Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/kern/sys_process.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 1994, Sean Eric Fagan 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by Sean Eric Fagan. 16 * 4. The name of the author may not be used to endorse or promote products 17 * derived from this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 __FBSDID("$FreeBSD: releng/6.4/sys/kern/sys_process.c 181010 2008-07-30 19:52:54Z jhb $"); 34 35 #include "opt_compat.h" 36 37 #include <sys/param.h> 38 #include <sys/systm.h> 39 #include <sys/lock.h> 40 #include <sys/mutex.h> 41 #include <sys/syscallsubr.h> 42 #include <sys/sysproto.h> 43 #include <sys/proc.h> 44 #include <sys/vnode.h> 45 #include <sys/ptrace.h> 46 #include <sys/sx.h> 47 #include <sys/malloc.h> 48 #include <sys/signalvar.h> 49 50 #include <machine/reg.h> 51 52 #include <security/audit/audit.h> 53 54 #include <vm/vm.h> 55 #include <vm/pmap.h> 56 #include <vm/vm_extern.h> 57 #include <vm/vm_map.h> 58 #include <vm/vm_kern.h> 59 #include <vm/vm_object.h> 60 #include <vm/vm_page.h> 61 62 #ifdef COMPAT_IA32 63 #include <sys/procfs.h> 64 #include <machine/fpu.h> 65 #include <compat/ia32/ia32_reg.h> 66 67 extern struct sysentvec ia32_freebsd_sysvec; 68 69 struct ptrace_io_desc32 { 70 int piod_op; 71 u_int32_t piod_offs; 72 u_int32_t piod_addr; 73 u_int32_t piod_len; 74 }; 75 #endif 76 77 /* 78 * Functions implemented using PROC_ACTION(): 79 * 80 * proc_read_regs(proc, regs) 81 * Get the current user-visible register set from the process 82 * and copy it into the regs structure (<machine/reg.h>). 83 * The process is stopped at the time read_regs is called. 84 * 85 * proc_write_regs(proc, regs) 86 * Update the current register set from the passed in regs 87 * structure. Take care to avoid clobbering special CPU 88 * registers or privileged bits in the PSL. 89 * Depending on the architecture this may have fix-up work to do, 90 * especially if the IAR or PCW are modified. 91 * The process is stopped at the time write_regs is called. 92 * 93 * proc_read_fpregs, proc_write_fpregs 94 * deal with the floating point register set, otherwise as above. 95 * 96 * proc_read_dbregs, proc_write_dbregs 97 * deal with the processor debug register set, otherwise as above. 98 * 99 * proc_sstep(proc) 100 * Arrange for the process to trap after executing a single instruction. 101 */ 102 103 #define PROC_ACTION(action) do { \ 104 int error; \ 105 \ 106 PROC_LOCK_ASSERT(td->td_proc, MA_OWNED); \ 107 if ((td->td_proc->p_sflag & PS_INMEM) == 0) \ 108 error = EIO; \ 109 else \ 110 error = (action); \ 111 return (error); \ 112 } while(0) 113 114 int 115 proc_read_regs(struct thread *td, struct reg *regs) 116 { 117 118 PROC_ACTION(fill_regs(td, regs)); 119 } 120 121 int 122 proc_write_regs(struct thread *td, struct reg *regs) 123 { 124 125 PROC_ACTION(set_regs(td, regs)); 126 } 127 128 int 129 proc_read_dbregs(struct thread *td, struct dbreg *dbregs) 130 { 131 132 PROC_ACTION(fill_dbregs(td, dbregs)); 133 } 134 135 int 136 proc_write_dbregs(struct thread *td, struct dbreg *dbregs) 137 { 138 139 PROC_ACTION(set_dbregs(td, dbregs)); 140 } 141 142 /* 143 * Ptrace doesn't support fpregs at all, and there are no security holes 144 * or translations for fpregs, so we can just copy them. 145 */ 146 int 147 proc_read_fpregs(struct thread *td, struct fpreg *fpregs) 148 { 149 150 PROC_ACTION(fill_fpregs(td, fpregs)); 151 } 152 153 int 154 proc_write_fpregs(struct thread *td, struct fpreg *fpregs) 155 { 156 157 PROC_ACTION(set_fpregs(td, fpregs)); 158 } 159 160 #ifdef COMPAT_IA32 161 /* For 32 bit binaries, we need to expose the 32 bit regs layouts. */ 162 int 163 proc_read_regs32(struct thread *td, struct reg32 *regs32) 164 { 165 166 PROC_ACTION(fill_regs32(td, regs32)); 167 } 168 169 int 170 proc_write_regs32(struct thread *td, struct reg32 *regs32) 171 { 172 173 PROC_ACTION(set_regs32(td, regs32)); 174 } 175 176 int 177 proc_read_dbregs32(struct thread *td, struct dbreg32 *dbregs32) 178 { 179 180 PROC_ACTION(fill_dbregs32(td, dbregs32)); 181 } 182 183 int 184 proc_write_dbregs32(struct thread *td, struct dbreg32 *dbregs32) 185 { 186 187 PROC_ACTION(set_dbregs32(td, dbregs32)); 188 } 189 190 int 191 proc_read_fpregs32(struct thread *td, struct fpreg32 *fpregs32) 192 { 193 194 PROC_ACTION(fill_fpregs32(td, fpregs32)); 195 } 196 197 int 198 proc_write_fpregs32(struct thread *td, struct fpreg32 *fpregs32) 199 { 200 201 PROC_ACTION(set_fpregs32(td, fpregs32)); 202 } 203 #endif 204 205 int 206 proc_sstep(struct thread *td) 207 { 208 209 PROC_ACTION(ptrace_single_step(td)); 210 } 211 212 int 213 proc_rwmem(struct proc *p, struct uio *uio) 214 { 215 vm_map_t map; 216 vm_object_t backing_object, object = NULL; 217 vm_offset_t pageno = 0; /* page number */ 218 vm_prot_t reqprot; 219 int error, fault_flags, writing; 220 221 /* 222 * Assert that someone has locked this vmspace. (Should be 223 * curthread but we can't assert that.) This keeps the process 224 * from exiting out from under us until this operation completes. 225 */ 226 KASSERT(p->p_lock >= 1, ("%s: process %p (pid %d) not held", __func__, 227 p, p->p_pid)); 228 229 /* 230 * The map we want... 231 */ 232 map = &p->p_vmspace->vm_map; 233 234 writing = uio->uio_rw == UIO_WRITE; 235 reqprot = writing ? (VM_PROT_WRITE | VM_PROT_OVERRIDE_WRITE) : 236 VM_PROT_READ; 237 fault_flags = writing ? VM_FAULT_DIRTY : VM_FAULT_NORMAL; 238 239 /* 240 * Only map in one page at a time. We don't have to, but it 241 * makes things easier. This way is trivial - right? 242 */ 243 do { 244 vm_map_t tmap; 245 vm_offset_t uva; 246 int page_offset; /* offset into page */ 247 vm_map_entry_t out_entry; 248 vm_prot_t out_prot; 249 boolean_t wired; 250 vm_pindex_t pindex; 251 u_int len; 252 vm_page_t m; 253 254 object = NULL; 255 256 uva = (vm_offset_t)uio->uio_offset; 257 258 /* 259 * Get the page number of this segment. 260 */ 261 pageno = trunc_page(uva); 262 page_offset = uva - pageno; 263 264 /* 265 * How many bytes to copy 266 */ 267 len = min(PAGE_SIZE - page_offset, uio->uio_resid); 268 269 /* 270 * Fault the page on behalf of the process 271 */ 272 error = vm_fault(map, pageno, reqprot, fault_flags); 273 if (error) { 274 error = EFAULT; 275 break; 276 } 277 278 /* 279 * Now we need to get the page. out_entry, out_prot, wired, 280 * and single_use aren't used. One would think the vm code 281 * would be a *bit* nicer... We use tmap because 282 * vm_map_lookup() can change the map argument. 283 */ 284 tmap = map; 285 error = vm_map_lookup(&tmap, pageno, reqprot, &out_entry, 286 &object, &pindex, &out_prot, &wired); 287 if (error) { 288 error = EFAULT; 289 break; 290 } 291 VM_OBJECT_LOCK(object); 292 while ((m = vm_page_lookup(object, pindex)) == NULL && 293 !writing && 294 (backing_object = object->backing_object) != NULL) { 295 /* 296 * Allow fallback to backing objects if we are reading. 297 */ 298 VM_OBJECT_LOCK(backing_object); 299 pindex += OFF_TO_IDX(object->backing_object_offset); 300 VM_OBJECT_UNLOCK(object); 301 object = backing_object; 302 } 303 VM_OBJECT_UNLOCK(object); 304 if (m == NULL) { 305 vm_map_lookup_done(tmap, out_entry); 306 error = EFAULT; 307 break; 308 } 309 310 /* 311 * Hold the page in memory. 312 */ 313 vm_page_lock_queues(); 314 vm_page_hold(m); 315 vm_page_unlock_queues(); 316 317 /* 318 * We're done with tmap now. 319 */ 320 vm_map_lookup_done(tmap, out_entry); 321 322 /* 323 * Now do the i/o move. 324 */ 325 error = uiomove_fromphys(&m, page_offset, len, uio); 326 327 /* 328 * Release the page. 329 */ 330 vm_page_lock_queues(); 331 vm_page_unhold(m); 332 vm_page_unlock_queues(); 333 334 } while (error == 0 && uio->uio_resid > 0); 335 336 return (error); 337 } 338 339 /* 340 * Process debugging system call. 341 */ 342 #ifndef _SYS_SYSPROTO_H_ 343 struct ptrace_args { 344 int req; 345 pid_t pid; 346 caddr_t addr; 347 int data; 348 }; 349 #endif 350 351 #ifdef COMPAT_IA32 352 /* 353 * This CPP subterfuge is to try and reduce the number of ifdefs in 354 * the body of the code. 355 * COPYIN(uap->addr, &r.reg, sizeof r.reg); 356 * becomes either: 357 * copyin(uap->addr, &r.reg, sizeof r.reg); 358 * or 359 * copyin(uap->addr, &r.reg32, sizeof r.reg32); 360 * .. except this is done at runtime. 361 */ 362 #define COPYIN(u, k, s) wrap32 ? \ 363 copyin(u, k ## 32, s ## 32) : \ 364 copyin(u, k, s) 365 #define COPYOUT(k, u, s) wrap32 ? \ 366 copyout(k ## 32, u, s ## 32) : \ 367 copyout(k, u, s) 368 #else 369 #define COPYIN(u, k, s) copyin(u, k, s) 370 #define COPYOUT(k, u, s) copyout(k, u, s) 371 #endif 372 /* 373 * MPSAFE 374 */ 375 int 376 ptrace(struct thread *td, struct ptrace_args *uap) 377 { 378 /* 379 * XXX this obfuscation is to reduce stack usage, but the register 380 * structs may be too large to put on the stack anyway. 381 */ 382 union { 383 struct ptrace_io_desc piod; 384 struct ptrace_lwpinfo pl; 385 struct dbreg dbreg; 386 struct fpreg fpreg; 387 struct reg reg; 388 #ifdef COMPAT_IA32 389 struct dbreg32 dbreg32; 390 struct fpreg32 fpreg32; 391 struct reg32 reg32; 392 struct ptrace_io_desc32 piod32; 393 #endif 394 } r; 395 void *addr; 396 int error = 0; 397 #ifdef COMPAT_IA32 398 int wrap32 = 0; 399 400 if (td->td_proc->p_sysent == &ia32_freebsd_sysvec) 401 wrap32 = 1; 402 #endif 403 AUDIT_ARG(pid, uap->pid); 404 AUDIT_ARG(cmd, uap->req); 405 AUDIT_ARG(addr, uap->addr); 406 AUDIT_ARG(value, uap->data); 407 addr = &r; 408 switch (uap->req) { 409 case PT_GETREGS: 410 case PT_GETFPREGS: 411 case PT_GETDBREGS: 412 case PT_LWPINFO: 413 break; 414 case PT_SETREGS: 415 error = COPYIN(uap->addr, &r.reg, sizeof r.reg); 416 break; 417 case PT_SETFPREGS: 418 error = COPYIN(uap->addr, &r.fpreg, sizeof r.fpreg); 419 break; 420 case PT_SETDBREGS: 421 error = COPYIN(uap->addr, &r.dbreg, sizeof r.dbreg); 422 break; 423 case PT_IO: 424 error = COPYIN(uap->addr, &r.piod, sizeof r.piod); 425 break; 426 default: 427 addr = uap->addr; 428 break; 429 } 430 if (error) 431 return (error); 432 433 error = kern_ptrace(td, uap->req, uap->pid, addr, uap->data); 434 if (error) 435 return (error); 436 437 switch (uap->req) { 438 case PT_IO: 439 error = COPYOUT(&r.piod, uap->addr, sizeof r.piod); 440 break; 441 case PT_GETREGS: 442 error = COPYOUT(&r.reg, uap->addr, sizeof r.reg); 443 break; 444 case PT_GETFPREGS: 445 error = COPYOUT(&r.fpreg, uap->addr, sizeof r.fpreg); 446 break; 447 case PT_GETDBREGS: 448 error = COPYOUT(&r.dbreg, uap->addr, sizeof r.dbreg); 449 break; 450 case PT_LWPINFO: 451 error = copyout(&r.pl, uap->addr, uap->data); 452 break; 453 } 454 455 return (error); 456 } 457 #undef COPYIN 458 #undef COPYOUT 459 460 #ifdef COMPAT_IA32 461 /* 462 * PROC_READ(regs, td2, addr); 463 * becomes either: 464 * proc_read_regs(td2, addr); 465 * or 466 * proc_read_regs32(td2, addr); 467 * .. except this is done at runtime. There is an additional 468 * complication in that PROC_WRITE disallows 32 bit consumers 469 * from writing to 64 bit address space targets. 470 */ 471 #define PROC_READ(w, t, a) wrap32 ? \ 472 proc_read_ ## w ## 32(t, a) : \ 473 proc_read_ ## w (t, a) 474 #define PROC_WRITE(w, t, a) wrap32 ? \ 475 (safe ? proc_write_ ## w ## 32(t, a) : EINVAL ) : \ 476 proc_write_ ## w (t, a) 477 #else 478 #define PROC_READ(w, t, a) proc_read_ ## w (t, a) 479 #define PROC_WRITE(w, t, a) proc_write_ ## w (t, a) 480 #endif 481 482 int 483 kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data) 484 { 485 struct iovec iov; 486 struct uio uio; 487 struct proc *curp, *p, *pp; 488 struct thread *td2 = NULL; 489 struct ptrace_io_desc *piod = NULL; 490 struct ptrace_lwpinfo *pl; 491 int error, write, tmp, num; 492 int proctree_locked = 0; 493 lwpid_t tid = 0, *buf; 494 #ifdef COMPAT_IA32 495 int wrap32 = 0, safe = 0; 496 struct ptrace_io_desc32 *piod32 = NULL; 497 #endif 498 499 curp = td->td_proc; 500 501 /* Lock proctree before locking the process. */ 502 switch (req) { 503 case PT_TRACE_ME: 504 case PT_ATTACH: 505 case PT_STEP: 506 case PT_CONTINUE: 507 case PT_TO_SCE: 508 case PT_TO_SCX: 509 case PT_SYSCALL: 510 case PT_DETACH: 511 sx_xlock(&proctree_lock); 512 proctree_locked = 1; 513 break; 514 default: 515 break; 516 } 517 518 write = 0; 519 if (req == PT_TRACE_ME) { 520 p = td->td_proc; 521 PROC_LOCK(p); 522 } else { 523 if (pid <= PID_MAX) { 524 if ((p = pfind(pid)) == NULL) { 525 if (proctree_locked) 526 sx_xunlock(&proctree_lock); 527 return (ESRCH); 528 } 529 } else { 530 /* this is slow, should be optimized */ 531 sx_slock(&allproc_lock); 532 FOREACH_PROC_IN_SYSTEM(p) { 533 PROC_LOCK(p); 534 mtx_lock_spin(&sched_lock); 535 FOREACH_THREAD_IN_PROC(p, td2) { 536 if (td2->td_tid == pid) 537 break; 538 } 539 mtx_unlock_spin(&sched_lock); 540 if (td2 != NULL) 541 break; /* proc lock held */ 542 PROC_UNLOCK(p); 543 } 544 sx_sunlock(&allproc_lock); 545 if (p == NULL) { 546 if (proctree_locked) 547 sx_xunlock(&proctree_lock); 548 return (ESRCH); 549 } 550 tid = pid; 551 pid = p->p_pid; 552 } 553 } 554 555 if ((p->p_flag & P_WEXIT) != 0) { 556 error = ESRCH; 557 goto fail; 558 } 559 AUDIT_ARG(process, p); 560 if ((error = p_cansee(td, p)) != 0) 561 goto fail; 562 563 if ((error = p_candebug(td, p)) != 0) 564 goto fail; 565 566 /* 567 * System processes can't be debugged. 568 */ 569 if ((p->p_flag & P_SYSTEM) != 0) { 570 error = EINVAL; 571 goto fail; 572 } 573 574 if (tid == 0) { 575 if ((p->p_flag & P_STOPPED_TRACE) != 0) { 576 KASSERT(p->p_xthread != NULL, ("NULL p_xthread")); 577 td2 = p->p_xthread; 578 } else { 579 td2 = FIRST_THREAD_IN_PROC(p); 580 } 581 tid = td2->td_tid; 582 } 583 584 #ifdef COMPAT_IA32 585 /* 586 * Test if we're a 32 bit client and what the target is. 587 * Set the wrap controls accordingly. 588 */ 589 if (td->td_proc->p_sysent == &ia32_freebsd_sysvec) { 590 if (td2->td_proc->p_sysent == &ia32_freebsd_sysvec) 591 safe = 1; 592 wrap32 = 1; 593 } 594 #endif 595 /* 596 * Permissions check 597 */ 598 switch (req) { 599 case PT_TRACE_ME: 600 /* Always legal. */ 601 break; 602 603 case PT_ATTACH: 604 /* Self */ 605 if (p->p_pid == td->td_proc->p_pid) { 606 error = EINVAL; 607 goto fail; 608 } 609 610 /* Already traced */ 611 if (p->p_flag & P_TRACED) { 612 error = EBUSY; 613 goto fail; 614 } 615 616 /* Can't trace an ancestor if you're being traced. */ 617 if (curp->p_flag & P_TRACED) { 618 for (pp = curp->p_pptr; pp != NULL; pp = pp->p_pptr) { 619 if (pp == p) { 620 error = EINVAL; 621 goto fail; 622 } 623 } 624 } 625 626 627 /* OK */ 628 break; 629 630 case PT_CLEARSTEP: 631 /* Allow thread to clear single step for itself */ 632 if (td->td_tid == tid) 633 break; 634 635 /* FALLTHROUGH */ 636 default: 637 /* not being traced... */ 638 if ((p->p_flag & P_TRACED) == 0) { 639 error = EPERM; 640 goto fail; 641 } 642 643 /* not being traced by YOU */ 644 if (p->p_pptr != td->td_proc) { 645 error = EBUSY; 646 goto fail; 647 } 648 649 /* not currently stopped */ 650 if ((p->p_flag & (P_STOPPED_SIG | P_STOPPED_TRACE)) == 0 || 651 p->p_suspcount != p->p_numthreads || 652 (p->p_flag & P_WAITED) == 0) { 653 error = EBUSY; 654 goto fail; 655 } 656 657 if ((p->p_flag & P_STOPPED_TRACE) == 0) { 658 static int count = 0; 659 if (count++ == 0) 660 printf("P_STOPPED_TRACE not set.\n"); 661 } 662 663 /* OK */ 664 break; 665 } 666 667 /* Keep this process around until we finish this request. */ 668 _PHOLD(p); 669 670 #ifdef FIX_SSTEP 671 /* 672 * Single step fixup ala procfs 673 */ 674 FIX_SSTEP(td2); 675 #endif 676 677 /* 678 * Actually do the requests 679 */ 680 681 td->td_retval[0] = 0; 682 683 switch (req) { 684 case PT_TRACE_ME: 685 /* set my trace flag and "owner" so it can read/write me */ 686 p->p_flag |= P_TRACED; 687 p->p_oppid = p->p_pptr->p_pid; 688 break; 689 690 case PT_ATTACH: 691 /* security check done above */ 692 p->p_flag |= P_TRACED; 693 p->p_oppid = p->p_pptr->p_pid; 694 if (p->p_pptr != td->td_proc) 695 proc_reparent(p, td->td_proc); 696 data = SIGSTOP; 697 goto sendsig; /* in PT_CONTINUE below */ 698 699 case PT_CLEARSTEP: 700 error = ptrace_clear_single_step(td2); 701 break; 702 703 case PT_SETSTEP: 704 error = ptrace_single_step(td2); 705 break; 706 707 case PT_SUSPEND: 708 mtx_lock_spin(&sched_lock); 709 td2->td_flags |= TDF_DBSUSPEND; 710 mtx_unlock_spin(&sched_lock); 711 break; 712 713 case PT_RESUME: 714 mtx_lock_spin(&sched_lock); 715 td2->td_flags &= ~TDF_DBSUSPEND; 716 mtx_unlock_spin(&sched_lock); 717 break; 718 719 case PT_STEP: 720 case PT_CONTINUE: 721 case PT_TO_SCE: 722 case PT_TO_SCX: 723 case PT_SYSCALL: 724 case PT_DETACH: 725 /* Zero means do not send any signal */ 726 if (data < 0 || data > _SIG_MAXSIG) { 727 error = EINVAL; 728 break; 729 } 730 731 switch (req) { 732 case PT_STEP: 733 error = ptrace_single_step(td2); 734 if (error) 735 goto out; 736 break; 737 case PT_TO_SCE: 738 p->p_stops |= S_PT_SCE; 739 break; 740 case PT_TO_SCX: 741 p->p_stops |= S_PT_SCX; 742 break; 743 case PT_SYSCALL: 744 p->p_stops |= S_PT_SCE | S_PT_SCX; 745 break; 746 } 747 748 if (addr != (void *)1) { 749 error = ptrace_set_pc(td2, (u_long)(uintfptr_t)addr); 750 if (error) 751 break; 752 } 753 754 if (req == PT_DETACH) { 755 /* reset process parent */ 756 if (p->p_oppid != p->p_pptr->p_pid) { 757 struct proc *pp; 758 759 PROC_UNLOCK(p); 760 pp = pfind(p->p_oppid); 761 if (pp == NULL) 762 pp = initproc; 763 else 764 PROC_UNLOCK(pp); 765 PROC_LOCK(p); 766 proc_reparent(p, pp); 767 if (pp == initproc) 768 p->p_sigparent = SIGCHLD; 769 } 770 p->p_flag &= ~(P_TRACED | P_WAITED); 771 p->p_oppid = 0; 772 773 /* should we send SIGCHLD? */ 774 } 775 776 sendsig: 777 if (proctree_locked) { 778 sx_xunlock(&proctree_lock); 779 proctree_locked = 0; 780 } 781 /* deliver or queue signal */ 782 mtx_lock_spin(&sched_lock); 783 td2->td_flags &= ~TDF_XSIG; 784 mtx_unlock_spin(&sched_lock); 785 td2->td_xsig = data; 786 p->p_xstat = data; 787 p->p_xthread = NULL; 788 if ((p->p_flag & (P_STOPPED_SIG | P_STOPPED_TRACE)) != 0) { 789 mtx_lock_spin(&sched_lock); 790 if (req == PT_DETACH) { 791 struct thread *td3; 792 FOREACH_THREAD_IN_PROC(p, td3) 793 td3->td_flags &= ~TDF_DBSUSPEND; 794 } 795 /* 796 * unsuspend all threads, to not let a thread run, 797 * you should use PT_SUSPEND to suspend it before 798 * continuing process. 799 */ 800 mtx_unlock_spin(&sched_lock); 801 thread_continued(p); 802 p->p_flag &= ~(P_STOPPED_TRACE|P_STOPPED_SIG|P_WAITED); 803 mtx_lock_spin(&sched_lock); 804 thread_unsuspend(p); 805 mtx_unlock_spin(&sched_lock); 806 } 807 808 if (data) 809 psignal(p, data); 810 811 break; 812 813 case PT_WRITE_I: 814 case PT_WRITE_D: 815 write = 1; 816 /* FALLTHROUGH */ 817 case PT_READ_I: 818 case PT_READ_D: 819 PROC_UNLOCK(p); 820 tmp = 0; 821 /* write = 0 set above */ 822 iov.iov_base = write ? (caddr_t)&data : (caddr_t)&tmp; 823 iov.iov_len = sizeof(int); 824 uio.uio_iov = &iov; 825 uio.uio_iovcnt = 1; 826 uio.uio_offset = (off_t)(uintptr_t)addr; 827 uio.uio_resid = sizeof(int); 828 uio.uio_segflg = UIO_SYSSPACE; /* i.e.: the uap */ 829 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 830 uio.uio_td = td; 831 error = proc_rwmem(p, &uio); 832 if (uio.uio_resid != 0) { 833 /* 834 * XXX proc_rwmem() doesn't currently return ENOSPC, 835 * so I think write() can bogusly return 0. 836 * XXX what happens for short writes? We don't want 837 * to write partial data. 838 * XXX proc_rwmem() returns EPERM for other invalid 839 * addresses. Convert this to EINVAL. Does this 840 * clobber returns of EPERM for other reasons? 841 */ 842 if (error == 0 || error == ENOSPC || error == EPERM) 843 error = EINVAL; /* EOF */ 844 } 845 if (!write) 846 td->td_retval[0] = tmp; 847 PROC_LOCK(p); 848 break; 849 850 case PT_IO: 851 #ifdef COMPAT_IA32 852 if (wrap32) { 853 piod32 = addr; 854 iov.iov_base = (void *)(uintptr_t)piod32->piod_addr; 855 iov.iov_len = piod32->piod_len; 856 uio.uio_offset = (off_t)(uintptr_t)piod32->piod_offs; 857 uio.uio_resid = piod32->piod_len; 858 } else 859 #endif 860 { 861 piod = addr; 862 iov.iov_base = piod->piod_addr; 863 iov.iov_len = piod->piod_len; 864 uio.uio_offset = (off_t)(uintptr_t)piod->piod_offs; 865 uio.uio_resid = piod->piod_len; 866 } 867 uio.uio_iov = &iov; 868 uio.uio_iovcnt = 1; 869 uio.uio_segflg = UIO_USERSPACE; 870 uio.uio_td = td; 871 #ifdef COMPAT_IA32 872 tmp = wrap32 ? piod32->piod_op : piod->piod_op; 873 #else 874 tmp = piod->piod_op; 875 #endif 876 switch (tmp) { 877 case PIOD_READ_D: 878 case PIOD_READ_I: 879 uio.uio_rw = UIO_READ; 880 break; 881 case PIOD_WRITE_D: 882 case PIOD_WRITE_I: 883 uio.uio_rw = UIO_WRITE; 884 break; 885 default: 886 error = EINVAL; 887 goto out; 888 } 889 PROC_UNLOCK(p); 890 error = proc_rwmem(p, &uio); 891 #ifdef COMPAT_IA32 892 if (wrap32) 893 piod32->piod_len -= uio.uio_resid; 894 else 895 #endif 896 piod->piod_len -= uio.uio_resid; 897 PROC_LOCK(p); 898 break; 899 900 case PT_KILL: 901 data = SIGKILL; 902 goto sendsig; /* in PT_CONTINUE above */ 903 904 case PT_SETREGS: 905 error = PROC_WRITE(regs, td2, addr); 906 break; 907 908 case PT_GETREGS: 909 error = PROC_READ(regs, td2, addr); 910 break; 911 912 case PT_SETFPREGS: 913 error = PROC_WRITE(fpregs, td2, addr); 914 break; 915 916 case PT_GETFPREGS: 917 error = PROC_READ(fpregs, td2, addr); 918 break; 919 920 case PT_SETDBREGS: 921 error = PROC_WRITE(dbregs, td2, addr); 922 break; 923 924 case PT_GETDBREGS: 925 error = PROC_READ(dbregs, td2, addr); 926 break; 927 928 case PT_LWPINFO: 929 if (data <= 0 || data > sizeof(*pl)) { 930 error = EINVAL; 931 break; 932 } 933 pl = addr; 934 pl->pl_lwpid = td2->td_tid; 935 if (td2->td_flags & TDF_XSIG) 936 pl->pl_event = PL_EVENT_SIGNAL; 937 else 938 pl->pl_event = 0; 939 if (td2->td_pflags & TDP_SA) { 940 pl->pl_flags = PL_FLAG_SA; 941 if (td2->td_upcall && !TD_CAN_UNBIND(td2)) 942 pl->pl_flags |= PL_FLAG_BOUND; 943 } else { 944 pl->pl_flags = 0; 945 } 946 pl->pl_sigmask = td2->td_sigmask; 947 pl->pl_siglist = td2->td_siglist; 948 break; 949 950 case PT_GETNUMLWPS: 951 td->td_retval[0] = p->p_numthreads; 952 break; 953 954 case PT_GETLWPLIST: 955 if (data <= 0) { 956 error = EINVAL; 957 break; 958 } 959 num = imin(p->p_numthreads, data); 960 PROC_UNLOCK(p); 961 buf = malloc(num * sizeof(lwpid_t), M_TEMP, M_WAITOK); 962 tmp = 0; 963 PROC_LOCK(p); 964 mtx_lock_spin(&sched_lock); 965 FOREACH_THREAD_IN_PROC(p, td2) { 966 if (tmp >= num) 967 break; 968 buf[tmp++] = td2->td_tid; 969 } 970 mtx_unlock_spin(&sched_lock); 971 PROC_UNLOCK(p); 972 error = copyout(buf, addr, tmp * sizeof(lwpid_t)); 973 free(buf, M_TEMP); 974 if (!error) 975 td->td_retval[0] = tmp; 976 PROC_LOCK(p); 977 break; 978 979 default: 980 #ifdef __HAVE_PTRACE_MACHDEP 981 if (req >= PT_FIRSTMACH) { 982 PROC_UNLOCK(p); 983 error = cpu_ptrace(td2, req, addr, data); 984 PROC_LOCK(p); 985 } else 986 #endif 987 /* Unknown request. */ 988 error = EINVAL; 989 break; 990 } 991 992 out: 993 /* Drop our hold on this process now that the request has completed. */ 994 _PRELE(p); 995 fail: 996 PROC_UNLOCK(p); 997 if (proctree_locked) 998 sx_xunlock(&proctree_lock); 999 return (error); 1000 } 1001 #undef PROC_READ 1002 #undef PROC_WRITE 1003 1004 /* 1005 * Stop a process because of a debugging event; 1006 * stay stopped until p->p_step is cleared 1007 * (cleared by PIOCCONT in procfs). 1008 */ 1009 void 1010 stopevent(struct proc *p, unsigned int event, unsigned int val) 1011 { 1012 1013 PROC_LOCK_ASSERT(p, MA_OWNED); 1014 p->p_step = 1; 1015 do { 1016 p->p_xstat = val; 1017 p->p_xthread = NULL; 1018 p->p_stype = event; /* Which event caused the stop? */ 1019 wakeup(&p->p_stype); /* Wake up any PIOCWAIT'ing procs */ 1020 msleep(&p->p_step, &p->p_mtx, PWAIT, "stopevent", 0); 1021 } while (p->p_step); 1022 }
Cache object: 44cbab05fbcef71103f0f58650608a26
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]