sys_ptrace_common.c revision 1.76
1 /* $NetBSD: sys_ptrace_common.c,v 1.76 2019/12/26 08:52:38 kamil Exp $ */ 2 3 /*- 4 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Andrew Doran. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1989, 1993 34 * The Regents of the University of California. All rights reserved. 35 * (c) UNIX System Laboratories, Inc. 36 * All or some portions of this file are derived from material licensed 37 * to the University of California by American Telephone and Telegraph 38 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 39 * the permission of UNIX System Laboratories, Inc. 40 * 41 * This code is derived from software contributed to Berkeley by 42 * Jan-Simon Pendry. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 3. Neither the name of the University nor the names of its contributors 53 * may be used to endorse or promote products derived from this software 54 * without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 * 68 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 69 */ 70 71 /*- 72 * Copyright (c) 1993 Jan-Simon Pendry. 73 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 74 * 75 * This code is derived from software contributed to Berkeley by 76 * Jan-Simon Pendry. 77 * 78 * Redistribution and use in source and binary forms, with or without 79 * modification, are permitted provided that the following conditions 80 * are met: 81 * 1. Redistributions of source code must retain the above copyright 82 * notice, this list of conditions and the following disclaimer. 83 * 2. Redistributions in binary form must reproduce the above copyright 84 * notice, this list of conditions and the following disclaimer in the 85 * documentation and/or other materials provided with the distribution. 86 * 3. All advertising materials mentioning features or use of this software 87 * must display the following acknowledgement: 88 * This product includes software developed by the University of 89 * California, Berkeley and its contributors. 90 * 4. Neither the name of the University nor the names of its contributors 91 * may be used to endorse or promote products derived from this software 92 * without specific prior written permission. 93 * 94 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 97 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 98 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 99 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 100 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 101 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 104 * SUCH DAMAGE. 105 * 106 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 107 */ 108 109 /* 110 * References: 111 * (1) Bach's "The Design of the UNIX Operating System", 112 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 113 * (3) the "4.4BSD Programmer's Reference Manual" published 114 * by USENIX and O'Reilly & Associates. 115 * The 4.4BSD PRM does a reasonably good job of documenting what the various 116 * ptrace() requests should actually do, and its text is quoted several times 117 * in this file. 118 */ 119 120 #include <sys/cdefs.h> 121 __KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.76 2019/12/26 08:52:38 kamil Exp $"); 122 123 #ifdef _KERNEL_OPT 124 #include "opt_ptrace.h" 125 #include "opt_ktrace.h" 126 #include "opt_pax.h" 127 #include "opt_compat_netbsd32.h" 128 #endif 129 130 #if defined(__HAVE_COMPAT_NETBSD32) && !defined(COMPAT_NETBSD32) \ 131 && !defined(_RUMPKERNEL) 132 #define COMPAT_NETBSD32 133 #endif 134 135 #include <sys/param.h> 136 #include <sys/systm.h> 137 #include <sys/proc.h> 138 #include <sys/errno.h> 139 #include <sys/exec.h> 140 #include <sys/pax.h> 141 #include <sys/ptrace.h> 142 #include <sys/uio.h> 143 #include <sys/ras.h> 144 #include <sys/kmem.h> 145 #include <sys/kauth.h> 146 #include <sys/mount.h> 147 #include <sys/syscallargs.h> 148 #include <sys/module.h> 149 #include <sys/condvar.h> 150 #include <sys/mutex.h> 151 #include <sys/compat_stub.h> 152 153 #include <uvm/uvm_extern.h> 154 155 #include <machine/reg.h> 156 157 #ifdef PTRACE 158 # ifdef PTRACE_DEBUG 159 # define DPRINTF(a) uprintf a 160 # else 161 # define DPRINTF(a) 162 # endif 163 164 static kauth_listener_t ptrace_listener; 165 static int process_auxv_offset(struct proc *, struct uio *); 166 167 extern int user_va0_disable; 168 169 #if 0 170 static int ptrace_cbref; 171 static kmutex_t ptrace_mtx; 172 static kcondvar_t ptrace_cv; 173 #endif 174 175 #ifdef PT_GETREGS 176 # define case_PT_GETREGS case PT_GETREGS: 177 #else 178 # define case_PT_GETREGS 179 #endif 180 181 #ifdef PT_SETREGS 182 # define case_PT_SETREGS case PT_SETREGS: 183 #else 184 # define case_PT_SETREGS 185 #endif 186 187 #ifdef PT_GETFPREGS 188 # define case_PT_GETFPREGS case PT_GETFPREGS: 189 #else 190 # define case_PT_GETFPREGS 191 #endif 192 193 #ifdef PT_SETFPREGS 194 # define case_PT_SETFPREGS case PT_SETFPREGS: 195 #else 196 # define case_PT_SETFPREGS 197 #endif 198 199 #ifdef PT_GETDBREGS 200 # define case_PT_GETDBREGS case PT_GETDBREGS: 201 #else 202 # define case_PT_GETDBREGS 203 #endif 204 205 #ifdef PT_SETDBREGS 206 # define case_PT_SETDBREGS case PT_SETDBREGS: 207 #else 208 # define case_PT_SETDBREGS 209 #endif 210 211 #if defined(PT_SETREGS) || defined(PT_GETREGS) || \ 212 defined(PT_SETFPREGS) || defined(PT_GETFPREGS) || \ 213 defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 214 # define PT_REGISTERS 215 #endif 216 217 static int 218 ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 219 void *arg0, void *arg1, void *arg2, void *arg3) 220 { 221 struct proc *p; 222 int result; 223 #ifdef PT_SETDBREGS 224 extern int user_set_dbregs; 225 #endif 226 227 result = KAUTH_RESULT_DEFER; 228 p = arg0; 229 230 #if 0 231 mutex_enter(&ptrace_mtx); 232 ptrace_cbref++; 233 mutex_exit(&ptrace_mtx); 234 #endif 235 if (action != KAUTH_PROCESS_PTRACE) 236 goto out; 237 238 switch ((u_long)arg1) { 239 #ifdef PT_SETDBREGS 240 case_PT_SETDBREGS 241 if (kauth_cred_getuid(cred) != 0 && user_set_dbregs == 0) { 242 result = KAUTH_RESULT_DENY; 243 break; 244 } 245 #endif 246 /* FALLTHROUGH */ 247 case PT_TRACE_ME: 248 case PT_ATTACH: 249 case PT_WRITE_I: 250 case PT_WRITE_D: 251 case PT_READ_I: 252 case PT_READ_D: 253 case PT_IO: 254 case_PT_GETREGS 255 case_PT_SETREGS 256 case_PT_GETFPREGS 257 case_PT_SETFPREGS 258 case_PT_GETDBREGS 259 case PT_SET_EVENT_MASK: 260 case PT_GET_EVENT_MASK: 261 case PT_GET_PROCESS_STATE: 262 case PT_SET_SIGINFO: 263 case PT_GET_SIGINFO: 264 #ifdef __HAVE_PTRACE_MACHDEP 265 PTRACE_MACHDEP_REQUEST_CASES 266 #endif 267 if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) || 268 ISSET(p->p_flag, PK_SUGID)) { 269 break; 270 } 271 272 result = KAUTH_RESULT_ALLOW; 273 274 break; 275 276 #ifdef PT_STEP 277 case PT_STEP: 278 case PT_SETSTEP: 279 case PT_CLEARSTEP: 280 #endif 281 case PT_CONTINUE: 282 case PT_KILL: 283 case PT_DETACH: 284 case PT_LWPINFO: 285 case PT_SYSCALL: 286 case PT_SYSCALLEMU: 287 case PT_DUMPCORE: 288 case PT_RESUME: 289 case PT_SUSPEND: 290 case PT_STOP: 291 case PT_LWPSTATUS: 292 case PT_LWPNEXT: 293 result = KAUTH_RESULT_ALLOW; 294 break; 295 296 default: 297 break; 298 } 299 300 out: 301 #if 0 302 mutex_enter(&ptrace_mtx); 303 if (--ptrace_cbref == 0) 304 cv_broadcast(&ptrace_cv); 305 mutex_exit(&ptrace_mtx); 306 #endif 307 308 return result; 309 } 310 311 int 312 ptrace_init(void) 313 { 314 315 #if 0 316 mutex_init(&ptrace_mtx, MUTEX_DEFAULT, IPL_NONE); 317 cv_init(&ptrace_cv, "ptracecb"); 318 ptrace_cbref = 0; 319 #endif 320 ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 321 ptrace_listener_cb, NULL); 322 return 0; 323 } 324 325 int 326 ptrace_fini(void) 327 { 328 329 kauth_unlisten_scope(ptrace_listener); 330 331 #if 0 332 /* Make sure no-one is executing our kauth listener */ 333 334 mutex_enter(&ptrace_mtx); 335 while (ptrace_cbref != 0) 336 cv_wait(&ptrace_cv, &ptrace_mtx); 337 mutex_exit(&ptrace_mtx); 338 mutex_destroy(&ptrace_mtx); 339 cv_destroy(&ptrace_cv); 340 #endif 341 342 return 0; 343 } 344 345 static struct proc * 346 ptrace_find(struct lwp *l, int req, pid_t pid) 347 { 348 struct proc *t; 349 350 /* "A foolish consistency..." XXX */ 351 if (req == PT_TRACE_ME) { 352 t = l->l_proc; 353 mutex_enter(t->p_lock); 354 return t; 355 } 356 357 /* Find the process we're supposed to be operating on. */ 358 t = proc_find(pid); 359 if (t == NULL) 360 return NULL; 361 362 /* XXX-elad */ 363 mutex_enter(t->p_lock); 364 int error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, 365 t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 366 if (error) { 367 mutex_exit(t->p_lock); 368 return NULL; 369 } 370 return t; 371 } 372 373 static int 374 ptrace_allowed(struct lwp *l, int req, struct proc *t, struct proc *p, 375 bool *locked) 376 { 377 *locked = false; 378 379 /* 380 * Grab a reference on the process to prevent it from execing or 381 * exiting. 382 */ 383 if (!rw_tryenter(&t->p_reflock, RW_READER)) 384 return EBUSY; 385 386 *locked = true; 387 388 /* Make sure we can operate on it. */ 389 switch (req) { 390 case PT_TRACE_ME: 391 /* 392 * You can't say to the parent of a process to start tracing if: 393 * (1) the parent is initproc, 394 */ 395 if (p->p_pptr == initproc) 396 return EPERM; 397 398 /* 399 * (2) the process is initproc, or 400 */ 401 if (p == initproc) 402 return EPERM; 403 404 /* 405 * (3) the child is already traced. 406 */ 407 if (ISSET(p->p_slflag, PSL_TRACED)) 408 return EBUSY; 409 410 return 0; 411 412 case PT_ATTACH: 413 /* 414 * You can't attach to a process if: 415 * (1) it's the process that's doing the attaching, 416 */ 417 if (t == p) 418 return EINVAL; 419 420 /* 421 * (2) it's a system process, 422 */ 423 if (t->p_flag & PK_SYSTEM) 424 return EPERM; 425 426 /* 427 * (3) the tracer is initproc, 428 */ 429 if (p == initproc) 430 return EPERM; 431 432 /* 433 * (4) it's already being traced, 434 */ 435 if (ISSET(t->p_slflag, PSL_TRACED)) 436 return EBUSY; 437 438 /* 439 * (5) it's a vfork(2)ed parent of the current process, or 440 */ 441 if (ISSET(p->p_lflag, PL_PPWAIT) && p->p_pptr == t) 442 return EPERM; 443 444 /* 445 * (6) the tracer is chrooted, and its root directory is 446 * not at or above the root directory of the tracee 447 */ 448 mutex_exit(t->p_lock); /* XXXSMP */ 449 int tmp = proc_isunder(t, l); 450 mutex_enter(t->p_lock); /* XXXSMP */ 451 if (!tmp) 452 return EPERM; 453 return 0; 454 455 case PT_READ_I: 456 case PT_READ_D: 457 case PT_WRITE_I: 458 case PT_WRITE_D: 459 case PT_IO: 460 case PT_SET_SIGINFO: 461 case PT_GET_SIGINFO: 462 case_PT_GETREGS 463 case_PT_SETREGS 464 case_PT_GETFPREGS 465 case_PT_SETFPREGS 466 case_PT_GETDBREGS 467 case_PT_SETDBREGS 468 #ifdef __HAVE_PTRACE_MACHDEP 469 PTRACE_MACHDEP_REQUEST_CASES 470 #endif 471 /* 472 * You can't read/write the memory or registers of a process 473 * if the tracer is chrooted, and its root directory is not at 474 * or above the root directory of the tracee. 475 */ 476 mutex_exit(t->p_lock); /* XXXSMP */ 477 tmp = proc_isunder(t, l); 478 mutex_enter(t->p_lock); /* XXXSMP */ 479 if (!tmp) 480 return EPERM; 481 /*FALLTHROUGH*/ 482 483 case PT_CONTINUE: 484 case PT_KILL: 485 case PT_DETACH: 486 case PT_LWPINFO: 487 case PT_SYSCALL: 488 case PT_SYSCALLEMU: 489 case PT_DUMPCORE: 490 #ifdef PT_STEP 491 case PT_STEP: 492 case PT_SETSTEP: 493 case PT_CLEARSTEP: 494 #endif 495 case PT_SET_EVENT_MASK: 496 case PT_GET_EVENT_MASK: 497 case PT_GET_PROCESS_STATE: 498 case PT_RESUME: 499 case PT_SUSPEND: 500 case PT_STOP: 501 case PT_LWPSTATUS: 502 case PT_LWPNEXT: 503 /* 504 * You can't do what you want to the process if: 505 * (1) It's not being traced at all, 506 */ 507 if (!ISSET(t->p_slflag, PSL_TRACED)) 508 return EPERM; 509 510 /* 511 * (2) it's not being traced by _you_, or 512 */ 513 if (t->p_pptr != p) { 514 DPRINTF(("parent %d != %d\n", t->p_pptr->p_pid, 515 p->p_pid)); 516 return EBUSY; 517 } 518 519 /* 520 * (3) it's not currently stopped. 521 * 522 * As an exception allow PT_KILL and PT_STOP here. 523 */ 524 if (req != PT_KILL && req != PT_STOP && 525 (t->p_stat != SSTOP || !t->p_waited /* XXXSMP */)) { 526 DPRINTF(("stat %d flag %d\n", t->p_stat, 527 !t->p_waited)); 528 return EBUSY; 529 } 530 return 0; 531 532 default: /* It was not a legal request. */ 533 return EINVAL; 534 } 535 } 536 537 static int 538 ptrace_needs_hold(int req) 539 { 540 switch (req) { 541 #ifdef PT_STEP 542 case PT_STEP: 543 #endif 544 case PT_CONTINUE: 545 case PT_DETACH: 546 case PT_KILL: 547 case PT_SYSCALL: 548 case PT_SYSCALLEMU: 549 case PT_ATTACH: 550 case PT_TRACE_ME: 551 case PT_GET_SIGINFO: 552 case PT_SET_SIGINFO: 553 case PT_STOP: 554 return 1; 555 default: 556 return 0; 557 } 558 } 559 560 static int 561 ptrace_update_lwp(struct proc *t, struct lwp **lt, lwpid_t lid) 562 { 563 if (lid == 0 || lid == (*lt)->l_lid || t->p_nlwps == 1) 564 return 0; 565 566 mutex_enter(t->p_lock); 567 lwp_delref2(*lt); 568 569 *lt = lwp_find(t, lid); 570 if (*lt == NULL) { 571 mutex_exit(t->p_lock); 572 return ESRCH; 573 } 574 575 if ((*lt)->l_flag & LW_SYSTEM) { 576 mutex_exit(t->p_lock); 577 *lt = NULL; 578 return EINVAL; 579 } 580 581 lwp_addref(*lt); 582 mutex_exit(t->p_lock); 583 584 return 0; 585 } 586 587 static int 588 ptrace_get_siginfo(struct proc *t, struct ptrace_methods *ptm, void *addr, 589 size_t data) 590 { 591 struct ptrace_siginfo psi; 592 593 memset(&psi, 0, sizeof(psi)); 594 psi.psi_siginfo._info = t->p_sigctx.ps_info; 595 psi.psi_lwpid = t->p_sigctx.ps_lwp; 596 DPRINTF(("%s: lwp=%d signal=%d\n", __func__, psi.psi_lwpid, 597 psi.psi_siginfo.si_signo)); 598 599 return ptm->ptm_copyout_siginfo(&psi, addr, data); 600 } 601 602 static int 603 ptrace_set_siginfo(struct proc *t, struct lwp **lt, struct ptrace_methods *ptm, 604 void *addr, size_t data) 605 { 606 struct ptrace_siginfo psi; 607 608 int error = ptm->ptm_copyin_siginfo(&psi, addr, data); 609 if (error) 610 return error; 611 612 /* Check that the data is a valid signal number or zero. */ 613 if (psi.psi_siginfo.si_signo < 0 || psi.psi_siginfo.si_signo >= NSIG) 614 return EINVAL; 615 616 t->p_sigctx.ps_faked = true; 617 t->p_sigctx.ps_info = psi.psi_siginfo._info; 618 t->p_sigctx.ps_lwp = psi.psi_lwpid; 619 DPRINTF(("%s: lwp=%d signal=%d\n", __func__, psi.psi_lwpid, 620 psi.psi_siginfo.si_signo)); 621 return 0; 622 } 623 624 static int 625 ptrace_get_event_mask(struct proc *t, void *addr, size_t data) 626 { 627 struct ptrace_event pe; 628 629 if (data != sizeof(pe)) { 630 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pe))); 631 return EINVAL; 632 } 633 memset(&pe, 0, sizeof(pe)); 634 pe.pe_set_event = ISSET(t->p_slflag, PSL_TRACEFORK) ? 635 PTRACE_FORK : 0; 636 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK) ? 637 PTRACE_VFORK : 0; 638 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK_DONE) ? 639 PTRACE_VFORK_DONE : 0; 640 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_CREATE) ? 641 PTRACE_LWP_CREATE : 0; 642 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_EXIT) ? 643 PTRACE_LWP_EXIT : 0; 644 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEPOSIX_SPAWN) ? 645 PTRACE_POSIX_SPAWN : 0; 646 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 647 t->p_sigctx.ps_lwp, pe.pe_set_event)); 648 return copyout(&pe, addr, sizeof(pe)); 649 } 650 651 static int 652 ptrace_set_event_mask(struct proc *t, void *addr, size_t data) 653 { 654 struct ptrace_event pe; 655 int error; 656 657 if (data != sizeof(pe)) { 658 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pe))); 659 return EINVAL; 660 } 661 if ((error = copyin(addr, &pe, sizeof(pe))) != 0) 662 return error; 663 664 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 665 t->p_sigctx.ps_lwp, pe.pe_set_event)); 666 if (pe.pe_set_event & PTRACE_FORK) 667 SET(t->p_slflag, PSL_TRACEFORK); 668 else 669 CLR(t->p_slflag, PSL_TRACEFORK); 670 671 if (pe.pe_set_event & PTRACE_VFORK) 672 SET(t->p_slflag, PSL_TRACEVFORK); 673 else 674 CLR(t->p_slflag, PSL_TRACEVFORK); 675 676 if (pe.pe_set_event & PTRACE_VFORK_DONE) 677 SET(t->p_slflag, PSL_TRACEVFORK_DONE); 678 else 679 CLR(t->p_slflag, PSL_TRACEVFORK_DONE); 680 681 if (pe.pe_set_event & PTRACE_LWP_CREATE) 682 SET(t->p_slflag, PSL_TRACELWP_CREATE); 683 else 684 CLR(t->p_slflag, PSL_TRACELWP_CREATE); 685 686 if (pe.pe_set_event & PTRACE_LWP_EXIT) 687 SET(t->p_slflag, PSL_TRACELWP_EXIT); 688 else 689 CLR(t->p_slflag, PSL_TRACELWP_EXIT); 690 691 if (pe.pe_set_event & PTRACE_POSIX_SPAWN) 692 SET(t->p_slflag, PSL_TRACEPOSIX_SPAWN); 693 else 694 CLR(t->p_slflag, PSL_TRACEPOSIX_SPAWN); 695 696 return 0; 697 } 698 699 static int 700 ptrace_get_process_state(struct proc *t, void *addr, size_t data) 701 { 702 struct _ksiginfo *si; 703 struct ptrace_state ps; 704 705 if (data != sizeof(ps)) { 706 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(ps))); 707 return EINVAL; 708 } 709 710 if (t->p_sigctx.ps_info._signo != SIGTRAP || 711 (t->p_sigctx.ps_info._code != TRAP_CHLD && 712 t->p_sigctx.ps_info._code != TRAP_LWP)) { 713 memset(&ps, 0, sizeof(ps)); 714 } else { 715 si = &t->p_sigctx.ps_info; 716 717 KASSERT(si->_reason._ptrace_state._pe_report_event > 0); 718 KASSERT(si->_reason._ptrace_state._option._pe_other_pid > 0); 719 720 ps.pe_report_event = si->_reason._ptrace_state._pe_report_event; 721 722 CTASSERT(sizeof(ps.pe_other_pid) == sizeof(ps.pe_lwp)); 723 ps.pe_other_pid = 724 si->_reason._ptrace_state._option._pe_other_pid; 725 } 726 727 DPRINTF(("%s: lwp=%d event=%#x pid=%d lwp=%d\n", __func__, 728 t->p_sigctx.ps_lwp, ps.pe_report_event, 729 ps.pe_other_pid, ps.pe_lwp)); 730 return copyout(&ps, addr, sizeof(ps)); 731 } 732 733 static int 734 ptrace_lwpinfo(struct proc *t, struct lwp **lt, void *addr, size_t data) 735 { 736 struct ptrace_lwpinfo pl; 737 738 if (data != sizeof(pl)) { 739 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pl))); 740 return EINVAL; 741 } 742 int error = copyin(addr, &pl, sizeof(pl)); 743 if (error) 744 return error; 745 746 lwpid_t tmp = pl.pl_lwpid; 747 lwp_delref(*lt); 748 mutex_enter(t->p_lock); 749 if (tmp == 0) 750 *lt = lwp_find_first(t); 751 else { 752 *lt = lwp_find(t, tmp); 753 if (*lt == NULL) { 754 mutex_exit(t->p_lock); 755 return ESRCH; 756 } 757 *lt = LIST_NEXT(*lt, l_sibling); 758 } 759 760 while (*lt != NULL && !lwp_alive(*lt)) 761 *lt = LIST_NEXT(*lt, l_sibling); 762 763 pl.pl_lwpid = 0; 764 pl.pl_event = 0; 765 if (*lt) { 766 lwp_addref(*lt); 767 pl.pl_lwpid = (*lt)->l_lid; 768 769 if ((*lt)->l_flag & LW_WSUSPEND) 770 pl.pl_event = PL_EVENT_SUSPENDED; 771 /* 772 * If we match the lwp, or it was sent to every lwp, 773 * we set PL_EVENT_SIGNAL. 774 * XXX: ps_lwp == 0 means everyone and noone, so 775 * check ps_signo too. 776 */ 777 else if ((*lt)->l_lid == t->p_sigctx.ps_lwp 778 || (t->p_sigctx.ps_lwp == 0 && 779 t->p_sigctx.ps_info._signo)) { 780 DPRINTF(("%s: lwp=%d siglwp=%d signo %d\n", __func__, 781 pl.pl_lwpid, t->p_sigctx.ps_lwp, 782 t->p_sigctx.ps_info._signo)); 783 pl.pl_event = PL_EVENT_SIGNAL; 784 } 785 } 786 mutex_exit(t->p_lock); 787 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 788 pl.pl_lwpid, pl.pl_event)); 789 790 return copyout(&pl, addr, sizeof(pl)); 791 } 792 793 static int 794 ptrace_lwpstatus(struct proc *t, struct ptrace_methods *ptm, struct lwp **lt, 795 void *addr, size_t data, bool next) 796 { 797 struct ptrace_lwpstatus pls; 798 struct lwp *l; 799 int error; 800 801 if (data > sizeof(pls) || data < sizeof(lwpid_t)) { 802 DPRINTF(("%s: invalid data: %zu < %zu < %zu\n", 803 __func__, sizeof(lwpid_t), data, sizeof(pls))); 804 return EINVAL; 805 } 806 error = copyin(addr, &pls, sizeof(lwpid_t)); 807 if (error) 808 return error; 809 810 if (next) { 811 lwp_delref(*lt); 812 lwpid_t tmp = pls.pl_lwpid; 813 mutex_enter(t->p_lock); 814 if (tmp == 0) 815 *lt = lwp_find_first(t); 816 else { 817 *lt = lwp_find(t, tmp); 818 if (*lt == NULL) { 819 mutex_exit(t->p_lock); 820 return ESRCH; 821 } 822 *lt = LIST_NEXT(*lt, l_sibling); 823 } 824 825 while (*lt != NULL && !lwp_alive(*lt) && 826 ((*lt)->l_flag & LW_SYSTEM) != 0) 827 *lt = LIST_NEXT(*lt, l_sibling); 828 829 if (*lt == NULL) { 830 memset(&pls, 0, sizeof(pls)); 831 mutex_exit(t->p_lock); 832 goto out; 833 } 834 lwp_addref(*lt); 835 mutex_exit(t->p_lock); 836 837 pls.pl_lwpid = (*lt)->l_lid; 838 } else { 839 if ((error = ptrace_update_lwp(t, lt, pls.pl_lwpid)) != 0) 840 return error; 841 } 842 843 l = *lt; 844 845 ptrace_read_lwpstatus(l, &pls); 846 847 out: 848 DPRINTF(("%s: lwp=%d sigpend=%02x%02x%02x%02x sigmask=%02x%02x%02x%02x " 849 "name='%s' private=%p\n", __func__, pls.pl_lwpid, 850 pls.pl_sigpend.__bits[0], pls.pl_sigpend.__bits[1], 851 pls.pl_sigpend.__bits[2], pls.pl_sigpend.__bits[3], 852 pls.pl_sigmask.__bits[0], pls.pl_sigmask.__bits[1], 853 pls.pl_sigmask.__bits[2], pls.pl_sigmask.__bits[3], 854 pls.pl_name, pls.pl_private)); 855 856 return ptm->ptm_copyout_lwpstatus(&pls, addr, data); 857 } 858 859 static int 860 ptrace_startstop(struct proc *t, struct lwp **lt, int rq, void *addr, 861 size_t data) 862 { 863 int error; 864 865 if ((error = ptrace_update_lwp(t, lt, data)) != 0) 866 return error; 867 868 DPRINTF(("%s: lwp=%d request=%d\n", __func__, (*lt)->l_lid, rq)); 869 lwp_lock(*lt); 870 if (rq == PT_SUSPEND) 871 (*lt)->l_flag |= LW_DBGSUSPEND; 872 else { 873 (*lt)->l_flag &= ~LW_DBGSUSPEND; 874 if ((*lt)->l_flag != LSSUSPENDED) 875 (*lt)->l_stat = LSSTOP; 876 } 877 lwp_unlock(*lt); 878 return 0; 879 } 880 881 #ifdef PT_REGISTERS 882 static int 883 ptrace_uio_dir(int req) 884 { 885 switch (req) { 886 case_PT_GETREGS 887 case_PT_GETFPREGS 888 case_PT_GETDBREGS 889 return UIO_READ; 890 case_PT_SETREGS 891 case_PT_SETFPREGS 892 case_PT_SETDBREGS 893 return UIO_WRITE; 894 default: 895 return -1; 896 } 897 } 898 899 static int 900 ptrace_regs(struct lwp *l, struct lwp **lt, int rq, struct ptrace_methods *ptm, 901 void *addr, size_t data) 902 { 903 int error; 904 struct proc *p, *t; 905 struct vmspace *vm; 906 907 p = l->l_proc; /* tracer */ 908 t = (*lt)->l_proc; /* traced */ 909 910 if ((error = ptrace_update_lwp(t, lt, data)) != 0) 911 return error; 912 913 int dir = ptrace_uio_dir(rq); 914 size_t size; 915 int (*func)(struct lwp *, struct lwp *, struct uio *); 916 917 DPRINTF(("%s: lwp=%d request=%d\n", __func__, l->l_lid, rq)); 918 919 switch (rq) { 920 #if defined(PT_SETREGS) || defined(PT_GETREGS) 921 case_PT_GETREGS 922 case_PT_SETREGS 923 if (!process_validregs(*lt)) 924 return EINVAL; 925 size = PROC_REGSZ(p); 926 func = ptm->ptm_doregs; 927 break; 928 #endif 929 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 930 case_PT_GETFPREGS 931 case_PT_SETFPREGS 932 if (!process_validfpregs(*lt)) 933 return EINVAL; 934 size = PROC_FPREGSZ(p); 935 func = ptm->ptm_dofpregs; 936 break; 937 #endif 938 #if defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 939 case_PT_GETDBREGS 940 case_PT_SETDBREGS 941 if (!process_validdbregs(*lt)) 942 return EINVAL; 943 size = PROC_DBREGSZ(p); 944 func = ptm->ptm_dodbregs; 945 break; 946 #endif 947 default: 948 return EINVAL; 949 } 950 951 error = proc_vmspace_getref(l->l_proc, &vm); 952 if (error) 953 return error; 954 955 struct uio uio; 956 struct iovec iov; 957 958 iov.iov_base = addr; 959 iov.iov_len = size; 960 uio.uio_iov = &iov; 961 uio.uio_iovcnt = 1; 962 uio.uio_offset = 0; 963 uio.uio_resid = iov.iov_len; 964 uio.uio_rw = dir; 965 uio.uio_vmspace = vm; 966 967 error = (*func)(l, *lt, &uio); 968 uvmspace_free(vm); 969 return error; 970 } 971 #endif 972 973 static int 974 ptrace_sendsig(struct lwp *l, int req, struct proc *t, struct lwp *lt, int signo, int resume_all) 975 { 976 ksiginfo_t ksi; 977 978 /* Finally, deliver the requested signal (or none). */ 979 if (t->p_stat == SSTOP) { 980 /* 981 * Unstop the process. If it needs to take a 982 * signal, make all efforts to ensure that at 983 * an LWP runs to see it. 984 */ 985 t->p_xsig = signo; 986 987 /* 988 * signo > 0 check prevents a potential panic, as 989 * sigismember(&...,0) is invalid check and signo 990 * can be equal to 0 as a special case of no-signal. 991 */ 992 if (signo > 0 && sigismember(&stopsigmask, signo)) { 993 t->p_waited = 0; 994 child_psignal(t, 0); 995 } else if (resume_all) 996 proc_unstop(t); 997 else 998 lwp_unstop(lt); 999 return 0; 1000 } 1001 1002 KASSERT(req == PT_KILL || req == PT_STOP || req == PT_ATTACH); 1003 1004 KSI_INIT(&ksi); 1005 ksi.ksi_signo = signo; 1006 ksi.ksi_code = SI_USER; 1007 ksi.ksi_pid = l->l_proc->p_pid; 1008 ksi.ksi_uid = kauth_cred_geteuid(l->l_cred); 1009 1010 t->p_sigctx.ps_faked = false; 1011 1012 DPRINTF(("%s: pid=%d.%d signal=%d resume_all=%d\n", __func__, t->p_pid, 1013 lt->l_lid, signo, resume_all)); 1014 1015 return kpsignal2(t, &ksi); 1016 } 1017 1018 static int 1019 ptrace_dumpcore(struct lwp *lt, char *path, size_t len) 1020 { 1021 int error; 1022 if (path != NULL) { 1023 1024 if (len >= MAXPATHLEN) 1025 return EINVAL; 1026 1027 char *src = path; 1028 path = kmem_alloc(len + 1, KM_SLEEP); 1029 error = copyin(src, path, len); 1030 if (error) 1031 goto out; 1032 path[len] = '\0'; 1033 } 1034 DPRINTF(("%s: lwp=%d\n", __func__, lt->l_lid)); 1035 MODULE_HOOK_CALL(coredump_hook, (lt, path), 0, error); 1036 out: 1037 if (path) 1038 kmem_free(path, len + 1); 1039 return error; 1040 } 1041 1042 static int 1043 ptrace_doio(struct lwp *l, struct proc *t, struct lwp *lt, 1044 struct ptrace_io_desc *piod, void *addr, bool sysspace) 1045 { 1046 struct uio uio; 1047 struct iovec iov; 1048 int error, tmp; 1049 1050 error = 0; 1051 iov.iov_base = piod->piod_addr; 1052 iov.iov_len = piod->piod_len; 1053 uio.uio_iov = &iov; 1054 uio.uio_iovcnt = 1; 1055 uio.uio_offset = (off_t)(unsigned long)piod->piod_offs; 1056 uio.uio_resid = piod->piod_len; 1057 1058 DPRINTF(("%s: lwp=%d request=%d\n", __func__, l->l_lid, piod->piod_op)); 1059 1060 switch (piod->piod_op) { 1061 case PIOD_READ_D: 1062 case PIOD_READ_I: 1063 uio.uio_rw = UIO_READ; 1064 break; 1065 case PIOD_WRITE_D: 1066 case PIOD_WRITE_I: 1067 /* 1068 * Can't write to a RAS 1069 */ 1070 if (ras_lookup(t, addr) != (void *)-1) { 1071 return EACCES; 1072 } 1073 uio.uio_rw = UIO_WRITE; 1074 break; 1075 case PIOD_READ_AUXV: 1076 uio.uio_rw = UIO_READ; 1077 tmp = t->p_execsw->es_arglen; 1078 if (uio.uio_offset > tmp) 1079 return EIO; 1080 if (uio.uio_resid > tmp - uio.uio_offset) 1081 uio.uio_resid = tmp - uio.uio_offset; 1082 piod->piod_len = iov.iov_len = uio.uio_resid; 1083 error = process_auxv_offset(t, &uio); 1084 break; 1085 default: 1086 error = EINVAL; 1087 break; 1088 } 1089 1090 if (error) 1091 return error; 1092 1093 if (sysspace) { 1094 uio.uio_vmspace = vmspace_kernel(); 1095 } else { 1096 error = proc_vmspace_getref(l->l_proc, &uio.uio_vmspace); 1097 if (error) 1098 return error; 1099 } 1100 1101 error = process_domem(l, lt, &uio); 1102 if (!sysspace) 1103 uvmspace_free(uio.uio_vmspace); 1104 if (error) 1105 return error; 1106 piod->piod_len -= uio.uio_resid; 1107 return 0; 1108 } 1109 1110 int 1111 do_ptrace(struct ptrace_methods *ptm, struct lwp *l, int req, pid_t pid, 1112 void *addr, int data, register_t *retval) 1113 { 1114 struct proc *p = l->l_proc; 1115 struct lwp *lt = NULL; 1116 struct lwp *lt2; 1117 struct proc *t; /* target process */ 1118 struct ptrace_io_desc piod; 1119 int error, write, tmp, pheld; 1120 int signo = 0; 1121 int resume_all; 1122 bool locked; 1123 error = 0; 1124 1125 /* 1126 * If attaching or detaching, we need to get a write hold on the 1127 * proclist lock so that we can re-parent the target process. 1128 */ 1129 mutex_enter(proc_lock); 1130 1131 t = ptrace_find(l, req, pid); 1132 if (t == NULL) { 1133 mutex_exit(proc_lock); 1134 return ESRCH; 1135 } 1136 1137 pheld = 1; 1138 if ((error = ptrace_allowed(l, req, t, p, &locked)) != 0) 1139 goto out; 1140 1141 if ((error = kauth_authorize_process(l->l_cred, 1142 KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req), NULL, NULL)) != 0) 1143 goto out; 1144 1145 if ((lt = lwp_find_first(t)) == NULL) { 1146 error = ESRCH; 1147 goto out; 1148 } 1149 1150 /* Do single-step fixup if needed. */ 1151 FIX_SSTEP(t); 1152 KASSERT(lt != NULL); 1153 lwp_addref(lt); 1154 1155 /* 1156 * Which locks do we need held? XXX Ugly. 1157 */ 1158 if ((pheld = ptrace_needs_hold(req)) == 0) { 1159 mutex_exit(t->p_lock); 1160 mutex_exit(proc_lock); 1161 } 1162 1163 /* Now do the operation. */ 1164 write = 0; 1165 *retval = 0; 1166 tmp = 0; 1167 resume_all = 1; 1168 1169 switch (req) { 1170 case PT_TRACE_ME: 1171 /* Just set the trace flag. */ 1172 SET(t->p_slflag, PSL_TRACED); 1173 t->p_opptr = t->p_pptr; 1174 break; 1175 1176 /* 1177 * The I and D separate address space has been inherited from PDP-11. 1178 * The 16-bit UNIX started with a single address space per program, 1179 * but was extended to two 16-bit (2 x 64kb) address spaces. 1180 * 1181 * We no longer maintain this feature in maintained architectures, but 1182 * we keep the API for backward compatiblity. Currently the I and D 1183 * operations are exactly the same and not distinguished in debuggers. 1184 */ 1185 case PT_WRITE_I: 1186 case PT_WRITE_D: 1187 write = 1; 1188 tmp = data; 1189 /* FALLTHROUGH */ 1190 case PT_READ_I: 1191 case PT_READ_D: 1192 piod.piod_addr = &tmp; 1193 piod.piod_len = sizeof(tmp); 1194 piod.piod_offs = addr; 1195 piod.piod_op = write ? PIOD_WRITE_D : PIOD_READ_D; 1196 if ((error = ptrace_doio(l, t, lt, &piod, addr, true)) != 0) 1197 break; 1198 /* 1199 * For legacy reasons we treat here two results as success: 1200 * - incomplete transfer piod.piod_len < sizeof(tmp) 1201 * - no transfer piod.piod_len == 0 1202 * 1203 * This means that there is no way to determine whether 1204 * transfer operation was performed in PT_WRITE and PT_READ 1205 * calls. 1206 */ 1207 if (!write) 1208 *retval = tmp; 1209 break; 1210 1211 case PT_IO: 1212 if ((error = ptm->ptm_copyin_piod(&piod, addr, data)) != 0) 1213 break; 1214 if (piod.piod_len < 1) { 1215 error = EINVAL; 1216 break; 1217 } 1218 if ((error = ptrace_doio(l, t, lt, &piod, addr, false)) != 0) 1219 break; 1220 /* 1221 * For legacy reasons we treat here two results as success: 1222 * - incomplete transfer piod.piod_len < sizeof(tmp) 1223 * - no transfer piod.piod_len == 0 1224 */ 1225 error = ptm->ptm_copyout_piod(&piod, addr, data); 1226 break; 1227 1228 case PT_DUMPCORE: 1229 error = ptrace_dumpcore(lt, addr, data); 1230 break; 1231 1232 #ifdef PT_STEP 1233 case PT_STEP: 1234 /* 1235 * From the 4.4BSD PRM: 1236 * "Execution continues as in request PT_CONTINUE; however 1237 * as soon as possible after execution of at least one 1238 * instruction, execution stops again. [ ... ]" 1239 */ 1240 #endif 1241 case PT_CONTINUE: 1242 case PT_SYSCALL: 1243 case PT_DETACH: 1244 if (req == PT_SYSCALL) { 1245 if (!ISSET(t->p_slflag, PSL_SYSCALL)) { 1246 SET(t->p_slflag, PSL_SYSCALL); 1247 #ifdef __HAVE_SYSCALL_INTERN 1248 (*t->p_emul->e_syscall_intern)(t); 1249 #endif 1250 } 1251 } else { 1252 if (ISSET(t->p_slflag, PSL_SYSCALL)) { 1253 CLR(t->p_slflag, PSL_SYSCALL); 1254 #ifdef __HAVE_SYSCALL_INTERN 1255 (*t->p_emul->e_syscall_intern)(t); 1256 #endif 1257 } 1258 } 1259 t->p_trace_enabled = trace_is_enabled(t); 1260 1261 /* 1262 * Pick up the LWPID, if supplied. There are two cases: 1263 * data < 0 : step or continue single thread, lwp = -data 1264 * data > 0 in PT_STEP : step this thread, continue others 1265 * For operations other than PT_STEP, data > 0 means 1266 * data is the signo to deliver to the process. 1267 */ 1268 tmp = data; 1269 if (tmp >= 0) { 1270 #ifdef PT_STEP 1271 if (req == PT_STEP) 1272 signo = 0; 1273 else 1274 #endif 1275 { 1276 signo = tmp; 1277 tmp = 0; /* don't search for LWP */ 1278 } 1279 } else if (tmp == INT_MIN) { 1280 error = ESRCH; 1281 break; 1282 } else { 1283 tmp = -tmp; 1284 } 1285 1286 if (tmp > 0) { 1287 if (req == PT_DETACH) { 1288 error = EINVAL; 1289 break; 1290 } 1291 lwp_delref2 (lt); 1292 lt = lwp_find(t, tmp); 1293 if (lt == NULL) { 1294 error = ESRCH; 1295 break; 1296 } 1297 lwp_addref(lt); 1298 resume_all = 0; 1299 signo = 0; 1300 } 1301 1302 /* 1303 * From the 4.4BSD PRM: 1304 * "The data argument is taken as a signal number and the 1305 * child's execution continues at location addr as if it 1306 * incurred that signal. Normally the signal number will 1307 * be either 0 to indicate that the signal that caused the 1308 * stop should be ignored, or that value fetched out of 1309 * the process's image indicating which signal caused 1310 * the stop. If addr is (int *)1 then execution continues 1311 * from where it stopped." 1312 */ 1313 1314 /* Check that the data is a valid signal number or zero. */ 1315 if (signo < 0 || signo >= NSIG) { 1316 error = EINVAL; 1317 break; 1318 } 1319 1320 /* Prevent process deadlock */ 1321 if (resume_all) { 1322 #ifdef PT_STEP 1323 if (req == PT_STEP) { 1324 if (lt->l_flag & 1325 (LW_WSUSPEND | LW_DBGSUSPEND)) { 1326 error = EDEADLK; 1327 break; 1328 } 1329 } else 1330 #endif 1331 { 1332 error = EDEADLK; 1333 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1334 if ((lt2->l_flag & 1335 (LW_WSUSPEND | LW_DBGSUSPEND)) == 0 1336 ) { 1337 error = 0; 1338 break; 1339 } 1340 } 1341 if (error != 0) 1342 break; 1343 } 1344 } else { 1345 if (lt->l_flag & (LW_WSUSPEND | LW_DBGSUSPEND)) { 1346 error = EDEADLK; 1347 break; 1348 } 1349 } 1350 1351 /* 1352 * Reject setting program counter to 0x0 if VA0 is disabled. 1353 * 1354 * Not all kernels implement this feature to set Program 1355 * Counter in one go in PT_CONTINUE and similar operations. 1356 * This causes portability issues as passing address 0x0 1357 * on these kernels is no-operation, but can cause failure 1358 * in most cases on NetBSD. 1359 */ 1360 if (user_va0_disable && addr == 0) { 1361 error = EINVAL; 1362 break; 1363 } 1364 1365 /* If the address parameter is not (int *)1, set the pc. */ 1366 if ((int *)addr != (int *)1) { 1367 error = process_set_pc(lt, addr); 1368 if (error != 0) 1369 break; 1370 } 1371 #ifdef PT_STEP 1372 /* 1373 * Arrange for a single-step, if that's requested and possible. 1374 * More precisely, set the single step status as requested for 1375 * the requested thread, and clear it for other threads. 1376 */ 1377 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1378 if (ISSET(lt2->l_pflag, LP_SINGLESTEP)) { 1379 lwp_lock(lt2); 1380 process_sstep(lt2, 1); 1381 lwp_unlock(lt2); 1382 } else if (lt != lt2) { 1383 lwp_lock(lt2); 1384 process_sstep(lt2, 0); 1385 lwp_unlock(lt2); 1386 } 1387 } 1388 error = process_sstep(lt, 1389 ISSET(lt->l_pflag, LP_SINGLESTEP) || req == PT_STEP); 1390 if (error) 1391 break; 1392 #endif 1393 if (req == PT_DETACH) { 1394 CLR(t->p_slflag, PSL_TRACED|PSL_SYSCALL); 1395 1396 /* give process back to original parent or init */ 1397 if (t->p_opptr != t->p_pptr) { 1398 struct proc *pp = t->p_opptr; 1399 proc_reparent(t, pp ? pp : initproc); 1400 } 1401 1402 /* not being traced any more */ 1403 t->p_opptr = NULL; 1404 1405 /* clear single step */ 1406 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1407 CLR(lt2->l_pflag, LP_SINGLESTEP); 1408 } 1409 CLR(lt->l_pflag, LP_SINGLESTEP); 1410 } 1411 sendsig: 1412 error = ptrace_sendsig(l, req, t, lt, signo, resume_all); 1413 break; 1414 1415 case PT_SYSCALLEMU: 1416 if (!ISSET(t->p_slflag, PSL_SYSCALL) || t->p_stat != SSTOP) { 1417 error = EINVAL; 1418 break; 1419 } 1420 SET(t->p_slflag, PSL_SYSCALLEMU); 1421 break; 1422 1423 #ifdef PT_STEP 1424 case PT_SETSTEP: 1425 write = 1; 1426 1427 /* FALLTHROUGH */ 1428 case PT_CLEARSTEP: 1429 /* write = 0 done above. */ 1430 if ((error = ptrace_update_lwp(t, <, data)) != 0) 1431 break; 1432 1433 if (write) 1434 SET(lt->l_pflag, LP_SINGLESTEP); 1435 else 1436 CLR(lt->l_pflag, LP_SINGLESTEP); 1437 break; 1438 #endif 1439 1440 case PT_KILL: 1441 /* just send the process a KILL signal. */ 1442 signo = SIGKILL; 1443 goto sendsig; /* in PT_CONTINUE, above. */ 1444 1445 case PT_STOP: 1446 /* just send the process a STOP signal. */ 1447 signo = SIGSTOP; 1448 goto sendsig; /* in PT_CONTINUE, above. */ 1449 1450 case PT_ATTACH: 1451 /* 1452 * Go ahead and set the trace flag. 1453 * Save the old parent (it's reset in 1454 * _DETACH, and also in kern_exit.c:wait4() 1455 * Reparent the process so that the tracing 1456 * proc gets to see all the action. 1457 * Stop the target. 1458 */ 1459 proc_changeparent(t, p); 1460 signo = SIGSTOP; 1461 goto sendsig; 1462 1463 case PT_GET_EVENT_MASK: 1464 error = ptrace_get_event_mask(t, addr, data); 1465 break; 1466 1467 case PT_SET_EVENT_MASK: 1468 error = ptrace_set_event_mask(t, addr, data); 1469 break; 1470 1471 case PT_GET_PROCESS_STATE: 1472 error = ptrace_get_process_state(t, addr, data); 1473 break; 1474 1475 case PT_LWPINFO: 1476 error = ptrace_lwpinfo(t, <, addr, data); 1477 break; 1478 1479 case PT_SET_SIGINFO: 1480 error = ptrace_set_siginfo(t, <, ptm, addr, data); 1481 break; 1482 1483 case PT_GET_SIGINFO: 1484 error = ptrace_get_siginfo(t, ptm, addr, data); 1485 break; 1486 1487 case PT_RESUME: 1488 case PT_SUSPEND: 1489 error = ptrace_startstop(t, <, req, addr, data); 1490 break; 1491 1492 case PT_LWPSTATUS: 1493 error = ptrace_lwpstatus(t, ptm, <, addr, data, false); 1494 break; 1495 1496 case PT_LWPNEXT: 1497 error = ptrace_lwpstatus(t, ptm, <, addr, data, true); 1498 break; 1499 1500 #ifdef PT_REGISTERS 1501 case_PT_SETREGS 1502 case_PT_GETREGS 1503 case_PT_SETFPREGS 1504 case_PT_GETFPREGS 1505 case_PT_SETDBREGS 1506 case_PT_GETDBREGS 1507 error = ptrace_regs(l, <, req, ptm, addr, data); 1508 break; 1509 #endif 1510 1511 #ifdef __HAVE_PTRACE_MACHDEP 1512 PTRACE_MACHDEP_REQUEST_CASES 1513 error = ptrace_machdep_dorequest(l, lt, req, addr, data); 1514 break; 1515 #endif 1516 } 1517 1518 out: 1519 if (pheld) { 1520 mutex_exit(t->p_lock); 1521 mutex_exit(proc_lock); 1522 } 1523 if (lt != NULL) 1524 lwp_delref(lt); 1525 if (locked) 1526 rw_exit(&t->p_reflock); 1527 1528 return error; 1529 } 1530 1531 typedef int (*regrfunc_t)(struct lwp *, void *, size_t *); 1532 typedef int (*regwfunc_t)(struct lwp *, void *, size_t); 1533 1534 #ifdef PT_REGISTERS 1535 static int 1536 proc_regio(struct lwp *l, struct uio *uio, size_t ks, regrfunc_t r, 1537 regwfunc_t w) 1538 { 1539 char buf[1024]; 1540 int error; 1541 char *kv; 1542 size_t kl; 1543 1544 if (ks > sizeof(buf)) 1545 return E2BIG; 1546 1547 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)ks) 1548 return EINVAL; 1549 1550 kv = buf + uio->uio_offset; 1551 kl = ks - uio->uio_offset; 1552 1553 if (kl > uio->uio_resid) 1554 kl = uio->uio_resid; 1555 1556 error = (*r)(l, buf, &ks); 1557 if (error == 0) 1558 error = uiomove(kv, kl, uio); 1559 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1560 if (l->l_stat != LSSTOP) 1561 error = EBUSY; 1562 else 1563 error = (*w)(l, buf, ks); 1564 } 1565 1566 uio->uio_offset = 0; 1567 return error; 1568 } 1569 #endif 1570 1571 int 1572 process_doregs(struct lwp *curl /*tracer*/, 1573 struct lwp *l /*traced*/, 1574 struct uio *uio) 1575 { 1576 #if defined(PT_GETREGS) || defined(PT_SETREGS) 1577 size_t s; 1578 regrfunc_t r; 1579 regwfunc_t w; 1580 1581 #ifdef COMPAT_NETBSD32 1582 const bool pk32 = (curl->l_proc->p_flag & PK_32) != 0; 1583 1584 if (__predict_false(pk32)) { 1585 if ((l->l_proc->p_flag & PK_32) == 0) { 1586 // 32 bit tracer can't trace 64 bit process 1587 return EINVAL; 1588 } 1589 s = sizeof(process_reg32); 1590 r = __FPTRCAST(regrfunc_t, process_read_regs32); 1591 w = __FPTRCAST(regwfunc_t, process_write_regs32); 1592 } else 1593 #endif 1594 { 1595 s = sizeof(struct reg); 1596 r = __FPTRCAST(regrfunc_t, process_read_regs); 1597 w = __FPTRCAST(regwfunc_t, process_write_regs); 1598 } 1599 return proc_regio(l, uio, s, r, w); 1600 #else 1601 return EINVAL; 1602 #endif 1603 } 1604 1605 int 1606 process_validregs(struct lwp *l) 1607 { 1608 1609 #if defined(PT_SETREGS) || defined(PT_GETREGS) 1610 return (l->l_flag & LW_SYSTEM) == 0; 1611 #else 1612 return 0; 1613 #endif 1614 } 1615 1616 int 1617 process_dofpregs(struct lwp *curl /*tracer*/, 1618 struct lwp *l /*traced*/, 1619 struct uio *uio) 1620 { 1621 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 1622 size_t s; 1623 regrfunc_t r; 1624 regwfunc_t w; 1625 1626 #ifdef COMPAT_NETBSD32 1627 const bool pk32 = (curl->l_proc->p_flag & PK_32) != 0; 1628 1629 if (__predict_false(pk32)) { 1630 if ((l->l_proc->p_flag & PK_32) == 0) { 1631 // 32 bit tracer can't trace 64 bit process 1632 return EINVAL; 1633 } 1634 s = sizeof(process_fpreg32); 1635 r = (regrfunc_t)process_read_fpregs32; 1636 w = (regwfunc_t)process_write_fpregs32; 1637 } else 1638 #endif 1639 { 1640 s = sizeof(struct fpreg); 1641 r = (regrfunc_t)process_read_fpregs; 1642 w = (regwfunc_t)process_write_fpregs; 1643 } 1644 return proc_regio(l, uio, s, r, w); 1645 #else 1646 return EINVAL; 1647 #endif 1648 } 1649 1650 int 1651 process_validfpregs(struct lwp *l) 1652 { 1653 1654 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 1655 return (l->l_flag & LW_SYSTEM) == 0; 1656 #else 1657 return 0; 1658 #endif 1659 } 1660 1661 int 1662 process_dodbregs(struct lwp *curl /*tracer*/, 1663 struct lwp *l /*traced*/, 1664 struct uio *uio) 1665 { 1666 #if defined(PT_GETDBREGS) || defined(PT_SETDBREGS) 1667 size_t s; 1668 regrfunc_t r; 1669 regwfunc_t w; 1670 1671 #ifdef COMPAT_NETBSD32 1672 const bool pk32 = (curl->l_proc->p_flag & PK_32) != 0; 1673 1674 if (__predict_false(pk32)) { 1675 if ((l->l_proc->p_flag & PK_32) == 0) { 1676 // 32 bit tracer can't trace 64 bit process 1677 return EINVAL; 1678 } 1679 s = sizeof(process_dbreg32); 1680 r = (regrfunc_t)process_read_dbregs32; 1681 w = (regwfunc_t)process_write_dbregs32; 1682 } else 1683 #endif 1684 { 1685 s = sizeof(struct dbreg); 1686 r = (regrfunc_t)process_read_dbregs; 1687 w = (regwfunc_t)process_write_dbregs; 1688 } 1689 return proc_regio(l, uio, s, r, w); 1690 #else 1691 return EINVAL; 1692 #endif 1693 } 1694 1695 int 1696 process_validdbregs(struct lwp *l) 1697 { 1698 1699 #if defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 1700 return (l->l_flag & LW_SYSTEM) == 0; 1701 #else 1702 return 0; 1703 #endif 1704 } 1705 1706 static int 1707 process_auxv_offset(struct proc *p, struct uio *uio) 1708 { 1709 struct ps_strings pss; 1710 int error; 1711 off_t off = (off_t)p->p_psstrp; 1712 1713 if ((error = copyin_psstrings(p, &pss)) != 0) 1714 return error; 1715 1716 if (pss.ps_envstr == NULL) 1717 return EIO; 1718 1719 #ifdef COMPAT_NETBSD32 1720 if (p->p_flag & PK_32) 1721 uio->uio_offset += (off_t)((vaddr_t)pss.ps_envstr + 1722 sizeof(uint32_t) * (pss.ps_nenvstr + 1)); 1723 else 1724 #endif 1725 uio->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + 1726 pss.ps_nenvstr + 1); 1727 1728 #ifdef __MACHINE_STACK_GROWS_UP 1729 if (uio->uio_offset < off) 1730 return EIO; 1731 #else 1732 if (uio->uio_offset > off) 1733 return EIO; 1734 if ((uio->uio_offset + uio->uio_resid) > off) 1735 uio->uio_resid = off - uio->uio_offset; 1736 #endif 1737 return 0; 1738 } 1739 #endif /* PTRACE */ 1740 1741 MODULE(MODULE_CLASS_EXEC, ptrace_common, NULL); 1742 1743 static int 1744 ptrace_common_modcmd(modcmd_t cmd, void *arg) 1745 { 1746 int error; 1747 1748 switch (cmd) { 1749 case MODULE_CMD_INIT: 1750 error = ptrace_init(); 1751 break; 1752 case MODULE_CMD_FINI: 1753 error = ptrace_fini(); 1754 break; 1755 default: 1756 ptrace_hooks(); 1757 error = ENOTTY; 1758 break; 1759 } 1760 return error; 1761 } 1762
Indexes created Tue Sep 30 20:09:53 GMT 2025