sys_ptrace_common.c revision 1.73
1 /* $NetBSD: sys_ptrace_common.c,v 1.73 2019/11/22 05:01:44 rin Exp $ */ 2 3 /*- 4 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Andrew Doran. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1989, 1993 34 * The Regents of the University of California. All rights reserved. 35 * (c) UNIX System Laboratories, Inc. 36 * All or some portions of this file are derived from material licensed 37 * to the University of California by American Telephone and Telegraph 38 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 39 * the permission of UNIX System Laboratories, Inc. 40 * 41 * This code is derived from software contributed to Berkeley by 42 * Jan-Simon Pendry. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 3. Neither the name of the University nor the names of its contributors 53 * may be used to endorse or promote products derived from this software 54 * without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 * 68 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 69 */ 70 71 /*- 72 * Copyright (c) 1993 Jan-Simon Pendry. 73 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 74 * 75 * This code is derived from software contributed to Berkeley by 76 * Jan-Simon Pendry. 77 * 78 * Redistribution and use in source and binary forms, with or without 79 * modification, are permitted provided that the following conditions 80 * are met: 81 * 1. Redistributions of source code must retain the above copyright 82 * notice, this list of conditions and the following disclaimer. 83 * 2. Redistributions in binary form must reproduce the above copyright 84 * notice, this list of conditions and the following disclaimer in the 85 * documentation and/or other materials provided with the distribution. 86 * 3. All advertising materials mentioning features or use of this software 87 * must display the following acknowledgement: 88 * This product includes software developed by the University of 89 * California, Berkeley and its contributors. 90 * 4. Neither the name of the University nor the names of its contributors 91 * may be used to endorse or promote products derived from this software 92 * without specific prior written permission. 93 * 94 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 97 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 98 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 99 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 100 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 101 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 104 * SUCH DAMAGE. 105 * 106 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 107 */ 108 109 /* 110 * References: 111 * (1) Bach's "The Design of the UNIX Operating System", 112 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 113 * (3) the "4.4BSD Programmer's Reference Manual" published 114 * by USENIX and O'Reilly & Associates. 115 * The 4.4BSD PRM does a reasonably good job of documenting what the various 116 * ptrace() requests should actually do, and its text is quoted several times 117 * in this file. 118 */ 119 120 #include <sys/cdefs.h> 121 __KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.73 2019/11/22 05:01:44 rin Exp $"); 122 123 #ifdef _KERNEL_OPT 124 #include "opt_ptrace.h" 125 #include "opt_ktrace.h" 126 #include "opt_pax.h" 127 #include "opt_compat_netbsd32.h" 128 #endif 129 130 #if defined(__HAVE_COMPAT_NETBSD32) && !defined(COMPAT_NETBSD32) \ 131 && !defined(_RUMPKERNEL) 132 #define COMPAT_NETBSD32 133 #endif 134 135 #include <sys/param.h> 136 #include <sys/systm.h> 137 #include <sys/proc.h> 138 #include <sys/errno.h> 139 #include <sys/exec.h> 140 #include <sys/pax.h> 141 #include <sys/ptrace.h> 142 #include <sys/uio.h> 143 #include <sys/ras.h> 144 #include <sys/kmem.h> 145 #include <sys/kauth.h> 146 #include <sys/mount.h> 147 #include <sys/syscallargs.h> 148 #include <sys/module.h> 149 #include <sys/condvar.h> 150 #include <sys/mutex.h> 151 #include <sys/compat_stub.h> 152 153 #include <uvm/uvm_extern.h> 154 155 #include <machine/reg.h> 156 157 #ifdef PTRACE 158 # ifdef PTRACE_DEBUG 159 # define DPRINTF(a) uprintf a 160 # else 161 # define DPRINTF(a) 162 # endif 163 164 static kauth_listener_t ptrace_listener; 165 static int process_auxv_offset(struct proc *, struct uio *); 166 167 extern int user_va0_disable; 168 169 #if 0 170 static int ptrace_cbref; 171 static kmutex_t ptrace_mtx; 172 static kcondvar_t ptrace_cv; 173 #endif 174 175 #ifdef PT_GETREGS 176 # define case_PT_GETREGS case PT_GETREGS: 177 #else 178 # define case_PT_GETREGS 179 #endif 180 181 #ifdef PT_SETREGS 182 # define case_PT_SETREGS case PT_SETREGS: 183 #else 184 # define case_PT_SETREGS 185 #endif 186 187 #ifdef PT_GETFPREGS 188 # define case_PT_GETFPREGS case PT_GETFPREGS: 189 #else 190 # define case_PT_GETFPREGS 191 #endif 192 193 #ifdef PT_SETFPREGS 194 # define case_PT_SETFPREGS case PT_SETFPREGS: 195 #else 196 # define case_PT_SETFPREGS 197 #endif 198 199 #ifdef PT_GETDBREGS 200 # define case_PT_GETDBREGS case PT_GETDBREGS: 201 #else 202 # define case_PT_GETDBREGS 203 #endif 204 205 #ifdef PT_SETDBREGS 206 # define case_PT_SETDBREGS case PT_SETDBREGS: 207 #else 208 # define case_PT_SETDBREGS 209 #endif 210 211 #if defined(PT_SETREGS) || defined(PT_GETREGS) || \ 212 defined(PT_SETFPREGS) || defined(PT_GETFPREGS) || \ 213 defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 214 # define PT_REGISTERS 215 #endif 216 217 static int 218 ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 219 void *arg0, void *arg1, void *arg2, void *arg3) 220 { 221 struct proc *p; 222 int result; 223 #ifdef PT_SETDBREGS 224 extern int user_set_dbregs; 225 #endif 226 227 result = KAUTH_RESULT_DEFER; 228 p = arg0; 229 230 #if 0 231 mutex_enter(&ptrace_mtx); 232 ptrace_cbref++; 233 mutex_exit(&ptrace_mtx); 234 #endif 235 if (action != KAUTH_PROCESS_PTRACE) 236 goto out; 237 238 switch ((u_long)arg1) { 239 #ifdef PT_SETDBREGS 240 case_PT_SETDBREGS 241 if (kauth_cred_getuid(cred) != 0 && user_set_dbregs == 0) { 242 result = KAUTH_RESULT_DENY; 243 break; 244 } 245 #endif 246 /* FALLTHROUGH */ 247 case PT_TRACE_ME: 248 case PT_ATTACH: 249 case PT_WRITE_I: 250 case PT_WRITE_D: 251 case PT_READ_I: 252 case PT_READ_D: 253 case PT_IO: 254 case_PT_GETREGS 255 case_PT_SETREGS 256 case_PT_GETFPREGS 257 case_PT_SETFPREGS 258 case_PT_GETDBREGS 259 case PT_SET_EVENT_MASK: 260 case PT_GET_EVENT_MASK: 261 case PT_GET_PROCESS_STATE: 262 case PT_SET_SIGINFO: 263 case PT_GET_SIGINFO: 264 #ifdef __HAVE_PTRACE_MACHDEP 265 PTRACE_MACHDEP_REQUEST_CASES 266 #endif 267 if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) || 268 ISSET(p->p_flag, PK_SUGID)) { 269 break; 270 } 271 272 result = KAUTH_RESULT_ALLOW; 273 274 break; 275 276 #ifdef PT_STEP 277 case PT_STEP: 278 case PT_SETSTEP: 279 case PT_CLEARSTEP: 280 #endif 281 case PT_CONTINUE: 282 case PT_KILL: 283 case PT_DETACH: 284 case PT_LWPINFO: 285 case PT_SYSCALL: 286 case PT_SYSCALLEMU: 287 case PT_DUMPCORE: 288 case PT_RESUME: 289 case PT_SUSPEND: 290 case PT_STOP: 291 result = KAUTH_RESULT_ALLOW; 292 break; 293 294 default: 295 break; 296 } 297 298 out: 299 #if 0 300 mutex_enter(&ptrace_mtx); 301 if (--ptrace_cbref == 0) 302 cv_broadcast(&ptrace_cv); 303 mutex_exit(&ptrace_mtx); 304 #endif 305 306 return result; 307 } 308 309 int 310 ptrace_init(void) 311 { 312 313 #if 0 314 mutex_init(&ptrace_mtx, MUTEX_DEFAULT, IPL_NONE); 315 cv_init(&ptrace_cv, "ptracecb"); 316 ptrace_cbref = 0; 317 #endif 318 ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 319 ptrace_listener_cb, NULL); 320 return 0; 321 } 322 323 int 324 ptrace_fini(void) 325 { 326 327 kauth_unlisten_scope(ptrace_listener); 328 329 #if 0 330 /* Make sure no-one is executing our kauth listener */ 331 332 mutex_enter(&ptrace_mtx); 333 while (ptrace_cbref != 0) 334 cv_wait(&ptrace_cv, &ptrace_mtx); 335 mutex_exit(&ptrace_mtx); 336 mutex_destroy(&ptrace_mtx); 337 cv_destroy(&ptrace_cv); 338 #endif 339 340 return 0; 341 } 342 343 static struct proc * 344 ptrace_find(struct lwp *l, int req, pid_t pid) 345 { 346 struct proc *t; 347 348 /* "A foolish consistency..." XXX */ 349 if (req == PT_TRACE_ME) { 350 t = l->l_proc; 351 mutex_enter(t->p_lock); 352 return t; 353 } 354 355 /* Find the process we're supposed to be operating on. */ 356 t = proc_find(pid); 357 if (t == NULL) 358 return NULL; 359 360 /* XXX-elad */ 361 mutex_enter(t->p_lock); 362 int error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, 363 t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 364 if (error) { 365 mutex_exit(t->p_lock); 366 return NULL; 367 } 368 return t; 369 } 370 371 static int 372 ptrace_allowed(struct lwp *l, int req, struct proc *t, struct proc *p, 373 bool *locked) 374 { 375 *locked = false; 376 377 /* 378 * Grab a reference on the process to prevent it from execing or 379 * exiting. 380 */ 381 if (!rw_tryenter(&t->p_reflock, RW_READER)) 382 return EBUSY; 383 384 *locked = true; 385 386 /* Make sure we can operate on it. */ 387 switch (req) { 388 case PT_TRACE_ME: 389 /* 390 * You can't say to the parent of a process to start tracing if: 391 * (1) the parent is initproc, 392 */ 393 if (p->p_pptr == initproc) 394 return EPERM; 395 396 /* 397 * (2) the process is initproc, or 398 */ 399 if (p == initproc) 400 return EPERM; 401 402 /* 403 * (3) the child is already traced. 404 */ 405 if (ISSET(p->p_slflag, PSL_TRACED)) 406 return EBUSY; 407 408 return 0; 409 410 case PT_ATTACH: 411 /* 412 * You can't attach to a process if: 413 * (1) it's the process that's doing the attaching, 414 */ 415 if (t == p) 416 return EINVAL; 417 418 /* 419 * (2) it's a system process, 420 */ 421 if (t->p_flag & PK_SYSTEM) 422 return EPERM; 423 424 /* 425 * (3) the tracer is initproc, 426 */ 427 if (p == initproc) 428 return EPERM; 429 430 /* 431 * (4) it's already being traced, 432 */ 433 if (ISSET(t->p_slflag, PSL_TRACED)) 434 return EBUSY; 435 436 /* 437 * (5) it's a vfork(2)ed parent of the current process, or 438 */ 439 if (ISSET(p->p_lflag, PL_PPWAIT) && p->p_pptr == t) 440 return EPERM; 441 442 /* 443 * (6) the tracer is chrooted, and its root directory is 444 * not at or above the root directory of the tracee 445 */ 446 mutex_exit(t->p_lock); /* XXXSMP */ 447 int tmp = proc_isunder(t, l); 448 mutex_enter(t->p_lock); /* XXXSMP */ 449 if (!tmp) 450 return EPERM; 451 return 0; 452 453 case PT_READ_I: 454 case PT_READ_D: 455 case PT_WRITE_I: 456 case PT_WRITE_D: 457 case PT_IO: 458 case PT_SET_SIGINFO: 459 case PT_GET_SIGINFO: 460 case_PT_GETREGS 461 case_PT_SETREGS 462 case_PT_GETFPREGS 463 case_PT_SETFPREGS 464 case_PT_GETDBREGS 465 case_PT_SETDBREGS 466 #ifdef __HAVE_PTRACE_MACHDEP 467 PTRACE_MACHDEP_REQUEST_CASES 468 #endif 469 /* 470 * You can't read/write the memory or registers of a process 471 * if the tracer is chrooted, and its root directory is not at 472 * or above the root directory of the tracee. 473 */ 474 mutex_exit(t->p_lock); /* XXXSMP */ 475 tmp = proc_isunder(t, l); 476 mutex_enter(t->p_lock); /* XXXSMP */ 477 if (!tmp) 478 return EPERM; 479 /*FALLTHROUGH*/ 480 481 case PT_CONTINUE: 482 case PT_KILL: 483 case PT_DETACH: 484 case PT_LWPINFO: 485 case PT_SYSCALL: 486 case PT_SYSCALLEMU: 487 case PT_DUMPCORE: 488 #ifdef PT_STEP 489 case PT_STEP: 490 case PT_SETSTEP: 491 case PT_CLEARSTEP: 492 #endif 493 case PT_SET_EVENT_MASK: 494 case PT_GET_EVENT_MASK: 495 case PT_GET_PROCESS_STATE: 496 case PT_RESUME: 497 case PT_SUSPEND: 498 case PT_STOP: 499 /* 500 * You can't do what you want to the process if: 501 * (1) It's not being traced at all, 502 */ 503 if (!ISSET(t->p_slflag, PSL_TRACED)) 504 return EPERM; 505 506 /* 507 * (2) it's not being traced by _you_, or 508 */ 509 if (t->p_pptr != p) { 510 DPRINTF(("parent %d != %d\n", t->p_pptr->p_pid, 511 p->p_pid)); 512 return EBUSY; 513 } 514 515 /* 516 * (3) it's not currently stopped. 517 * 518 * As an exception allow PT_KILL and PT_STOP here. 519 */ 520 if (req != PT_KILL && req != PT_STOP && 521 (t->p_stat != SSTOP || !t->p_waited /* XXXSMP */)) { 522 DPRINTF(("stat %d flag %d\n", t->p_stat, 523 !t->p_waited)); 524 return EBUSY; 525 } 526 return 0; 527 528 default: /* It was not a legal request. */ 529 return EINVAL; 530 } 531 } 532 533 static int 534 ptrace_needs_hold(int req) 535 { 536 switch (req) { 537 #ifdef PT_STEP 538 case PT_STEP: 539 #endif 540 case PT_CONTINUE: 541 case PT_DETACH: 542 case PT_KILL: 543 case PT_SYSCALL: 544 case PT_SYSCALLEMU: 545 case PT_ATTACH: 546 case PT_TRACE_ME: 547 case PT_GET_SIGINFO: 548 case PT_SET_SIGINFO: 549 case PT_STOP: 550 return 1; 551 default: 552 return 0; 553 } 554 } 555 556 static int 557 ptrace_update_lwp(struct proc *t, struct lwp **lt, lwpid_t lid) 558 { 559 if (lid == 0 || lid == (*lt)->l_lid || t->p_nlwps == 1) 560 return 0; 561 562 mutex_enter(t->p_lock); 563 lwp_delref2(*lt); 564 565 *lt = lwp_find(t, lid); 566 if (*lt == NULL) { 567 mutex_exit(t->p_lock); 568 return ESRCH; 569 } 570 571 if ((*lt)->l_flag & LW_SYSTEM) { 572 mutex_exit(t->p_lock); 573 *lt = NULL; 574 return EINVAL; 575 } 576 577 lwp_addref(*lt); 578 mutex_exit(t->p_lock); 579 580 return 0; 581 } 582 583 static int 584 ptrace_get_siginfo(struct proc *t, struct ptrace_methods *ptm, void *addr, 585 size_t data) 586 { 587 struct ptrace_siginfo psi; 588 589 memset(&psi, 0, sizeof(psi)); 590 psi.psi_siginfo._info = t->p_sigctx.ps_info; 591 psi.psi_lwpid = t->p_sigctx.ps_lwp; 592 DPRINTF(("%s: lwp=%d signal=%d\n", __func__, psi.psi_lwpid, 593 psi.psi_siginfo.si_signo)); 594 595 return ptm->ptm_copyout_siginfo(&psi, addr, data); 596 } 597 598 static int 599 ptrace_set_siginfo(struct proc *t, struct lwp **lt, struct ptrace_methods *ptm, 600 void *addr, size_t data) 601 { 602 struct ptrace_siginfo psi; 603 604 int error = ptm->ptm_copyin_siginfo(&psi, addr, data); 605 if (error) 606 return error; 607 608 /* Check that the data is a valid signal number or zero. */ 609 if (psi.psi_siginfo.si_signo < 0 || psi.psi_siginfo.si_signo >= NSIG) 610 return EINVAL; 611 612 t->p_sigctx.ps_faked = true; 613 t->p_sigctx.ps_info = psi.psi_siginfo._info; 614 t->p_sigctx.ps_lwp = psi.psi_lwpid; 615 DPRINTF(("%s: lwp=%d signal=%d\n", __func__, psi.psi_lwpid, 616 psi.psi_siginfo.si_signo)); 617 return 0; 618 } 619 620 static int 621 ptrace_get_event_mask(struct proc *t, void *addr, size_t data) 622 { 623 struct ptrace_event pe; 624 625 if (data != sizeof(pe)) { 626 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pe))); 627 return EINVAL; 628 } 629 memset(&pe, 0, sizeof(pe)); 630 pe.pe_set_event = ISSET(t->p_slflag, PSL_TRACEFORK) ? 631 PTRACE_FORK : 0; 632 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK) ? 633 PTRACE_VFORK : 0; 634 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK_DONE) ? 635 PTRACE_VFORK_DONE : 0; 636 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_CREATE) ? 637 PTRACE_LWP_CREATE : 0; 638 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_EXIT) ? 639 PTRACE_LWP_EXIT : 0; 640 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEPOSIX_SPAWN) ? 641 PTRACE_POSIX_SPAWN : 0; 642 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 643 t->p_sigctx.ps_lwp, pe.pe_set_event)); 644 return copyout(&pe, addr, sizeof(pe)); 645 } 646 647 static int 648 ptrace_set_event_mask(struct proc *t, void *addr, size_t data) 649 { 650 struct ptrace_event pe; 651 int error; 652 653 if (data != sizeof(pe)) { 654 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pe))); 655 return EINVAL; 656 } 657 if ((error = copyin(addr, &pe, sizeof(pe))) != 0) 658 return error; 659 660 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 661 t->p_sigctx.ps_lwp, pe.pe_set_event)); 662 if (pe.pe_set_event & PTRACE_FORK) 663 SET(t->p_slflag, PSL_TRACEFORK); 664 else 665 CLR(t->p_slflag, PSL_TRACEFORK); 666 667 if (pe.pe_set_event & PTRACE_VFORK) 668 SET(t->p_slflag, PSL_TRACEVFORK); 669 else 670 CLR(t->p_slflag, PSL_TRACEVFORK); 671 672 if (pe.pe_set_event & PTRACE_VFORK_DONE) 673 SET(t->p_slflag, PSL_TRACEVFORK_DONE); 674 else 675 CLR(t->p_slflag, PSL_TRACEVFORK_DONE); 676 677 if (pe.pe_set_event & PTRACE_LWP_CREATE) 678 SET(t->p_slflag, PSL_TRACELWP_CREATE); 679 else 680 CLR(t->p_slflag, PSL_TRACELWP_CREATE); 681 682 if (pe.pe_set_event & PTRACE_LWP_EXIT) 683 SET(t->p_slflag, PSL_TRACELWP_EXIT); 684 else 685 CLR(t->p_slflag, PSL_TRACELWP_EXIT); 686 687 if (pe.pe_set_event & PTRACE_POSIX_SPAWN) 688 SET(t->p_slflag, PSL_TRACEPOSIX_SPAWN); 689 else 690 CLR(t->p_slflag, PSL_TRACEPOSIX_SPAWN); 691 692 return 0; 693 } 694 695 static int 696 ptrace_get_process_state(struct proc *t, void *addr, size_t data) 697 { 698 struct _ksiginfo *si; 699 struct ptrace_state ps; 700 701 if (data != sizeof(ps)) { 702 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(ps))); 703 return EINVAL; 704 } 705 706 if (t->p_sigctx.ps_info._signo != SIGTRAP || 707 (t->p_sigctx.ps_info._code != TRAP_CHLD && 708 t->p_sigctx.ps_info._code != TRAP_LWP)) { 709 memset(&ps, 0, sizeof(ps)); 710 } else { 711 si = &t->p_sigctx.ps_info; 712 713 KASSERT(si->_reason._ptrace_state._pe_report_event > 0); 714 KASSERT(si->_reason._ptrace_state._option._pe_other_pid > 0); 715 716 ps.pe_report_event = si->_reason._ptrace_state._pe_report_event; 717 718 CTASSERT(sizeof(ps.pe_other_pid) == sizeof(ps.pe_lwp)); 719 ps.pe_other_pid = 720 si->_reason._ptrace_state._option._pe_other_pid; 721 } 722 723 DPRINTF(("%s: lwp=%d event=%#x pid=%d lwp=%d\n", __func__, 724 t->p_sigctx.ps_lwp, ps.pe_report_event, 725 ps.pe_other_pid, ps.pe_lwp)); 726 return copyout(&ps, addr, sizeof(ps)); 727 } 728 729 static int 730 ptrace_lwpinfo(struct proc *t, struct lwp **lt, void *addr, size_t data) 731 { 732 struct ptrace_lwpinfo pl; 733 734 if (data != sizeof(pl)) { 735 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pl))); 736 return EINVAL; 737 } 738 int error = copyin(addr, &pl, sizeof(pl)); 739 if (error) 740 return error; 741 742 lwpid_t tmp = pl.pl_lwpid; 743 lwp_delref(*lt); 744 mutex_enter(t->p_lock); 745 if (tmp == 0) 746 *lt = lwp_find_first(t); 747 else { 748 *lt = lwp_find(t, tmp); 749 if (*lt == NULL) { 750 mutex_exit(t->p_lock); 751 return ESRCH; 752 } 753 *lt = LIST_NEXT(*lt, l_sibling); 754 } 755 756 while (*lt != NULL && !lwp_alive(*lt)) 757 *lt = LIST_NEXT(*lt, l_sibling); 758 759 pl.pl_lwpid = 0; 760 pl.pl_event = 0; 761 if (*lt) { 762 lwp_addref(*lt); 763 pl.pl_lwpid = (*lt)->l_lid; 764 765 if ((*lt)->l_flag & LW_WSUSPEND) 766 pl.pl_event = PL_EVENT_SUSPENDED; 767 /* 768 * If we match the lwp, or it was sent to every lwp, 769 * we set PL_EVENT_SIGNAL. 770 * XXX: ps_lwp == 0 means everyone and noone, so 771 * check ps_signo too. 772 */ 773 else if ((*lt)->l_lid == t->p_sigctx.ps_lwp 774 || (t->p_sigctx.ps_lwp == 0 && 775 t->p_sigctx.ps_info._signo)) { 776 DPRINTF(("%s: lwp=%d siglwp=%d signo %d\n", __func__, 777 pl.pl_lwpid, t->p_sigctx.ps_lwp, 778 t->p_sigctx.ps_info._signo)); 779 pl.pl_event = PL_EVENT_SIGNAL; 780 } 781 } 782 mutex_exit(t->p_lock); 783 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 784 pl.pl_lwpid, pl.pl_event)); 785 786 return copyout(&pl, addr, sizeof(pl)); 787 } 788 789 static int 790 ptrace_startstop(struct proc *t, struct lwp **lt, int rq, void *addr, 791 size_t data) 792 { 793 int error; 794 795 if ((error = ptrace_update_lwp(t, lt, data)) != 0) 796 return error; 797 798 DPRINTF(("%s: lwp=%d request=%d\n", __func__, (*lt)->l_lid, rq)); 799 lwp_lock(*lt); 800 if (rq == PT_SUSPEND) 801 (*lt)->l_flag |= LW_DBGSUSPEND; 802 else { 803 (*lt)->l_flag &= ~LW_DBGSUSPEND; 804 if ((*lt)->l_flag != LSSUSPENDED) 805 (*lt)->l_stat = LSSTOP; 806 } 807 lwp_unlock(*lt); 808 return 0; 809 } 810 811 #ifdef PT_REGISTERS 812 static int 813 ptrace_uio_dir(int req) 814 { 815 switch (req) { 816 case_PT_GETREGS 817 case_PT_GETFPREGS 818 case_PT_GETDBREGS 819 return UIO_READ; 820 case_PT_SETREGS 821 case_PT_SETFPREGS 822 case_PT_SETDBREGS 823 return UIO_WRITE; 824 default: 825 return -1; 826 } 827 } 828 829 static int 830 ptrace_regs(struct lwp *l, struct lwp **lt, int rq, struct ptrace_methods *ptm, 831 void *addr, size_t data) 832 { 833 int error; 834 struct proc *p, *t; 835 struct vmspace *vm; 836 837 p = l->l_proc; /* tracer */ 838 t = (*lt)->l_proc; /* traced */ 839 840 if ((error = ptrace_update_lwp(t, lt, data)) != 0) 841 return error; 842 843 int dir = ptrace_uio_dir(rq); 844 size_t size; 845 int (*func)(struct lwp *, struct lwp *, struct uio *); 846 847 DPRINTF(("%s: lwp=%d request=%d\n", __func__, l->l_lid, rq)); 848 849 switch (rq) { 850 #if defined(PT_SETREGS) || defined(PT_GETREGS) 851 case_PT_GETREGS 852 case_PT_SETREGS 853 if (!process_validregs(*lt)) 854 return EINVAL; 855 size = PROC_REGSZ(p); 856 func = ptm->ptm_doregs; 857 break; 858 #endif 859 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 860 case_PT_GETFPREGS 861 case_PT_SETFPREGS 862 if (!process_validfpregs(*lt)) 863 return EINVAL; 864 size = PROC_FPREGSZ(p); 865 func = ptm->ptm_dofpregs; 866 break; 867 #endif 868 #if defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 869 case_PT_GETDBREGS 870 case_PT_SETDBREGS 871 if (!process_validdbregs(*lt)) 872 return EINVAL; 873 size = PROC_DBREGSZ(p); 874 func = ptm->ptm_dodbregs; 875 break; 876 #endif 877 default: 878 return EINVAL; 879 } 880 881 error = proc_vmspace_getref(l->l_proc, &vm); 882 if (error) 883 return error; 884 885 struct uio uio; 886 struct iovec iov; 887 888 iov.iov_base = addr; 889 iov.iov_len = size; 890 uio.uio_iov = &iov; 891 uio.uio_iovcnt = 1; 892 uio.uio_offset = 0; 893 uio.uio_resid = iov.iov_len; 894 uio.uio_rw = dir; 895 uio.uio_vmspace = vm; 896 897 error = (*func)(l, *lt, &uio); 898 uvmspace_free(vm); 899 return error; 900 } 901 #endif 902 903 static int 904 ptrace_sendsig(struct lwp *l, int req, struct proc *t, struct lwp *lt, int signo, int resume_all) 905 { 906 ksiginfo_t ksi; 907 908 /* Finally, deliver the requested signal (or none). */ 909 if (t->p_stat == SSTOP) { 910 /* 911 * Unstop the process. If it needs to take a 912 * signal, make all efforts to ensure that at 913 * an LWP runs to see it. 914 */ 915 t->p_xsig = signo; 916 917 /* 918 * signo > 0 check prevents a potential panic, as 919 * sigismember(&...,0) is invalid check and signo 920 * can be equal to 0 as a special case of no-signal. 921 */ 922 if (signo > 0 && sigismember(&stopsigmask, signo)) { 923 t->p_waited = 0; 924 child_psignal(t, 0); 925 } else if (resume_all) 926 proc_unstop(t); 927 else 928 lwp_unstop(lt); 929 return 0; 930 } 931 932 KASSERT(req == PT_KILL || req == PT_STOP || req == PT_ATTACH); 933 934 KSI_INIT(&ksi); 935 ksi.ksi_signo = signo; 936 ksi.ksi_code = SI_USER; 937 ksi.ksi_pid = l->l_proc->p_pid; 938 ksi.ksi_uid = kauth_cred_geteuid(l->l_cred); 939 940 t->p_sigctx.ps_faked = false; 941 942 DPRINTF(("%s: pid=%d.%d signal=%d resume_all=%d\n", __func__, t->p_pid, 943 lt->l_lid, signo, resume_all)); 944 945 return kpsignal2(t, &ksi); 946 } 947 948 static int 949 ptrace_dumpcore(struct lwp *lt, char *path, size_t len) 950 { 951 int error; 952 if (path != NULL) { 953 954 if (len >= MAXPATHLEN) 955 return EINVAL; 956 957 char *src = path; 958 path = kmem_alloc(len + 1, KM_SLEEP); 959 error = copyin(src, path, len); 960 if (error) 961 goto out; 962 path[len] = '\0'; 963 } 964 DPRINTF(("%s: lwp=%d\n", __func__, lt->l_lid)); 965 MODULE_HOOK_CALL(coredump_hook, (lt, path), 0, error); 966 out: 967 if (path) 968 kmem_free(path, len + 1); 969 return error; 970 } 971 972 static int 973 ptrace_doio(struct lwp *l, struct proc *t, struct lwp *lt, 974 struct ptrace_io_desc *piod, void *addr, bool sysspace) 975 { 976 struct uio uio; 977 struct iovec iov; 978 int error, tmp; 979 980 error = 0; 981 iov.iov_base = piod->piod_addr; 982 iov.iov_len = piod->piod_len; 983 uio.uio_iov = &iov; 984 uio.uio_iovcnt = 1; 985 uio.uio_offset = (off_t)(unsigned long)piod->piod_offs; 986 uio.uio_resid = piod->piod_len; 987 988 DPRINTF(("%s: lwp=%d request=%d\n", __func__, l->l_lid, piod->piod_op)); 989 990 switch (piod->piod_op) { 991 case PIOD_READ_D: 992 case PIOD_READ_I: 993 uio.uio_rw = UIO_READ; 994 break; 995 case PIOD_WRITE_D: 996 case PIOD_WRITE_I: 997 /* 998 * Can't write to a RAS 999 */ 1000 if (ras_lookup(t, addr) != (void *)-1) { 1001 return EACCES; 1002 } 1003 uio.uio_rw = UIO_WRITE; 1004 break; 1005 case PIOD_READ_AUXV: 1006 uio.uio_rw = UIO_READ; 1007 tmp = t->p_execsw->es_arglen; 1008 if (uio.uio_offset > tmp) 1009 return EIO; 1010 if (uio.uio_resid > tmp - uio.uio_offset) 1011 uio.uio_resid = tmp - uio.uio_offset; 1012 piod->piod_len = iov.iov_len = uio.uio_resid; 1013 error = process_auxv_offset(t, &uio); 1014 break; 1015 default: 1016 error = EINVAL; 1017 break; 1018 } 1019 1020 if (error) 1021 return error; 1022 1023 if (sysspace) { 1024 uio.uio_vmspace = vmspace_kernel(); 1025 } else { 1026 error = proc_vmspace_getref(l->l_proc, &uio.uio_vmspace); 1027 if (error) 1028 return error; 1029 } 1030 1031 error = process_domem(l, lt, &uio); 1032 if (!sysspace) 1033 uvmspace_free(uio.uio_vmspace); 1034 if (error) 1035 return error; 1036 piod->piod_len -= uio.uio_resid; 1037 return 0; 1038 } 1039 1040 int 1041 do_ptrace(struct ptrace_methods *ptm, struct lwp *l, int req, pid_t pid, 1042 void *addr, int data, register_t *retval) 1043 { 1044 struct proc *p = l->l_proc; 1045 struct lwp *lt = NULL; 1046 struct lwp *lt2; 1047 struct proc *t; /* target process */ 1048 struct ptrace_io_desc piod; 1049 int error, write, tmp, pheld; 1050 int signo = 0; 1051 int resume_all; 1052 bool locked; 1053 error = 0; 1054 1055 /* 1056 * If attaching or detaching, we need to get a write hold on the 1057 * proclist lock so that we can re-parent the target process. 1058 */ 1059 mutex_enter(proc_lock); 1060 1061 t = ptrace_find(l, req, pid); 1062 if (t == NULL) { 1063 mutex_exit(proc_lock); 1064 return ESRCH; 1065 } 1066 1067 pheld = 1; 1068 if ((error = ptrace_allowed(l, req, t, p, &locked)) != 0) 1069 goto out; 1070 1071 if ((error = kauth_authorize_process(l->l_cred, 1072 KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req), NULL, NULL)) != 0) 1073 goto out; 1074 1075 if ((lt = lwp_find_first(t)) == NULL) { 1076 error = ESRCH; 1077 goto out; 1078 } 1079 1080 /* Do single-step fixup if needed. */ 1081 FIX_SSTEP(t); 1082 KASSERT(lt != NULL); 1083 lwp_addref(lt); 1084 1085 /* 1086 * Which locks do we need held? XXX Ugly. 1087 */ 1088 if ((pheld = ptrace_needs_hold(req)) == 0) { 1089 mutex_exit(t->p_lock); 1090 mutex_exit(proc_lock); 1091 } 1092 1093 /* Now do the operation. */ 1094 write = 0; 1095 *retval = 0; 1096 tmp = 0; 1097 resume_all = 1; 1098 1099 switch (req) { 1100 case PT_TRACE_ME: 1101 /* Just set the trace flag. */ 1102 SET(t->p_slflag, PSL_TRACED); 1103 t->p_opptr = t->p_pptr; 1104 break; 1105 1106 /* 1107 * The I and D separate address space has been inherited from PDP-11. 1108 * The 16-bit UNIX started with a single address space per program, 1109 * but was extended to two 16-bit (2 x 64kb) address spaces. 1110 * 1111 * We no longer maintain this feature in maintained architectures, but 1112 * we keep the API for backward compatiblity. Currently the I and D 1113 * operations are exactly the same and not distinguished in debuggers. 1114 */ 1115 case PT_WRITE_I: 1116 case PT_WRITE_D: 1117 write = 1; 1118 tmp = data; 1119 /* FALLTHROUGH */ 1120 case PT_READ_I: 1121 case PT_READ_D: 1122 piod.piod_addr = &tmp; 1123 piod.piod_len = sizeof(tmp); 1124 piod.piod_offs = addr; 1125 piod.piod_op = write ? PIOD_WRITE_D : PIOD_READ_D; 1126 if ((error = ptrace_doio(l, t, lt, &piod, addr, true)) != 0) 1127 break; 1128 /* 1129 * For legacy reasons we treat here two results as success: 1130 * - incomplete transfer piod.piod_len < sizeof(tmp) 1131 * - no transfer piod.piod_len == 0 1132 * 1133 * This means that there is no way to determine whether 1134 * transfer operation was performed in PT_WRITE and PT_READ 1135 * calls. 1136 */ 1137 if (!write) 1138 *retval = tmp; 1139 break; 1140 1141 case PT_IO: 1142 if ((error = ptm->ptm_copyin_piod(&piod, addr, data)) != 0) 1143 break; 1144 if (piod.piod_len < 1) { 1145 error = EINVAL; 1146 break; 1147 } 1148 if ((error = ptrace_doio(l, t, lt, &piod, addr, false)) != 0) 1149 break; 1150 /* 1151 * For legacy reasons we treat here two results as success: 1152 * - incomplete transfer piod.piod_len < sizeof(tmp) 1153 * - no transfer piod.piod_len == 0 1154 */ 1155 error = ptm->ptm_copyout_piod(&piod, addr, data); 1156 break; 1157 1158 case PT_DUMPCORE: 1159 error = ptrace_dumpcore(lt, addr, data); 1160 break; 1161 1162 #ifdef PT_STEP 1163 case PT_STEP: 1164 /* 1165 * From the 4.4BSD PRM: 1166 * "Execution continues as in request PT_CONTINUE; however 1167 * as soon as possible after execution of at least one 1168 * instruction, execution stops again. [ ... ]" 1169 */ 1170 #endif 1171 case PT_CONTINUE: 1172 case PT_SYSCALL: 1173 case PT_DETACH: 1174 if (req == PT_SYSCALL) { 1175 if (!ISSET(t->p_slflag, PSL_SYSCALL)) { 1176 SET(t->p_slflag, PSL_SYSCALL); 1177 #ifdef __HAVE_SYSCALL_INTERN 1178 (*t->p_emul->e_syscall_intern)(t); 1179 #endif 1180 } 1181 } else { 1182 if (ISSET(t->p_slflag, PSL_SYSCALL)) { 1183 CLR(t->p_slflag, PSL_SYSCALL); 1184 #ifdef __HAVE_SYSCALL_INTERN 1185 (*t->p_emul->e_syscall_intern)(t); 1186 #endif 1187 } 1188 } 1189 t->p_trace_enabled = trace_is_enabled(t); 1190 1191 /* 1192 * Pick up the LWPID, if supplied. There are two cases: 1193 * data < 0 : step or continue single thread, lwp = -data 1194 * data > 0 in PT_STEP : step this thread, continue others 1195 * For operations other than PT_STEP, data > 0 means 1196 * data is the signo to deliver to the process. 1197 */ 1198 tmp = data; 1199 if (tmp >= 0) { 1200 #ifdef PT_STEP 1201 if (req == PT_STEP) 1202 signo = 0; 1203 else 1204 #endif 1205 { 1206 signo = tmp; 1207 tmp = 0; /* don't search for LWP */ 1208 } 1209 } else if (tmp == INT_MIN) { 1210 error = ESRCH; 1211 break; 1212 } else { 1213 tmp = -tmp; 1214 } 1215 1216 if (tmp > 0) { 1217 if (req == PT_DETACH) { 1218 error = EINVAL; 1219 break; 1220 } 1221 lwp_delref2 (lt); 1222 lt = lwp_find(t, tmp); 1223 if (lt == NULL) { 1224 error = ESRCH; 1225 break; 1226 } 1227 lwp_addref(lt); 1228 resume_all = 0; 1229 signo = 0; 1230 } 1231 1232 /* 1233 * From the 4.4BSD PRM: 1234 * "The data argument is taken as a signal number and the 1235 * child's execution continues at location addr as if it 1236 * incurred that signal. Normally the signal number will 1237 * be either 0 to indicate that the signal that caused the 1238 * stop should be ignored, or that value fetched out of 1239 * the process's image indicating which signal caused 1240 * the stop. If addr is (int *)1 then execution continues 1241 * from where it stopped." 1242 */ 1243 1244 /* Check that the data is a valid signal number or zero. */ 1245 if (signo < 0 || signo >= NSIG) { 1246 error = EINVAL; 1247 break; 1248 } 1249 1250 /* Prevent process deadlock */ 1251 if (resume_all) { 1252 #ifdef PT_STEP 1253 if (req == PT_STEP) { 1254 if (lt->l_flag & 1255 (LW_WSUSPEND | LW_DBGSUSPEND)) { 1256 error = EDEADLK; 1257 break; 1258 } 1259 } else 1260 #endif 1261 { 1262 error = EDEADLK; 1263 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1264 if ((lt2->l_flag & 1265 (LW_WSUSPEND | LW_DBGSUSPEND)) == 0 1266 ) { 1267 error = 0; 1268 break; 1269 } 1270 } 1271 if (error != 0) 1272 break; 1273 } 1274 } else { 1275 if (lt->l_flag & (LW_WSUSPEND | LW_DBGSUSPEND)) { 1276 error = EDEADLK; 1277 break; 1278 } 1279 } 1280 1281 /* 1282 * Reject setting program counter to 0x0 if VA0 is disabled. 1283 * 1284 * Not all kernels implement this feature to set Program 1285 * Counter in one go in PT_CONTINUE and similar operations. 1286 * This causes portability issues as passing address 0x0 1287 * on these kernels is no-operation, but can cause failure 1288 * in most cases on NetBSD. 1289 */ 1290 if (user_va0_disable && addr == 0) { 1291 error = EINVAL; 1292 break; 1293 } 1294 1295 /* If the address parameter is not (int *)1, set the pc. */ 1296 if ((int *)addr != (int *)1) { 1297 error = process_set_pc(lt, addr); 1298 if (error != 0) 1299 break; 1300 } 1301 #ifdef PT_STEP 1302 /* 1303 * Arrange for a single-step, if that's requested and possible. 1304 * More precisely, set the single step status as requested for 1305 * the requested thread, and clear it for other threads. 1306 */ 1307 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1308 if (ISSET(lt2->l_pflag, LP_SINGLESTEP)) { 1309 lwp_lock(lt2); 1310 process_sstep(lt2, 1); 1311 lwp_unlock(lt2); 1312 } else if (lt != lt2) { 1313 lwp_lock(lt2); 1314 process_sstep(lt2, 0); 1315 lwp_unlock(lt2); 1316 } 1317 } 1318 error = process_sstep(lt, 1319 ISSET(lt->l_pflag, LP_SINGLESTEP) || req == PT_STEP); 1320 if (error) 1321 break; 1322 #endif 1323 if (req == PT_DETACH) { 1324 CLR(t->p_slflag, PSL_TRACED|PSL_SYSCALL); 1325 1326 /* give process back to original parent or init */ 1327 if (t->p_opptr != t->p_pptr) { 1328 struct proc *pp = t->p_opptr; 1329 proc_reparent(t, pp ? pp : initproc); 1330 } 1331 1332 /* not being traced any more */ 1333 t->p_opptr = NULL; 1334 1335 /* clear single step */ 1336 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1337 CLR(lt2->l_pflag, LP_SINGLESTEP); 1338 } 1339 CLR(lt->l_pflag, LP_SINGLESTEP); 1340 } 1341 sendsig: 1342 error = ptrace_sendsig(l, req, t, lt, signo, resume_all); 1343 break; 1344 1345 case PT_SYSCALLEMU: 1346 if (!ISSET(t->p_slflag, PSL_SYSCALL) || t->p_stat != SSTOP) { 1347 error = EINVAL; 1348 break; 1349 } 1350 SET(t->p_slflag, PSL_SYSCALLEMU); 1351 break; 1352 1353 #ifdef PT_STEP 1354 case PT_SETSTEP: 1355 write = 1; 1356 1357 /* FALLTHROUGH */ 1358 case PT_CLEARSTEP: 1359 /* write = 0 done above. */ 1360 if ((error = ptrace_update_lwp(t, <, data)) != 0) 1361 break; 1362 1363 if (write) 1364 SET(lt->l_pflag, LP_SINGLESTEP); 1365 else 1366 CLR(lt->l_pflag, LP_SINGLESTEP); 1367 break; 1368 #endif 1369 1370 case PT_KILL: 1371 /* just send the process a KILL signal. */ 1372 signo = SIGKILL; 1373 goto sendsig; /* in PT_CONTINUE, above. */ 1374 1375 case PT_STOP: 1376 /* just send the process a STOP signal. */ 1377 signo = SIGSTOP; 1378 goto sendsig; /* in PT_CONTINUE, above. */ 1379 1380 case PT_ATTACH: 1381 /* 1382 * Go ahead and set the trace flag. 1383 * Save the old parent (it's reset in 1384 * _DETACH, and also in kern_exit.c:wait4() 1385 * Reparent the process so that the tracing 1386 * proc gets to see all the action. 1387 * Stop the target. 1388 */ 1389 proc_changeparent(t, p); 1390 signo = SIGSTOP; 1391 goto sendsig; 1392 1393 case PT_GET_EVENT_MASK: 1394 error = ptrace_get_event_mask(t, addr, data); 1395 break; 1396 1397 case PT_SET_EVENT_MASK: 1398 error = ptrace_set_event_mask(t, addr, data); 1399 break; 1400 1401 case PT_GET_PROCESS_STATE: 1402 error = ptrace_get_process_state(t, addr, data); 1403 break; 1404 1405 case PT_LWPINFO: 1406 error = ptrace_lwpinfo(t, <, addr, data); 1407 break; 1408 1409 case PT_SET_SIGINFO: 1410 error = ptrace_set_siginfo(t, <, ptm, addr, data); 1411 break; 1412 1413 case PT_GET_SIGINFO: 1414 error = ptrace_get_siginfo(t, ptm, addr, data); 1415 break; 1416 1417 case PT_RESUME: 1418 case PT_SUSPEND: 1419 error = ptrace_startstop(t, <, req, addr, data); 1420 break; 1421 1422 #ifdef PT_REGISTERS 1423 case_PT_SETREGS 1424 case_PT_GETREGS 1425 case_PT_SETFPREGS 1426 case_PT_GETFPREGS 1427 case_PT_SETDBREGS 1428 case_PT_GETDBREGS 1429 error = ptrace_regs(l, <, req, ptm, addr, data); 1430 break; 1431 #endif 1432 1433 #ifdef __HAVE_PTRACE_MACHDEP 1434 PTRACE_MACHDEP_REQUEST_CASES 1435 error = ptrace_machdep_dorequest(l, lt, req, addr, data); 1436 break; 1437 #endif 1438 } 1439 1440 out: 1441 if (pheld) { 1442 mutex_exit(t->p_lock); 1443 mutex_exit(proc_lock); 1444 } 1445 if (lt != NULL) 1446 lwp_delref(lt); 1447 if (locked) 1448 rw_exit(&t->p_reflock); 1449 1450 return error; 1451 } 1452 1453 typedef int (*regrfunc_t)(struct lwp *, void *, size_t *); 1454 typedef int (*regwfunc_t)(struct lwp *, void *, size_t); 1455 1456 #ifdef PT_REGISTERS 1457 static int 1458 proc_regio(struct lwp *l, struct uio *uio, size_t ks, regrfunc_t r, 1459 regwfunc_t w) 1460 { 1461 char buf[1024]; 1462 int error; 1463 char *kv; 1464 size_t kl; 1465 1466 if (ks > sizeof(buf)) 1467 return E2BIG; 1468 1469 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)ks) 1470 return EINVAL; 1471 1472 kv = buf + uio->uio_offset; 1473 kl = ks - uio->uio_offset; 1474 1475 if (kl > uio->uio_resid) 1476 kl = uio->uio_resid; 1477 1478 error = (*r)(l, buf, &ks); 1479 if (error == 0) 1480 error = uiomove(kv, kl, uio); 1481 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1482 if (l->l_stat != LSSTOP) 1483 error = EBUSY; 1484 else 1485 error = (*w)(l, buf, ks); 1486 } 1487 1488 uio->uio_offset = 0; 1489 return error; 1490 } 1491 #endif 1492 1493 int 1494 process_doregs(struct lwp *curl /*tracer*/, 1495 struct lwp *l /*traced*/, 1496 struct uio *uio) 1497 { 1498 #if defined(PT_GETREGS) || defined(PT_SETREGS) 1499 size_t s; 1500 regrfunc_t r; 1501 regwfunc_t w; 1502 1503 #ifdef COMPAT_NETBSD32 1504 const bool pk32 = (curl->l_proc->p_flag & PK_32) != 0; 1505 1506 if (__predict_false(pk32)) { 1507 if ((l->l_proc->p_flag & PK_32) == 0) { 1508 // 32 bit tracer can't trace 64 bit process 1509 return EINVAL; 1510 } 1511 s = sizeof(process_reg32); 1512 r = __FPTRCAST(regrfunc_t, process_read_regs32); 1513 w = __FPTRCAST(regwfunc_t, process_write_regs32); 1514 } else 1515 #endif 1516 { 1517 s = sizeof(struct reg); 1518 r = __FPTRCAST(regrfunc_t, process_read_regs); 1519 w = __FPTRCAST(regwfunc_t, process_write_regs); 1520 } 1521 return proc_regio(l, uio, s, r, w); 1522 #else 1523 return EINVAL; 1524 #endif 1525 } 1526 1527 int 1528 process_validregs(struct lwp *l) 1529 { 1530 1531 #if defined(PT_SETREGS) || defined(PT_GETREGS) 1532 return (l->l_flag & LW_SYSTEM) == 0; 1533 #else 1534 return 0; 1535 #endif 1536 } 1537 1538 int 1539 process_dofpregs(struct lwp *curl /*tracer*/, 1540 struct lwp *l /*traced*/, 1541 struct uio *uio) 1542 { 1543 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 1544 size_t s; 1545 regrfunc_t r; 1546 regwfunc_t w; 1547 1548 #ifdef COMPAT_NETBSD32 1549 const bool pk32 = (curl->l_proc->p_flag & PK_32) != 0; 1550 1551 if (__predict_false(pk32)) { 1552 if ((l->l_proc->p_flag & PK_32) == 0) { 1553 // 32 bit tracer can't trace 64 bit process 1554 return EINVAL; 1555 } 1556 s = sizeof(process_fpreg32); 1557 r = (regrfunc_t)process_read_fpregs32; 1558 w = (regwfunc_t)process_write_fpregs32; 1559 } else 1560 #endif 1561 { 1562 s = sizeof(struct fpreg); 1563 r = (regrfunc_t)process_read_fpregs; 1564 w = (regwfunc_t)process_write_fpregs; 1565 } 1566 return proc_regio(l, uio, s, r, w); 1567 #else 1568 return EINVAL; 1569 #endif 1570 } 1571 1572 int 1573 process_validfpregs(struct lwp *l) 1574 { 1575 1576 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 1577 return (l->l_flag & LW_SYSTEM) == 0; 1578 #else 1579 return 0; 1580 #endif 1581 } 1582 1583 int 1584 process_dodbregs(struct lwp *curl /*tracer*/, 1585 struct lwp *l /*traced*/, 1586 struct uio *uio) 1587 { 1588 #if defined(PT_GETDBREGS) || defined(PT_SETDBREGS) 1589 size_t s; 1590 regrfunc_t r; 1591 regwfunc_t w; 1592 1593 #ifdef COMPAT_NETBSD32 1594 const bool pk32 = (curl->l_proc->p_flag & PK_32) != 0; 1595 1596 if (__predict_false(pk32)) { 1597 if ((l->l_proc->p_flag & PK_32) == 0) { 1598 // 32 bit tracer can't trace 64 bit process 1599 return EINVAL; 1600 } 1601 s = sizeof(process_dbreg32); 1602 r = (regrfunc_t)process_read_dbregs32; 1603 w = (regwfunc_t)process_write_dbregs32; 1604 } else 1605 #endif 1606 { 1607 s = sizeof(struct dbreg); 1608 r = (regrfunc_t)process_read_dbregs; 1609 w = (regwfunc_t)process_write_dbregs; 1610 } 1611 return proc_regio(l, uio, s, r, w); 1612 #else 1613 return EINVAL; 1614 #endif 1615 } 1616 1617 int 1618 process_validdbregs(struct lwp *l) 1619 { 1620 1621 #if defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 1622 return (l->l_flag & LW_SYSTEM) == 0; 1623 #else 1624 return 0; 1625 #endif 1626 } 1627 1628 static int 1629 process_auxv_offset(struct proc *p, struct uio *uio) 1630 { 1631 struct ps_strings pss; 1632 int error; 1633 off_t off = (off_t)p->p_psstrp; 1634 1635 if ((error = copyin_psstrings(p, &pss)) != 0) 1636 return error; 1637 1638 if (pss.ps_envstr == NULL) 1639 return EIO; 1640 1641 #ifdef COMPAT_NETBSD32 1642 if (p->p_flag & PK_32) 1643 uio->uio_offset += (off_t)((vaddr_t)pss.ps_envstr + 1644 sizeof(uint32_t) * (pss.ps_nenvstr + 1)); 1645 else 1646 #endif 1647 uio->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + 1648 pss.ps_nenvstr + 1); 1649 1650 #ifdef __MACHINE_STACK_GROWS_UP 1651 if (uio->uio_offset < off) 1652 return EIO; 1653 #else 1654 if (uio->uio_offset > off) 1655 return EIO; 1656 if ((uio->uio_offset + uio->uio_resid) > off) 1657 uio->uio_resid = off - uio->uio_offset; 1658 #endif 1659 return 0; 1660 } 1661 #endif /* PTRACE */ 1662 1663 MODULE(MODULE_CLASS_EXEC, ptrace_common, NULL); 1664 1665 static int 1666 ptrace_common_modcmd(modcmd_t cmd, void *arg) 1667 { 1668 int error; 1669 1670 switch (cmd) { 1671 case MODULE_CMD_INIT: 1672 error = ptrace_init(); 1673 break; 1674 case MODULE_CMD_FINI: 1675 error = ptrace_fini(); 1676 break; 1677 default: 1678 ptrace_hooks(); 1679 error = ENOTTY; 1680 break; 1681 } 1682 return error; 1683 } 1684
Indexes created Thu Sep 25 08:09:54 GMT 2025