sys_ptrace_common.c revision 1.81
1 /* $NetBSD: sys_ptrace_common.c,v 1.81 2020/05/23 23:42:43 ad Exp $ */ 2 3 /*- 4 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Andrew Doran. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1989, 1993 34 * The Regents of the University of California. All rights reserved. 35 * (c) UNIX System Laboratories, Inc. 36 * All or some portions of this file are derived from material licensed 37 * to the University of California by American Telephone and Telegraph 38 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 39 * the permission of UNIX System Laboratories, Inc. 40 * 41 * This code is derived from software contributed to Berkeley by 42 * Jan-Simon Pendry. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 3. Neither the name of the University nor the names of its contributors 53 * may be used to endorse or promote products derived from this software 54 * without specific prior written permission. 55 * 56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 66 * SUCH DAMAGE. 67 * 68 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 69 */ 70 71 /*- 72 * Copyright (c) 1993 Jan-Simon Pendry. 73 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 74 * 75 * This code is derived from software contributed to Berkeley by 76 * Jan-Simon Pendry. 77 * 78 * Redistribution and use in source and binary forms, with or without 79 * modification, are permitted provided that the following conditions 80 * are met: 81 * 1. Redistributions of source code must retain the above copyright 82 * notice, this list of conditions and the following disclaimer. 83 * 2. Redistributions in binary form must reproduce the above copyright 84 * notice, this list of conditions and the following disclaimer in the 85 * documentation and/or other materials provided with the distribution. 86 * 3. All advertising materials mentioning features or use of this software 87 * must display the following acknowledgement: 88 * This product includes software developed by the University of 89 * California, Berkeley and its contributors. 90 * 4. Neither the name of the University nor the names of its contributors 91 * may be used to endorse or promote products derived from this software 92 * without specific prior written permission. 93 * 94 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 95 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 97 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 98 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 99 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 100 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 101 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 102 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 103 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 104 * SUCH DAMAGE. 105 * 106 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 107 */ 108 109 /* 110 * References: 111 * (1) Bach's "The Design of the UNIX Operating System", 112 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 113 * (3) the "4.4BSD Programmer's Reference Manual" published 114 * by USENIX and O'Reilly & Associates. 115 * The 4.4BSD PRM does a reasonably good job of documenting what the various 116 * ptrace() requests should actually do, and its text is quoted several times 117 * in this file. 118 */ 119 120 #include <sys/cdefs.h> 121 __KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.81 2020/05/23 23:42:43 ad Exp $"); 122 123 #ifdef _KERNEL_OPT 124 #include "opt_ptrace.h" 125 #include "opt_ktrace.h" 126 #include "opt_pax.h" 127 #include "opt_compat_netbsd32.h" 128 #endif 129 130 #if defined(__HAVE_COMPAT_NETBSD32) && !defined(COMPAT_NETBSD32) \ 131 && !defined(_RUMPKERNEL) 132 #define COMPAT_NETBSD32 133 #endif 134 135 #include <sys/param.h> 136 #include <sys/systm.h> 137 #include <sys/proc.h> 138 #include <sys/errno.h> 139 #include <sys/exec.h> 140 #include <sys/pax.h> 141 #include <sys/ptrace.h> 142 #include <sys/uio.h> 143 #include <sys/ras.h> 144 #include <sys/kmem.h> 145 #include <sys/kauth.h> 146 #include <sys/mount.h> 147 #include <sys/syscallargs.h> 148 #include <sys/module.h> 149 #include <sys/condvar.h> 150 #include <sys/mutex.h> 151 #include <sys/compat_stub.h> 152 153 #include <uvm/uvm_extern.h> 154 155 #include <machine/reg.h> 156 157 #ifdef PTRACE 158 # ifdef PTRACE_DEBUG 159 # define DPRINTF(a) uprintf a 160 # else 161 # define DPRINTF(a) 162 # endif 163 164 static kauth_listener_t ptrace_listener; 165 static int process_auxv_offset(struct proc *, struct uio *); 166 167 extern int user_va0_disable; 168 169 #if 0 170 static int ptrace_cbref; 171 static kmutex_t ptrace_mtx; 172 static kcondvar_t ptrace_cv; 173 #endif 174 175 #ifdef PT_GETREGS 176 # define case_PT_GETREGS case PT_GETREGS: 177 #else 178 # define case_PT_GETREGS 179 #endif 180 181 #ifdef PT_SETREGS 182 # define case_PT_SETREGS case PT_SETREGS: 183 #else 184 # define case_PT_SETREGS 185 #endif 186 187 #ifdef PT_GETFPREGS 188 # define case_PT_GETFPREGS case PT_GETFPREGS: 189 #else 190 # define case_PT_GETFPREGS 191 #endif 192 193 #ifdef PT_SETFPREGS 194 # define case_PT_SETFPREGS case PT_SETFPREGS: 195 #else 196 # define case_PT_SETFPREGS 197 #endif 198 199 #ifdef PT_GETDBREGS 200 # define case_PT_GETDBREGS case PT_GETDBREGS: 201 #else 202 # define case_PT_GETDBREGS 203 #endif 204 205 #ifdef PT_SETDBREGS 206 # define case_PT_SETDBREGS case PT_SETDBREGS: 207 #else 208 # define case_PT_SETDBREGS 209 #endif 210 211 #if defined(PT_SETREGS) || defined(PT_GETREGS) || \ 212 defined(PT_SETFPREGS) || defined(PT_GETFPREGS) || \ 213 defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 214 # define PT_REGISTERS 215 #endif 216 217 static int 218 ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 219 void *arg0, void *arg1, void *arg2, void *arg3) 220 { 221 struct proc *p; 222 int result; 223 #ifdef PT_SETDBREGS 224 extern int user_set_dbregs; 225 #endif 226 227 result = KAUTH_RESULT_DEFER; 228 p = arg0; 229 230 #if 0 231 mutex_enter(&ptrace_mtx); 232 ptrace_cbref++; 233 mutex_exit(&ptrace_mtx); 234 #endif 235 if (action != KAUTH_PROCESS_PTRACE) 236 goto out; 237 238 switch ((u_long)arg1) { 239 #ifdef PT_SETDBREGS 240 case_PT_SETDBREGS 241 if (kauth_cred_getuid(cred) != 0 && user_set_dbregs == 0) { 242 result = KAUTH_RESULT_DENY; 243 break; 244 } 245 #endif 246 /* FALLTHROUGH */ 247 case PT_TRACE_ME: 248 case PT_ATTACH: 249 case PT_WRITE_I: 250 case PT_WRITE_D: 251 case PT_READ_I: 252 case PT_READ_D: 253 case PT_IO: 254 case_PT_GETREGS 255 case_PT_SETREGS 256 case_PT_GETFPREGS 257 case_PT_SETFPREGS 258 case_PT_GETDBREGS 259 case PT_SET_EVENT_MASK: 260 case PT_GET_EVENT_MASK: 261 case PT_GET_PROCESS_STATE: 262 case PT_SET_SIGINFO: 263 case PT_GET_SIGINFO: 264 #ifdef __HAVE_PTRACE_MACHDEP 265 PTRACE_MACHDEP_REQUEST_CASES 266 #endif 267 if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) || 268 ISSET(p->p_flag, PK_SUGID)) { 269 break; 270 } 271 272 result = KAUTH_RESULT_ALLOW; 273 274 break; 275 276 #ifdef PT_STEP 277 case PT_STEP: 278 case PT_SETSTEP: 279 case PT_CLEARSTEP: 280 #endif 281 case PT_CONTINUE: 282 case PT_KILL: 283 case PT_DETACH: 284 case PT_LWPINFO: 285 case PT_SYSCALL: 286 case PT_SYSCALLEMU: 287 case PT_DUMPCORE: 288 case PT_RESUME: 289 case PT_SUSPEND: 290 case PT_STOP: 291 case PT_LWPSTATUS: 292 case PT_LWPNEXT: 293 case PT_SET_SIGPASS: 294 case PT_GET_SIGPASS: 295 result = KAUTH_RESULT_ALLOW; 296 break; 297 298 default: 299 break; 300 } 301 302 out: 303 #if 0 304 mutex_enter(&ptrace_mtx); 305 if (--ptrace_cbref == 0) 306 cv_broadcast(&ptrace_cv); 307 mutex_exit(&ptrace_mtx); 308 #endif 309 310 return result; 311 } 312 313 int 314 ptrace_init(void) 315 { 316 317 #if 0 318 mutex_init(&ptrace_mtx, MUTEX_DEFAULT, IPL_NONE); 319 cv_init(&ptrace_cv, "ptracecb"); 320 ptrace_cbref = 0; 321 #endif 322 ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 323 ptrace_listener_cb, NULL); 324 return 0; 325 } 326 327 int 328 ptrace_fini(void) 329 { 330 331 kauth_unlisten_scope(ptrace_listener); 332 333 #if 0 334 /* Make sure no-one is executing our kauth listener */ 335 336 mutex_enter(&ptrace_mtx); 337 while (ptrace_cbref != 0) 338 cv_wait(&ptrace_cv, &ptrace_mtx); 339 mutex_exit(&ptrace_mtx); 340 mutex_destroy(&ptrace_mtx); 341 cv_destroy(&ptrace_cv); 342 #endif 343 344 return 0; 345 } 346 347 static struct proc * 348 ptrace_find(struct lwp *l, int req, pid_t pid) 349 { 350 struct proc *t; 351 352 /* "A foolish consistency..." XXX */ 353 if (req == PT_TRACE_ME) { 354 t = l->l_proc; 355 mutex_enter(t->p_lock); 356 return t; 357 } 358 359 /* Find the process we're supposed to be operating on. */ 360 t = proc_find(pid); 361 if (t == NULL) 362 return NULL; 363 364 /* XXX-elad */ 365 mutex_enter(t->p_lock); 366 int error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, 367 t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); 368 if (error) { 369 mutex_exit(t->p_lock); 370 return NULL; 371 } 372 return t; 373 } 374 375 static int 376 ptrace_allowed(struct lwp *l, int req, struct proc *t, struct proc *p, 377 bool *locked) 378 { 379 *locked = false; 380 381 /* 382 * Grab a reference on the process to prevent it from execing or 383 * exiting. 384 */ 385 if (!rw_tryenter(&t->p_reflock, RW_READER)) 386 return EBUSY; 387 388 *locked = true; 389 390 /* Make sure we can operate on it. */ 391 switch (req) { 392 case PT_TRACE_ME: 393 /* 394 * You can't say to the parent of a process to start tracing if: 395 * (1) the parent is initproc, 396 */ 397 if (p->p_pptr == initproc) 398 return EPERM; 399 400 /* 401 * (2) the process is initproc, or 402 */ 403 if (p == initproc) 404 return EPERM; 405 406 /* 407 * (3) the child is already traced. 408 */ 409 if (ISSET(p->p_slflag, PSL_TRACED)) 410 return EBUSY; 411 412 return 0; 413 414 case PT_ATTACH: 415 /* 416 * You can't attach to a process if: 417 * (1) it's the process that's doing the attaching, 418 */ 419 if (t == p) 420 return EINVAL; 421 422 /* 423 * (2) it's a system process, 424 */ 425 if (t->p_flag & PK_SYSTEM) 426 return EPERM; 427 428 /* 429 * (3) the tracer is initproc, 430 */ 431 if (p == initproc) 432 return EPERM; 433 434 /* 435 * (4) it's already being traced, 436 */ 437 if (ISSET(t->p_slflag, PSL_TRACED)) 438 return EBUSY; 439 440 /* 441 * (5) it's a vfork(2)ed parent of the current process, or 442 */ 443 if (ISSET(p->p_lflag, PL_PPWAIT) && p->p_pptr == t) 444 return EPERM; 445 446 /* 447 * (6) the tracer is chrooted, and its root directory is 448 * not at or above the root directory of the tracee 449 */ 450 mutex_exit(t->p_lock); /* XXXSMP */ 451 int tmp = proc_isunder(t, l); 452 mutex_enter(t->p_lock); /* XXXSMP */ 453 if (!tmp) 454 return EPERM; 455 return 0; 456 457 case PT_READ_I: 458 case PT_READ_D: 459 case PT_WRITE_I: 460 case PT_WRITE_D: 461 case PT_IO: 462 case PT_SET_SIGINFO: 463 case PT_GET_SIGINFO: 464 case_PT_GETREGS 465 case_PT_SETREGS 466 case_PT_GETFPREGS 467 case_PT_SETFPREGS 468 case_PT_GETDBREGS 469 case_PT_SETDBREGS 470 #ifdef __HAVE_PTRACE_MACHDEP 471 PTRACE_MACHDEP_REQUEST_CASES 472 #endif 473 /* 474 * You can't read/write the memory or registers of a process 475 * if the tracer is chrooted, and its root directory is not at 476 * or above the root directory of the tracee. 477 */ 478 mutex_exit(t->p_lock); /* XXXSMP */ 479 tmp = proc_isunder(t, l); 480 mutex_enter(t->p_lock); /* XXXSMP */ 481 if (!tmp) 482 return EPERM; 483 /*FALLTHROUGH*/ 484 485 case PT_CONTINUE: 486 case PT_KILL: 487 case PT_DETACH: 488 case PT_LWPINFO: 489 case PT_SYSCALL: 490 case PT_SYSCALLEMU: 491 case PT_DUMPCORE: 492 #ifdef PT_STEP 493 case PT_STEP: 494 case PT_SETSTEP: 495 case PT_CLEARSTEP: 496 #endif 497 case PT_SET_EVENT_MASK: 498 case PT_GET_EVENT_MASK: 499 case PT_GET_PROCESS_STATE: 500 case PT_RESUME: 501 case PT_SUSPEND: 502 case PT_STOP: 503 case PT_LWPSTATUS: 504 case PT_LWPNEXT: 505 case PT_SET_SIGPASS: 506 case PT_GET_SIGPASS: 507 /* 508 * You can't do what you want to the process if: 509 * (1) It's not being traced at all, 510 */ 511 if (!ISSET(t->p_slflag, PSL_TRACED)) 512 return EPERM; 513 514 /* 515 * (2) it's not being traced by _you_, or 516 */ 517 if (t->p_pptr != p) { 518 DPRINTF(("parent %d != %d\n", t->p_pptr->p_pid, 519 p->p_pid)); 520 return EBUSY; 521 } 522 523 /* 524 * (3) it's not currently stopped. 525 * 526 * As an exception allow PT_KILL and PT_STOP here. 527 */ 528 if (req != PT_KILL && req != PT_STOP && 529 (t->p_stat != SSTOP || !t->p_waited /* XXXSMP */)) { 530 DPRINTF(("stat %d flag %d\n", t->p_stat, 531 !t->p_waited)); 532 return EBUSY; 533 } 534 return 0; 535 536 default: /* It was not a legal request. */ 537 return EINVAL; 538 } 539 } 540 541 static int 542 ptrace_needs_hold(int req) 543 { 544 switch (req) { 545 #ifdef PT_STEP 546 case PT_STEP: 547 #endif 548 case PT_CONTINUE: 549 case PT_DETACH: 550 case PT_KILL: 551 case PT_SYSCALL: 552 case PT_SYSCALLEMU: 553 case PT_ATTACH: 554 case PT_TRACE_ME: 555 case PT_GET_SIGINFO: 556 case PT_SET_SIGINFO: 557 case PT_STOP: 558 return 1; 559 default: 560 return 0; 561 } 562 } 563 564 static int 565 ptrace_update_lwp(struct proc *t, struct lwp **lt, lwpid_t lid) 566 { 567 if (lid == 0 || lid == (*lt)->l_lid || t->p_nlwps == 1) 568 return 0; 569 570 mutex_enter(t->p_lock); 571 lwp_delref2(*lt); 572 573 *lt = lwp_find(t, lid); 574 if (*lt == NULL) { 575 mutex_exit(t->p_lock); 576 return ESRCH; 577 } 578 579 if ((*lt)->l_flag & LW_SYSTEM) { 580 mutex_exit(t->p_lock); 581 *lt = NULL; 582 return EINVAL; 583 } 584 585 lwp_addref(*lt); 586 mutex_exit(t->p_lock); 587 588 return 0; 589 } 590 591 static int 592 ptrace_get_siginfo(struct proc *t, struct ptrace_methods *ptm, void *addr, 593 size_t data) 594 { 595 struct ptrace_siginfo psi; 596 597 memset(&psi, 0, sizeof(psi)); 598 psi.psi_siginfo._info = t->p_sigctx.ps_info; 599 psi.psi_lwpid = t->p_sigctx.ps_lwp; 600 DPRINTF(("%s: lwp=%d signal=%d\n", __func__, psi.psi_lwpid, 601 psi.psi_siginfo.si_signo)); 602 603 return ptm->ptm_copyout_siginfo(&psi, addr, data); 604 } 605 606 static int 607 ptrace_set_siginfo(struct proc *t, struct lwp **lt, struct ptrace_methods *ptm, 608 void *addr, size_t data) 609 { 610 struct ptrace_siginfo psi; 611 612 int error = ptm->ptm_copyin_siginfo(&psi, addr, data); 613 if (error) 614 return error; 615 616 /* Check that the data is a valid signal number or zero. */ 617 if (psi.psi_siginfo.si_signo < 0 || psi.psi_siginfo.si_signo >= NSIG) 618 return EINVAL; 619 620 t->p_sigctx.ps_faked = true; 621 t->p_sigctx.ps_info = psi.psi_siginfo._info; 622 t->p_sigctx.ps_lwp = psi.psi_lwpid; 623 DPRINTF(("%s: lwp=%d signal=%d\n", __func__, psi.psi_lwpid, 624 psi.psi_siginfo.si_signo)); 625 return 0; 626 } 627 628 static int 629 ptrace_get_sigpass(struct proc *t, void *addr, size_t data) 630 { 631 sigset_t set; 632 633 if (data > sizeof(set) || data <= 0) { 634 DPRINTF(("%s: invalid data: %zu < %zu <= 0\n", 635 __func__, sizeof(set), data)); 636 return EINVAL; 637 } 638 639 set = t->p_sigctx.ps_sigpass; 640 641 return copyout(&set, addr, data); 642 } 643 644 static int 645 ptrace_set_sigpass(struct proc *t, void *addr, size_t data) 646 { 647 sigset_t set; 648 int error; 649 650 if (data > sizeof(set) || data <= 0) { 651 DPRINTF(("%s: invalid data: %zu < %zu <= 0\n", 652 __func__, sizeof(set), data)); 653 return EINVAL; 654 } 655 656 memset(&set, 0, sizeof(set)); 657 658 if ((error = copyin(addr, &set, data))) 659 return error; 660 661 /* We catch SIGSTOP and cannot intercept SIGKILL. */ 662 sigminusset(&sigcantmask, &set); 663 664 t->p_sigctx.ps_sigpass = set; 665 666 return 0; 667 } 668 669 static int 670 ptrace_get_event_mask(struct proc *t, void *addr, size_t data) 671 { 672 struct ptrace_event pe; 673 674 if (data != sizeof(pe)) { 675 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pe))); 676 return EINVAL; 677 } 678 memset(&pe, 0, sizeof(pe)); 679 pe.pe_set_event = ISSET(t->p_slflag, PSL_TRACEFORK) ? 680 PTRACE_FORK : 0; 681 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK) ? 682 PTRACE_VFORK : 0; 683 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEVFORK_DONE) ? 684 PTRACE_VFORK_DONE : 0; 685 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_CREATE) ? 686 PTRACE_LWP_CREATE : 0; 687 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACELWP_EXIT) ? 688 PTRACE_LWP_EXIT : 0; 689 pe.pe_set_event |= ISSET(t->p_slflag, PSL_TRACEPOSIX_SPAWN) ? 690 PTRACE_POSIX_SPAWN : 0; 691 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 692 t->p_sigctx.ps_lwp, pe.pe_set_event)); 693 return copyout(&pe, addr, sizeof(pe)); 694 } 695 696 static int 697 ptrace_set_event_mask(struct proc *t, void *addr, size_t data) 698 { 699 struct ptrace_event pe; 700 int error; 701 702 if (data != sizeof(pe)) { 703 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pe))); 704 return EINVAL; 705 } 706 if ((error = copyin(addr, &pe, sizeof(pe))) != 0) 707 return error; 708 709 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 710 t->p_sigctx.ps_lwp, pe.pe_set_event)); 711 if (pe.pe_set_event & PTRACE_FORK) 712 SET(t->p_slflag, PSL_TRACEFORK); 713 else 714 CLR(t->p_slflag, PSL_TRACEFORK); 715 716 if (pe.pe_set_event & PTRACE_VFORK) 717 SET(t->p_slflag, PSL_TRACEVFORK); 718 else 719 CLR(t->p_slflag, PSL_TRACEVFORK); 720 721 if (pe.pe_set_event & PTRACE_VFORK_DONE) 722 SET(t->p_slflag, PSL_TRACEVFORK_DONE); 723 else 724 CLR(t->p_slflag, PSL_TRACEVFORK_DONE); 725 726 if (pe.pe_set_event & PTRACE_LWP_CREATE) 727 SET(t->p_slflag, PSL_TRACELWP_CREATE); 728 else 729 CLR(t->p_slflag, PSL_TRACELWP_CREATE); 730 731 if (pe.pe_set_event & PTRACE_LWP_EXIT) 732 SET(t->p_slflag, PSL_TRACELWP_EXIT); 733 else 734 CLR(t->p_slflag, PSL_TRACELWP_EXIT); 735 736 if (pe.pe_set_event & PTRACE_POSIX_SPAWN) 737 SET(t->p_slflag, PSL_TRACEPOSIX_SPAWN); 738 else 739 CLR(t->p_slflag, PSL_TRACEPOSIX_SPAWN); 740 741 return 0; 742 } 743 744 static int 745 ptrace_get_process_state(struct proc *t, void *addr, size_t data) 746 { 747 struct _ksiginfo *si; 748 struct ptrace_state ps; 749 750 if (data != sizeof(ps)) { 751 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(ps))); 752 return EINVAL; 753 } 754 755 if (t->p_sigctx.ps_info._signo != SIGTRAP || 756 (t->p_sigctx.ps_info._code != TRAP_CHLD && 757 t->p_sigctx.ps_info._code != TRAP_LWP)) { 758 memset(&ps, 0, sizeof(ps)); 759 } else { 760 si = &t->p_sigctx.ps_info; 761 762 KASSERT(si->_reason._ptrace_state._pe_report_event > 0); 763 KASSERT(si->_reason._ptrace_state._option._pe_other_pid > 0); 764 765 ps.pe_report_event = si->_reason._ptrace_state._pe_report_event; 766 767 CTASSERT(sizeof(ps.pe_other_pid) == sizeof(ps.pe_lwp)); 768 ps.pe_other_pid = 769 si->_reason._ptrace_state._option._pe_other_pid; 770 } 771 772 DPRINTF(("%s: lwp=%d event=%#x pid=%d lwp=%d\n", __func__, 773 t->p_sigctx.ps_lwp, ps.pe_report_event, 774 ps.pe_other_pid, ps.pe_lwp)); 775 return copyout(&ps, addr, sizeof(ps)); 776 } 777 778 static int 779 ptrace_lwpinfo(struct proc *t, struct lwp **lt, void *addr, size_t data) 780 { 781 struct ptrace_lwpinfo pl; 782 783 if (data != sizeof(pl)) { 784 DPRINTF(("%s: %zu != %zu\n", __func__, data, sizeof(pl))); 785 return EINVAL; 786 } 787 int error = copyin(addr, &pl, sizeof(pl)); 788 if (error) 789 return error; 790 791 lwpid_t tmp = pl.pl_lwpid; 792 lwp_delref(*lt); 793 mutex_enter(t->p_lock); 794 if (tmp == 0) 795 *lt = lwp_find_first(t); 796 else { 797 *lt = lwp_find(t, tmp); 798 if (*lt == NULL) { 799 mutex_exit(t->p_lock); 800 return ESRCH; 801 } 802 *lt = LIST_NEXT(*lt, l_sibling); 803 } 804 805 while (*lt != NULL && (!lwp_alive(*lt) || 806 ((*lt)->l_flag & LW_SYSTEM) != 0)) 807 *lt = LIST_NEXT(*lt, l_sibling); 808 809 pl.pl_lwpid = 0; 810 pl.pl_event = 0; 811 if (*lt) { 812 lwp_addref(*lt); 813 pl.pl_lwpid = (*lt)->l_lid; 814 815 if ((*lt)->l_flag & LW_WSUSPEND) 816 pl.pl_event = PL_EVENT_SUSPENDED; 817 /* 818 * If we match the lwp, or it was sent to every lwp, 819 * we set PL_EVENT_SIGNAL. 820 * XXX: ps_lwp == 0 means everyone and noone, so 821 * check ps_signo too. 822 */ 823 else if ((*lt)->l_lid == t->p_sigctx.ps_lwp 824 || (t->p_sigctx.ps_lwp == 0 && 825 t->p_sigctx.ps_info._signo)) { 826 DPRINTF(("%s: lwp=%d siglwp=%d signo %d\n", __func__, 827 pl.pl_lwpid, t->p_sigctx.ps_lwp, 828 t->p_sigctx.ps_info._signo)); 829 pl.pl_event = PL_EVENT_SIGNAL; 830 } 831 } 832 mutex_exit(t->p_lock); 833 DPRINTF(("%s: lwp=%d event=%#x\n", __func__, 834 pl.pl_lwpid, pl.pl_event)); 835 836 return copyout(&pl, addr, sizeof(pl)); 837 } 838 839 static int 840 ptrace_lwpstatus(struct proc *t, struct ptrace_methods *ptm, struct lwp **lt, 841 void *addr, size_t data, bool next) 842 { 843 struct ptrace_lwpstatus pls; 844 struct lwp *l; 845 int error; 846 847 if (data > sizeof(pls) || data < sizeof(lwpid_t)) { 848 DPRINTF(("%s: invalid data: %zu < %zu < %zu\n", 849 __func__, sizeof(lwpid_t), data, sizeof(pls))); 850 return EINVAL; 851 } 852 error = copyin(addr, &pls.pl_lwpid, sizeof(lwpid_t)); 853 if (error) 854 return error; 855 856 if (next) { 857 lwp_delref(*lt); 858 lwpid_t tmp = pls.pl_lwpid; 859 mutex_enter(t->p_lock); 860 if (tmp == 0) 861 *lt = lwp_find_first(t); 862 else { 863 *lt = lwp_find(t, tmp); 864 if (*lt == NULL) { 865 mutex_exit(t->p_lock); 866 return ESRCH; 867 } 868 *lt = LIST_NEXT(*lt, l_sibling); 869 } 870 871 while (*lt != NULL && (!lwp_alive(*lt) || 872 ((*lt)->l_flag & LW_SYSTEM) != 0)) 873 *lt = LIST_NEXT(*lt, l_sibling); 874 875 if (*lt == NULL) { 876 memset(&pls, 0, sizeof(pls)); 877 mutex_exit(t->p_lock); 878 goto out; 879 } 880 lwp_addref(*lt); 881 mutex_exit(t->p_lock); 882 883 pls.pl_lwpid = (*lt)->l_lid; 884 } else { 885 if ((error = ptrace_update_lwp(t, lt, pls.pl_lwpid)) != 0) 886 return error; 887 } 888 889 l = *lt; 890 891 ptrace_read_lwpstatus(l, &pls); 892 893 out: 894 DPRINTF(("%s: lwp=%d sigpend=%02x%02x%02x%02x sigmask=%02x%02x%02x%02x " 895 "name='%s' private=%p\n", __func__, pls.pl_lwpid, 896 pls.pl_sigpend.__bits[0], pls.pl_sigpend.__bits[1], 897 pls.pl_sigpend.__bits[2], pls.pl_sigpend.__bits[3], 898 pls.pl_sigmask.__bits[0], pls.pl_sigmask.__bits[1], 899 pls.pl_sigmask.__bits[2], pls.pl_sigmask.__bits[3], 900 pls.pl_name, pls.pl_private)); 901 902 return ptm->ptm_copyout_lwpstatus(&pls, addr, data); 903 } 904 905 static int 906 ptrace_startstop(struct proc *t, struct lwp **lt, int rq, void *addr, 907 size_t data) 908 { 909 int error; 910 911 if ((error = ptrace_update_lwp(t, lt, data)) != 0) 912 return error; 913 914 DPRINTF(("%s: lwp=%d request=%d\n", __func__, (*lt)->l_lid, rq)); 915 lwp_lock(*lt); 916 if (rq == PT_SUSPEND) 917 (*lt)->l_flag |= LW_DBGSUSPEND; 918 else { 919 (*lt)->l_flag &= ~LW_DBGSUSPEND; 920 if ((*lt)->l_flag != LSSUSPENDED) 921 (*lt)->l_stat = LSSTOP; 922 } 923 lwp_unlock(*lt); 924 return 0; 925 } 926 927 #ifdef PT_REGISTERS 928 static int 929 ptrace_uio_dir(int req) 930 { 931 switch (req) { 932 case_PT_GETREGS 933 case_PT_GETFPREGS 934 case_PT_GETDBREGS 935 return UIO_READ; 936 case_PT_SETREGS 937 case_PT_SETFPREGS 938 case_PT_SETDBREGS 939 return UIO_WRITE; 940 default: 941 return -1; 942 } 943 } 944 945 static int 946 ptrace_regs(struct lwp *l, struct lwp **lt, int rq, struct ptrace_methods *ptm, 947 void *addr, size_t data) 948 { 949 int error; 950 struct proc *p, *t; 951 struct vmspace *vm; 952 953 p = l->l_proc; /* tracer */ 954 t = (*lt)->l_proc; /* traced */ 955 956 if ((error = ptrace_update_lwp(t, lt, data)) != 0) 957 return error; 958 959 int dir = ptrace_uio_dir(rq); 960 size_t size; 961 int (*func)(struct lwp *, struct lwp *, struct uio *); 962 963 DPRINTF(("%s: lwp=%d request=%d\n", __func__, l->l_lid, rq)); 964 965 switch (rq) { 966 #if defined(PT_SETREGS) || defined(PT_GETREGS) 967 case_PT_GETREGS 968 case_PT_SETREGS 969 if (!process_validregs(*lt)) 970 return EINVAL; 971 size = PROC_REGSZ(p); 972 func = ptm->ptm_doregs; 973 break; 974 #endif 975 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 976 case_PT_GETFPREGS 977 case_PT_SETFPREGS 978 if (!process_validfpregs(*lt)) 979 return EINVAL; 980 size = PROC_FPREGSZ(p); 981 func = ptm->ptm_dofpregs; 982 break; 983 #endif 984 #if defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 985 case_PT_GETDBREGS 986 case_PT_SETDBREGS 987 if (!process_validdbregs(*lt)) 988 return EINVAL; 989 size = PROC_DBREGSZ(p); 990 func = ptm->ptm_dodbregs; 991 break; 992 #endif 993 default: 994 return EINVAL; 995 } 996 997 error = proc_vmspace_getref(l->l_proc, &vm); 998 if (error) 999 return error; 1000 1001 struct uio uio; 1002 struct iovec iov; 1003 1004 iov.iov_base = addr; 1005 iov.iov_len = size; 1006 uio.uio_iov = &iov; 1007 uio.uio_iovcnt = 1; 1008 uio.uio_offset = 0; 1009 uio.uio_resid = iov.iov_len; 1010 uio.uio_rw = dir; 1011 uio.uio_vmspace = vm; 1012 1013 error = (*func)(l, *lt, &uio); 1014 uvmspace_free(vm); 1015 return error; 1016 } 1017 #endif 1018 1019 static int 1020 ptrace_sendsig(struct lwp *l, int req, struct proc *t, struct lwp *lt, int signo, int resume_all) 1021 { 1022 ksiginfo_t ksi; 1023 1024 /* Finally, deliver the requested signal (or none). */ 1025 if (t->p_stat == SSTOP) { 1026 /* 1027 * Unstop the process. If it needs to take a 1028 * signal, make all efforts to ensure that at 1029 * an LWP runs to see it. 1030 */ 1031 t->p_xsig = signo; 1032 1033 /* 1034 * signo > 0 check prevents a potential panic, as 1035 * sigismember(&...,0) is invalid check and signo 1036 * can be equal to 0 as a special case of no-signal. 1037 */ 1038 if (signo > 0 && sigismember(&stopsigmask, signo)) { 1039 t->p_waited = 0; 1040 child_psignal(t, 0); 1041 } else if (resume_all) 1042 proc_unstop(t); 1043 else 1044 lwp_unstop(lt); 1045 return 0; 1046 } 1047 1048 KASSERT(req == PT_KILL || req == PT_STOP || req == PT_ATTACH); 1049 1050 KSI_INIT(&ksi); 1051 ksi.ksi_signo = signo; 1052 ksi.ksi_code = SI_USER; 1053 ksi.ksi_pid = l->l_proc->p_pid; 1054 ksi.ksi_uid = kauth_cred_geteuid(l->l_cred); 1055 1056 t->p_sigctx.ps_faked = false; 1057 1058 DPRINTF(("%s: pid=%d.%d signal=%d resume_all=%d\n", __func__, t->p_pid, 1059 lt->l_lid, signo, resume_all)); 1060 1061 return kpsignal2(t, &ksi); 1062 } 1063 1064 static int 1065 ptrace_dumpcore(struct lwp *lt, char *path, size_t len) 1066 { 1067 int error; 1068 if (path != NULL) { 1069 1070 if (len >= MAXPATHLEN) 1071 return EINVAL; 1072 1073 char *src = path; 1074 path = kmem_alloc(len + 1, KM_SLEEP); 1075 error = copyin(src, path, len); 1076 if (error) 1077 goto out; 1078 path[len] = '\0'; 1079 } 1080 DPRINTF(("%s: lwp=%d\n", __func__, lt->l_lid)); 1081 MODULE_HOOK_CALL(coredump_hook, (lt, path), 0, error); 1082 out: 1083 if (path) 1084 kmem_free(path, len + 1); 1085 return error; 1086 } 1087 1088 static int 1089 ptrace_doio(struct lwp *l, struct proc *t, struct lwp *lt, 1090 struct ptrace_io_desc *piod, void *addr, bool sysspace) 1091 { 1092 struct uio uio; 1093 struct iovec iov; 1094 int error, tmp; 1095 1096 error = 0; 1097 iov.iov_base = piod->piod_addr; 1098 iov.iov_len = piod->piod_len; 1099 uio.uio_iov = &iov; 1100 uio.uio_iovcnt = 1; 1101 uio.uio_offset = (off_t)(unsigned long)piod->piod_offs; 1102 uio.uio_resid = piod->piod_len; 1103 1104 DPRINTF(("%s: lwp=%d request=%d\n", __func__, l->l_lid, piod->piod_op)); 1105 1106 switch (piod->piod_op) { 1107 case PIOD_READ_D: 1108 case PIOD_READ_I: 1109 uio.uio_rw = UIO_READ; 1110 break; 1111 case PIOD_WRITE_D: 1112 case PIOD_WRITE_I: 1113 /* 1114 * Can't write to a RAS 1115 */ 1116 if (ras_lookup(t, addr) != (void *)-1) { 1117 return EACCES; 1118 } 1119 uio.uio_rw = UIO_WRITE; 1120 break; 1121 case PIOD_READ_AUXV: 1122 uio.uio_rw = UIO_READ; 1123 tmp = t->p_execsw->es_arglen; 1124 if (uio.uio_offset > tmp) 1125 return EIO; 1126 if (uio.uio_resid > tmp - uio.uio_offset) 1127 uio.uio_resid = tmp - uio.uio_offset; 1128 piod->piod_len = iov.iov_len = uio.uio_resid; 1129 error = process_auxv_offset(t, &uio); 1130 break; 1131 default: 1132 error = EINVAL; 1133 break; 1134 } 1135 1136 if (error) 1137 return error; 1138 1139 if (sysspace) { 1140 uio.uio_vmspace = vmspace_kernel(); 1141 } else { 1142 error = proc_vmspace_getref(l->l_proc, &uio.uio_vmspace); 1143 if (error) 1144 return error; 1145 } 1146 1147 error = process_domem(l, lt, &uio); 1148 if (!sysspace) 1149 uvmspace_free(uio.uio_vmspace); 1150 if (error) 1151 return error; 1152 piod->piod_len -= uio.uio_resid; 1153 return 0; 1154 } 1155 1156 int 1157 do_ptrace(struct ptrace_methods *ptm, struct lwp *l, int req, pid_t pid, 1158 void *addr, int data, register_t *retval) 1159 { 1160 struct proc *p = l->l_proc; 1161 struct lwp *lt = NULL; 1162 struct lwp *lt2; 1163 struct proc *t; /* target process */ 1164 struct ptrace_io_desc piod; 1165 int error, write, tmp, pheld; 1166 int signo = 0; 1167 int resume_all; 1168 bool locked; 1169 error = 0; 1170 1171 /* 1172 * If attaching or detaching, we need to get a write hold on the 1173 * proclist lock so that we can re-parent the target process. 1174 */ 1175 mutex_enter(&proc_lock); 1176 1177 t = ptrace_find(l, req, pid); 1178 if (t == NULL) { 1179 mutex_exit(&proc_lock); 1180 return ESRCH; 1181 } 1182 1183 pheld = 1; 1184 if ((error = ptrace_allowed(l, req, t, p, &locked)) != 0) 1185 goto out; 1186 1187 if ((error = kauth_authorize_process(l->l_cred, 1188 KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req), NULL, NULL)) != 0) 1189 goto out; 1190 1191 if ((lt = lwp_find_first(t)) == NULL) { 1192 error = ESRCH; 1193 goto out; 1194 } 1195 1196 /* Do single-step fixup if needed. */ 1197 FIX_SSTEP(t); 1198 KASSERT(lt != NULL); 1199 lwp_addref(lt); 1200 1201 /* 1202 * Which locks do we need held? XXX Ugly. 1203 */ 1204 if ((pheld = ptrace_needs_hold(req)) == 0) { 1205 mutex_exit(t->p_lock); 1206 mutex_exit(&proc_lock); 1207 } 1208 1209 /* Now do the operation. */ 1210 write = 0; 1211 *retval = 0; 1212 tmp = 0; 1213 resume_all = 1; 1214 1215 switch (req) { 1216 case PT_TRACE_ME: 1217 /* Just set the trace flag. */ 1218 SET(t->p_slflag, PSL_TRACED); 1219 t->p_opptr = t->p_pptr; 1220 break; 1221 1222 /* 1223 * The I and D separate address space has been inherited from PDP-11. 1224 * The 16-bit UNIX started with a single address space per program, 1225 * but was extended to two 16-bit (2 x 64kb) address spaces. 1226 * 1227 * We no longer maintain this feature in maintained architectures, but 1228 * we keep the API for backward compatiblity. Currently the I and D 1229 * operations are exactly the same and not distinguished in debuggers. 1230 */ 1231 case PT_WRITE_I: 1232 case PT_WRITE_D: 1233 write = 1; 1234 tmp = data; 1235 /* FALLTHROUGH */ 1236 case PT_READ_I: 1237 case PT_READ_D: 1238 piod.piod_addr = &tmp; 1239 piod.piod_len = sizeof(tmp); 1240 piod.piod_offs = addr; 1241 piod.piod_op = write ? PIOD_WRITE_D : PIOD_READ_D; 1242 if ((error = ptrace_doio(l, t, lt, &piod, addr, true)) != 0) 1243 break; 1244 /* 1245 * For legacy reasons we treat here two results as success: 1246 * - incomplete transfer piod.piod_len < sizeof(tmp) 1247 * - no transfer piod.piod_len == 0 1248 * 1249 * This means that there is no way to determine whether 1250 * transfer operation was performed in PT_WRITE and PT_READ 1251 * calls. 1252 */ 1253 if (!write) 1254 *retval = tmp; 1255 break; 1256 1257 case PT_IO: 1258 if ((error = ptm->ptm_copyin_piod(&piod, addr, data)) != 0) 1259 break; 1260 if (piod.piod_len < 1) { 1261 error = EINVAL; 1262 break; 1263 } 1264 if ((error = ptrace_doio(l, t, lt, &piod, addr, false)) != 0) 1265 break; 1266 /* 1267 * For legacy reasons we treat here two results as success: 1268 * - incomplete transfer piod.piod_len < sizeof(tmp) 1269 * - no transfer piod.piod_len == 0 1270 */ 1271 error = ptm->ptm_copyout_piod(&piod, addr, data); 1272 break; 1273 1274 case PT_DUMPCORE: 1275 error = ptrace_dumpcore(lt, addr, data); 1276 break; 1277 1278 #ifdef PT_STEP 1279 case PT_STEP: 1280 /* 1281 * From the 4.4BSD PRM: 1282 * "Execution continues as in request PT_CONTINUE; however 1283 * as soon as possible after execution of at least one 1284 * instruction, execution stops again. [ ... ]" 1285 */ 1286 #endif 1287 case PT_CONTINUE: 1288 case PT_SYSCALL: 1289 case PT_DETACH: 1290 if (req == PT_SYSCALL) { 1291 if (!ISSET(t->p_slflag, PSL_SYSCALL)) { 1292 SET(t->p_slflag, PSL_SYSCALL); 1293 #ifdef __HAVE_SYSCALL_INTERN 1294 (*t->p_emul->e_syscall_intern)(t); 1295 #endif 1296 } 1297 } else { 1298 if (ISSET(t->p_slflag, PSL_SYSCALL)) { 1299 CLR(t->p_slflag, PSL_SYSCALL); 1300 #ifdef __HAVE_SYSCALL_INTERN 1301 (*t->p_emul->e_syscall_intern)(t); 1302 #endif 1303 } 1304 } 1305 t->p_trace_enabled = trace_is_enabled(t); 1306 1307 /* 1308 * Pick up the LWPID, if supplied. There are two cases: 1309 * data < 0 : step or continue single thread, lwp = -data 1310 * data > 0 in PT_STEP : step this thread, continue others 1311 * For operations other than PT_STEP, data > 0 means 1312 * data is the signo to deliver to the process. 1313 */ 1314 tmp = data; 1315 if (tmp >= 0) { 1316 #ifdef PT_STEP 1317 if (req == PT_STEP) 1318 signo = 0; 1319 else 1320 #endif 1321 { 1322 signo = tmp; 1323 tmp = 0; /* don't search for LWP */ 1324 } 1325 } else if (tmp == INT_MIN) { 1326 error = ESRCH; 1327 break; 1328 } else { 1329 tmp = -tmp; 1330 } 1331 1332 if (tmp > 0) { 1333 if (req == PT_DETACH) { 1334 error = EINVAL; 1335 break; 1336 } 1337 lwp_delref2 (lt); 1338 lt = lwp_find(t, tmp); 1339 if (lt == NULL) { 1340 error = ESRCH; 1341 break; 1342 } 1343 lwp_addref(lt); 1344 resume_all = 0; 1345 signo = 0; 1346 } 1347 1348 /* 1349 * From the 4.4BSD PRM: 1350 * "The data argument is taken as a signal number and the 1351 * child's execution continues at location addr as if it 1352 * incurred that signal. Normally the signal number will 1353 * be either 0 to indicate that the signal that caused the 1354 * stop should be ignored, or that value fetched out of 1355 * the process's image indicating which signal caused 1356 * the stop. If addr is (int *)1 then execution continues 1357 * from where it stopped." 1358 */ 1359 1360 /* Check that the data is a valid signal number or zero. */ 1361 if (signo < 0 || signo >= NSIG) { 1362 error = EINVAL; 1363 break; 1364 } 1365 1366 /* Prevent process deadlock */ 1367 if (resume_all) { 1368 #ifdef PT_STEP 1369 if (req == PT_STEP) { 1370 if (lt->l_flag & 1371 (LW_WSUSPEND | LW_DBGSUSPEND)) { 1372 error = EDEADLK; 1373 break; 1374 } 1375 } else 1376 #endif 1377 { 1378 error = EDEADLK; 1379 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1380 if ((lt2->l_flag & 1381 (LW_WSUSPEND | LW_DBGSUSPEND)) == 0 1382 ) { 1383 error = 0; 1384 break; 1385 } 1386 } 1387 if (error != 0) 1388 break; 1389 } 1390 } else { 1391 if (lt->l_flag & (LW_WSUSPEND | LW_DBGSUSPEND)) { 1392 error = EDEADLK; 1393 break; 1394 } 1395 } 1396 1397 /* 1398 * Reject setting program counter to 0x0 if VA0 is disabled. 1399 * 1400 * Not all kernels implement this feature to set Program 1401 * Counter in one go in PT_CONTINUE and similar operations. 1402 * This causes portability issues as passing address 0x0 1403 * on these kernels is no-operation, but can cause failure 1404 * in most cases on NetBSD. 1405 */ 1406 if (user_va0_disable && addr == 0) { 1407 error = EINVAL; 1408 break; 1409 } 1410 1411 /* If the address parameter is not (int *)1, set the pc. */ 1412 if ((int *)addr != (int *)1) { 1413 error = process_set_pc(lt, addr); 1414 if (error != 0) 1415 break; 1416 } 1417 #ifdef PT_STEP 1418 /* 1419 * Arrange for a single-step, if that's requested and possible. 1420 * More precisely, set the single step status as requested for 1421 * the requested thread, and clear it for other threads. 1422 */ 1423 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1424 if (ISSET(lt2->l_pflag, LP_SINGLESTEP)) { 1425 lwp_lock(lt2); 1426 process_sstep(lt2, 1); 1427 lwp_unlock(lt2); 1428 } else if (lt != lt2) { 1429 lwp_lock(lt2); 1430 process_sstep(lt2, 0); 1431 lwp_unlock(lt2); 1432 } 1433 } 1434 error = process_sstep(lt, 1435 ISSET(lt->l_pflag, LP_SINGLESTEP) || req == PT_STEP); 1436 if (error) 1437 break; 1438 #endif 1439 if (req == PT_DETACH) { 1440 CLR(t->p_slflag, 1441 PSL_TRACED|PSL_TRACEDCHILD|PSL_SYSCALL); 1442 1443 /* clear sigpass mask */ 1444 sigemptyset(&t->p_sigctx.ps_sigpass); 1445 1446 /* give process back to original parent or init */ 1447 if (t->p_opptr != t->p_pptr) { 1448 struct proc *pp = t->p_opptr; 1449 proc_reparent(t, pp ? pp : initproc); 1450 } 1451 1452 /* not being traced any more */ 1453 t->p_opptr = NULL; 1454 1455 /* clear single step */ 1456 LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { 1457 CLR(lt2->l_pflag, LP_SINGLESTEP); 1458 } 1459 CLR(lt->l_pflag, LP_SINGLESTEP); 1460 } 1461 sendsig: 1462 error = ptrace_sendsig(l, req, t, lt, signo, resume_all); 1463 break; 1464 1465 case PT_SYSCALLEMU: 1466 if (!ISSET(t->p_slflag, PSL_SYSCALL) || t->p_stat != SSTOP) { 1467 error = EINVAL; 1468 break; 1469 } 1470 SET(t->p_slflag, PSL_SYSCALLEMU); 1471 break; 1472 1473 #ifdef PT_STEP 1474 case PT_SETSTEP: 1475 write = 1; 1476 1477 /* FALLTHROUGH */ 1478 case PT_CLEARSTEP: 1479 /* write = 0 done above. */ 1480 if ((error = ptrace_update_lwp(t, <, data)) != 0) 1481 break; 1482 1483 if (write) 1484 SET(lt->l_pflag, LP_SINGLESTEP); 1485 else 1486 CLR(lt->l_pflag, LP_SINGLESTEP); 1487 break; 1488 #endif 1489 1490 case PT_KILL: 1491 /* just send the process a KILL signal. */ 1492 signo = SIGKILL; 1493 goto sendsig; /* in PT_CONTINUE, above. */ 1494 1495 case PT_STOP: 1496 /* just send the process a STOP signal. */ 1497 signo = SIGSTOP; 1498 goto sendsig; /* in PT_CONTINUE, above. */ 1499 1500 case PT_ATTACH: 1501 /* 1502 * Go ahead and set the trace flag. 1503 * Save the old parent (it's reset in 1504 * _DETACH, and also in kern_exit.c:wait4() 1505 * Reparent the process so that the tracing 1506 * proc gets to see all the action. 1507 * Stop the target. 1508 */ 1509 proc_changeparent(t, p); 1510 signo = SIGSTOP; 1511 goto sendsig; 1512 1513 case PT_GET_EVENT_MASK: 1514 error = ptrace_get_event_mask(t, addr, data); 1515 break; 1516 1517 case PT_SET_EVENT_MASK: 1518 error = ptrace_set_event_mask(t, addr, data); 1519 break; 1520 1521 case PT_GET_PROCESS_STATE: 1522 error = ptrace_get_process_state(t, addr, data); 1523 break; 1524 1525 case PT_LWPINFO: 1526 error = ptrace_lwpinfo(t, <, addr, data); 1527 break; 1528 1529 case PT_SET_SIGINFO: 1530 error = ptrace_set_siginfo(t, <, ptm, addr, data); 1531 break; 1532 1533 case PT_GET_SIGINFO: 1534 error = ptrace_get_siginfo(t, ptm, addr, data); 1535 break; 1536 1537 case PT_RESUME: 1538 case PT_SUSPEND: 1539 error = ptrace_startstop(t, <, req, addr, data); 1540 break; 1541 1542 case PT_LWPSTATUS: 1543 error = ptrace_lwpstatus(t, ptm, <, addr, data, false); 1544 break; 1545 1546 case PT_LWPNEXT: 1547 error = ptrace_lwpstatus(t, ptm, <, addr, data, true); 1548 break; 1549 1550 case PT_SET_SIGPASS: 1551 error = ptrace_set_sigpass(t, addr, data); 1552 break; 1553 1554 case PT_GET_SIGPASS: 1555 error = ptrace_get_sigpass(t, addr, data); 1556 break; 1557 1558 #ifdef PT_REGISTERS 1559 case_PT_SETREGS 1560 case_PT_GETREGS 1561 case_PT_SETFPREGS 1562 case_PT_GETFPREGS 1563 case_PT_SETDBREGS 1564 case_PT_GETDBREGS 1565 error = ptrace_regs(l, <, req, ptm, addr, data); 1566 break; 1567 #endif 1568 1569 #ifdef __HAVE_PTRACE_MACHDEP 1570 PTRACE_MACHDEP_REQUEST_CASES 1571 error = ptrace_machdep_dorequest(l, lt, req, addr, data); 1572 break; 1573 #endif 1574 } 1575 1576 out: 1577 if (pheld) { 1578 mutex_exit(t->p_lock); 1579 mutex_exit(&proc_lock); 1580 } 1581 if (lt != NULL) 1582 lwp_delref(lt); 1583 if (locked) 1584 rw_exit(&t->p_reflock); 1585 1586 return error; 1587 } 1588 1589 typedef int (*regrfunc_t)(struct lwp *, void *, size_t *); 1590 typedef int (*regwfunc_t)(struct lwp *, void *, size_t); 1591 1592 #ifdef PT_REGISTERS 1593 static int 1594 proc_regio(struct lwp *l, struct uio *uio, size_t ks, regrfunc_t r, 1595 regwfunc_t w) 1596 { 1597 char buf[1024]; 1598 int error; 1599 char *kv; 1600 size_t kl; 1601 1602 if (ks > sizeof(buf)) 1603 return E2BIG; 1604 1605 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)ks) 1606 return EINVAL; 1607 1608 kv = buf + uio->uio_offset; 1609 kl = ks - uio->uio_offset; 1610 1611 if (kl > uio->uio_resid) 1612 kl = uio->uio_resid; 1613 1614 error = (*r)(l, buf, &ks); 1615 if (error == 0) 1616 error = uiomove(kv, kl, uio); 1617 if (error == 0 && uio->uio_rw == UIO_WRITE) { 1618 if (l->l_stat != LSSTOP) 1619 error = EBUSY; 1620 else 1621 error = (*w)(l, buf, ks); 1622 } 1623 1624 uio->uio_offset = 0; 1625 return error; 1626 } 1627 #endif 1628 1629 int 1630 process_doregs(struct lwp *curl /*tracer*/, 1631 struct lwp *l /*traced*/, 1632 struct uio *uio) 1633 { 1634 #if defined(PT_GETREGS) || defined(PT_SETREGS) 1635 size_t s; 1636 regrfunc_t r; 1637 regwfunc_t w; 1638 1639 #ifdef COMPAT_NETBSD32 1640 const bool pk32 = (curl->l_proc->p_flag & PK_32) != 0; 1641 1642 if (__predict_false(pk32)) { 1643 if ((l->l_proc->p_flag & PK_32) == 0) { 1644 // 32 bit tracer can't trace 64 bit process 1645 return EINVAL; 1646 } 1647 s = sizeof(process_reg32); 1648 r = __FPTRCAST(regrfunc_t, process_read_regs32); 1649 w = __FPTRCAST(regwfunc_t, process_write_regs32); 1650 } else 1651 #endif 1652 { 1653 s = sizeof(struct reg); 1654 r = __FPTRCAST(regrfunc_t, process_read_regs); 1655 w = __FPTRCAST(regwfunc_t, process_write_regs); 1656 } 1657 return proc_regio(l, uio, s, r, w); 1658 #else 1659 return EINVAL; 1660 #endif 1661 } 1662 1663 int 1664 process_validregs(struct lwp *l) 1665 { 1666 1667 #if defined(PT_SETREGS) || defined(PT_GETREGS) 1668 return (l->l_flag & LW_SYSTEM) == 0; 1669 #else 1670 return 0; 1671 #endif 1672 } 1673 1674 int 1675 process_dofpregs(struct lwp *curl /*tracer*/, 1676 struct lwp *l /*traced*/, 1677 struct uio *uio) 1678 { 1679 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 1680 size_t s; 1681 regrfunc_t r; 1682 regwfunc_t w; 1683 1684 #ifdef COMPAT_NETBSD32 1685 const bool pk32 = (curl->l_proc->p_flag & PK_32) != 0; 1686 1687 if (__predict_false(pk32)) { 1688 if ((l->l_proc->p_flag & PK_32) == 0) { 1689 // 32 bit tracer can't trace 64 bit process 1690 return EINVAL; 1691 } 1692 s = sizeof(process_fpreg32); 1693 r = (regrfunc_t)process_read_fpregs32; 1694 w = (regwfunc_t)process_write_fpregs32; 1695 } else 1696 #endif 1697 { 1698 s = sizeof(struct fpreg); 1699 r = (regrfunc_t)process_read_fpregs; 1700 w = (regwfunc_t)process_write_fpregs; 1701 } 1702 return proc_regio(l, uio, s, r, w); 1703 #else 1704 return EINVAL; 1705 #endif 1706 } 1707 1708 int 1709 process_validfpregs(struct lwp *l) 1710 { 1711 1712 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 1713 return (l->l_flag & LW_SYSTEM) == 0; 1714 #else 1715 return 0; 1716 #endif 1717 } 1718 1719 int 1720 process_dodbregs(struct lwp *curl /*tracer*/, 1721 struct lwp *l /*traced*/, 1722 struct uio *uio) 1723 { 1724 #if defined(PT_GETDBREGS) || defined(PT_SETDBREGS) 1725 size_t s; 1726 regrfunc_t r; 1727 regwfunc_t w; 1728 1729 #ifdef COMPAT_NETBSD32 1730 const bool pk32 = (curl->l_proc->p_flag & PK_32) != 0; 1731 1732 if (__predict_false(pk32)) { 1733 if ((l->l_proc->p_flag & PK_32) == 0) { 1734 // 32 bit tracer can't trace 64 bit process 1735 return EINVAL; 1736 } 1737 s = sizeof(process_dbreg32); 1738 r = (regrfunc_t)process_read_dbregs32; 1739 w = (regwfunc_t)process_write_dbregs32; 1740 } else 1741 #endif 1742 { 1743 s = sizeof(struct dbreg); 1744 r = (regrfunc_t)process_read_dbregs; 1745 w = (regwfunc_t)process_write_dbregs; 1746 } 1747 return proc_regio(l, uio, s, r, w); 1748 #else 1749 return EINVAL; 1750 #endif 1751 } 1752 1753 int 1754 process_validdbregs(struct lwp *l) 1755 { 1756 1757 #if defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 1758 return (l->l_flag & LW_SYSTEM) == 0; 1759 #else 1760 return 0; 1761 #endif 1762 } 1763 1764 static int 1765 process_auxv_offset(struct proc *p, struct uio *uio) 1766 { 1767 struct ps_strings pss; 1768 int error; 1769 off_t off = (off_t)p->p_psstrp; 1770 1771 if ((error = copyin_psstrings(p, &pss)) != 0) 1772 return error; 1773 1774 if (pss.ps_envstr == NULL) 1775 return EIO; 1776 1777 #ifdef COMPAT_NETBSD32 1778 if (p->p_flag & PK_32) 1779 uio->uio_offset += (off_t)((vaddr_t)pss.ps_envstr + 1780 sizeof(uint32_t) * (pss.ps_nenvstr + 1)); 1781 else 1782 #endif 1783 uio->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + 1784 pss.ps_nenvstr + 1); 1785 1786 #ifdef __MACHINE_STACK_GROWS_UP 1787 if (uio->uio_offset < off) 1788 return EIO; 1789 #else 1790 if (uio->uio_offset > off) 1791 return EIO; 1792 if ((uio->uio_offset + uio->uio_resid) > off) 1793 uio->uio_resid = off - uio->uio_offset; 1794 #endif 1795 return 0; 1796 } 1797 #endif /* PTRACE */ 1798 1799 MODULE(MODULE_CLASS_EXEC, ptrace_common, NULL); 1800 1801 static int 1802 ptrace_common_modcmd(modcmd_t cmd, void *arg) 1803 { 1804 int error; 1805 1806 switch (cmd) { 1807 case MODULE_CMD_INIT: 1808 error = ptrace_init(); 1809 break; 1810 case MODULE_CMD_FINI: 1811 error = ptrace_fini(); 1812 break; 1813 default: 1814 ptrace_hooks(); 1815 error = ENOTTY; 1816 break; 1817 } 1818 return error; 1819 } 1820
Indexes created Thu Sep 25 15:09:46 GMT 2025