1 /*-
2 * Copyright (c) 1994, Sean Eric Fagan
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by Sean Eric Fagan.
16 * 4. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD: releng/6.4/sys/kern/sys_process.c 181010 2008-07-30 19:52:54Z jhb $");
34
35 #include "opt_compat.h"
36
37 #include <sys/param.h>
38 #include <sys/systm.h>
39 #include <sys/lock.h>
40 #include <sys/mutex.h>
41 #include <sys/syscallsubr.h>
42 #include <sys/sysproto.h>
43 #include <sys/proc.h>
44 #include <sys/vnode.h>
45 #include <sys/ptrace.h>
46 #include <sys/sx.h>
47 #include <sys/malloc.h>
48 #include <sys/signalvar.h>
49
50 #include <machine/reg.h>
51
52 #include <security/audit/audit.h>
53
54 #include <vm/vm.h>
55 #include <vm/pmap.h>
56 #include <vm/vm_extern.h>
57 #include <vm/vm_map.h>
58 #include <vm/vm_kern.h>
59 #include <vm/vm_object.h>
60 #include <vm/vm_page.h>
61
62 #ifdef COMPAT_IA32
63 #include <sys/procfs.h>
64 #include <machine/fpu.h>
65 #include <compat/ia32/ia32_reg.h>
66
67 extern struct sysentvec ia32_freebsd_sysvec;
68
69 struct ptrace_io_desc32 {
70 int piod_op;
71 u_int32_t piod_offs;
72 u_int32_t piod_addr;
73 u_int32_t piod_len;
74 };
75 #endif
76
77 /*
78 * Functions implemented using PROC_ACTION():
79 *
80 * proc_read_regs(proc, regs)
81 * Get the current user-visible register set from the process
82 * and copy it into the regs structure (<machine/reg.h>).
83 * The process is stopped at the time read_regs is called.
84 *
85 * proc_write_regs(proc, regs)
86 * Update the current register set from the passed in regs
87 * structure. Take care to avoid clobbering special CPU
88 * registers or privileged bits in the PSL.
89 * Depending on the architecture this may have fix-up work to do,
90 * especially if the IAR or PCW are modified.
91 * The process is stopped at the time write_regs is called.
92 *
93 * proc_read_fpregs, proc_write_fpregs
94 * deal with the floating point register set, otherwise as above.
95 *
96 * proc_read_dbregs, proc_write_dbregs
97 * deal with the processor debug register set, otherwise as above.
98 *
99 * proc_sstep(proc)
100 * Arrange for the process to trap after executing a single instruction.
101 */
102
103 #define PROC_ACTION(action) do { \
104 int error; \
105 \
106 PROC_LOCK_ASSERT(td->td_proc, MA_OWNED); \
107 if ((td->td_proc->p_sflag & PS_INMEM) == 0) \
108 error = EIO; \
109 else \
110 error = (action); \
111 return (error); \
112 } while(0)
113
114 int
115 proc_read_regs(struct thread *td, struct reg *regs)
116 {
117
118 PROC_ACTION(fill_regs(td, regs));
119 }
120
121 int
122 proc_write_regs(struct thread *td, struct reg *regs)
123 {
124
125 PROC_ACTION(set_regs(td, regs));
126 }
127
128 int
129 proc_read_dbregs(struct thread *td, struct dbreg *dbregs)
130 {
131
132 PROC_ACTION(fill_dbregs(td, dbregs));
133 }
134
135 int
136 proc_write_dbregs(struct thread *td, struct dbreg *dbregs)
137 {
138
139 PROC_ACTION(set_dbregs(td, dbregs));
140 }
141
142 /*
143 * Ptrace doesn't support fpregs at all, and there are no security holes
144 * or translations for fpregs, so we can just copy them.
145 */
146 int
147 proc_read_fpregs(struct thread *td, struct fpreg *fpregs)
148 {
149
150 PROC_ACTION(fill_fpregs(td, fpregs));
151 }
152
153 int
154 proc_write_fpregs(struct thread *td, struct fpreg *fpregs)
155 {
156
157 PROC_ACTION(set_fpregs(td, fpregs));
158 }
159
160 #ifdef COMPAT_IA32
161 /* For 32 bit binaries, we need to expose the 32 bit regs layouts. */
162 int
163 proc_read_regs32(struct thread *td, struct reg32 *regs32)
164 {
165
166 PROC_ACTION(fill_regs32(td, regs32));
167 }
168
169 int
170 proc_write_regs32(struct thread *td, struct reg32 *regs32)
171 {
172
173 PROC_ACTION(set_regs32(td, regs32));
174 }
175
176 int
177 proc_read_dbregs32(struct thread *td, struct dbreg32 *dbregs32)
178 {
179
180 PROC_ACTION(fill_dbregs32(td, dbregs32));
181 }
182
183 int
184 proc_write_dbregs32(struct thread *td, struct dbreg32 *dbregs32)
185 {
186
187 PROC_ACTION(set_dbregs32(td, dbregs32));
188 }
189
190 int
191 proc_read_fpregs32(struct thread *td, struct fpreg32 *fpregs32)
192 {
193
194 PROC_ACTION(fill_fpregs32(td, fpregs32));
195 }
196
197 int
198 proc_write_fpregs32(struct thread *td, struct fpreg32 *fpregs32)
199 {
200
201 PROC_ACTION(set_fpregs32(td, fpregs32));
202 }
203 #endif
204
205 int
206 proc_sstep(struct thread *td)
207 {
208
209 PROC_ACTION(ptrace_single_step(td));
210 }
211
212 int
213 proc_rwmem(struct proc *p, struct uio *uio)
214 {
215 vm_map_t map;
216 vm_object_t backing_object, object = NULL;
217 vm_offset_t pageno = 0; /* page number */
218 vm_prot_t reqprot;
219 int error, fault_flags, writing;
220
221 /*
222 * Assert that someone has locked this vmspace. (Should be
223 * curthread but we can't assert that.) This keeps the process
224 * from exiting out from under us until this operation completes.
225 */
226 KASSERT(p->p_lock >= 1, ("%s: process %p (pid %d) not held", __func__,
227 p, p->p_pid));
228
229 /*
230 * The map we want...
231 */
232 map = &p->p_vmspace->vm_map;
233
234 writing = uio->uio_rw == UIO_WRITE;
235 reqprot = writing ? (VM_PROT_WRITE | VM_PROT_OVERRIDE_WRITE) :
236 VM_PROT_READ;
237 fault_flags = writing ? VM_FAULT_DIRTY : VM_FAULT_NORMAL;
238
239 /*
240 * Only map in one page at a time. We don't have to, but it
241 * makes things easier. This way is trivial - right?
242 */
243 do {
244 vm_map_t tmap;
245 vm_offset_t uva;
246 int page_offset; /* offset into page */
247 vm_map_entry_t out_entry;
248 vm_prot_t out_prot;
249 boolean_t wired;
250 vm_pindex_t pindex;
251 u_int len;
252 vm_page_t m;
253
254 object = NULL;
255
256 uva = (vm_offset_t)uio->uio_offset;
257
258 /*
259 * Get the page number of this segment.
260 */
261 pageno = trunc_page(uva);
262 page_offset = uva - pageno;
263
264 /*
265 * How many bytes to copy
266 */
267 len = min(PAGE_SIZE - page_offset, uio->uio_resid);
268
269 /*
270 * Fault the page on behalf of the process
271 */
272 error = vm_fault(map, pageno, reqprot, fault_flags);
273 if (error) {
274 error = EFAULT;
275 break;
276 }
277
278 /*
279 * Now we need to get the page. out_entry, out_prot, wired,
280 * and single_use aren't used. One would think the vm code
281 * would be a *bit* nicer... We use tmap because
282 * vm_map_lookup() can change the map argument.
283 */
284 tmap = map;
285 error = vm_map_lookup(&tmap, pageno, reqprot, &out_entry,
286 &object, &pindex, &out_prot, &wired);
287 if (error) {
288 error = EFAULT;
289 break;
290 }
291 VM_OBJECT_LOCK(object);
292 while ((m = vm_page_lookup(object, pindex)) == NULL &&
293 !writing &&
294 (backing_object = object->backing_object) != NULL) {
295 /*
296 * Allow fallback to backing objects if we are reading.
297 */
298 VM_OBJECT_LOCK(backing_object);
299 pindex += OFF_TO_IDX(object->backing_object_offset);
300 VM_OBJECT_UNLOCK(object);
301 object = backing_object;
302 }
303 VM_OBJECT_UNLOCK(object);
304 if (m == NULL) {
305 vm_map_lookup_done(tmap, out_entry);
306 error = EFAULT;
307 break;
308 }
309
310 /*
311 * Hold the page in memory.
312 */
313 vm_page_lock_queues();
314 vm_page_hold(m);
315 vm_page_unlock_queues();
316
317 /*
318 * We're done with tmap now.
319 */
320 vm_map_lookup_done(tmap, out_entry);
321
322 /*
323 * Now do the i/o move.
324 */
325 error = uiomove_fromphys(&m, page_offset, len, uio);
326
327 /*
328 * Release the page.
329 */
330 vm_page_lock_queues();
331 vm_page_unhold(m);
332 vm_page_unlock_queues();
333
334 } while (error == 0 && uio->uio_resid > 0);
335
336 return (error);
337 }
338
339 /*
340 * Process debugging system call.
341 */
342 #ifndef _SYS_SYSPROTO_H_
343 struct ptrace_args {
344 int req;
345 pid_t pid;
346 caddr_t addr;
347 int data;
348 };
349 #endif
350
351 #ifdef COMPAT_IA32
352 /*
353 * This CPP subterfuge is to try and reduce the number of ifdefs in
354 * the body of the code.
355 * COPYIN(uap->addr, &r.reg, sizeof r.reg);
356 * becomes either:
357 * copyin(uap->addr, &r.reg, sizeof r.reg);
358 * or
359 * copyin(uap->addr, &r.reg32, sizeof r.reg32);
360 * .. except this is done at runtime.
361 */
362 #define COPYIN(u, k, s) wrap32 ? \
363 copyin(u, k ## 32, s ## 32) : \
364 copyin(u, k, s)
365 #define COPYOUT(k, u, s) wrap32 ? \
366 copyout(k ## 32, u, s ## 32) : \
367 copyout(k, u, s)
368 #else
369 #define COPYIN(u, k, s) copyin(u, k, s)
370 #define COPYOUT(k, u, s) copyout(k, u, s)
371 #endif
372 /*
373 * MPSAFE
374 */
375 int
376 ptrace(struct thread *td, struct ptrace_args *uap)
377 {
378 /*
379 * XXX this obfuscation is to reduce stack usage, but the register
380 * structs may be too large to put on the stack anyway.
381 */
382 union {
383 struct ptrace_io_desc piod;
384 struct ptrace_lwpinfo pl;
385 struct dbreg dbreg;
386 struct fpreg fpreg;
387 struct reg reg;
388 #ifdef COMPAT_IA32
389 struct dbreg32 dbreg32;
390 struct fpreg32 fpreg32;
391 struct reg32 reg32;
392 struct ptrace_io_desc32 piod32;
393 #endif
394 } r;
395 void *addr;
396 int error = 0;
397 #ifdef COMPAT_IA32
398 int wrap32 = 0;
399
400 if (td->td_proc->p_sysent == &ia32_freebsd_sysvec)
401 wrap32 = 1;
402 #endif
403 AUDIT_ARG(pid, uap->pid);
404 AUDIT_ARG(cmd, uap->req);
405 AUDIT_ARG(addr, uap->addr);
406 AUDIT_ARG(value, uap->data);
407 addr = &r;
408 switch (uap->req) {
409 case PT_GETREGS:
410 case PT_GETFPREGS:
411 case PT_GETDBREGS:
412 case PT_LWPINFO:
413 break;
414 case PT_SETREGS:
415 error = COPYIN(uap->addr, &r.reg, sizeof r.reg);
416 break;
417 case PT_SETFPREGS:
418 error = COPYIN(uap->addr, &r.fpreg, sizeof r.fpreg);
419 break;
420 case PT_SETDBREGS:
421 error = COPYIN(uap->addr, &r.dbreg, sizeof r.dbreg);
422 break;
423 case PT_IO:
424 error = COPYIN(uap->addr, &r.piod, sizeof r.piod);
425 break;
426 default:
427 addr = uap->addr;
428 break;
429 }
430 if (error)
431 return (error);
432
433 error = kern_ptrace(td, uap->req, uap->pid, addr, uap->data);
434 if (error)
435 return (error);
436
437 switch (uap->req) {
438 case PT_IO:
439 error = COPYOUT(&r.piod, uap->addr, sizeof r.piod);
440 break;
441 case PT_GETREGS:
442 error = COPYOUT(&r.reg, uap->addr, sizeof r.reg);
443 break;
444 case PT_GETFPREGS:
445 error = COPYOUT(&r.fpreg, uap->addr, sizeof r.fpreg);
446 break;
447 case PT_GETDBREGS:
448 error = COPYOUT(&r.dbreg, uap->addr, sizeof r.dbreg);
449 break;
450 case PT_LWPINFO:
451 error = copyout(&r.pl, uap->addr, uap->data);
452 break;
453 }
454
455 return (error);
456 }
457 #undef COPYIN
458 #undef COPYOUT
459
460 #ifdef COMPAT_IA32
461 /*
462 * PROC_READ(regs, td2, addr);
463 * becomes either:
464 * proc_read_regs(td2, addr);
465 * or
466 * proc_read_regs32(td2, addr);
467 * .. except this is done at runtime. There is an additional
468 * complication in that PROC_WRITE disallows 32 bit consumers
469 * from writing to 64 bit address space targets.
470 */
471 #define PROC_READ(w, t, a) wrap32 ? \
472 proc_read_ ## w ## 32(t, a) : \
473 proc_read_ ## w (t, a)
474 #define PROC_WRITE(w, t, a) wrap32 ? \
475 (safe ? proc_write_ ## w ## 32(t, a) : EINVAL ) : \
476 proc_write_ ## w (t, a)
477 #else
478 #define PROC_READ(w, t, a) proc_read_ ## w (t, a)
479 #define PROC_WRITE(w, t, a) proc_write_ ## w (t, a)
480 #endif
481
482 int
483 kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
484 {
485 struct iovec iov;
486 struct uio uio;
487 struct proc *curp, *p, *pp;
488 struct thread *td2 = NULL;
489 struct ptrace_io_desc *piod = NULL;
490 struct ptrace_lwpinfo *pl;
491 int error, write, tmp, num;
492 int proctree_locked = 0;
493 lwpid_t tid = 0, *buf;
494 #ifdef COMPAT_IA32
495 int wrap32 = 0, safe = 0;
496 struct ptrace_io_desc32 *piod32 = NULL;
497 #endif
498
499 curp = td->td_proc;
500
501 /* Lock proctree before locking the process. */
502 switch (req) {
503 case PT_TRACE_ME:
504 case PT_ATTACH:
505 case PT_STEP:
506 case PT_CONTINUE:
507 case PT_TO_SCE:
508 case PT_TO_SCX:
509 case PT_SYSCALL:
510 case PT_DETACH:
511 sx_xlock(&proctree_lock);
512 proctree_locked = 1;
513 break;
514 default:
515 break;
516 }
517
518 write = 0;
519 if (req == PT_TRACE_ME) {
520 p = td->td_proc;
521 PROC_LOCK(p);
522 } else {
523 if (pid <= PID_MAX) {
524 if ((p = pfind(pid)) == NULL) {
525 if (proctree_locked)
526 sx_xunlock(&proctree_lock);
527 return (ESRCH);
528 }
529 } else {
530 /* this is slow, should be optimized */
531 sx_slock(&allproc_lock);
532 FOREACH_PROC_IN_SYSTEM(p) {
533 PROC_LOCK(p);
534 mtx_lock_spin(&sched_lock);
535 FOREACH_THREAD_IN_PROC(p, td2) {
536 if (td2->td_tid == pid)
537 break;
538 }
539 mtx_unlock_spin(&sched_lock);
540 if (td2 != NULL)
541 break; /* proc lock held */
542 PROC_UNLOCK(p);
543 }
544 sx_sunlock(&allproc_lock);
545 if (p == NULL) {
546 if (proctree_locked)
547 sx_xunlock(&proctree_lock);
548 return (ESRCH);
549 }
550 tid = pid;
551 pid = p->p_pid;
552 }
553 }
554
555 if ((p->p_flag & P_WEXIT) != 0) {
556 error = ESRCH;
557 goto fail;
558 }
559 AUDIT_ARG(process, p);
560 if ((error = p_cansee(td, p)) != 0)
561 goto fail;
562
563 if ((error = p_candebug(td, p)) != 0)
564 goto fail;
565
566 /*
567 * System processes can't be debugged.
568 */
569 if ((p->p_flag & P_SYSTEM) != 0) {
570 error = EINVAL;
571 goto fail;
572 }
573
574 if (tid == 0) {
575 if ((p->p_flag & P_STOPPED_TRACE) != 0) {
576 KASSERT(p->p_xthread != NULL, ("NULL p_xthread"));
577 td2 = p->p_xthread;
578 } else {
579 td2 = FIRST_THREAD_IN_PROC(p);
580 }
581 tid = td2->td_tid;
582 }
583
584 #ifdef COMPAT_IA32
585 /*
586 * Test if we're a 32 bit client and what the target is.
587 * Set the wrap controls accordingly.
588 */
589 if (td->td_proc->p_sysent == &ia32_freebsd_sysvec) {
590 if (td2->td_proc->p_sysent == &ia32_freebsd_sysvec)
591 safe = 1;
592 wrap32 = 1;
593 }
594 #endif
595 /*
596 * Permissions check
597 */
598 switch (req) {
599 case PT_TRACE_ME:
600 /* Always legal. */
601 break;
602
603 case PT_ATTACH:
604 /* Self */
605 if (p->p_pid == td->td_proc->p_pid) {
606 error = EINVAL;
607 goto fail;
608 }
609
610 /* Already traced */
611 if (p->p_flag & P_TRACED) {
612 error = EBUSY;
613 goto fail;
614 }
615
616 /* Can't trace an ancestor if you're being traced. */
617 if (curp->p_flag & P_TRACED) {
618 for (pp = curp->p_pptr; pp != NULL; pp = pp->p_pptr) {
619 if (pp == p) {
620 error = EINVAL;
621 goto fail;
622 }
623 }
624 }
625
626
627 /* OK */
628 break;
629
630 case PT_CLEARSTEP:
631 /* Allow thread to clear single step for itself */
632 if (td->td_tid == tid)
633 break;
634
635 /* FALLTHROUGH */
636 default:
637 /* not being traced... */
638 if ((p->p_flag & P_TRACED) == 0) {
639 error = EPERM;
640 goto fail;
641 }
642
643 /* not being traced by YOU */
644 if (p->p_pptr != td->td_proc) {
645 error = EBUSY;
646 goto fail;
647 }
648
649 /* not currently stopped */
650 if ((p->p_flag & (P_STOPPED_SIG | P_STOPPED_TRACE)) == 0 ||
651 p->p_suspcount != p->p_numthreads ||
652 (p->p_flag & P_WAITED) == 0) {
653 error = EBUSY;
654 goto fail;
655 }
656
657 if ((p->p_flag & P_STOPPED_TRACE) == 0) {
658 static int count = 0;
659 if (count++ == 0)
660 printf("P_STOPPED_TRACE not set.\n");
661 }
662
663 /* OK */
664 break;
665 }
666
667 /* Keep this process around until we finish this request. */
668 _PHOLD(p);
669
670 #ifdef FIX_SSTEP
671 /*
672 * Single step fixup ala procfs
673 */
674 FIX_SSTEP(td2);
675 #endif
676
677 /*
678 * Actually do the requests
679 */
680
681 td->td_retval[0] = 0;
682
683 switch (req) {
684 case PT_TRACE_ME:
685 /* set my trace flag and "owner" so it can read/write me */
686 p->p_flag |= P_TRACED;
687 p->p_oppid = p->p_pptr->p_pid;
688 break;
689
690 case PT_ATTACH:
691 /* security check done above */
692 p->p_flag |= P_TRACED;
693 p->p_oppid = p->p_pptr->p_pid;
694 if (p->p_pptr != td->td_proc)
695 proc_reparent(p, td->td_proc);
696 data = SIGSTOP;
697 goto sendsig; /* in PT_CONTINUE below */
698
699 case PT_CLEARSTEP:
700 error = ptrace_clear_single_step(td2);
701 break;
702
703 case PT_SETSTEP:
704 error = ptrace_single_step(td2);
705 break;
706
707 case PT_SUSPEND:
708 mtx_lock_spin(&sched_lock);
709 td2->td_flags |= TDF_DBSUSPEND;
710 mtx_unlock_spin(&sched_lock);
711 break;
712
713 case PT_RESUME:
714 mtx_lock_spin(&sched_lock);
715 td2->td_flags &= ~TDF_DBSUSPEND;
716 mtx_unlock_spin(&sched_lock);
717 break;
718
719 case PT_STEP:
720 case PT_CONTINUE:
721 case PT_TO_SCE:
722 case PT_TO_SCX:
723 case PT_SYSCALL:
724 case PT_DETACH:
725 /* Zero means do not send any signal */
726 if (data < 0 || data > _SIG_MAXSIG) {
727 error = EINVAL;
728 break;
729 }
730
731 switch (req) {
732 case PT_STEP:
733 error = ptrace_single_step(td2);
734 if (error)
735 goto out;
736 break;
737 case PT_TO_SCE:
738 p->p_stops |= S_PT_SCE;
739 break;
740 case PT_TO_SCX:
741 p->p_stops |= S_PT_SCX;
742 break;
743 case PT_SYSCALL:
744 p->p_stops |= S_PT_SCE | S_PT_SCX;
745 break;
746 }
747
748 if (addr != (void *)1) {
749 error = ptrace_set_pc(td2, (u_long)(uintfptr_t)addr);
750 if (error)
751 break;
752 }
753
754 if (req == PT_DETACH) {
755 /* reset process parent */
756 if (p->p_oppid != p->p_pptr->p_pid) {
757 struct proc *pp;
758
759 PROC_UNLOCK(p);
760 pp = pfind(p->p_oppid);
761 if (pp == NULL)
762 pp = initproc;
763 else
764 PROC_UNLOCK(pp);
765 PROC_LOCK(p);
766 proc_reparent(p, pp);
767 if (pp == initproc)
768 p->p_sigparent = SIGCHLD;
769 }
770 p->p_flag &= ~(P_TRACED | P_WAITED);
771 p->p_oppid = 0;
772
773 /* should we send SIGCHLD? */
774 }
775
776 sendsig:
777 if (proctree_locked) {
778 sx_xunlock(&proctree_lock);
779 proctree_locked = 0;
780 }
781 /* deliver or queue signal */
782 mtx_lock_spin(&sched_lock);
783 td2->td_flags &= ~TDF_XSIG;
784 mtx_unlock_spin(&sched_lock);
785 td2->td_xsig = data;
786 p->p_xstat = data;
787 p->p_xthread = NULL;
788 if ((p->p_flag & (P_STOPPED_SIG | P_STOPPED_TRACE)) != 0) {
789 mtx_lock_spin(&sched_lock);
790 if (req == PT_DETACH) {
791 struct thread *td3;
792 FOREACH_THREAD_IN_PROC(p, td3)
793 td3->td_flags &= ~TDF_DBSUSPEND;
794 }
795 /*
796 * unsuspend all threads, to not let a thread run,
797 * you should use PT_SUSPEND to suspend it before
798 * continuing process.
799 */
800 mtx_unlock_spin(&sched_lock);
801 thread_continued(p);
802 p->p_flag &= ~(P_STOPPED_TRACE|P_STOPPED_SIG|P_WAITED);
803 mtx_lock_spin(&sched_lock);
804 thread_unsuspend(p);
805 mtx_unlock_spin(&sched_lock);
806 }
807
808 if (data)
809 psignal(p, data);
810
811 break;
812
813 case PT_WRITE_I:
814 case PT_WRITE_D:
815 write = 1;
816 /* FALLTHROUGH */
817 case PT_READ_I:
818 case PT_READ_D:
819 PROC_UNLOCK(p);
820 tmp = 0;
821 /* write = 0 set above */
822 iov.iov_base = write ? (caddr_t)&data : (caddr_t)&tmp;
823 iov.iov_len = sizeof(int);
824 uio.uio_iov = &iov;
825 uio.uio_iovcnt = 1;
826 uio.uio_offset = (off_t)(uintptr_t)addr;
827 uio.uio_resid = sizeof(int);
828 uio.uio_segflg = UIO_SYSSPACE; /* i.e.: the uap */
829 uio.uio_rw = write ? UIO_WRITE : UIO_READ;
830 uio.uio_td = td;
831 error = proc_rwmem(p, &uio);
832 if (uio.uio_resid != 0) {
833 /*
834 * XXX proc_rwmem() doesn't currently return ENOSPC,
835 * so I think write() can bogusly return 0.
836 * XXX what happens for short writes? We don't want
837 * to write partial data.
838 * XXX proc_rwmem() returns EPERM for other invalid
839 * addresses. Convert this to EINVAL. Does this
840 * clobber returns of EPERM for other reasons?
841 */
842 if (error == 0 || error == ENOSPC || error == EPERM)
843 error = EINVAL; /* EOF */
844 }
845 if (!write)
846 td->td_retval[0] = tmp;
847 PROC_LOCK(p);
848 break;
849
850 case PT_IO:
851 #ifdef COMPAT_IA32
852 if (wrap32) {
853 piod32 = addr;
854 iov.iov_base = (void *)(uintptr_t)piod32->piod_addr;
855 iov.iov_len = piod32->piod_len;
856 uio.uio_offset = (off_t)(uintptr_t)piod32->piod_offs;
857 uio.uio_resid = piod32->piod_len;
858 } else
859 #endif
860 {
861 piod = addr;
862 iov.iov_base = piod->piod_addr;
863 iov.iov_len = piod->piod_len;
864 uio.uio_offset = (off_t)(uintptr_t)piod->piod_offs;
865 uio.uio_resid = piod->piod_len;
866 }
867 uio.uio_iov = &iov;
868 uio.uio_iovcnt = 1;
869 uio.uio_segflg = UIO_USERSPACE;
870 uio.uio_td = td;
871 #ifdef COMPAT_IA32
872 tmp = wrap32 ? piod32->piod_op : piod->piod_op;
873 #else
874 tmp = piod->piod_op;
875 #endif
876 switch (tmp) {
877 case PIOD_READ_D:
878 case PIOD_READ_I:
879 uio.uio_rw = UIO_READ;
880 break;
881 case PIOD_WRITE_D:
882 case PIOD_WRITE_I:
883 uio.uio_rw = UIO_WRITE;
884 break;
885 default:
886 error = EINVAL;
887 goto out;
888 }
889 PROC_UNLOCK(p);
890 error = proc_rwmem(p, &uio);
891 #ifdef COMPAT_IA32
892 if (wrap32)
893 piod32->piod_len -= uio.uio_resid;
894 else
895 #endif
896 piod->piod_len -= uio.uio_resid;
897 PROC_LOCK(p);
898 break;
899
900 case PT_KILL:
901 data = SIGKILL;
902 goto sendsig; /* in PT_CONTINUE above */
903
904 case PT_SETREGS:
905 error = PROC_WRITE(regs, td2, addr);
906 break;
907
908 case PT_GETREGS:
909 error = PROC_READ(regs, td2, addr);
910 break;
911
912 case PT_SETFPREGS:
913 error = PROC_WRITE(fpregs, td2, addr);
914 break;
915
916 case PT_GETFPREGS:
917 error = PROC_READ(fpregs, td2, addr);
918 break;
919
920 case PT_SETDBREGS:
921 error = PROC_WRITE(dbregs, td2, addr);
922 break;
923
924 case PT_GETDBREGS:
925 error = PROC_READ(dbregs, td2, addr);
926 break;
927
928 case PT_LWPINFO:
929 if (data <= 0 || data > sizeof(*pl)) {
930 error = EINVAL;
931 break;
932 }
933 pl = addr;
934 pl->pl_lwpid = td2->td_tid;
935 if (td2->td_flags & TDF_XSIG)
936 pl->pl_event = PL_EVENT_SIGNAL;
937 else
938 pl->pl_event = 0;
939 if (td2->td_pflags & TDP_SA) {
940 pl->pl_flags = PL_FLAG_SA;
941 if (td2->td_upcall && !TD_CAN_UNBIND(td2))
942 pl->pl_flags |= PL_FLAG_BOUND;
943 } else {
944 pl->pl_flags = 0;
945 }
946 pl->pl_sigmask = td2->td_sigmask;
947 pl->pl_siglist = td2->td_siglist;
948 break;
949
950 case PT_GETNUMLWPS:
951 td->td_retval[0] = p->p_numthreads;
952 break;
953
954 case PT_GETLWPLIST:
955 if (data <= 0) {
956 error = EINVAL;
957 break;
958 }
959 num = imin(p->p_numthreads, data);
960 PROC_UNLOCK(p);
961 buf = malloc(num * sizeof(lwpid_t), M_TEMP, M_WAITOK);
962 tmp = 0;
963 PROC_LOCK(p);
964 mtx_lock_spin(&sched_lock);
965 FOREACH_THREAD_IN_PROC(p, td2) {
966 if (tmp >= num)
967 break;
968 buf[tmp++] = td2->td_tid;
969 }
970 mtx_unlock_spin(&sched_lock);
971 PROC_UNLOCK(p);
972 error = copyout(buf, addr, tmp * sizeof(lwpid_t));
973 free(buf, M_TEMP);
974 if (!error)
975 td->td_retval[0] = tmp;
976 PROC_LOCK(p);
977 break;
978
979 default:
980 #ifdef __HAVE_PTRACE_MACHDEP
981 if (req >= PT_FIRSTMACH) {
982 PROC_UNLOCK(p);
983 error = cpu_ptrace(td2, req, addr, data);
984 PROC_LOCK(p);
985 } else
986 #endif
987 /* Unknown request. */
988 error = EINVAL;
989 break;
990 }
991
992 out:
993 /* Drop our hold on this process now that the request has completed. */
994 _PRELE(p);
995 fail:
996 PROC_UNLOCK(p);
997 if (proctree_locked)
998 sx_xunlock(&proctree_lock);
999 return (error);
1000 }
1001 #undef PROC_READ
1002 #undef PROC_WRITE
1003
1004 /*
1005 * Stop a process because of a debugging event;
1006 * stay stopped until p->p_step is cleared
1007 * (cleared by PIOCCONT in procfs).
1008 */
1009 void
1010 stopevent(struct proc *p, unsigned int event, unsigned int val)
1011 {
1012
1013 PROC_LOCK_ASSERT(p, MA_OWNED);
1014 p->p_step = 1;
1015 do {
1016 p->p_xstat = val;
1017 p->p_xthread = NULL;
1018 p->p_stype = event; /* Which event caused the stop? */
1019 wakeup(&p->p_stype); /* Wake up any PIOCWAIT'ing procs */
1020 msleep(&p->p_step, &p->p_mtx, PWAIT, "stopevent", 0);
1021 } while (p->p_step);
1022 }
Cache object: 44cbab05fbcef71103f0f58650608a26
|