

PT_LWPSTATUS and PT_LWPNEXT address the problems (shortly by: rename,
removal of pl_event) and introduces new features: signal context
(pl_sigpend, pl_sigmask), LWP name (pl_name), LWP TLS base address
(pl_private). The private pointer was so far missing information for
a debugger.

PT_LWPSTATUS@nnn is now shipped with core(5) files and contain LWP specific
information, so far missed in the core(5) files.

PT_LWPSTATUS retrieves LWP information for the prompted thread.
PT_LWPNEXT retrieves LWP information for the next thread, borrowing the
semantics from NetBSD specific PT_LWPINFO.

PT_LWPINFO is namespaced with __LEGACY_PT_LWPINFO and still available for
the foreseeable future, without plans of removing it.

Add ATF tests for PT_LWPSTATUS + PT_LWPNEXT.

Keep ATF tests for PT_LWPINFO.

Switch GDB to new API.

Proposed on tech-kern@.
 1.7  04-Jun-2019  mgorny branches: 1.7.2;
compat32: Translate userland PT_* request values into kernel codes

Currently, the compat32 passes PT_* request values to kernel functions
without translation. This works fine for low PT_* requests that happen
to have the same values both on i386 and amd64. However, for requests
higher than PT_SETFPREGS, the value passed from userland (matching i386
const) does not match the correct kernel (amd64) request. As a result,
e.g. when compat32 process calls PT_GETDBREGS, kernel actually processes
it as PT_SETSTEP.

To resolve this, introduce support for compat32 PT_* request
translation. The interface is based on PTRACE_TRANSLATE_REQUEST32 macro
that is defined to a mapping function on architectures needing it.
In case of amd64, this function maps userland i386 PT_* values into
appropriate amd64 PT_* values.

For the time being, the two additional PT_GETXMMREGS and PT_SETXMMREGS
requests are unsupported due to lack of matching free amd64 constant.
 1.6  27-Jan-2019  pgoyette Merge the [pgoyette-compat] branch
 1.5  17-Dec-2017  christos branches: 1.5.2; 1.5.4;
handle siginfo requests for ptrace32
 1.4  23-Feb-2017  kamil branches: 1.4.6; 1.4.12;
Introduce PT_GETDBREGS and PT_SETDBREGS in ptrace(2) on i386 and amd64

This interface is modeled after FreeBSD API with the usage.

This replaced previous watchpoint API. The previous one was introduced
recently in NetBSD-current and remove its spurs without any
backward-compatibility.

Design choices for Debug Register accessors:
- exec() (TRAP_EXEC event) must remove debug registers from LWP
- debug registers are only per-LWP, not per-process globally
- debug registers must not be inherited after (v)forking a process
- debug registers must not be inherited after forking a thread
- a debugger is responsible to set global watchpoints/breakpoints with the
debug registers, to achieve this PTRACE_LWP_CREATE/PTRACE_LWP_EXIT event
monitoring function is designed to be used
- debug register traps must generate SIGTRAP with si_code TRAP_DBREG
- debugger is responsible to retrieve debug register state to distinguish
the exact debug register trap (DR6 is Status Register on x86)
- kernel must not remove debug register traps after triggering a trap event
a debugger is responsible to detach this trap with appropriate PT_SETDBREGS
call (DR7 is Control Register on x86)
- debug registers must not be exposed in mcontext
- userland must not be allowed to set a trap on the kernel

Implementation notes on i386 and amd64:
- the initial state of debug register is retrieved on boot and this value is
stored in a local copy (initdbregs), this value is used to initialize dbreg
context after PT_GETDBREGS
- struct dbregs is stored in pcb as a pointer and by default not initialized
- reserved registers (DR4-DR5, DR9-DR15) are ignored

Further ideas:
- restrict this interface with securelevel

Tested on real hardware i386 (Intel Pentium IV) and amd64 (Intel i7).

This commit enables 390 debug register ATF tests in kernel/arch/x86.
All tests are passing.

This commit does not cover netbsd32 compat code. Currently other interface
PT_GET_SIGINFO/PT_SET_SIGINFO is required in netbsd32 compat code in order to
validate reliably PT_GETDBREGS/PT_SETDBREGS.

This implementation does not cover FreeBSD specific defines in their
<x86/reg.h>: DBREG_DR7_LOCAL_ENABLE, DBREG_DR7_GLOBAL_ENABLE, DBREG_DR7_LEN_1
etc. These values tend to be reinvented by each tracer on its own. GNU
Debugger (GDB) works with NetBSD debug registers after adding this patch:

--- gdb/amd64bsd-nat.c.orig 2016-02-10 03:19:39.000000000 +0000
+++ gdb/amd64bsd-nat.c
@@ -167,6 +167,10 @@ amd64bsd_target (void)

#ifdef HAVE_PT_GETDBREGS

+#ifndef DBREG_DRX
+#define DBREG_DRX(d,x) ((d)->dr[(x)])
+#endif
+
static unsigned long
amd64bsd_dr_get (ptid_t ptid, int regnum)
{


Another reason to stop introducing unpopular defines covering machine
specific register macros is that these value varies across generations of
the same CPU family.

GDB demo:
(gdb) c
Continuing.

Watchpoint 2: traceme

Old value = 0
New value = 16
main (argc=1, argv=0x7f7fff79fe30) at test.c:8
8 printf("traceme=%d\n", traceme);

(Currently the GDB interface is not reliable due to NetBSD support bugs)

Sponsored by <The NetBSD Foundation>
 1.3  15-Dec-2016  kamil branches: 1.3.2;
Add support for hardware assisted watchpoints/breakpoints API in ptrace(2)

Add new ptrace(2) calls:
- PT_COUNT_WATCHPOINTS - count the number of available hardware watchpoints
- PT_READ_WATCHPOINT - read struct ptrace_watchpoint from the kernel state
- PT_WRITE_WATCHPOINT - write new struct ptrace_watchpoint state, this
includes enabling and disabling watchpoints

The ptrace_watchpoint structure contains MI and MD parts:

typedef struct ptrace_watchpoint {
int pw_index; /* HW Watchpoint ID (count from 0) */
lwpid_t pw_lwpid; /* LWP described */
struct mdpw pw_md; /* MD fields */
} ptrace_watchpoint_t;

For example amd64 defines MD as follows:
struct mdpw {
void *md_address;
int md_condition;
int md_length;
};

These calls are protected with the __HAVE_PTRACE_WATCHPOINTS guard.

Tested on amd64, initial support added for i386 and XEN.

Sponsored by <The NetBSD Foundation>
 1.2  02-Nov-2016  pgoyette branches: 1.2.2; 1.2.4;
* Split sys/kern/sys_process.c into three parts:
1 - ptrace(2) syscall for native emulation
2 - common ptrace(2) syscall code (shared with compat_netbsd32)
3 - support routines that are shared with PROCFS and/or KTRACE

* Add module glue for #1 and #2. Both modules will be built-in to the
kernel if "options PTRACE" is included in the config file (this is
the default, defined in sys/conf/std).

* Mark the ptrace(2) syscall as modular in syscalls.master (generated
files will be committed shortly).

* Conditionalize all remaining portions of PTRACE code on a new kernel
option PTRACE_HOOKS.

XXX Instead of PROCFS depending on 'options PTRACE', we should probably
just add a procfs attribute to the sys/kern/sys_process.c file's
entry in files.kern, and add PROCFS to the "#if defineds" for
process_domem(). It's really confusing to have two different ways
of requiring this file.
 1.1  19-Oct-2016  skrll PR kern/51514: ptrace(2) fails for 32-bit process on 64-bit kernel

Updated from the original patch in the PR by me.
 1.2.4.4  28-Aug-2017  skrll Sync with HEAD
 1.2.4.3  05-Feb-2017  skrll Sync with HEAD
 1.2.4.2  05-Dec-2016  skrll Sync with HEAD
 1.2.4.1  02-Nov-2016  skrll file netbsd32_ptrace.c was added on branch nick-nhusb on 2016-12-05 10:55:00 +0000
 1.2.2.4  20-Mar-2017  pgoyette Sync with HEAD
 1.2.2.3  07-Jan-2017  pgoyette Sync with HEAD. (Note that most of these changes are simply $NetBSD$
tag issues.)
 1.2.2.2  04-Nov-2016  pgoyette Sync with HEAD
 1.2.2.1  02-Nov-2016  pgoyette file netbsd32_ptrace.c was added on branch pgoyette-localcount on 2016-11-04 14:49:07 +0000
 1.3.2.1  21-Apr-2017  bouyer Sync with HEAD
 1.4.12.2  03-Dec-2017  jdolecek update from HEAD
 1.4.12.1  23-Feb-2017  jdolecek file netbsd32_ptrace.c was added on branch tls-maxphys on 2017-12-03 11:36:56 +0000
 1.4.6.2  21-Jun-2023  martin Pull up following revision(s) (requested by riastradh in ticket #1836):

sys/compat/linux/arch/i386/linux_machdep.c: revision 1.168
sys/compat/sunos/sunos_misc.c: revision 1.177
sys/compat/netbsd32/netbsd32_compat_50.c: revision 1.52
sys/compat/common/kern_resource_43.c: revision 1.23
sys/compat/netbsd32/netbsd32_conv.h: revision 1.46
sys/compat/linux/arch/i386/linux_ptrace.c: revision 1.35
sys/compat/common/vfs_syscalls_12.c: revision 1.38
sys/compat/ultrix/ultrix_misc.c: revision 1.126
sys/compat/common/kern_sig_43.c: revision 1.37
sys/compat/linux/common/linux_mtio.c: revision 1.8
sys/compat/freebsd/freebsd_misc.c: revision 1.34
sys/compat/linux/common/linux_olduname.c: revision 1.67
sys/compat/linux/arch/mips/linux_machdep.c: revision 1.44
sys/compat/freebsd/freebsd_sched.c: revision 1.23
sys/compat/ossaudio/ossaudio.c: revision 1.84
sys/compat/sys/time_types.h: revision 1.6
sys/compat/linux/arch/powerpc/linux_machdep.c: revision 1.51
sys/compat/linux/common/linux_file.c: revision 1.119
sys/compat/linux/arch/arm/linux_machdep.c: revision 1.34
sys/compat/netbsd32/netbsd32_wait.c: revision 1.25
sys/compat/linux32/common/linux32_time.c: revision 1.38
sys/compat/linux/arch/powerpc/linux_ptrace.c: revision 1.33
sys/compat/linux/arch/alpha/linux_machdep.c: revision 1.52
sys/compat/linux32/arch/amd64/linux32_machdep.c: revision 1.46
sys/compat/netbsd32/netbsd32_compat_12.c: revision 1.36
sys/compat/ultrix/ultrix_ioctl.c: revision 1.39
sys/compat/linux/common/linux_misc.c: revision 1.252
sys/compat/linux/common/linux_hdio.c: revision 1.19
sys/compat/sunos/sunos_ioctl.c: revision 1.71
sys/compat/linux/common/linux_sched.c: revision 1.79
sys/compat/common/kern_info_43.c: revision 1.40
sys/compat/linux32/common/linux32_exec_elf32.c: revision 1.20
sys/compat/linux/common/linux_socket.c: revision 1.153
sys/compat/linux/arch/amd64/linux_machdep.c: revision 1.60
sys/compat/common/vfs_syscalls_43.c: revision 1.68
sys/compat/linux/arch/powerpc/linux_exec_powerpc.c: revision 1.25
sys/compat/netbsd32/netbsd32_ptrace.c: revision 1.9
sys/compat/common/kern_time_50.c: revision 1.37
sys/compat/netbsd32/netbsd32_compat_20.c: revision 1.42
sys/compat/linux/common/linux_cdrom.c: revision 1.28
sys/compat/linux/arch/m68k/linux_machdep.c: revision 1.43
sys/compat/common/kern_info_09.c: revision 1.22
sys/compat/linux32/common/linux32_resource.c: revision 1.12
sys/compat/linux/common/linux_oldolduname.c: revision 1.67
sys/compat/netbsd32/netbsd32_nfssvc.c: revision 1.8
sys/compat/linux32/common/linux32_signal.c: revision 1.21
sys/compat/common/kern_sig_13.c: revision 1.22
sys/compat/sunos32/sunos32_ioctl.c: revision 1.36
sys/compat/netbsd32/netbsd32_compat_43.c: revision 1.62
sys/compat/linux/arch/arm/linux_ptrace.c: revision 1.23
sys/compat/netbsd32/netbsd32_time.c: revision 1.56
sys/compat/linux/common/linux_signal.c: revision 1.84
sys/compat/netbsd32/netbsd32_signal.c: revision 1.52
sys/compat/sunos32/sunos32_misc.c: revision 1.85
sys/compat/linux/common/linux_time.c: revision 1.40
sys/compat/linux/common/linux_fdio.c: revision 1.14
sys/compat/common/vfs_syscalls_30.c: revision 1.43

sys/compat: Memset zero before copyout.

Just in case of uninitialized padding which would lead to kernel
stack disclosure. If the compiler can prove the memset redundant
then it can optimize it away; otherwise better safe than sorry.
 1.4.6.1  12-Apr-2018  martin Pull up following revision(s) (requested by kamil in ticket #713):

sys/modules/procfs/Makefile: revision 1.4
sys/miscfs/procfs/procfs_vfsops.c: revision 1.98
bin/ps/ps.1: revision 1.108
sys/compat/linux/arch/i386/linux_ptrace.c: revision 1.32
sys/miscfs/procfs/procfs_vnops.c: revision 1.198
sys/kern/sys_ptrace_common.c: revision 1.23
sys/kern/sys_ptrace_common.c: revision 1.24
sbin/mount_procfs/mount_procfs.8: revision 1.36
sys/kern/sys_ptrace_common.c: revision 1.25
sys/kern/sys_ptrace.c: revision 1.5
sys/compat/linux/arch/powerpc/linux_ptrace.c: revision 1.30
sys/sys/proc.h: revision 1.342
sys/kern/sys_ptrace_common.c: revision 1.26
sys/miscfs/procfs/procfs_ctl.c: file removal
sys/kern/sys_ptrace_common.c: revision 1.27
sys/miscfs/procfs/procfs_subr.c: revision 1.109
sys/kern/sys_ptrace_common.c: revision 1.28
sys/secmodel/extensions/secmodel_extensions.c: revision 1.8
sys/kern/sys_ptrace_common.c: revision 1.29
sys/sys/ptrace.h: revision 1.62
sys/compat/netbsd32/netbsd32_signal.c: revision 1.45
share/man/man9/kauth.9: revision 1.109
sys/miscfs/procfs/files.procfs: revision 1.12
sys/compat/netbsd32/netbsd32.h: revision 1.115
sys/miscfs/procfs/procfs.h: revision 1.72
sys/compat/netbsd32/netbsd32_ptrace.c: revision 1.5
sys/kern/kern_sig.c: revision 1.337
sys/sys/kauth.h: revision 1.75
sys/sys/sysctl.h: revision 1.224
sys/kern/sys_ptrace_common.c: revision 1.30
sys/kern/sys_ptrace_common.c: revision 1.31
sys/kern/sys_ptrace_common.c: revision 1.32
sys/kern/sys_ptrace_common.c: revision 1.33
sys/compat/linux/arch/arm/linux_ptrace.c: revision 1.20
sys/kern/sys_ptrace_common.c: revision 1.34
sys/kern/sys_ptrace_common.c: revision 1.36
sys/kern/kern_proc.c: revision 1.207
sys/kern/kern_exit.c: revision 1.269
doc/TODO.ptrace: revision 1.29

Make {s,g}et{db,fp,}regs work again for PK_32 processes
XXX: pullup-8

add disgusting magic to handle compat_netbsd32 as a module.

use process_*reg32 instead of struct *reg32.

Remove the filesystem tracing feature

This is a legacy interface from 4.4BSD, and it was
introduced to overcome shortcomings of ptrace(2) at that time, which are
no longer relevant (performance). Today /proc/#/ctl offers a narrow
subset of ptrace(2) commands and is not applicable for modern
applications use beyond simplistic tracing scenarios.

This removal will simplify kernel internals. Users will still be able to
use all the other /proc files.

This change won't affect other procfs files neither Linux compat
features within mount_procfs(8). /proc/#/ctl isn't available on Linux.

Remove:
- /proc/#/ctl from mount_procfs(8)
- P_FSTRACE note from the documentation of ps(1)
- /proc/#/ctl and filesystem tracing documentation from mount_procfs(8)
- KAUTH_REQ_PROCESS_PROCFS_CTL documentation from kauth(9)
- source code file miscfs/procfs/procfs_ctl.c
- PFSctl and procfs_doctl() from sys/miscfs/procfs/procfs.h
- KAUTH_REQ_PROCESS_PROCFS_CTL from sys/sys/kauth.h
- PSL_FSTRACE (0x00010000) from sys/sys/proc.h
- P_FSTRACE (0x00010000) from sys/sys/sysctl.h

Reduce code complexity after removal of this functionality.

Update TODO.ptrace accordingly: remove two entries about /proc tracing.

Do not keep legacy notes as comments in the headers about removed

PSL_FSTRACE / P_FSTRACE, as this interface had little number of users
(close or equal to zero).
Proposed on tech-kern@.

All filesystem tracing utility users are encouraged to switch to ptrace(2).

Sponsored by <The NetBSD Foundation>

untangle the mess:
- factor out common code
- break each ptrace subcall to its own sub-function
.. more to come ...
- reduce ifdef ugliness by moving it up top.
- factor out PT_IO and make PT_{READ,WRITE}_{I,D} use it
- factor out PT_DUMPCORE
- factor out sendsig code
.. more to come ...

handle siginfo requests for ptrace32

ptrace: Partially undo PT_{READ,WRITE}_{I,D} and unbreak these commands

The refactored code did not work and was generating EFAULT.

Sponsored by <The NetBSD Foundation>

Merge the code back; the problem was that since we are reading/writing
to a kernel address for PT_{READ,WRITE}_{I,D} we need the kernel vmspace.
provide separate read and write functions to accomodate register functions
that need a size argument.

don't ignore error from copyout_piod

Use the proper process (the tracee) to get information about lwps and
registers and the tracer for vmspace.

Add new sysctl(3) entry: security.models.extensions.user_set_dbregs

Model this new sysctl(3) entry after "user_set_cpu_affinity" in the same
level of sysctl(3) switches.

Allow to read unconditionally Debug Registers (no change here). This is
convenient as even if a user of a debugger does not use hardware assisted
watchpoints/breakpoints, a debugger can still prompt these values to store
in an internal cache with context of registers. Reading them should have
no security concerns.

Add a paranoid MI switch that prohibits by default setting these registers
by a regular user (non-superuser). Make this switch disabled by default.
There are enough reserved bits out there to allow using them
unconditionally on hardened hosts.

Features shipped with Debug Registers are optional features in debuggers.
There is no reduction in elementary functionality.

Reviewed by <christos>

Sponsored by <The NetBSD Foundation>
 1.5.4.2  08-Apr-2020  martin Merge changes from current as of 20200406
 1.5.4.1  10-Jun-2019  christos Sync with HEAD
 1.5.2.1  11-Sep-2018  pgoyette Put the ``extern struct emul'' into the netbsd32_netbsd.h header
so it doesn't have to be separately declared in each source file.

Thanks mrg@
 1.7.2.1  03-Aug-2022  martin Pull up following revision(s), all via patch
(requested by riastradh in ticket #1487):

sys/compat/linux/arch/i386/linux_machdep.c: revision 1.168
sys/compat/sunos/sunos_misc.c: revision 1.177
sys/compat/netbsd32/netbsd32_compat_50.c: revision 1.52
sys/compat/common/kern_resource_43.c: revision 1.23
sys/compat/netbsd32/netbsd32_conv.h: revision 1.46
sys/compat/linux/arch/i386/linux_ptrace.c: revision 1.35
sys/compat/common/vfs_syscalls_12.c: revision 1.38
sys/compat/ultrix/ultrix_misc.c: revision 1.126
sys/compat/common/kern_sig_43.c: revision 1.37
sys/compat/linux/common/linux_mtio.c: revision 1.8
sys/compat/freebsd/freebsd_misc.c: revision 1.34
sys/compat/freebsd/freebsd_machdep.c: revision 1.5
sys/compat/linux/common/linux_olduname.c: revision 1.67
sys/compat/linux/arch/mips/linux_machdep.c: revision 1.44
sys/compat/freebsd/freebsd_sched.c: revision 1.23
sys/compat/ossaudio/ossaudio.c: revision 1.84
sys/compat/sys/time_types.h: revision 1.6
sys/compat/linux/arch/powerpc/linux_machdep.c: revision 1.51
sys/compat/common/ieee80211_20.c: revision 1.7
sys/compat/linux/common/linux_file.c: revision 1.119
sys/compat/linux/arch/arm/linux_machdep.c: revision 1.34
sys/compat/netbsd32/netbsd32_wait.c: revision 1.25
sys/compat/linux32/common/linux32_time.c: revision 1.38
sys/compat/linux/arch/powerpc/linux_ptrace.c: revision 1.33
sys/compat/linux/arch/alpha/linux_machdep.c: revision 1.52
sys/compat/linux32/arch/amd64/linux32_machdep.c: revision 1.46
sys/compat/netbsd32/netbsd32_compat_12.c: revision 1.36
sys/compat/ultrix/ultrix_ioctl.c: revision 1.39
sys/compat/linux/common/linux_misc.c: revision 1.252
sys/compat/linux/common/linux_hdio.c: revision 1.19
sys/compat/sunos/sunos_ioctl.c: revision 1.71
sys/compat/linux/common/linux_sched.c: revision 1.79
sys/compat/common/kern_info_43.c: revision 1.40
sys/compat/linux32/common/linux32_exec_elf32.c: revision 1.20
sys/compat/linux/common/linux_socket.c: revision 1.153
sys/compat/linux/arch/amd64/linux_machdep.c: revision 1.60
sys/compat/common/vfs_syscalls_43.c: revision 1.68
sys/compat/linux/arch/powerpc/linux_exec_powerpc.c: revision 1.25
sys/compat/netbsd32/netbsd32_ptrace.c: revision 1.9
sys/compat/common/kern_time_50.c: revision 1.37
sys/compat/netbsd32/netbsd32_compat_20.c: revision 1.42
sys/compat/linux/common/linux_cdrom.c: revision 1.28
sys/compat/linux/arch/m68k/linux_machdep.c: revision 1.43
sys/compat/common/kern_info_09.c: revision 1.22
sys/compat/linux32/common/linux32_resource.c: revision 1.12
sys/compat/linux/common/linux_oldolduname.c: revision 1.67
sys/compat/common/if_media_80.c: revision 1.4
sys/compat/linux/arch/alpha/linux_osf1.c: revision 1.5
sys/compat/netbsd32/netbsd32_nfssvc.c: revision 1.8
sys/compat/linux32/common/linux32_signal.c: revision 1.21
sys/compat/common/kern_sig_13.c: revision 1.22
sys/compat/sunos32/sunos32_ioctl.c: revision 1.36
sys/compat/netbsd32/netbsd32_compat_43.c: revision 1.62
sys/compat/linux/arch/arm/linux_ptrace.c: revision 1.23
sys/compat/netbsd32/netbsd32_time.c: revision 1.56
sys/compat/linux/common/linux_signal.c: revision 1.84
sys/compat/netbsd32/netbsd32_signal.c: revision 1.52
sys/compat/sunos32/sunos32_misc.c: revision 1.85
sys/compat/linux/common/linux_time.c: revision 1.40
sys/compat/linux/common/linux_fdio.c: revision 1.14
sys/compat/common/vfs_syscalls_30.c: revision 1.43

sys/compat: Memset zero before copyout.

Just in case of uninitialized padding which would lead to kernel
stack disclosure. If the compiler can prove the memset redundant
then it can optimize it away; otherwise better safe than sorry.

RSS XML Feed