Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/kern/sys_process.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * SPDX-License-Identifier: BSD-4-Clause 3 * 4 * Copyright (c) 1994, Sean Eric Fagan 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by Sean Eric Fagan. 18 * 4. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include <sys/cdefs.h> 35 __FBSDID("$FreeBSD$"); 36 37 #include <sys/param.h> 38 #include <sys/systm.h> 39 #include <sys/ktr.h> 40 #include <sys/limits.h> 41 #include <sys/lock.h> 42 #include <sys/mutex.h> 43 #include <sys/reg.h> 44 #include <sys/syscallsubr.h> 45 #include <sys/sysent.h> 46 #include <sys/sysproto.h> 47 #include <sys/priv.h> 48 #include <sys/proc.h> 49 #include <sys/vnode.h> 50 #include <sys/ptrace.h> 51 #include <sys/rwlock.h> 52 #include <sys/sx.h> 53 #include <sys/malloc.h> 54 #include <sys/signalvar.h> 55 #include <sys/caprights.h> 56 #include <sys/filedesc.h> 57 58 #include <security/audit/audit.h> 59 60 #include <vm/vm.h> 61 #include <vm/pmap.h> 62 #include <vm/vm_extern.h> 63 #include <vm/vm_map.h> 64 #include <vm/vm_kern.h> 65 #include <vm/vm_object.h> 66 #include <vm/vm_page.h> 67 #include <vm/vm_param.h> 68 69 #ifdef COMPAT_FREEBSD32 70 #include <sys/procfs.h> 71 #endif 72 73 /* Assert it's safe to unlock a process, e.g. to allocate working memory */ 74 #define PROC_ASSERT_TRACEREQ(p) MPASS(((p)->p_flag2 & P2_PTRACEREQ) != 0) 75 76 /* 77 * Functions implemented using PROC_ACTION(): 78 * 79 * proc_read_regs(proc, regs) 80 * Get the current user-visible register set from the process 81 * and copy it into the regs structure (<machine/reg.h>). 82 * The process is stopped at the time read_regs is called. 83 * 84 * proc_write_regs(proc, regs) 85 * Update the current register set from the passed in regs 86 * structure. Take care to avoid clobbering special CPU 87 * registers or privileged bits in the PSL. 88 * Depending on the architecture this may have fix-up work to do, 89 * especially if the IAR or PCW are modified. 90 * The process is stopped at the time write_regs is called. 91 * 92 * proc_read_fpregs, proc_write_fpregs 93 * deal with the floating point register set, otherwise as above. 94 * 95 * proc_read_dbregs, proc_write_dbregs 96 * deal with the processor debug register set, otherwise as above. 97 * 98 * proc_sstep(proc) 99 * Arrange for the process to trap after executing a single instruction. 100 */ 101 102 #define PROC_ACTION(action) do { \ 103 int error; \ 104 \ 105 PROC_LOCK_ASSERT(td->td_proc, MA_OWNED); \ 106 if ((td->td_proc->p_flag & P_INMEM) == 0) \ 107 error = EIO; \ 108 else \ 109 error = (action); \ 110 return (error); \ 111 } while (0) 112 113 int 114 proc_read_regs(struct thread *td, struct reg *regs) 115 { 116 117 PROC_ACTION(fill_regs(td, regs)); 118 } 119 120 int 121 proc_write_regs(struct thread *td, struct reg *regs) 122 { 123 124 PROC_ACTION(set_regs(td, regs)); 125 } 126 127 int 128 proc_read_dbregs(struct thread *td, struct dbreg *dbregs) 129 { 130 131 PROC_ACTION(fill_dbregs(td, dbregs)); 132 } 133 134 int 135 proc_write_dbregs(struct thread *td, struct dbreg *dbregs) 136 { 137 138 PROC_ACTION(set_dbregs(td, dbregs)); 139 } 140 141 /* 142 * Ptrace doesn't support fpregs at all, and there are no security holes 143 * or translations for fpregs, so we can just copy them. 144 */ 145 int 146 proc_read_fpregs(struct thread *td, struct fpreg *fpregs) 147 { 148 149 PROC_ACTION(fill_fpregs(td, fpregs)); 150 } 151 152 int 153 proc_write_fpregs(struct thread *td, struct fpreg *fpregs) 154 { 155 156 PROC_ACTION(set_fpregs(td, fpregs)); 157 } 158 159 static struct regset * 160 proc_find_regset(struct thread *td, int note) 161 { 162 struct regset **regsetp, **regset_end, *regset; 163 struct sysentvec *sv; 164 165 sv = td->td_proc->p_sysent; 166 regsetp = sv->sv_regset_begin; 167 if (regsetp == NULL) 168 return (NULL); 169 regset_end = sv->sv_regset_end; 170 MPASS(regset_end != NULL); 171 for (; regsetp < regset_end; regsetp++) { 172 regset = *regsetp; 173 if (regset->note != note) 174 continue; 175 176 return (regset); 177 } 178 179 return (NULL); 180 } 181 182 static int 183 proc_read_regset(struct thread *td, int note, struct iovec *iov) 184 { 185 struct regset *regset; 186 struct proc *p; 187 void *buf; 188 size_t size; 189 int error; 190 191 regset = proc_find_regset(td, note); 192 if (regset == NULL) 193 return (EINVAL); 194 195 if (iov->iov_base == NULL) { 196 iov->iov_len = regset->size; 197 if (iov->iov_len == 0) 198 return (EINVAL); 199 200 return (0); 201 } 202 203 /* The length is wrong, return an error */ 204 if (iov->iov_len != regset->size) 205 return (EINVAL); 206 207 if (regset->get == NULL) 208 return (EINVAL); 209 210 error = 0; 211 size = regset->size; 212 p = td->td_proc; 213 214 /* Drop the proc lock while allocating the temp buffer */ 215 PROC_ASSERT_TRACEREQ(p); 216 PROC_UNLOCK(p); 217 buf = malloc(size, M_TEMP, M_WAITOK); 218 PROC_LOCK(p); 219 220 if (!regset->get(regset, td, buf, &size)) { 221 error = EINVAL; 222 } else { 223 KASSERT(size == regset->size, 224 ("%s: Getter function changed the size", __func__)); 225 226 iov->iov_len = size; 227 PROC_UNLOCK(p); 228 error = copyout(buf, iov->iov_base, size); 229 PROC_LOCK(p); 230 } 231 232 free(buf, M_TEMP); 233 234 return (error); 235 } 236 237 static int 238 proc_write_regset(struct thread *td, int note, struct iovec *iov) 239 { 240 struct regset *regset; 241 struct proc *p; 242 void *buf; 243 size_t size; 244 int error; 245 246 regset = proc_find_regset(td, note); 247 if (regset == NULL) 248 return (EINVAL); 249 250 /* The length is wrong, return an error */ 251 if (iov->iov_len != regset->size) 252 return (EINVAL); 253 254 if (regset->set == NULL) 255 return (EINVAL); 256 257 size = regset->size; 258 p = td->td_proc; 259 260 /* Drop the proc lock while allocating the temp buffer */ 261 PROC_ASSERT_TRACEREQ(p); 262 PROC_UNLOCK(p); 263 buf = malloc(size, M_TEMP, M_WAITOK); 264 error = copyin(iov->iov_base, buf, size); 265 PROC_LOCK(p); 266 267 if (error == 0) { 268 if (!regset->set(regset, td, buf, size)) { 269 error = EINVAL; 270 } 271 } 272 273 free(buf, M_TEMP); 274 275 return (error); 276 } 277 278 #ifdef COMPAT_FREEBSD32 279 /* For 32 bit binaries, we need to expose the 32 bit regs layouts. */ 280 int 281 proc_read_regs32(struct thread *td, struct reg32 *regs32) 282 { 283 284 PROC_ACTION(fill_regs32(td, regs32)); 285 } 286 287 int 288 proc_write_regs32(struct thread *td, struct reg32 *regs32) 289 { 290 291 PROC_ACTION(set_regs32(td, regs32)); 292 } 293 294 int 295 proc_read_dbregs32(struct thread *td, struct dbreg32 *dbregs32) 296 { 297 298 PROC_ACTION(fill_dbregs32(td, dbregs32)); 299 } 300 301 int 302 proc_write_dbregs32(struct thread *td, struct dbreg32 *dbregs32) 303 { 304 305 PROC_ACTION(set_dbregs32(td, dbregs32)); 306 } 307 308 int 309 proc_read_fpregs32(struct thread *td, struct fpreg32 *fpregs32) 310 { 311 312 PROC_ACTION(fill_fpregs32(td, fpregs32)); 313 } 314 315 int 316 proc_write_fpregs32(struct thread *td, struct fpreg32 *fpregs32) 317 { 318 319 PROC_ACTION(set_fpregs32(td, fpregs32)); 320 } 321 #endif 322 323 int 324 proc_sstep(struct thread *td) 325 { 326 327 PROC_ACTION(ptrace_single_step(td)); 328 } 329 330 int 331 proc_rwmem(struct proc *p, struct uio *uio) 332 { 333 vm_map_t map; 334 vm_offset_t pageno; /* page number */ 335 vm_prot_t reqprot; 336 int error, fault_flags, page_offset, writing; 337 338 /* 339 * Make sure that the process' vmspace remains live. 340 */ 341 if (p != curproc) 342 PROC_ASSERT_HELD(p); 343 PROC_LOCK_ASSERT(p, MA_NOTOWNED); 344 345 /* 346 * The map we want... 347 */ 348 map = &p->p_vmspace->vm_map; 349 350 /* 351 * If we are writing, then we request vm_fault() to create a private 352 * copy of each page. Since these copies will not be writeable by the 353 * process, we must explicity request that they be dirtied. 354 */ 355 writing = uio->uio_rw == UIO_WRITE; 356 reqprot = writing ? VM_PROT_COPY | VM_PROT_READ : VM_PROT_READ; 357 fault_flags = writing ? VM_FAULT_DIRTY : VM_FAULT_NORMAL; 358 359 /* 360 * Only map in one page at a time. We don't have to, but it 361 * makes things easier. This way is trivial - right? 362 */ 363 do { 364 vm_offset_t uva; 365 u_int len; 366 vm_page_t m; 367 368 uva = (vm_offset_t)uio->uio_offset; 369 370 /* 371 * Get the page number of this segment. 372 */ 373 pageno = trunc_page(uva); 374 page_offset = uva - pageno; 375 376 /* 377 * How many bytes to copy 378 */ 379 len = min(PAGE_SIZE - page_offset, uio->uio_resid); 380 381 /* 382 * Fault and hold the page on behalf of the process. 383 */ 384 error = vm_fault(map, pageno, reqprot, fault_flags, &m); 385 if (error != KERN_SUCCESS) { 386 if (error == KERN_RESOURCE_SHORTAGE) 387 error = ENOMEM; 388 else 389 error = EFAULT; 390 break; 391 } 392 393 /* 394 * Now do the i/o move. 395 */ 396 error = uiomove_fromphys(&m, page_offset, len, uio); 397 398 /* Make the I-cache coherent for breakpoints. */ 399 if (writing && error == 0) { 400 vm_map_lock_read(map); 401 if (vm_map_check_protection(map, pageno, pageno + 402 PAGE_SIZE, VM_PROT_EXECUTE)) 403 vm_sync_icache(map, uva, len); 404 vm_map_unlock_read(map); 405 } 406 407 /* 408 * Release the page. 409 */ 410 vm_page_unwire(m, PQ_ACTIVE); 411 412 } while (error == 0 && uio->uio_resid > 0); 413 414 return (error); 415 } 416 417 static ssize_t 418 proc_iop(struct thread *td, struct proc *p, vm_offset_t va, void *buf, 419 size_t len, enum uio_rw rw) 420 { 421 struct iovec iov; 422 struct uio uio; 423 ssize_t slen; 424 425 MPASS(len < SSIZE_MAX); 426 slen = (ssize_t)len; 427 428 iov.iov_base = (caddr_t)buf; 429 iov.iov_len = len; 430 uio.uio_iov = &iov; 431 uio.uio_iovcnt = 1; 432 uio.uio_offset = va; 433 uio.uio_resid = slen; 434 uio.uio_segflg = UIO_SYSSPACE; 435 uio.uio_rw = rw; 436 uio.uio_td = td; 437 proc_rwmem(p, &uio); 438 if (uio.uio_resid == slen) 439 return (-1); 440 return (slen - uio.uio_resid); 441 } 442 443 ssize_t 444 proc_readmem(struct thread *td, struct proc *p, vm_offset_t va, void *buf, 445 size_t len) 446 { 447 448 return (proc_iop(td, p, va, buf, len, UIO_READ)); 449 } 450 451 ssize_t 452 proc_writemem(struct thread *td, struct proc *p, vm_offset_t va, void *buf, 453 size_t len) 454 { 455 456 return (proc_iop(td, p, va, buf, len, UIO_WRITE)); 457 } 458 459 static int 460 ptrace_vm_entry(struct thread *td, struct proc *p, struct ptrace_vm_entry *pve) 461 { 462 struct vattr vattr; 463 vm_map_t map; 464 vm_map_entry_t entry; 465 vm_object_t obj, tobj, lobj; 466 struct vmspace *vm; 467 struct vnode *vp; 468 char *freepath, *fullpath; 469 u_int pathlen; 470 int error, index; 471 472 error = 0; 473 obj = NULL; 474 475 vm = vmspace_acquire_ref(p); 476 map = &vm->vm_map; 477 vm_map_lock_read(map); 478 479 do { 480 KASSERT((map->header.eflags & MAP_ENTRY_IS_SUB_MAP) == 0, 481 ("Submap in map header")); 482 index = 0; 483 VM_MAP_ENTRY_FOREACH(entry, map) { 484 if (index >= pve->pve_entry && 485 (entry->eflags & MAP_ENTRY_IS_SUB_MAP) == 0) 486 break; 487 index++; 488 } 489 if (index < pve->pve_entry) { 490 error = EINVAL; 491 break; 492 } 493 if (entry == &map->header) { 494 error = ENOENT; 495 break; 496 } 497 498 /* We got an entry. */ 499 pve->pve_entry = index + 1; 500 pve->pve_timestamp = map->timestamp; 501 pve->pve_start = entry->start; 502 pve->pve_end = entry->end - 1; 503 pve->pve_offset = entry->offset; 504 pve->pve_prot = entry->protection; 505 506 /* Backing object's path needed? */ 507 if (pve->pve_pathlen == 0) 508 break; 509 510 pathlen = pve->pve_pathlen; 511 pve->pve_pathlen = 0; 512 513 obj = entry->object.vm_object; 514 if (obj != NULL) 515 VM_OBJECT_RLOCK(obj); 516 } while (0); 517 518 vm_map_unlock_read(map); 519 520 pve->pve_fsid = VNOVAL; 521 pve->pve_fileid = VNOVAL; 522 523 if (error == 0 && obj != NULL) { 524 lobj = obj; 525 for (tobj = obj; tobj != NULL; tobj = tobj->backing_object) { 526 if (tobj != obj) 527 VM_OBJECT_RLOCK(tobj); 528 if (lobj != obj) 529 VM_OBJECT_RUNLOCK(lobj); 530 lobj = tobj; 531 pve->pve_offset += tobj->backing_object_offset; 532 } 533 vp = vm_object_vnode(lobj); 534 if (vp != NULL) 535 vref(vp); 536 if (lobj != obj) 537 VM_OBJECT_RUNLOCK(lobj); 538 VM_OBJECT_RUNLOCK(obj); 539 540 if (vp != NULL) { 541 freepath = NULL; 542 fullpath = NULL; 543 vn_fullpath(vp, &fullpath, &freepath); 544 vn_lock(vp, LK_SHARED | LK_RETRY); 545 if (VOP_GETATTR(vp, &vattr, td->td_ucred) == 0) { 546 pve->pve_fileid = vattr.va_fileid; 547 pve->pve_fsid = vattr.va_fsid; 548 } 549 vput(vp); 550 551 if (fullpath != NULL) { 552 pve->pve_pathlen = strlen(fullpath) + 1; 553 if (pve->pve_pathlen <= pathlen) { 554 error = copyout(fullpath, pve->pve_path, 555 pve->pve_pathlen); 556 } else 557 error = ENAMETOOLONG; 558 } 559 if (freepath != NULL) 560 free(freepath, M_TEMP); 561 } 562 } 563 vmspace_free(vm); 564 if (error == 0) 565 CTR3(KTR_PTRACE, "PT_VM_ENTRY: pid %d, entry %d, start %p", 566 p->p_pid, pve->pve_entry, pve->pve_start); 567 568 return (error); 569 } 570 571 /* 572 * Process debugging system call. 573 */ 574 #ifndef _SYS_SYSPROTO_H_ 575 struct ptrace_args { 576 int req; 577 pid_t pid; 578 caddr_t addr; 579 int data; 580 }; 581 #endif 582 583 int 584 sys_ptrace(struct thread *td, struct ptrace_args *uap) 585 { 586 /* 587 * XXX this obfuscation is to reduce stack usage, but the register 588 * structs may be too large to put on the stack anyway. 589 */ 590 union { 591 struct ptrace_io_desc piod; 592 struct ptrace_lwpinfo pl; 593 struct ptrace_vm_entry pve; 594 struct ptrace_coredump pc; 595 struct ptrace_sc_remote sr; 596 struct dbreg dbreg; 597 struct fpreg fpreg; 598 struct reg reg; 599 struct iovec vec; 600 syscallarg_t args[nitems(td->td_sa.args)]; 601 struct ptrace_sc_ret psr; 602 int ptevents; 603 } r; 604 syscallarg_t pscr_args[nitems(td->td_sa.args)]; 605 void *addr; 606 int error; 607 608 if (!allow_ptrace) 609 return (ENOSYS); 610 error = 0; 611 612 AUDIT_ARG_PID(uap->pid); 613 AUDIT_ARG_CMD(uap->req); 614 AUDIT_ARG_VALUE(uap->data); 615 addr = &r; 616 switch (uap->req) { 617 case PT_GET_EVENT_MASK: 618 case PT_LWPINFO: 619 case PT_GET_SC_ARGS: 620 case PT_GET_SC_RET: 621 break; 622 case PT_GETREGS: 623 bzero(&r.reg, sizeof(r.reg)); 624 break; 625 case PT_GETFPREGS: 626 bzero(&r.fpreg, sizeof(r.fpreg)); 627 break; 628 case PT_GETDBREGS: 629 bzero(&r.dbreg, sizeof(r.dbreg)); 630 break; 631 case PT_GETREGSET: 632 case PT_SETREGSET: 633 error = copyin(uap->addr, &r.vec, sizeof(r.vec)); 634 break; 635 case PT_SETREGS: 636 error = copyin(uap->addr, &r.reg, sizeof(r.reg)); 637 break; 638 case PT_SETFPREGS: 639 error = copyin(uap->addr, &r.fpreg, sizeof(r.fpreg)); 640 break; 641 case PT_SETDBREGS: 642 error = copyin(uap->addr, &r.dbreg, sizeof(r.dbreg)); 643 break; 644 case PT_SET_EVENT_MASK: 645 if (uap->data != sizeof(r.ptevents)) 646 error = EINVAL; 647 else 648 error = copyin(uap->addr, &r.ptevents, uap->data); 649 break; 650 case PT_IO: 651 error = copyin(uap->addr, &r.piod, sizeof(r.piod)); 652 break; 653 case PT_VM_ENTRY: 654 error = copyin(uap->addr, &r.pve, sizeof(r.pve)); 655 break; 656 case PT_COREDUMP: 657 if (uap->data != sizeof(r.pc)) 658 error = EINVAL; 659 else 660 error = copyin(uap->addr, &r.pc, uap->data); 661 break; 662 case PT_SC_REMOTE: 663 if (uap->data != sizeof(r.sr)) { 664 error = EINVAL; 665 break; 666 } 667 error = copyin(uap->addr, &r.sr, uap->data); 668 if (error != 0) 669 break; 670 if (r.sr.pscr_nargs > nitems(td->td_sa.args)) { 671 error = EINVAL; 672 break; 673 } 674 error = copyin(r.sr.pscr_args, pscr_args, 675 sizeof(u_long) * r.sr.pscr_nargs); 676 if (error != 0) 677 break; 678 r.sr.pscr_args = pscr_args; 679 break; 680 default: 681 addr = uap->addr; 682 break; 683 } 684 if (error) 685 return (error); 686 687 error = kern_ptrace(td, uap->req, uap->pid, addr, uap->data); 688 if (error) 689 return (error); 690 691 switch (uap->req) { 692 case PT_VM_ENTRY: 693 error = copyout(&r.pve, uap->addr, sizeof(r.pve)); 694 break; 695 case PT_IO: 696 error = copyout(&r.piod, uap->addr, sizeof(r.piod)); 697 break; 698 case PT_GETREGS: 699 error = copyout(&r.reg, uap->addr, sizeof(r.reg)); 700 break; 701 case PT_GETFPREGS: 702 error = copyout(&r.fpreg, uap->addr, sizeof(r.fpreg)); 703 break; 704 case PT_GETDBREGS: 705 error = copyout(&r.dbreg, uap->addr, sizeof(r.dbreg)); 706 break; 707 case PT_GETREGSET: 708 error = copyout(&r.vec, uap->addr, sizeof(r.vec)); 709 break; 710 case PT_GET_EVENT_MASK: 711 /* NB: The size in uap->data is validated in kern_ptrace(). */ 712 error = copyout(&r.ptevents, uap->addr, uap->data); 713 break; 714 case PT_LWPINFO: 715 /* NB: The size in uap->data is validated in kern_ptrace(). */ 716 error = copyout(&r.pl, uap->addr, uap->data); 717 break; 718 case PT_GET_SC_ARGS: 719 error = copyout(r.args, uap->addr, MIN(uap->data, 720 sizeof(r.args))); 721 break; 722 case PT_GET_SC_RET: 723 error = copyout(&r.psr, uap->addr, MIN(uap->data, 724 sizeof(r.psr))); 725 break; 726 case PT_SC_REMOTE: 727 error = copyout(&r.sr.pscr_ret, uap->addr + 728 offsetof(struct ptrace_sc_remote, pscr_ret), 729 sizeof(r.sr.pscr_ret)); 730 break; 731 } 732 733 return (error); 734 } 735 736 #ifdef COMPAT_FREEBSD32 737 /* 738 * PROC_READ(regs, td2, addr); 739 * becomes either: 740 * proc_read_regs(td2, addr); 741 * or 742 * proc_read_regs32(td2, addr); 743 * .. except this is done at runtime. There is an additional 744 * complication in that PROC_WRITE disallows 32 bit consumers 745 * from writing to 64 bit address space targets. 746 */ 747 #define PROC_READ(w, t, a) wrap32 ? \ 748 proc_read_ ## w ## 32(t, a) : \ 749 proc_read_ ## w (t, a) 750 #define PROC_WRITE(w, t, a) wrap32 ? \ 751 (safe ? proc_write_ ## w ## 32(t, a) : EINVAL ) : \ 752 proc_write_ ## w (t, a) 753 #else 754 #define PROC_READ(w, t, a) proc_read_ ## w (t, a) 755 #define PROC_WRITE(w, t, a) proc_write_ ## w (t, a) 756 #endif 757 758 void 759 proc_set_traced(struct proc *p, bool stop) 760 { 761 762 sx_assert(&proctree_lock, SX_XLOCKED); 763 PROC_LOCK_ASSERT(p, MA_OWNED); 764 p->p_flag |= P_TRACED; 765 if (stop) 766 p->p_flag2 |= P2_PTRACE_FSTP; 767 p->p_ptevents = PTRACE_DEFAULT; 768 } 769 770 void 771 ptrace_unsuspend(struct proc *p) 772 { 773 PROC_LOCK_ASSERT(p, MA_OWNED); 774 775 PROC_SLOCK(p); 776 p->p_flag &= ~(P_STOPPED_TRACE | P_STOPPED_SIG | P_WAITED); 777 thread_unsuspend(p); 778 PROC_SUNLOCK(p); 779 itimer_proc_continue(p); 780 kqtimer_proc_continue(p); 781 } 782 783 static int 784 proc_can_ptrace(struct thread *td, struct proc *p) 785 { 786 int error; 787 788 PROC_LOCK_ASSERT(p, MA_OWNED); 789 790 if ((p->p_flag & P_WEXIT) != 0) 791 return (ESRCH); 792 793 if ((error = p_cansee(td, p)) != 0) 794 return (error); 795 if ((error = p_candebug(td, p)) != 0) 796 return (error); 797 798 /* not being traced... */ 799 if ((p->p_flag & P_TRACED) == 0) 800 return (EPERM); 801 802 /* not being traced by YOU */ 803 if (p->p_pptr != td->td_proc) 804 return (EBUSY); 805 806 /* not currently stopped */ 807 if ((p->p_flag & P_STOPPED_TRACE) == 0 || 808 p->p_suspcount != p->p_numthreads || 809 (p->p_flag & P_WAITED) == 0) 810 return (EBUSY); 811 812 return (0); 813 } 814 815 static struct thread * 816 ptrace_sel_coredump_thread(struct proc *p) 817 { 818 struct thread *td2; 819 820 PROC_LOCK_ASSERT(p, MA_OWNED); 821 MPASS((p->p_flag & P_STOPPED_TRACE) != 0); 822 823 FOREACH_THREAD_IN_PROC(p, td2) { 824 if ((td2->td_dbgflags & TDB_SSWITCH) != 0) 825 return (td2); 826 } 827 return (NULL); 828 } 829 830 int 831 kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data) 832 { 833 struct iovec iov; 834 struct uio uio; 835 struct proc *curp, *p, *pp; 836 struct thread *td2 = NULL, *td3; 837 struct ptrace_io_desc *piod = NULL; 838 struct ptrace_lwpinfo *pl; 839 struct ptrace_sc_ret *psr; 840 struct ptrace_sc_remote *pscr; 841 struct file *fp; 842 struct ptrace_coredump *pc; 843 struct thr_coredump_req *tcq; 844 struct thr_syscall_req *tsr; 845 int error, num, tmp; 846 lwpid_t tid = 0, *buf; 847 #ifdef COMPAT_FREEBSD32 848 int wrap32 = 0, safe = 0; 849 #endif 850 bool proctree_locked, p2_req_set; 851 852 curp = td->td_proc; 853 proctree_locked = false; 854 p2_req_set = false; 855 856 /* Lock proctree before locking the process. */ 857 switch (req) { 858 case PT_TRACE_ME: 859 case PT_ATTACH: 860 case PT_STEP: 861 case PT_CONTINUE: 862 case PT_TO_SCE: 863 case PT_TO_SCX: 864 case PT_SYSCALL: 865 case PT_FOLLOW_FORK: 866 case PT_LWP_EVENTS: 867 case PT_GET_EVENT_MASK: 868 case PT_SET_EVENT_MASK: 869 case PT_DETACH: 870 case PT_GET_SC_ARGS: 871 sx_xlock(&proctree_lock); 872 proctree_locked = true; 873 break; 874 default: 875 break; 876 } 877 878 if (req == PT_TRACE_ME) { 879 p = td->td_proc; 880 PROC_LOCK(p); 881 } else { 882 if (pid <= PID_MAX) { 883 if ((p = pfind(pid)) == NULL) { 884 if (proctree_locked) 885 sx_xunlock(&proctree_lock); 886 return (ESRCH); 887 } 888 } else { 889 td2 = tdfind(pid, -1); 890 if (td2 == NULL) { 891 if (proctree_locked) 892 sx_xunlock(&proctree_lock); 893 return (ESRCH); 894 } 895 p = td2->td_proc; 896 tid = pid; 897 pid = p->p_pid; 898 } 899 } 900 AUDIT_ARG_PROCESS(p); 901 902 if ((p->p_flag & P_WEXIT) != 0) { 903 error = ESRCH; 904 goto fail; 905 } 906 if ((error = p_cansee(td, p)) != 0) 907 goto fail; 908 909 if ((error = p_candebug(td, p)) != 0) 910 goto fail; 911 912 /* 913 * System processes can't be debugged. 914 */ 915 if ((p->p_flag & P_SYSTEM) != 0) { 916 error = EINVAL; 917 goto fail; 918 } 919 920 if (tid == 0) { 921 if ((p->p_flag & P_STOPPED_TRACE) != 0) { 922 KASSERT(p->p_xthread != NULL, ("NULL p_xthread")); 923 td2 = p->p_xthread; 924 } else { 925 td2 = FIRST_THREAD_IN_PROC(p); 926 } 927 tid = td2->td_tid; 928 } 929 930 #ifdef COMPAT_FREEBSD32 931 /* 932 * Test if we're a 32 bit client and what the target is. 933 * Set the wrap controls accordingly. 934 */ 935 if (SV_CURPROC_FLAG(SV_ILP32)) { 936 if (SV_PROC_FLAG(td2->td_proc, SV_ILP32)) 937 safe = 1; 938 wrap32 = 1; 939 } 940 #endif 941 /* 942 * Permissions check 943 */ 944 switch (req) { 945 case PT_TRACE_ME: 946 /* 947 * Always legal, when there is a parent process which 948 * could trace us. Otherwise, reject. 949 */ 950 if ((p->p_flag & P_TRACED) != 0) { 951 error = EBUSY; 952 goto fail; 953 } 954 if (p->p_pptr == initproc) { 955 error = EPERM; 956 goto fail; 957 } 958 break; 959 960 case PT_ATTACH: 961 /* Self */ 962 if (p == td->td_proc) { 963 error = EINVAL; 964 goto fail; 965 } 966 967 /* Already traced */ 968 if (p->p_flag & P_TRACED) { 969 error = EBUSY; 970 goto fail; 971 } 972 973 /* Can't trace an ancestor if you're being traced. */ 974 if (curp->p_flag & P_TRACED) { 975 for (pp = curp->p_pptr; pp != NULL; pp = pp->p_pptr) { 976 if (pp == p) { 977 error = EINVAL; 978 goto fail; 979 } 980 } 981 } 982 983 /* OK */ 984 break; 985 986 case PT_CLEARSTEP: 987 /* Allow thread to clear single step for itself */ 988 if (td->td_tid == tid) 989 break; 990 991 /* FALLTHROUGH */ 992 default: 993 /* 994 * Check for ptrace eligibility before waiting for 995 * holds to drain. 996 */ 997 error = proc_can_ptrace(td, p); 998 if (error != 0) 999 goto fail; 1000 1001 /* 1002 * Block parallel ptrace requests. Most important, do 1003 * not allow other thread in debugger to continue the 1004 * debuggee until coredump finished. 1005 */ 1006 while ((p->p_flag2 & P2_PTRACEREQ) != 0) { 1007 if (proctree_locked) 1008 sx_xunlock(&proctree_lock); 1009 error = msleep(&p->p_flag2, &p->p_mtx, PPAUSE | PCATCH | 1010 (proctree_locked ? PDROP : 0), "pptrace", 0); 1011 if (proctree_locked) { 1012 sx_xlock(&proctree_lock); 1013 PROC_LOCK(p); 1014 } 1015 if (error == 0 && td2->td_proc != p) 1016 error = ESRCH; 1017 if (error == 0) 1018 error = proc_can_ptrace(td, p); 1019 if (error != 0) 1020 goto fail; 1021 } 1022 1023 /* Ok */ 1024 break; 1025 } 1026 1027 /* 1028 * Keep this process around and request parallel ptrace() 1029 * request to wait until we finish this request. 1030 */ 1031 MPASS((p->p_flag2 & P2_PTRACEREQ) == 0); 1032 p->p_flag2 |= P2_PTRACEREQ; 1033 p2_req_set = true; 1034 _PHOLD(p); 1035 1036 /* 1037 * Actually do the requests 1038 */ 1039 1040 td->td_retval[0] = 0; 1041 1042 switch (req) { 1043 case PT_TRACE_ME: 1044 /* set my trace flag and "owner" so it can read/write me */ 1045 proc_set_traced(p, false); 1046 if (p->p_flag & P_PPWAIT) 1047 p->p_flag |= P_PPTRACE; 1048 CTR1(KTR_PTRACE, "PT_TRACE_ME: pid %d", p->p_pid); 1049 break; 1050 1051 case PT_ATTACH: 1052 /* security check done above */ 1053 /* 1054 * It would be nice if the tracing relationship was separate 1055 * from the parent relationship but that would require 1056 * another set of links in the proc struct or for "wait" 1057 * to scan the entire proc table. To make life easier, 1058 * we just re-parent the process we're trying to trace. 1059 * The old parent is remembered so we can put things back 1060 * on a "detach". 1061 */ 1062 proc_set_traced(p, true); 1063 proc_reparent(p, td->td_proc, false); 1064 CTR2(KTR_PTRACE, "PT_ATTACH: pid %d, oppid %d", p->p_pid, 1065 p->p_oppid); 1066 1067 sx_xunlock(&proctree_lock); 1068 proctree_locked = false; 1069 MPASS(p->p_xthread == NULL); 1070 MPASS((p->p_flag & P_STOPPED_TRACE) == 0); 1071 1072 /* 1073 * If already stopped due to a stop signal, clear the 1074 * existing stop before triggering a traced SIGSTOP. 1075 */ 1076 if ((p->p_flag & P_STOPPED_SIG) != 0) { 1077 PROC_SLOCK(p); 1078 p->p_flag &= ~(P_STOPPED_SIG | P_WAITED); 1079 thread_unsuspend(p); 1080 PROC_SUNLOCK(p); 1081 } 1082 1083 kern_psignal(p, SIGSTOP); 1084 break; 1085 1086 case PT_CLEARSTEP: 1087 CTR2(KTR_PTRACE, "PT_CLEARSTEP: tid %d (pid %d)", td2->td_tid, 1088 p->p_pid); 1089 error = ptrace_clear_single_step(td2); 1090 break; 1091 1092 case PT_SETSTEP: 1093 CTR2(KTR_PTRACE, "PT_SETSTEP: tid %d (pid %d)", td2->td_tid, 1094 p->p_pid); 1095 error = ptrace_single_step(td2); 1096 break; 1097 1098 case PT_SUSPEND: 1099 CTR2(KTR_PTRACE, "PT_SUSPEND: tid %d (pid %d)", td2->td_tid, 1100 p->p_pid); 1101 td2->td_dbgflags |= TDB_SUSPEND; 1102 ast_sched(td2, TDA_SUSPEND); 1103 break; 1104 1105 case PT_RESUME: 1106 CTR2(KTR_PTRACE, "PT_RESUME: tid %d (pid %d)", td2->td_tid, 1107 p->p_pid); 1108 td2->td_dbgflags &= ~TDB_SUSPEND; 1109 break; 1110 1111 case PT_FOLLOW_FORK: 1112 CTR3(KTR_PTRACE, "PT_FOLLOW_FORK: pid %d %s -> %s", p->p_pid, 1113 p->p_ptevents & PTRACE_FORK ? "enabled" : "disabled", 1114 data ? "enabled" : "disabled"); 1115 if (data) 1116 p->p_ptevents |= PTRACE_FORK; 1117 else 1118 p->p_ptevents &= ~PTRACE_FORK; 1119 break; 1120 1121 case PT_LWP_EVENTS: 1122 CTR3(KTR_PTRACE, "PT_LWP_EVENTS: pid %d %s -> %s", p->p_pid, 1123 p->p_ptevents & PTRACE_LWP ? "enabled" : "disabled", 1124 data ? "enabled" : "disabled"); 1125 if (data) 1126 p->p_ptevents |= PTRACE_LWP; 1127 else 1128 p->p_ptevents &= ~PTRACE_LWP; 1129 break; 1130 1131 case PT_GET_EVENT_MASK: 1132 if (data != sizeof(p->p_ptevents)) { 1133 error = EINVAL; 1134 break; 1135 } 1136 CTR2(KTR_PTRACE, "PT_GET_EVENT_MASK: pid %d mask %#x", p->p_pid, 1137 p->p_ptevents); 1138 *(int *)addr = p->p_ptevents; 1139 break; 1140 1141 case PT_SET_EVENT_MASK: 1142 if (data != sizeof(p->p_ptevents)) { 1143 error = EINVAL; 1144 break; 1145 } 1146 tmp = *(int *)addr; 1147 if ((tmp & ~(PTRACE_EXEC | PTRACE_SCE | PTRACE_SCX | 1148 PTRACE_FORK | PTRACE_LWP | PTRACE_VFORK)) != 0) { 1149 error = EINVAL; 1150 break; 1151 } 1152 CTR3(KTR_PTRACE, "PT_SET_EVENT_MASK: pid %d mask %#x -> %#x", 1153 p->p_pid, p->p_ptevents, tmp); 1154 p->p_ptevents = tmp; 1155 break; 1156 1157 case PT_GET_SC_ARGS: 1158 CTR1(KTR_PTRACE, "PT_GET_SC_ARGS: pid %d", p->p_pid); 1159 if ((td2->td_dbgflags & (TDB_SCE | TDB_SCX)) == 0 1160 #ifdef COMPAT_FREEBSD32 1161 || (wrap32 && !safe) 1162 #endif 1163 ) { 1164 error = EINVAL; 1165 break; 1166 } 1167 bzero(addr, sizeof(td2->td_sa.args)); 1168 /* See the explanation in linux_ptrace_get_syscall_info(). */ 1169 bcopy(td2->td_sa.args, addr, SV_PROC_ABI(td->td_proc) == 1170 SV_ABI_LINUX ? sizeof(td2->td_sa.args) : 1171 td2->td_sa.callp->sy_narg * sizeof(syscallarg_t)); 1172 break; 1173 1174 case PT_GET_SC_RET: 1175 if ((td2->td_dbgflags & (TDB_SCX)) == 0 1176 #ifdef COMPAT_FREEBSD32 1177 || (wrap32 && !safe) 1178 #endif 1179 ) { 1180 error = EINVAL; 1181 break; 1182 } 1183 psr = addr; 1184 bzero(psr, sizeof(*psr)); 1185 psr->sr_error = td2->td_errno; 1186 if (psr->sr_error == 0) { 1187 psr->sr_retval[0] = td2->td_retval[0]; 1188 psr->sr_retval[1] = td2->td_retval[1]; 1189 } 1190 CTR4(KTR_PTRACE, 1191 "PT_GET_SC_RET: pid %d error %d retval %#lx,%#lx", 1192 p->p_pid, psr->sr_error, psr->sr_retval[0], 1193 psr->sr_retval[1]); 1194 break; 1195 1196 case PT_STEP: 1197 case PT_CONTINUE: 1198 case PT_TO_SCE: 1199 case PT_TO_SCX: 1200 case PT_SYSCALL: 1201 case PT_DETACH: 1202 /* Zero means do not send any signal */ 1203 if (data < 0 || data > _SIG_MAXSIG) { 1204 error = EINVAL; 1205 break; 1206 } 1207 1208 switch (req) { 1209 case PT_STEP: 1210 CTR3(KTR_PTRACE, "PT_STEP: tid %d (pid %d), sig = %d", 1211 td2->td_tid, p->p_pid, data); 1212 error = ptrace_single_step(td2); 1213 if (error) 1214 goto out; 1215 break; 1216 case PT_CONTINUE: 1217 case PT_TO_SCE: 1218 case PT_TO_SCX: 1219 case PT_SYSCALL: 1220 if (addr != (void *)1) { 1221 error = ptrace_set_pc(td2, 1222 (u_long)(uintfptr_t)addr); 1223 if (error) 1224 goto out; 1225 } 1226 switch (req) { 1227 case PT_TO_SCE: 1228 p->p_ptevents |= PTRACE_SCE; 1229 CTR4(KTR_PTRACE, 1230 "PT_TO_SCE: pid %d, events = %#x, PC = %#lx, sig = %d", 1231 p->p_pid, p->p_ptevents, 1232 (u_long)(uintfptr_t)addr, data); 1233 break; 1234 case PT_TO_SCX: 1235 p->p_ptevents |= PTRACE_SCX; 1236 CTR4(KTR_PTRACE, 1237 "PT_TO_SCX: pid %d, events = %#x, PC = %#lx, sig = %d", 1238 p->p_pid, p->p_ptevents, 1239 (u_long)(uintfptr_t)addr, data); 1240 break; 1241 case PT_SYSCALL: 1242 p->p_ptevents |= PTRACE_SYSCALL; 1243 CTR4(KTR_PTRACE, 1244 "PT_SYSCALL: pid %d, events = %#x, PC = %#lx, sig = %d", 1245 p->p_pid, p->p_ptevents, 1246 (u_long)(uintfptr_t)addr, data); 1247 break; 1248 case PT_CONTINUE: 1249 CTR3(KTR_PTRACE, 1250 "PT_CONTINUE: pid %d, PC = %#lx, sig = %d", 1251 p->p_pid, (u_long)(uintfptr_t)addr, data); 1252 break; 1253 } 1254 break; 1255 case PT_DETACH: 1256 /* 1257 * Clear P_TRACED before reparenting 1258 * a detached process back to its original 1259 * parent. Otherwise the debugee will be set 1260 * as an orphan of the debugger. 1261 */ 1262 p->p_flag &= ~(P_TRACED | P_WAITED); 1263 1264 /* 1265 * Reset the process parent. 1266 */ 1267 if (p->p_oppid != p->p_pptr->p_pid) { 1268 PROC_LOCK(p->p_pptr); 1269 sigqueue_take(p->p_ksi); 1270 PROC_UNLOCK(p->p_pptr); 1271 1272 pp = proc_realparent(p); 1273 proc_reparent(p, pp, false); 1274 if (pp == initproc) 1275 p->p_sigparent = SIGCHLD; 1276 CTR3(KTR_PTRACE, 1277 "PT_DETACH: pid %d reparented to pid %d, sig %d", 1278 p->p_pid, pp->p_pid, data); 1279 } else { 1280 CTR2(KTR_PTRACE, "PT_DETACH: pid %d, sig %d", 1281 p->p_pid, data); 1282 } 1283 1284 p->p_ptevents = 0; 1285 FOREACH_THREAD_IN_PROC(p, td3) { 1286 if ((td3->td_dbgflags & TDB_FSTP) != 0) { 1287 sigqueue_delete(&td3->td_sigqueue, 1288 SIGSTOP); 1289 } 1290 td3->td_dbgflags &= ~(TDB_XSIG | TDB_FSTP | 1291 TDB_SUSPEND); 1292 } 1293 1294 if ((p->p_flag2 & P2_PTRACE_FSTP) != 0) { 1295 sigqueue_delete(&p->p_sigqueue, SIGSTOP); 1296 p->p_flag2 &= ~P2_PTRACE_FSTP; 1297 } 1298 1299 /* should we send SIGCHLD? */ 1300 /* childproc_continued(p); */ 1301 break; 1302 } 1303 1304 sx_xunlock(&proctree_lock); 1305 proctree_locked = false; 1306 1307 sendsig: 1308 MPASS(!proctree_locked); 1309 1310 /* 1311 * Clear the pending event for the thread that just 1312 * reported its event (p_xthread). This may not be 1313 * the thread passed to PT_CONTINUE, PT_STEP, etc. if 1314 * the debugger is resuming a different thread. 1315 * 1316 * Deliver any pending signal via the reporting thread. 1317 */ 1318 MPASS(p->p_xthread != NULL); 1319 p->p_xthread->td_dbgflags &= ~TDB_XSIG; 1320 p->p_xthread->td_xsig = data; 1321 p->p_xthread = NULL; 1322 p->p_xsig = data; 1323 1324 /* 1325 * P_WKILLED is insurance that a PT_KILL/SIGKILL 1326 * always works immediately, even if another thread is 1327 * unsuspended first and attempts to handle a 1328 * different signal or if the POSIX.1b style signal 1329 * queue cannot accommodate any new signals. 1330 */ 1331 if (data == SIGKILL) 1332 proc_wkilled(p); 1333 1334 /* 1335 * Unsuspend all threads. To leave a thread 1336 * suspended, use PT_SUSPEND to suspend it before 1337 * continuing the process. 1338 */ 1339 ptrace_unsuspend(p); 1340 break; 1341 1342 case PT_WRITE_I: 1343 case PT_WRITE_D: 1344 td2->td_dbgflags |= TDB_USERWR; 1345 PROC_UNLOCK(p); 1346 error = 0; 1347 if (proc_writemem(td, p, (off_t)(uintptr_t)addr, &data, 1348 sizeof(int)) != sizeof(int)) 1349 error = ENOMEM; 1350 else 1351 CTR3(KTR_PTRACE, "PT_WRITE: pid %d: %p <= %#x", 1352 p->p_pid, addr, data); 1353 PROC_LOCK(p); 1354 break; 1355 1356 case PT_READ_I: 1357 case PT_READ_D: 1358 PROC_UNLOCK(p); 1359 error = tmp = 0; 1360 if (proc_readmem(td, p, (off_t)(uintptr_t)addr, &tmp, 1361 sizeof(int)) != sizeof(int)) 1362 error = ENOMEM; 1363 else 1364 CTR3(KTR_PTRACE, "PT_READ: pid %d: %p >= %#x", 1365 p->p_pid, addr, tmp); 1366 td->td_retval[0] = tmp; 1367 PROC_LOCK(p); 1368 break; 1369 1370 case PT_IO: 1371 piod = addr; 1372 iov.iov_base = piod->piod_addr; 1373 iov.iov_len = piod->piod_len; 1374 uio.uio_offset = (off_t)(uintptr_t)piod->piod_offs; 1375 uio.uio_resid = piod->piod_len; 1376 uio.uio_iov = &iov; 1377 uio.uio_iovcnt = 1; 1378 uio.uio_segflg = UIO_USERSPACE; 1379 uio.uio_td = td; 1380 switch (piod->piod_op) { 1381 case PIOD_READ_D: 1382 case PIOD_READ_I: 1383 CTR3(KTR_PTRACE, "PT_IO: pid %d: READ (%p, %#x)", 1384 p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid); 1385 uio.uio_rw = UIO_READ; 1386 break; 1387 case PIOD_WRITE_D: 1388 case PIOD_WRITE_I: 1389 CTR3(KTR_PTRACE, "PT_IO: pid %d: WRITE (%p, %#x)", 1390 p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid); 1391 td2->td_dbgflags |= TDB_USERWR; 1392 uio.uio_rw = UIO_WRITE; 1393 break; 1394 default: 1395 error = EINVAL; 1396 goto out; 1397 } 1398 PROC_UNLOCK(p); 1399 error = proc_rwmem(p, &uio); 1400 piod->piod_len -= uio.uio_resid; 1401 PROC_LOCK(p); 1402 break; 1403 1404 case PT_KILL: 1405 CTR1(KTR_PTRACE, "PT_KILL: pid %d", p->p_pid); 1406 data = SIGKILL; 1407 goto sendsig; /* in PT_CONTINUE above */ 1408 1409 case PT_SETREGS: 1410 CTR2(KTR_PTRACE, "PT_SETREGS: tid %d (pid %d)", td2->td_tid, 1411 p->p_pid); 1412 td2->td_dbgflags |= TDB_USERWR; 1413 error = PROC_WRITE(regs, td2, addr); 1414 break; 1415 1416 case PT_GETREGS: 1417 CTR2(KTR_PTRACE, "PT_GETREGS: tid %d (pid %d)", td2->td_tid, 1418 p->p_pid); 1419 error = PROC_READ(regs, td2, addr); 1420 break; 1421 1422 case PT_SETFPREGS: 1423 CTR2(KTR_PTRACE, "PT_SETFPREGS: tid %d (pid %d)", td2->td_tid, 1424 p->p_pid); 1425 td2->td_dbgflags |= TDB_USERWR; 1426 error = PROC_WRITE(fpregs, td2, addr); 1427 break; 1428 1429 case PT_GETFPREGS: 1430 CTR2(KTR_PTRACE, "PT_GETFPREGS: tid %d (pid %d)", td2->td_tid, 1431 p->p_pid); 1432 error = PROC_READ(fpregs, td2, addr); 1433 break; 1434 1435 case PT_SETDBREGS: 1436 CTR2(KTR_PTRACE, "PT_SETDBREGS: tid %d (pid %d)", td2->td_tid, 1437 p->p_pid); 1438 td2->td_dbgflags |= TDB_USERWR; 1439 error = PROC_WRITE(dbregs, td2, addr); 1440 break; 1441 1442 case PT_GETDBREGS: 1443 CTR2(KTR_PTRACE, "PT_GETDBREGS: tid %d (pid %d)", td2->td_tid, 1444 p->p_pid); 1445 error = PROC_READ(dbregs, td2, addr); 1446 break; 1447 1448 case PT_SETREGSET: 1449 CTR2(KTR_PTRACE, "PT_SETREGSET: tid %d (pid %d)", td2->td_tid, 1450 p->p_pid); 1451 error = proc_write_regset(td2, data, addr); 1452 break; 1453 1454 case PT_GETREGSET: 1455 CTR2(KTR_PTRACE, "PT_GETREGSET: tid %d (pid %d)", td2->td_tid, 1456 p->p_pid); 1457 error = proc_read_regset(td2, data, addr); 1458 break; 1459 1460 case PT_LWPINFO: 1461 if (data <= 0 || data > sizeof(*pl)) { 1462 error = EINVAL; 1463 break; 1464 } 1465 pl = addr; 1466 bzero(pl, sizeof(*pl)); 1467 pl->pl_lwpid = td2->td_tid; 1468 pl->pl_event = PL_EVENT_NONE; 1469 pl->pl_flags = 0; 1470 if (td2->td_dbgflags & TDB_XSIG) { 1471 pl->pl_event = PL_EVENT_SIGNAL; 1472 if (td2->td_si.si_signo != 0 && 1473 data >= offsetof(struct ptrace_lwpinfo, pl_siginfo) 1474 + sizeof(pl->pl_siginfo)){ 1475 pl->pl_flags |= PL_FLAG_SI; 1476 pl->pl_siginfo = td2->td_si; 1477 } 1478 } 1479 if (td2->td_dbgflags & TDB_SCE) 1480 pl->pl_flags |= PL_FLAG_SCE; 1481 else if (td2->td_dbgflags & TDB_SCX) 1482 pl->pl_flags |= PL_FLAG_SCX; 1483 if (td2->td_dbgflags & TDB_EXEC) 1484 pl->pl_flags |= PL_FLAG_EXEC; 1485 if (td2->td_dbgflags & TDB_FORK) { 1486 pl->pl_flags |= PL_FLAG_FORKED; 1487 pl->pl_child_pid = td2->td_dbg_forked; 1488 if (td2->td_dbgflags & TDB_VFORK) 1489 pl->pl_flags |= PL_FLAG_VFORKED; 1490 } else if ((td2->td_dbgflags & (TDB_SCX | TDB_VFORK)) == 1491 TDB_VFORK) 1492 pl->pl_flags |= PL_FLAG_VFORK_DONE; 1493 if (td2->td_dbgflags & TDB_CHILD) 1494 pl->pl_flags |= PL_FLAG_CHILD; 1495 if (td2->td_dbgflags & TDB_BORN) 1496 pl->pl_flags |= PL_FLAG_BORN; 1497 if (td2->td_dbgflags & TDB_EXIT) 1498 pl->pl_flags |= PL_FLAG_EXITED; 1499 pl->pl_sigmask = td2->td_sigmask; 1500 pl->pl_siglist = td2->td_siglist; 1501 strcpy(pl->pl_tdname, td2->td_name); 1502 if ((td2->td_dbgflags & (TDB_SCE | TDB_SCX)) != 0) { 1503 pl->pl_syscall_code = td2->td_sa.code; 1504 pl->pl_syscall_narg = td2->td_sa.callp->sy_narg; 1505 } else { 1506 pl->pl_syscall_code = 0; 1507 pl->pl_syscall_narg = 0; 1508 } 1509 CTR6(KTR_PTRACE, 1510 "PT_LWPINFO: tid %d (pid %d) event %d flags %#x child pid %d syscall %d", 1511 td2->td_tid, p->p_pid, pl->pl_event, pl->pl_flags, 1512 pl->pl_child_pid, pl->pl_syscall_code); 1513 break; 1514 1515 case PT_GETNUMLWPS: 1516 CTR2(KTR_PTRACE, "PT_GETNUMLWPS: pid %d: %d threads", p->p_pid, 1517 p->p_numthreads); 1518 td->td_retval[0] = p->p_numthreads; 1519 break; 1520 1521 case PT_GETLWPLIST: 1522 CTR3(KTR_PTRACE, "PT_GETLWPLIST: pid %d: data %d, actual %d", 1523 p->p_pid, data, p->p_numthreads); 1524 if (data <= 0) { 1525 error = EINVAL; 1526 break; 1527 } 1528 num = imin(p->p_numthreads, data); 1529 PROC_UNLOCK(p); 1530 buf = malloc(num * sizeof(lwpid_t), M_TEMP, M_WAITOK); 1531 tmp = 0; 1532 PROC_LOCK(p); 1533 FOREACH_THREAD_IN_PROC(p, td2) { 1534 if (tmp >= num) 1535 break; 1536 buf[tmp++] = td2->td_tid; 1537 } 1538 PROC_UNLOCK(p); 1539 error = copyout(buf, addr, tmp * sizeof(lwpid_t)); 1540 free(buf, M_TEMP); 1541 if (!error) 1542 td->td_retval[0] = tmp; 1543 PROC_LOCK(p); 1544 break; 1545 1546 case PT_VM_TIMESTAMP: 1547 CTR2(KTR_PTRACE, "PT_VM_TIMESTAMP: pid %d: timestamp %d", 1548 p->p_pid, p->p_vmspace->vm_map.timestamp); 1549 td->td_retval[0] = p->p_vmspace->vm_map.timestamp; 1550 break; 1551 1552 case PT_VM_ENTRY: 1553 PROC_UNLOCK(p); 1554 error = ptrace_vm_entry(td, p, addr); 1555 PROC_LOCK(p); 1556 break; 1557 1558 case PT_COREDUMP: 1559 pc = addr; 1560 CTR2(KTR_PTRACE, "PT_COREDUMP: pid %d, fd %d", 1561 p->p_pid, pc->pc_fd); 1562 1563 if ((pc->pc_flags & ~(PC_COMPRESS | PC_ALL)) != 0) { 1564 error = EINVAL; 1565 break; 1566 } 1567 PROC_UNLOCK(p); 1568 1569 tcq = malloc(sizeof(*tcq), M_TEMP, M_WAITOK | M_ZERO); 1570 fp = NULL; 1571 error = fget_write(td, pc->pc_fd, &cap_write_rights, &fp); 1572 if (error != 0) 1573 goto coredump_cleanup_nofp; 1574 if (fp->f_type != DTYPE_VNODE || fp->f_vnode->v_type != VREG) { 1575 error = EPIPE; 1576 goto coredump_cleanup; 1577 } 1578 1579 PROC_LOCK(p); 1580 error = proc_can_ptrace(td, p); 1581 if (error != 0) 1582 goto coredump_cleanup_locked; 1583 1584 td2 = ptrace_sel_coredump_thread(p); 1585 if (td2 == NULL) { 1586 error = EBUSY; 1587 goto coredump_cleanup_locked; 1588 } 1589 KASSERT((td2->td_dbgflags & (TDB_COREDUMPREQ | 1590 TDB_SCREMOTEREQ)) == 0, 1591 ("proc %d tid %d req coredump", p->p_pid, td2->td_tid)); 1592 1593 tcq->tc_vp = fp->f_vnode; 1594 tcq->tc_limit = pc->pc_limit == 0 ? OFF_MAX : pc->pc_limit; 1595 tcq->tc_flags = SVC_PT_COREDUMP; 1596 if ((pc->pc_flags & PC_COMPRESS) == 0) 1597 tcq->tc_flags |= SVC_NOCOMPRESS; 1598 if ((pc->pc_flags & PC_ALL) != 0) 1599 tcq->tc_flags |= SVC_ALL; 1600 td2->td_remotereq = tcq; 1601 td2->td_dbgflags |= TDB_COREDUMPREQ; 1602 thread_run_flash(td2); 1603 while ((td2->td_dbgflags & TDB_COREDUMPREQ) != 0) 1604 msleep(p, &p->p_mtx, PPAUSE, "crdmp", 0); 1605 error = tcq->tc_error; 1606 coredump_cleanup_locked: 1607 PROC_UNLOCK(p); 1608 coredump_cleanup: 1609 fdrop(fp, td); 1610 coredump_cleanup_nofp: 1611 free(tcq, M_TEMP); 1612 PROC_LOCK(p); 1613 break; 1614 1615 case PT_SC_REMOTE: 1616 pscr = addr; 1617 CTR2(KTR_PTRACE, "PT_SC_REMOTE: pid %d, syscall %d", 1618 p->p_pid, pscr->pscr_syscall); 1619 if ((td2->td_dbgflags & TDB_BOUNDARY) == 0) { 1620 error = EBUSY; 1621 break; 1622 } 1623 PROC_UNLOCK(p); 1624 MPASS(pscr->pscr_nargs <= nitems(td->td_sa.args)); 1625 1626 tsr = malloc(sizeof(struct thr_syscall_req), M_TEMP, 1627 M_WAITOK | M_ZERO); 1628 1629 tsr->ts_sa.code = pscr->pscr_syscall; 1630 tsr->ts_nargs = pscr->pscr_nargs; 1631 memcpy(&tsr->ts_sa.args, pscr->pscr_args, 1632 sizeof(syscallarg_t) * tsr->ts_nargs); 1633 1634 PROC_LOCK(p); 1635 error = proc_can_ptrace(td, p); 1636 if (error != 0) { 1637 free(tsr, M_TEMP); 1638 break; 1639 } 1640 if (td2->td_proc != p) { 1641 free(tsr, M_TEMP); 1642 error = ESRCH; 1643 break; 1644 } 1645 KASSERT((td2->td_dbgflags & (TDB_COREDUMPREQ | 1646 TDB_SCREMOTEREQ)) == 0, 1647 ("proc %d tid %d req coredump", p->p_pid, td2->td_tid)); 1648 1649 td2->td_remotereq = tsr; 1650 td2->td_dbgflags |= TDB_SCREMOTEREQ; 1651 thread_run_flash(td2); 1652 while ((td2->td_dbgflags & TDB_SCREMOTEREQ) != 0) 1653 msleep(p, &p->p_mtx, PPAUSE, "pscrx", 0); 1654 error = 0; 1655 memcpy(&pscr->pscr_ret, &tsr->ts_ret, sizeof(tsr->ts_ret)); 1656 free(tsr, M_TEMP); 1657 break; 1658 1659 default: 1660 #ifdef __HAVE_PTRACE_MACHDEP 1661 if (req >= PT_FIRSTMACH) { 1662 PROC_UNLOCK(p); 1663 error = cpu_ptrace(td2, req, addr, data); 1664 PROC_LOCK(p); 1665 } else 1666 #endif 1667 /* Unknown request. */ 1668 error = EINVAL; 1669 break; 1670 } 1671 out: 1672 /* Drop our hold on this process now that the request has completed. */ 1673 _PRELE(p); 1674 fail: 1675 if (p2_req_set) { 1676 if ((p->p_flag2 & P2_PTRACEREQ) != 0) 1677 wakeup(&p->p_flag2); 1678 p->p_flag2 &= ~P2_PTRACEREQ; 1679 } 1680 PROC_UNLOCK(p); 1681 if (proctree_locked) 1682 sx_xunlock(&proctree_lock); 1683 return (error); 1684 } 1685 #undef PROC_READ 1686 #undef PROC_WRITE
Cache object: 3223402fc446f6b691fba4959fe81f56
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]