1 | /* $NetBSD: sys_ptrace_common.c,v 1.5 2016/11/19 19:06:12 christos Exp $ */ |
2 | |
3 | /*- |
4 | * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. |
5 | * All rights reserved. |
6 | * |
7 | * This code is derived from software contributed to The NetBSD Foundation |
8 | * by Andrew Doran. |
9 | * |
10 | * Redistribution and use in source and binary forms, with or without |
11 | * modification, are permitted provided that the following conditions |
12 | * are met: |
13 | * 1. Redistributions of source code must retain the above copyright |
14 | * notice, this list of conditions and the following disclaimer. |
15 | * 2. Redistributions in binary form must reproduce the above copyright |
16 | * notice, this list of conditions and the following disclaimer in the |
17 | * documentation and/or other materials provided with the distribution. |
18 | * |
19 | * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS |
20 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
21 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
22 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
23 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
24 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
25 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
27 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
28 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
29 | * POSSIBILITY OF SUCH DAMAGE. |
30 | */ |
31 | |
32 | /*- |
33 | * Copyright (c) 1982, 1986, 1989, 1993 |
34 | * The Regents of the University of California. All rights reserved. |
35 | * (c) UNIX System Laboratories, Inc. |
36 | * All or some portions of this file are derived from material licensed |
37 | * to the University of California by American Telephone and Telegraph |
38 | * Co. or Unix System Laboratories, Inc. and are reproduced herein with |
39 | * the permission of UNIX System Laboratories, Inc. |
40 | * |
41 | * This code is derived from software contributed to Berkeley by |
42 | * Jan-Simon Pendry. |
43 | * |
44 | * Redistribution and use in source and binary forms, with or without |
45 | * modification, are permitted provided that the following conditions |
46 | * are met: |
47 | * 1. Redistributions of source code must retain the above copyright |
48 | * notice, this list of conditions and the following disclaimer. |
49 | * 2. Redistributions in binary form must reproduce the above copyright |
50 | * notice, this list of conditions and the following disclaimer in the |
51 | * documentation and/or other materials provided with the distribution. |
52 | * 3. Neither the name of the University nor the names of its contributors |
53 | * may be used to endorse or promote products derived from this software |
54 | * without specific prior written permission. |
55 | * |
56 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
57 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
58 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
59 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
60 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
61 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
62 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
63 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
64 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
65 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
66 | * SUCH DAMAGE. |
67 | * |
68 | * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 |
69 | */ |
70 | |
71 | /*- |
72 | * Copyright (c) 1993 Jan-Simon Pendry. |
73 | * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. |
74 | * |
75 | * This code is derived from software contributed to Berkeley by |
76 | * Jan-Simon Pendry. |
77 | * |
78 | * Redistribution and use in source and binary forms, with or without |
79 | * modification, are permitted provided that the following conditions |
80 | * are met: |
81 | * 1. Redistributions of source code must retain the above copyright |
82 | * notice, this list of conditions and the following disclaimer. |
83 | * 2. Redistributions in binary form must reproduce the above copyright |
84 | * notice, this list of conditions and the following disclaimer in the |
85 | * documentation and/or other materials provided with the distribution. |
86 | * 3. All advertising materials mentioning features or use of this software |
87 | * must display the following acknowledgement: |
88 | * This product includes software developed by the University of |
89 | * California, Berkeley and its contributors. |
90 | * 4. Neither the name of the University nor the names of its contributors |
91 | * may be used to endorse or promote products derived from this software |
92 | * without specific prior written permission. |
93 | * |
94 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
95 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
96 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
97 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
98 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
99 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
100 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
101 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
102 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
103 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
104 | * SUCH DAMAGE. |
105 | * |
106 | * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 |
107 | */ |
108 | |
109 | /* |
110 | * References: |
111 | * (1) Bach's "The Design of the UNIX Operating System", |
112 | * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, |
113 | * (3) the "4.4BSD Programmer's Reference Manual" published |
114 | * by USENIX and O'Reilly & Associates. |
115 | * The 4.4BSD PRM does a reasonably good job of documenting what the various |
116 | * ptrace() requests should actually do, and its text is quoted several times |
117 | * in this file. |
118 | */ |
119 | |
120 | #include <sys/cdefs.h> |
121 | __KERNEL_RCSID(0, "$NetBSD: sys_ptrace_common.c,v 1.5 2016/11/19 19:06:12 christos Exp $" ); |
122 | |
123 | #ifdef _KERNEL_OPT |
124 | #include "opt_ptrace.h" |
125 | #include "opt_ktrace.h" |
126 | #include "opt_pax.h" |
127 | #endif |
128 | |
129 | #include <sys/param.h> |
130 | #include <sys/systm.h> |
131 | #include <sys/proc.h> |
132 | #include <sys/errno.h> |
133 | #include <sys/exec.h> |
134 | #include <sys/pax.h> |
135 | #include <sys/ptrace.h> |
136 | #include <sys/uio.h> |
137 | #include <sys/ras.h> |
138 | #include <sys/kmem.h> |
139 | #include <sys/kauth.h> |
140 | #include <sys/mount.h> |
141 | #include <sys/syscallargs.h> |
142 | #include <sys/module.h> |
143 | #include <sys/condvar.h> |
144 | #include <sys/mutex.h> |
145 | |
146 | #include <uvm/uvm_extern.h> |
147 | |
148 | #include <machine/reg.h> |
149 | |
150 | #ifdef PTRACE |
151 | |
152 | # ifdef DEBUG |
153 | # define DPRINTF(a) uprintf a |
154 | # else |
155 | # define DPRINTF(a) |
156 | # endif |
157 | |
158 | static kauth_listener_t ptrace_listener; |
159 | static int process_auxv_offset(struct proc *, struct uio *); |
160 | |
161 | #if 0 |
162 | static int ptrace_cbref; |
163 | static kmutex_t ptrace_mtx; |
164 | static kcondvar_t ptrace_cv; |
165 | #endif |
166 | |
167 | static int |
168 | ptrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, |
169 | void *arg0, void *arg1, void *arg2, void *arg3) |
170 | { |
171 | struct proc *p; |
172 | int result; |
173 | |
174 | result = KAUTH_RESULT_DEFER; |
175 | p = arg0; |
176 | |
177 | #if 0 |
178 | mutex_enter(&ptrace_mtx); |
179 | ptrace_cbref++; |
180 | mutex_exit(&ptrace_mtx); |
181 | #endif |
182 | if (action != KAUTH_PROCESS_PTRACE) |
183 | goto out; |
184 | |
185 | switch ((u_long)arg1) { |
186 | case PT_TRACE_ME: |
187 | case PT_ATTACH: |
188 | case PT_WRITE_I: |
189 | case PT_WRITE_D: |
190 | case PT_READ_I: |
191 | case PT_READ_D: |
192 | case PT_IO: |
193 | #ifdef PT_GETREGS |
194 | case PT_GETREGS: |
195 | #endif |
196 | #ifdef PT_SETREGS |
197 | case PT_SETREGS: |
198 | #endif |
199 | #ifdef PT_GETFPREGS |
200 | case PT_GETFPREGS: |
201 | #endif |
202 | #ifdef PT_SETFPREGS |
203 | case PT_SETFPREGS: |
204 | #endif |
205 | case PT_SET_EVENT_MASK: |
206 | case PT_GET_EVENT_MASK: |
207 | case PT_GET_PROCESS_STATE: |
208 | #ifdef __HAVE_PTRACE_MACHDEP |
209 | PTRACE_MACHDEP_REQUEST_CASES |
210 | #endif |
211 | if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) || |
212 | ISSET(p->p_flag, PK_SUGID)) { |
213 | break; |
214 | } |
215 | |
216 | result = KAUTH_RESULT_ALLOW; |
217 | |
218 | break; |
219 | |
220 | #ifdef PT_STEP |
221 | case PT_STEP: |
222 | #endif |
223 | case PT_CONTINUE: |
224 | case PT_KILL: |
225 | case PT_DETACH: |
226 | case PT_LWPINFO: |
227 | case PT_SYSCALL: |
228 | case PT_SYSCALLEMU: |
229 | case PT_DUMPCORE: |
230 | result = KAUTH_RESULT_ALLOW; |
231 | break; |
232 | |
233 | default: |
234 | break; |
235 | } |
236 | |
237 | out: |
238 | #if 0 |
239 | mutex_enter(&ptrace_mtx); |
240 | if (--ptrace_cbref == 0) |
241 | cv_broadcast(&ptrace_cv); |
242 | mutex_exit(&ptrace_mtx); |
243 | #endif |
244 | |
245 | return result; |
246 | } |
247 | |
248 | int |
249 | ptrace_init(void) |
250 | { |
251 | |
252 | #if 0 |
253 | mutex_init(&ptrace_mtx, MUTEX_DEFAULT, IPL_NONE); |
254 | cv_init(&ptrace_cv, "ptracecb" ); |
255 | ptrace_cbref = 0; |
256 | #endif |
257 | ptrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, |
258 | ptrace_listener_cb, NULL); |
259 | return 0; |
260 | } |
261 | |
262 | int |
263 | ptrace_fini(void) |
264 | { |
265 | |
266 | kauth_unlisten_scope(ptrace_listener); |
267 | |
268 | #if 0 |
269 | /* Make sure no-one is executing our kauth listener */ |
270 | |
271 | mutex_enter(&ptrace_mtx); |
272 | while (ptrace_cbref != 0) |
273 | cv_wait(&ptrace_cv, &ptrace_mtx); |
274 | mutex_exit(&ptrace_mtx); |
275 | mutex_destroy(&ptrace_mtx); |
276 | cv_destroy(&ptrace_cv); |
277 | #endif |
278 | |
279 | return 0; |
280 | } |
281 | |
282 | int |
283 | do_ptrace(struct ptrace_methods *ptm, struct lwp *l, int req, pid_t pid, |
284 | void *addr, int data, register_t *retval) |
285 | { |
286 | struct proc *p = l->l_proc; |
287 | struct lwp *lt; |
288 | #ifdef PT_STEP |
289 | struct lwp *lt2; |
290 | #endif |
291 | struct proc *t; /* target process */ |
292 | struct uio uio; |
293 | struct iovec iov; |
294 | struct ptrace_io_desc piod; |
295 | struct ptrace_event pe; |
296 | struct ptrace_state ps; |
297 | struct ptrace_lwpinfo pl; |
298 | struct vmspace *vm; |
299 | int error, write, tmp, pheld; |
300 | int signo = 0; |
301 | int resume_all; |
302 | ksiginfo_t ksi; |
303 | char *path; |
304 | int len = 0; |
305 | error = 0; |
306 | |
307 | /* |
308 | * If attaching or detaching, we need to get a write hold on the |
309 | * proclist lock so that we can re-parent the target process. |
310 | */ |
311 | mutex_enter(proc_lock); |
312 | |
313 | /* "A foolish consistency..." XXX */ |
314 | if (req == PT_TRACE_ME) { |
315 | t = p; |
316 | mutex_enter(t->p_lock); |
317 | } else { |
318 | /* Find the process we're supposed to be operating on. */ |
319 | t = proc_find(pid); |
320 | if (t == NULL) { |
321 | mutex_exit(proc_lock); |
322 | return ESRCH; |
323 | } |
324 | |
325 | /* XXX-elad */ |
326 | mutex_enter(t->p_lock); |
327 | error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, |
328 | t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); |
329 | if (error) { |
330 | mutex_exit(proc_lock); |
331 | mutex_exit(t->p_lock); |
332 | return ESRCH; |
333 | } |
334 | } |
335 | |
336 | /* |
337 | * Grab a reference on the process to prevent it from execing or |
338 | * exiting. |
339 | */ |
340 | if (!rw_tryenter(&t->p_reflock, RW_READER)) { |
341 | mutex_exit(proc_lock); |
342 | mutex_exit(t->p_lock); |
343 | return EBUSY; |
344 | } |
345 | |
346 | /* Make sure we can operate on it. */ |
347 | switch (req) { |
348 | case PT_TRACE_ME: |
349 | /* Saying that you're being traced is always legal. */ |
350 | break; |
351 | |
352 | case PT_ATTACH: |
353 | /* |
354 | * You can't attach to a process if: |
355 | * (1) it's the process that's doing the attaching, |
356 | */ |
357 | if (t->p_pid == p->p_pid) { |
358 | error = EINVAL; |
359 | break; |
360 | } |
361 | |
362 | /* |
363 | * (2) it's a system process |
364 | */ |
365 | if (t->p_flag & PK_SYSTEM) { |
366 | error = EPERM; |
367 | break; |
368 | } |
369 | |
370 | /* |
371 | * (3) it's already being traced, or |
372 | */ |
373 | if (ISSET(t->p_slflag, PSL_TRACED)) { |
374 | error = EBUSY; |
375 | break; |
376 | } |
377 | |
378 | /* |
379 | * (4) the tracer is chrooted, and its root directory is |
380 | * not at or above the root directory of the tracee |
381 | */ |
382 | mutex_exit(t->p_lock); /* XXXSMP */ |
383 | tmp = proc_isunder(t, l); |
384 | mutex_enter(t->p_lock); /* XXXSMP */ |
385 | if (!tmp) { |
386 | error = EPERM; |
387 | break; |
388 | } |
389 | break; |
390 | |
391 | case PT_READ_I: |
392 | case PT_READ_D: |
393 | case PT_WRITE_I: |
394 | case PT_WRITE_D: |
395 | case PT_IO: |
396 | #ifdef PT_GETREGS |
397 | case PT_GETREGS: |
398 | #endif |
399 | #ifdef PT_SETREGS |
400 | case PT_SETREGS: |
401 | #endif |
402 | #ifdef PT_GETFPREGS |
403 | case PT_GETFPREGS: |
404 | #endif |
405 | #ifdef PT_SETFPREGS |
406 | case PT_SETFPREGS: |
407 | #endif |
408 | #ifdef __HAVE_PTRACE_MACHDEP |
409 | PTRACE_MACHDEP_REQUEST_CASES |
410 | #endif |
411 | /* |
412 | * You can't read/write the memory or registers of a process |
413 | * if the tracer is chrooted, and its root directory is not at |
414 | * or above the root directory of the tracee. |
415 | */ |
416 | mutex_exit(t->p_lock); /* XXXSMP */ |
417 | tmp = proc_isunder(t, l); |
418 | mutex_enter(t->p_lock); /* XXXSMP */ |
419 | if (!tmp) { |
420 | error = EPERM; |
421 | break; |
422 | } |
423 | /*FALLTHROUGH*/ |
424 | |
425 | case PT_CONTINUE: |
426 | case PT_KILL: |
427 | case PT_DETACH: |
428 | case PT_LWPINFO: |
429 | case PT_SYSCALL: |
430 | case PT_SYSCALLEMU: |
431 | case PT_DUMPCORE: |
432 | #ifdef PT_STEP |
433 | case PT_STEP: |
434 | #endif |
435 | case PT_SET_EVENT_MASK: |
436 | case PT_GET_EVENT_MASK: |
437 | case PT_GET_PROCESS_STATE: |
438 | /* |
439 | * You can't do what you want to the process if: |
440 | * (1) It's not being traced at all, |
441 | */ |
442 | if (!ISSET(t->p_slflag, PSL_TRACED)) { |
443 | error = EPERM; |
444 | break; |
445 | } |
446 | |
447 | /* |
448 | * (2) it's being traced by procfs (which has |
449 | * different signal delivery semantics), |
450 | */ |
451 | if (ISSET(t->p_slflag, PSL_FSTRACE)) { |
452 | DPRINTF(("file system traced\n" )); |
453 | error = EBUSY; |
454 | break; |
455 | } |
456 | |
457 | /* |
458 | * (3) it's not being traced by _you_, or |
459 | */ |
460 | if (t->p_pptr != p) { |
461 | DPRINTF(("parent %d != %d\n" , t->p_pptr->p_pid, |
462 | p->p_pid)); |
463 | error = EBUSY; |
464 | break; |
465 | } |
466 | |
467 | /* |
468 | * (4) it's not currently stopped. |
469 | */ |
470 | if (t->p_stat != SSTOP || !t->p_waited /* XXXSMP */) { |
471 | DPRINTF(("stat %d flag %d\n" , t->p_stat, |
472 | !t->p_waited)); |
473 | error = EBUSY; |
474 | break; |
475 | } |
476 | break; |
477 | |
478 | default: /* It was not a legal request. */ |
479 | error = EINVAL; |
480 | break; |
481 | } |
482 | |
483 | if (error == 0) { |
484 | error = kauth_authorize_process(l->l_cred, |
485 | KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req), |
486 | NULL, NULL); |
487 | } |
488 | if (error == 0) { |
489 | lt = lwp_find_first(t); |
490 | if (lt == NULL) |
491 | error = ESRCH; |
492 | } |
493 | |
494 | if (error != 0) { |
495 | mutex_exit(proc_lock); |
496 | mutex_exit(t->p_lock); |
497 | rw_exit(&t->p_reflock); |
498 | return error; |
499 | } |
500 | |
501 | /* Do single-step fixup if needed. */ |
502 | FIX_SSTEP(t); |
503 | KASSERT(lt != NULL); |
504 | lwp_addref(lt); |
505 | |
506 | /* |
507 | * Which locks do we need held? XXX Ugly. |
508 | */ |
509 | switch (req) { |
510 | #ifdef PT_STEP |
511 | case PT_STEP: |
512 | #endif |
513 | case PT_CONTINUE: |
514 | case PT_DETACH: |
515 | case PT_KILL: |
516 | case PT_SYSCALL: |
517 | case PT_SYSCALLEMU: |
518 | case PT_ATTACH: |
519 | case PT_TRACE_ME: |
520 | pheld = 1; |
521 | break; |
522 | default: |
523 | mutex_exit(proc_lock); |
524 | mutex_exit(t->p_lock); |
525 | pheld = 0; |
526 | break; |
527 | } |
528 | |
529 | /* Now do the operation. */ |
530 | write = 0; |
531 | *retval = 0; |
532 | tmp = 0; |
533 | resume_all = 1; |
534 | |
535 | switch (req) { |
536 | case PT_TRACE_ME: |
537 | /* Just set the trace flag. */ |
538 | SET(t->p_slflag, PSL_TRACED); |
539 | t->p_opptr = t->p_pptr; |
540 | break; |
541 | |
542 | case PT_WRITE_I: /* XXX no separate I and D spaces */ |
543 | case PT_WRITE_D: |
544 | #if defined(__HAVE_RAS) |
545 | /* |
546 | * Can't write to a RAS |
547 | */ |
548 | if (ras_lookup(t, addr) != (void *)-1) { |
549 | error = EACCES; |
550 | break; |
551 | } |
552 | #endif |
553 | write = 1; |
554 | tmp = data; |
555 | /* FALLTHROUGH */ |
556 | |
557 | case PT_READ_I: /* XXX no separate I and D spaces */ |
558 | case PT_READ_D: |
559 | /* write = 0 done above. */ |
560 | iov.iov_base = (void *)&tmp; |
561 | iov.iov_len = sizeof(tmp); |
562 | uio.uio_iov = &iov; |
563 | uio.uio_iovcnt = 1; |
564 | uio.uio_offset = (off_t)(unsigned long)addr; |
565 | uio.uio_resid = sizeof(tmp); |
566 | uio.uio_rw = write ? UIO_WRITE : UIO_READ; |
567 | UIO_SETUP_SYSSPACE(&uio); |
568 | |
569 | error = process_domem(l, lt, &uio); |
570 | if (!write) |
571 | *retval = tmp; |
572 | break; |
573 | |
574 | case PT_IO: |
575 | error = ptm->ptm_copyinpiod(&piod, addr); |
576 | if (error) |
577 | break; |
578 | |
579 | iov.iov_base = piod.piod_addr; |
580 | iov.iov_len = piod.piod_len; |
581 | uio.uio_iov = &iov; |
582 | uio.uio_iovcnt = 1; |
583 | uio.uio_offset = (off_t)(unsigned long)piod.piod_offs; |
584 | uio.uio_resid = piod.piod_len; |
585 | |
586 | switch (piod.piod_op) { |
587 | case PIOD_READ_D: |
588 | case PIOD_READ_I: |
589 | uio.uio_rw = UIO_READ; |
590 | break; |
591 | case PIOD_WRITE_D: |
592 | case PIOD_WRITE_I: |
593 | /* |
594 | * Can't write to a RAS |
595 | */ |
596 | if (ras_lookup(t, addr) != (void *)-1) { |
597 | return EACCES; |
598 | } |
599 | uio.uio_rw = UIO_WRITE; |
600 | break; |
601 | case PIOD_READ_AUXV: |
602 | req = PT_READ_D; |
603 | uio.uio_rw = UIO_READ; |
604 | tmp = t->p_execsw->es_arglen * PROC_PTRSZ(t); |
605 | if (uio.uio_offset > tmp) |
606 | return EIO; |
607 | if (uio.uio_resid > tmp - uio.uio_offset) |
608 | uio.uio_resid = tmp - uio.uio_offset; |
609 | piod.piod_len = iov.iov_len = uio.uio_resid; |
610 | error = process_auxv_offset(t, &uio); |
611 | if (error) |
612 | return error; |
613 | break; |
614 | default: |
615 | error = EINVAL; |
616 | break; |
617 | } |
618 | if (error) |
619 | break; |
620 | error = proc_vmspace_getref(l->l_proc, &vm); |
621 | if (error) |
622 | break; |
623 | uio.uio_vmspace = vm; |
624 | |
625 | error = process_domem(l, lt, &uio); |
626 | piod.piod_len -= uio.uio_resid; |
627 | (void) ptm->ptm_copyoutpiod(&piod, addr); |
628 | |
629 | uvmspace_free(vm); |
630 | break; |
631 | |
632 | case PT_DUMPCORE: |
633 | if ((path = addr) != NULL) { |
634 | char *dst; |
635 | len = data; |
636 | |
637 | if (len < 0 || len >= MAXPATHLEN) { |
638 | error = EINVAL; |
639 | break; |
640 | } |
641 | dst = kmem_alloc(len + 1, KM_SLEEP); |
642 | if ((error = copyin(path, dst, len)) != 0) { |
643 | kmem_free(dst, len + 1); |
644 | break; |
645 | } |
646 | path = dst; |
647 | path[len] = '\0'; |
648 | } |
649 | error = (*coredump_vec)(lt, path); |
650 | if (path) |
651 | kmem_free(path, len + 1); |
652 | break; |
653 | |
654 | #ifdef PT_STEP |
655 | case PT_STEP: |
656 | /* |
657 | * From the 4.4BSD PRM: |
658 | * "Execution continues as in request PT_CONTINUE; however |
659 | * as soon as possible after execution of at least one |
660 | * instruction, execution stops again. [ ... ]" |
661 | */ |
662 | #endif |
663 | case PT_CONTINUE: |
664 | case PT_SYSCALL: |
665 | case PT_DETACH: |
666 | if (req == PT_SYSCALL) { |
667 | if (!ISSET(t->p_slflag, PSL_SYSCALL)) { |
668 | SET(t->p_slflag, PSL_SYSCALL); |
669 | #ifdef __HAVE_SYSCALL_INTERN |
670 | (*t->p_emul->e_syscall_intern)(t); |
671 | #endif |
672 | } |
673 | } else { |
674 | if (ISSET(t->p_slflag, PSL_SYSCALL)) { |
675 | CLR(t->p_slflag, PSL_SYSCALL); |
676 | #ifdef __HAVE_SYSCALL_INTERN |
677 | (*t->p_emul->e_syscall_intern)(t); |
678 | #endif |
679 | } |
680 | } |
681 | t->p_trace_enabled = trace_is_enabled(t); |
682 | |
683 | /* |
684 | * Pick up the LWPID, if supplied. There are two cases: |
685 | * data < 0 : step or continue single thread, lwp = -data |
686 | * data > 0 in PT_STEP : step this thread, continue others |
687 | * For operations other than PT_STEP, data > 0 means |
688 | * data is the signo to deliver to the process. |
689 | */ |
690 | tmp = data; |
691 | if (tmp >= 0) { |
692 | #ifdef PT_STEP |
693 | if (req == PT_STEP) |
694 | signo = 0; |
695 | else |
696 | #endif |
697 | { |
698 | signo = tmp; |
699 | tmp = 0; /* don't search for LWP */ |
700 | } |
701 | } else |
702 | tmp = -tmp; |
703 | |
704 | if (tmp > 0) { |
705 | if (req == PT_DETACH) { |
706 | error = EINVAL; |
707 | break; |
708 | } |
709 | lwp_delref2 (lt); |
710 | lt = lwp_find(t, tmp); |
711 | if (lt == NULL) { |
712 | error = ESRCH; |
713 | break; |
714 | } |
715 | lwp_addref(lt); |
716 | resume_all = 0; |
717 | signo = 0; |
718 | } |
719 | |
720 | /* |
721 | * From the 4.4BSD PRM: |
722 | * "The data argument is taken as a signal number and the |
723 | * child's execution continues at location addr as if it |
724 | * incurred that signal. Normally the signal number will |
725 | * be either 0 to indicate that the signal that caused the |
726 | * stop should be ignored, or that value fetched out of |
727 | * the process's image indicating which signal caused |
728 | * the stop. If addr is (int *)1 then execution continues |
729 | * from where it stopped." |
730 | */ |
731 | |
732 | /* Check that the data is a valid signal number or zero. */ |
733 | if (signo < 0 || signo >= NSIG) { |
734 | error = EINVAL; |
735 | break; |
736 | } |
737 | |
738 | /* If the address parameter is not (int *)1, set the pc. */ |
739 | if ((int *)addr != (int *)1) { |
740 | error = process_set_pc(lt, addr); |
741 | if (error != 0) |
742 | break; |
743 | } |
744 | #ifdef PT_STEP |
745 | /* |
746 | * Arrange for a single-step, if that's requested and possible. |
747 | * More precisely, set the single step status as requested for |
748 | * the requested thread, and clear it for other threads. |
749 | */ |
750 | LIST_FOREACH(lt2, &t->p_lwps, l_sibling) { |
751 | if (lt != lt2) { |
752 | lwp_lock(lt2); |
753 | process_sstep(lt2, 0); |
754 | lwp_unlock(lt2); |
755 | } |
756 | } |
757 | error = process_sstep(lt, req == PT_STEP); |
758 | if (error) |
759 | break; |
760 | #endif |
761 | if (req == PT_DETACH) { |
762 | CLR(t->p_slflag, PSL_TRACED|PSL_FSTRACE|PSL_SYSCALL); |
763 | |
764 | /* give process back to original parent or init */ |
765 | if (t->p_opptr != t->p_pptr) { |
766 | struct proc *pp = t->p_opptr; |
767 | proc_reparent(t, pp ? pp : initproc); |
768 | } |
769 | |
770 | /* not being traced any more */ |
771 | t->p_opptr = NULL; |
772 | } |
773 | sendsig: |
774 | t->p_fpid = 0; |
775 | /* Finally, deliver the requested signal (or none). */ |
776 | if (t->p_stat == SSTOP) { |
777 | /* |
778 | * Unstop the process. If it needs to take a |
779 | * signal, make all efforts to ensure that at |
780 | * an LWP runs to see it. |
781 | */ |
782 | t->p_xsig = signo; |
783 | if (resume_all) |
784 | proc_unstop(t); |
785 | else |
786 | lwp_unstop(lt); |
787 | } else if (signo != 0) { |
788 | KSI_INIT_EMPTY(&ksi); |
789 | ksi.ksi_signo = signo; |
790 | kpsignal2(t, &ksi); |
791 | } |
792 | break; |
793 | |
794 | case PT_SYSCALLEMU: |
795 | if (!ISSET(t->p_slflag, PSL_SYSCALL) || t->p_stat != SSTOP) { |
796 | error = EINVAL; |
797 | break; |
798 | } |
799 | SET(t->p_slflag, PSL_SYSCALLEMU); |
800 | break; |
801 | |
802 | case PT_KILL: |
803 | /* just send the process a KILL signal. */ |
804 | signo = SIGKILL; |
805 | goto sendsig; /* in PT_CONTINUE, above. */ |
806 | |
807 | case PT_ATTACH: |
808 | /* |
809 | * Go ahead and set the trace flag. |
810 | * Save the old parent (it's reset in |
811 | * _DETACH, and also in kern_exit.c:wait4() |
812 | * Reparent the process so that the tracing |
813 | * proc gets to see all the action. |
814 | * Stop the target. |
815 | */ |
816 | proc_changeparent(t, p); |
817 | signo = SIGSTOP; |
818 | goto sendsig; |
819 | |
820 | case PT_GET_EVENT_MASK: |
821 | if (data != sizeof(pe)) { |
822 | DPRINTF(("ptrace(%d): %d != %zu\n" , req, |
823 | data, sizeof(pe))); |
824 | error = EINVAL; |
825 | break; |
826 | } |
827 | memset(&pe, 0, sizeof(pe)); |
828 | pe.pe_set_event = ISSET(t->p_slflag, PSL_TRACEFORK) ? |
829 | PTRACE_FORK : 0; |
830 | error = copyout(&pe, addr, sizeof(pe)); |
831 | break; |
832 | |
833 | case PT_SET_EVENT_MASK: |
834 | if (data != sizeof(pe)) { |
835 | DPRINTF(("ptrace(%d): %d != %zu\n" , req, data, |
836 | sizeof(pe))); |
837 | error = EINVAL; |
838 | break; |
839 | } |
840 | if ((error = copyin(addr, &pe, sizeof(pe))) != 0) |
841 | return error; |
842 | if (pe.pe_set_event & PTRACE_FORK) |
843 | SET(t->p_slflag, PSL_TRACEFORK); |
844 | else |
845 | CLR(t->p_slflag, PSL_TRACEFORK); |
846 | break; |
847 | |
848 | case PT_GET_PROCESS_STATE: |
849 | if (data != sizeof(ps)) { |
850 | DPRINTF(("ptrace(%d): %d != %zu\n" , req, data, |
851 | sizeof(ps))); |
852 | error = EINVAL; |
853 | break; |
854 | } |
855 | memset(&ps, 0, sizeof(ps)); |
856 | if (t->p_fpid) { |
857 | ps.pe_report_event = PTRACE_FORK; |
858 | ps.pe_other_pid = t->p_fpid; |
859 | } |
860 | error = copyout(&ps, addr, sizeof(ps)); |
861 | break; |
862 | |
863 | case PT_LWPINFO: |
864 | if (data != sizeof(pl)) { |
865 | DPRINTF(("ptrace(%d): %d != %zu\n" , req, data, |
866 | sizeof(pl))); |
867 | error = EINVAL; |
868 | break; |
869 | } |
870 | error = copyin(addr, &pl, sizeof(pl)); |
871 | if (error) |
872 | break; |
873 | tmp = pl.pl_lwpid; |
874 | lwp_delref(lt); |
875 | mutex_enter(t->p_lock); |
876 | if (tmp == 0) |
877 | lt = lwp_find_first(t); |
878 | else { |
879 | lt = lwp_find(t, tmp); |
880 | if (lt == NULL) { |
881 | mutex_exit(t->p_lock); |
882 | error = ESRCH; |
883 | break; |
884 | } |
885 | lt = LIST_NEXT(lt, l_sibling); |
886 | } |
887 | while (lt != NULL && !lwp_alive(lt)) |
888 | lt = LIST_NEXT(lt, l_sibling); |
889 | pl.pl_lwpid = 0; |
890 | pl.pl_event = 0; |
891 | if (lt) { |
892 | lwp_addref(lt); |
893 | pl.pl_lwpid = lt->l_lid; |
894 | if (lt->l_lid == t->p_sigctx.ps_lwp) |
895 | pl.pl_event = PL_EVENT_SIGNAL; |
896 | } |
897 | mutex_exit(t->p_lock); |
898 | |
899 | error = copyout(&pl, addr, sizeof(pl)); |
900 | break; |
901 | |
902 | #ifdef PT_SETREGS |
903 | case PT_SETREGS: |
904 | write = 1; |
905 | #endif |
906 | #ifdef PT_GETREGS |
907 | case PT_GETREGS: |
908 | /* write = 0 done above. */ |
909 | #endif |
910 | #if defined(PT_SETREGS) || defined(PT_GETREGS) |
911 | tmp = data; |
912 | if (tmp != 0 && t->p_nlwps > 1) { |
913 | lwp_delref(lt); |
914 | mutex_enter(t->p_lock); |
915 | lt = lwp_find(t, tmp); |
916 | if (lt == NULL) { |
917 | mutex_exit(t->p_lock); |
918 | error = ESRCH; |
919 | break; |
920 | } |
921 | lwp_addref(lt); |
922 | mutex_exit(t->p_lock); |
923 | } |
924 | if (!process_validregs(lt)) |
925 | error = EINVAL; |
926 | else { |
927 | error = proc_vmspace_getref(p, &vm); |
928 | if (error) |
929 | break; |
930 | iov.iov_base = addr; |
931 | iov.iov_len = PROC_REGSZ(p); |
932 | uio.uio_iov = &iov; |
933 | uio.uio_iovcnt = 1; |
934 | uio.uio_offset = 0; |
935 | uio.uio_resid = iov.iov_len; |
936 | uio.uio_rw = write ? UIO_WRITE : UIO_READ; |
937 | uio.uio_vmspace = vm; |
938 | |
939 | error = ptm->ptm_doregs(l, lt, &uio); |
940 | uvmspace_free(vm); |
941 | } |
942 | break; |
943 | #endif |
944 | |
945 | #ifdef PT_SETFPREGS |
946 | case PT_SETFPREGS: |
947 | write = 1; |
948 | /*FALLTHROUGH*/ |
949 | #endif |
950 | #ifdef PT_GETFPREGS |
951 | case PT_GETFPREGS: |
952 | /* write = 0 done above. */ |
953 | #endif |
954 | #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) |
955 | tmp = data; |
956 | if (tmp != 0 && t->p_nlwps > 1) { |
957 | lwp_delref(lt); |
958 | mutex_enter(t->p_lock); |
959 | lt = lwp_find(t, tmp); |
960 | if (lt == NULL) { |
961 | mutex_exit(t->p_lock); |
962 | error = ESRCH; |
963 | break; |
964 | } |
965 | lwp_addref(lt); |
966 | mutex_exit(t->p_lock); |
967 | } |
968 | if (!process_validfpregs(lt)) |
969 | error = EINVAL; |
970 | else { |
971 | error = proc_vmspace_getref(p, &vm); |
972 | if (error) |
973 | break; |
974 | iov.iov_base = addr; |
975 | iov.iov_len = PROC_FPREGSZ(p); |
976 | uio.uio_iov = &iov; |
977 | uio.uio_iovcnt = 1; |
978 | uio.uio_offset = 0; |
979 | uio.uio_resid = iov.iov_len; |
980 | uio.uio_rw = write ? UIO_WRITE : UIO_READ; |
981 | uio.uio_vmspace = vm; |
982 | |
983 | error = ptm->ptm_dofpregs(l, lt, &uio); |
984 | uvmspace_free(vm); |
985 | } |
986 | break; |
987 | #endif |
988 | |
989 | #ifdef __HAVE_PTRACE_MACHDEP |
990 | PTRACE_MACHDEP_REQUEST_CASES |
991 | error = ptrace_machdep_dorequest(l, lt, req, addr, data); |
992 | break; |
993 | #endif |
994 | } |
995 | |
996 | if (pheld) { |
997 | mutex_exit(t->p_lock); |
998 | mutex_exit(proc_lock); |
999 | } |
1000 | if (lt != NULL) |
1001 | lwp_delref(lt); |
1002 | rw_exit(&t->p_reflock); |
1003 | |
1004 | return error; |
1005 | } |
1006 | |
1007 | int |
1008 | process_doregs(struct lwp *curl /*tracer*/, |
1009 | struct lwp *l /*traced*/, |
1010 | struct uio *uio) |
1011 | { |
1012 | #if defined(PT_GETREGS) || defined(PT_SETREGS) |
1013 | int error; |
1014 | struct reg r; |
1015 | char *kv; |
1016 | int kl; |
1017 | |
1018 | if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) |
1019 | return EINVAL; |
1020 | |
1021 | kl = sizeof(r); |
1022 | kv = (char *)&r; |
1023 | |
1024 | kv += uio->uio_offset; |
1025 | kl -= uio->uio_offset; |
1026 | if ((size_t)kl > uio->uio_resid) |
1027 | kl = uio->uio_resid; |
1028 | |
1029 | error = process_read_regs(l, &r); |
1030 | if (error == 0) |
1031 | error = uiomove(kv, kl, uio); |
1032 | if (error == 0 && uio->uio_rw == UIO_WRITE) { |
1033 | if (l->l_stat != LSSTOP) |
1034 | error = EBUSY; |
1035 | else |
1036 | error = process_write_regs(l, &r); |
1037 | } |
1038 | |
1039 | uio->uio_offset = 0; |
1040 | return error; |
1041 | #else |
1042 | return EINVAL; |
1043 | #endif |
1044 | } |
1045 | |
1046 | int |
1047 | process_validregs(struct lwp *l) |
1048 | { |
1049 | |
1050 | #if defined(PT_SETREGS) || defined(PT_GETREGS) |
1051 | return (l->l_flag & LW_SYSTEM) == 0; |
1052 | #else |
1053 | return 0; |
1054 | #endif |
1055 | } |
1056 | |
1057 | int |
1058 | process_dofpregs(struct lwp *curl /*tracer*/, |
1059 | struct lwp *l /*traced*/, |
1060 | struct uio *uio) |
1061 | { |
1062 | #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) |
1063 | int error; |
1064 | struct fpreg r; |
1065 | char *kv; |
1066 | size_t kl; |
1067 | |
1068 | if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r)) |
1069 | return EINVAL; |
1070 | |
1071 | kl = sizeof(r); |
1072 | kv = (char *)&r; |
1073 | |
1074 | kv += uio->uio_offset; |
1075 | kl -= uio->uio_offset; |
1076 | if (kl > uio->uio_resid) |
1077 | kl = uio->uio_resid; |
1078 | |
1079 | error = process_read_fpregs(l, &r, &kl); |
1080 | if (error == 0) |
1081 | error = uiomove(kv, kl, uio); |
1082 | if (error == 0 && uio->uio_rw == UIO_WRITE) { |
1083 | if (l->l_stat != LSSTOP) |
1084 | error = EBUSY; |
1085 | else |
1086 | error = process_write_fpregs(l, &r, kl); |
1087 | } |
1088 | uio->uio_offset = 0; |
1089 | return error; |
1090 | #else |
1091 | return EINVAL; |
1092 | #endif |
1093 | } |
1094 | |
1095 | int |
1096 | process_validfpregs(struct lwp *l) |
1097 | { |
1098 | |
1099 | #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) |
1100 | return (l->l_flag & LW_SYSTEM) == 0; |
1101 | #else |
1102 | return 0; |
1103 | #endif |
1104 | } |
1105 | |
1106 | static int |
1107 | process_auxv_offset(struct proc *p, struct uio *uio) |
1108 | { |
1109 | struct ps_strings pss; |
1110 | int error; |
1111 | off_t off = (off_t)p->p_psstrp; |
1112 | |
1113 | if ((error = copyin_psstrings(p, &pss)) != 0) |
1114 | return error; |
1115 | |
1116 | if (pss.ps_envstr == NULL) |
1117 | return EIO; |
1118 | |
1119 | uio->uio_offset += (off_t)(vaddr_t)(pss.ps_envstr + pss.ps_nenvstr + 1); |
1120 | #ifdef __MACHINE_STACK_GROWS_UP |
1121 | if (uio->uio_offset < off) |
1122 | return EIO; |
1123 | #else |
1124 | if (uio->uio_offset > off) |
1125 | return EIO; |
1126 | if ((uio->uio_offset + uio->uio_resid) > off) |
1127 | uio->uio_resid = off - uio->uio_offset; |
1128 | #endif |
1129 | return 0; |
1130 | } |
1131 | #endif /* PTRACE */ |
1132 | |
1133 | MODULE(MODULE_CLASS_EXEC, ptrace_common, "" ); |
1134 | |
1135 | static int |
1136 | ptrace_common_modcmd(modcmd_t cmd, void *arg) |
1137 | { |
1138 | int error; |
1139 | |
1140 | switch (cmd) { |
1141 | case MODULE_CMD_INIT: |
1142 | error = ptrace_init(); |
1143 | break; |
1144 | case MODULE_CMD_FINI: |
1145 | error = ptrace_fini(); |
1146 | break; |
1147 | default: |
1148 | ptrace_hooks(); |
1149 | error = ENOTTY; |
1150 | break; |
1151 | } |
1152 | return error; |
1153 | } |
1154 | |
1155 | |