int
procfs_doprocctl(PFS_FILL_ARGS)
{
int error;
struct namemap *nm;
if (uio == NULL || uio->uio_rw != UIO_WRITE)
return (EOPNOTSUPP);
/*
* Map signal names into signal generation
* or debug control. Unknown commands and/or signals
* return EOPNOTSUPP.
*
* Sending a signal while the process is being debugged
* also has the side effect of letting the target continue
* to run. There is no way to single-step a signal delivery.
*/
error = EOPNOTSUPP;
sbuf_trim(sb);
sbuf_finish(sb);
nm = findname(ctlnames, sbuf_data(sb), sbuf_len(sb));
if (nm) {
printf("procfs: got a %s command\n", sbuf_data(sb));
error = procfs_control(td, p, nm->nm_val);
} else {
nm = findname(signames, sbuf_data(sb), sbuf_len(sb));
if (nm) {
printf("procfs: got a sig%s\n", sbuf_data(sb));
PROC_LOCK(p);
/* This is very broken XXXKSE: */
if (TRACE_WAIT_P(td->td_proc, p)) {
p->p_xstat = nm->nm_val;
#ifdef FIX_SSTEP
/* XXXKSE: */
FIX_SSTEP(FIRST_THREAD_IN_PROC(p));
#endif
/* XXXKSE: */
p->p_flag &= ~P_STOPPED_SIG;
PROC_SLOCK(p);
thread_unsuspend(p);
PROC_SUNLOCK(p);
} else
psignal(p, nm->nm_val);
PROC_UNLOCK(p);
error = 0;
}
}
return (error);
}
int
procfs_doctl(struct proc *curp, struct lwp *lp, struct pfsnode *pfs,
struct uio *uio)
{
struct proc *p = lp->lwp_proc;
int xlen;
int error;
char msg[PROCFS_CTLLEN+1];
vfs_namemap_t *nm;
ASSERT_LWKT_TOKEN_HELD(&p->p_token);
ASSERT_LWKT_TOKEN_HELD(&proc_token);
if (uio->uio_rw != UIO_WRITE)
return (EOPNOTSUPP);
xlen = PROCFS_CTLLEN;
error = vfs_getuserstr(uio, msg, &xlen);
if (error)
return (error);
/*
* Map signal names into signal generation
* or debug control. Unknown commands and/or signals
* return EOPNOTSUPP.
*
* Sending a signal while the process is being debugged
* also has the side effect of letting the target continue
* to run. There is no way to single-step a signal delivery.
*/
error = EOPNOTSUPP;
nm = vfs_findname(ctlnames, msg, xlen);
if (nm) {
error = procfs_control(curp, lp, nm->nm_val);
} else {
nm = vfs_findname(signames, msg, xlen);
if (nm) {
if (TRACE_WAIT_P(curp, p)) {
p->p_xstat = nm->nm_val;
#ifdef FIX_SSTEP
FIX_SSTEP(lp);
#endif
/*
* Make the process runnable but do not
* break its tsleep.
*/
proc_unstop(p);
} else {
ksignal(p, nm->nm_val);
}
error = 0;
}
}
return (error);
}
/*
* Process debugging system call.
*/
int
sys_ptrace(struct proc *p, void *v, register_t *retval)
{
struct sys_ptrace_args /* {
syscallarg(int) req;
syscallarg(pid_t) pid;
syscallarg(caddr_t) addr;
syscallarg(int) data;
} */ *uap = v;
struct proc *t; /* target thread */
struct process *tr; /* target process */
struct uio uio;
struct iovec iov;
struct ptrace_io_desc piod;
struct ptrace_event pe;
struct ptrace_thread_state pts;
struct reg *regs;
#if defined (PT_SETFPREGS) || defined (PT_GETFPREGS)
struct fpreg *fpregs;
#endif
#if defined (PT_SETXMMREGS) || defined (PT_GETXMMREGS)
struct xmmregs *xmmregs;
#endif
#ifdef PT_WCOOKIE
register_t wcookie;
#endif
int error, write;
int temp;
int req = SCARG(uap, req);
int s;
/* "A foolish consistency..." XXX */
switch (req) {
case PT_TRACE_ME:
t = p;
break;
/* calls that only operate on the PID */
case PT_READ_I:
case PT_READ_D:
case PT_WRITE_I:
case PT_WRITE_D:
case PT_KILL:
case PT_ATTACH:
case PT_IO:
case PT_SET_EVENT_MASK:
case PT_GET_EVENT_MASK:
case PT_GET_PROCESS_STATE:
case PT_GET_THREAD_FIRST:
case PT_GET_THREAD_NEXT:
default:
/* Find the process we're supposed to be operating on. */
if ((t = pfind(SCARG(uap, pid))) == NULL)
return (ESRCH);
if (t->p_flag & P_THREAD)
return (ESRCH);
break;
/* calls that accept a PID or a thread ID */
case PT_CONTINUE:
case PT_DETACH:
#ifdef PT_STEP
case PT_STEP:
#endif
case PT_GETREGS:
case PT_SETREGS:
#ifdef PT_GETFPREGS
case PT_GETFPREGS:
#endif
#ifdef PT_SETFPREGS
case PT_SETFPREGS:
#endif
#ifdef PT_GETXMMREGS
case PT_GETXMMREGS:
#endif
#ifdef PT_SETXMMREGS
case PT_SETXMMREGS:
#endif
if (SCARG(uap, pid) > THREAD_PID_OFFSET) {
t = pfind(SCARG(uap, pid) - THREAD_PID_OFFSET);
if (t == NULL)
return (ESRCH);
} else {
if ((t = pfind(SCARG(uap, pid))) == NULL)
return (ESRCH);
if (t->p_flag & P_THREAD)
return (ESRCH);
}
break;
}
tr = t->p_p;
if ((tr->ps_flags & PS_INEXEC) != 0)
return (EAGAIN);
/* Make sure we can operate on it. */
switch (req) {
case PT_TRACE_ME:
/* Saying that you're being traced is always legal. */
break;
case PT_ATTACH:
/*
* You can't attach to a process if:
* (1) it's the process that's doing the attaching,
*/
if (tr == p->p_p)
return (EINVAL);
/*
* (2) it's a system process
*/
if (ISSET(tr->ps_flags, PS_SYSTEM))
return (EPERM);
/*
* (3) it's already being traced, or
*/
if (ISSET(tr->ps_flags, PS_TRACED))
return (EBUSY);
/*
* (4) it's not owned by you, or the last exec
* gave us setuid/setgid privs (unless
* you're root), or...
*
* [Note: once PS_SUGID or PS_SUGIDEXEC gets set in
* execve(), they stay set until the process does
* another execve(). Hence this prevents a setuid
* process which revokes its special privileges using
* setuid() from being traced. This is good security.]
*/
if ((tr->ps_ucred->cr_ruid != p->p_ucred->cr_ruid ||
ISSET(tr->ps_flags, PS_SUGIDEXEC | PS_SUGID)) &&
(error = suser(p, 0)) != 0)
return (error);
/*
* (4.5) it's not a child of the tracing process.
*/
if (global_ptrace == 0 && !inferior(tr, p->p_p) &&
(error = suser(p, 0)) != 0)
return (error);
/*
* (5) ...it's init, which controls the security level
* of the entire system, and the system was not
* compiled with permanently insecure mode turned
* on.
*/
if ((tr->ps_pid == 1) && (securelevel > -1))
return (EPERM);
/*
* (6) it's an ancestor of the current process and
* not init (because that would create a loop in
* the process graph).
*/
if (tr->ps_pid != 1 && inferior(p->p_p, tr))
return (EINVAL);
break;
case PT_READ_I:
case PT_READ_D:
case PT_WRITE_I:
case PT_WRITE_D:
case PT_IO:
case PT_CONTINUE:
case PT_KILL:
case PT_DETACH:
#ifdef PT_STEP
case PT_STEP:
#endif
case PT_SET_EVENT_MASK:
case PT_GET_EVENT_MASK:
case PT_GET_PROCESS_STATE:
case PT_GETREGS:
case PT_SETREGS:
#ifdef PT_GETFPREGS
case PT_GETFPREGS:
#endif
#ifdef PT_SETFPREGS
case PT_SETFPREGS:
#endif
#ifdef PT_GETXMMREGS
case PT_GETXMMREGS:
#endif
#ifdef PT_SETXMMREGS
case PT_SETXMMREGS:
#endif
#ifdef PT_WCOOKIE
case PT_WCOOKIE:
#endif
/*
* You can't do what you want to the process if:
* (1) It's not being traced at all,
*/
if (!ISSET(tr->ps_flags, PS_TRACED))
return (EPERM);
/*
* (2) it's not being traced by _you_, or
*/
if (tr->ps_pptr != p->p_p)
return (EBUSY);
/*
* (3) it's not currently stopped.
*/
if (t->p_stat != SSTOP || !ISSET(tr->ps_flags, PS_WAITED))
return (EBUSY);
break;
case PT_GET_THREAD_FIRST:
case PT_GET_THREAD_NEXT:
/*
* You can't do what you want to the process if:
* (1) It's not being traced at all,
*/
if (!ISSET(tr->ps_flags, PS_TRACED))
return (EPERM);
/*
* (2) it's not being traced by _you_, or
*/
if (tr->ps_pptr != p->p_p)
return (EBUSY);
/*
* Do the work here because the request isn't actually
* associated with 't'
*/
if (SCARG(uap, data) != sizeof(pts))
return (EINVAL);
if (req == PT_GET_THREAD_NEXT) {
error = copyin(SCARG(uap, addr), &pts, sizeof(pts));
if (error)
return (error);
t = pfind(pts.pts_tid - THREAD_PID_OFFSET);
if (t == NULL || ISSET(t->p_flag, P_WEXIT))
return (ESRCH);
if (t->p_p != tr)
return (EINVAL);
t = TAILQ_NEXT(t, p_thr_link);
} else {
t = TAILQ_FIRST(&tr->ps_threads);
}
if (t == NULL)
pts.pts_tid = -1;
else
pts.pts_tid = t->p_pid + THREAD_PID_OFFSET;
return (copyout(&pts, SCARG(uap, addr), sizeof(pts)));
default: /* It was not a legal request. */
return (EINVAL);
}
/* Do single-step fixup if needed. */
FIX_SSTEP(t);
/* Now do the operation. */
write = 0;
*retval = 0;
switch (req) {
case PT_TRACE_ME:
/* Just set the trace flag. */
atomic_setbits_int(&tr->ps_flags, PS_TRACED);
tr->ps_oppid = tr->ps_pptr->ps_pid;
if (tr->ps_ptstat == NULL)
tr->ps_ptstat = malloc(sizeof(*tr->ps_ptstat),
M_SUBPROC, M_WAITOK);
memset(tr->ps_ptstat, 0, sizeof(*tr->ps_ptstat));
return (0);
case PT_WRITE_I: /* XXX no separate I and D spaces */
case PT_WRITE_D:
write = 1;
temp = SCARG(uap, data);
case PT_READ_I: /* XXX no separate I and D spaces */
case PT_READ_D:
/* write = 0 done above. */
iov.iov_base = (caddr_t)&temp;
iov.iov_len = sizeof(int);
uio.uio_iov = &iov;
uio.uio_iovcnt = 1;
uio.uio_offset = (off_t)(vaddr_t)SCARG(uap, addr);
uio.uio_resid = sizeof(int);
uio.uio_segflg = UIO_SYSSPACE;
uio.uio_rw = write ? UIO_WRITE : UIO_READ;
uio.uio_procp = p;
error = process_domem(p, t, &uio, write ? PT_WRITE_I :
PT_READ_I);
if (write == 0)
*retval = temp;
return (error);
case PT_IO:
error = copyin(SCARG(uap, addr), &piod, sizeof(piod));
if (error)
return (error);
iov.iov_base = piod.piod_addr;
iov.iov_len = piod.piod_len;
uio.uio_iov = &iov;
uio.uio_iovcnt = 1;
uio.uio_offset = (off_t)(vaddr_t)piod.piod_offs;
uio.uio_resid = piod.piod_len;
uio.uio_segflg = UIO_USERSPACE;
uio.uio_procp = p;
switch (piod.piod_op) {
case PIOD_READ_I:
req = PT_READ_I;
uio.uio_rw = UIO_READ;
break;
case PIOD_READ_D:
req = PT_READ_D;
uio.uio_rw = UIO_READ;
break;
case PIOD_WRITE_I:
req = PT_WRITE_I;
uio.uio_rw = UIO_WRITE;
break;
case PIOD_WRITE_D:
req = PT_WRITE_D;
uio.uio_rw = UIO_WRITE;
break;
case PIOD_READ_AUXV:
req = PT_READ_D;
uio.uio_rw = UIO_READ;
temp = tr->ps_emul->e_arglen * sizeof(char *);
if (uio.uio_offset > temp)
return (EIO);
if (uio.uio_resid > temp - uio.uio_offset)
uio.uio_resid = temp - uio.uio_offset;
piod.piod_len = iov.iov_len = uio.uio_resid;
error = process_auxv_offset(p, t, &uio);
if (error)
return (error);
break;
default:
return (EINVAL);
}
error = process_domem(p, t, &uio, req);
piod.piod_len -= uio.uio_resid;
(void) copyout(&piod, SCARG(uap, addr), sizeof(piod));
return (error);
#ifdef PT_STEP
case PT_STEP:
/*
* From the 4.4BSD PRM:
* "Execution continues as in request PT_CONTINUE; however
* as soon as possible after execution of at least one
* instruction, execution stops again. [ ... ]"
*/
#endif
case PT_CONTINUE:
/*
* From the 4.4BSD PRM:
* "The data argument is taken as a signal number and the
* child's execution continues at location addr as if it
* incurred that signal. Normally the signal number will
* be either 0 to indicate that the signal that caused the
* stop should be ignored, or that value fetched out of
* the process's image indicating which signal caused
* the stop. If addr is (int *)1 then execution continues
* from where it stopped."
*/
if (SCARG(uap, pid) < THREAD_PID_OFFSET && tr->ps_single)
t = tr->ps_single;
/* Check that the data is a valid signal number or zero. */
if (SCARG(uap, data) < 0 || SCARG(uap, data) >= NSIG)
return (EINVAL);
/* If the address parameter is not (int *)1, set the pc. */
if ((int *)SCARG(uap, addr) != (int *)1)
if ((error = process_set_pc(t, SCARG(uap, addr))) != 0)
goto relebad;
#ifdef PT_STEP
/*
* Arrange for a single-step, if that's requested and possible.
*/
error = process_sstep(t, req == PT_STEP);
if (error)
goto relebad;
#endif
goto sendsig;
case PT_DETACH:
/*
* From the 4.4BSD PRM:
* "The data argument is taken as a signal number and the
* child's execution continues at location addr as if it
* incurred that signal. Normally the signal number will
* be either 0 to indicate that the signal that caused the
* stop should be ignored, or that value fetched out of
* the process's image indicating which signal caused
* the stop. If addr is (int *)1 then execution continues
* from where it stopped."
*/
if (SCARG(uap, pid) < THREAD_PID_OFFSET && tr->ps_single)
t = tr->ps_single;
/* Check that the data is a valid signal number or zero. */
if (SCARG(uap, data) < 0 || SCARG(uap, data) >= NSIG)
return (EINVAL);
#ifdef PT_STEP
/*
* Arrange for a single-step, if that's requested and possible.
*/
error = process_sstep(t, req == PT_STEP);
if (error)
goto relebad;
#endif
/* give process back to original parent or init */
if (tr->ps_oppid != tr->ps_pptr->ps_pid) {
struct process *ppr;
ppr = prfind(tr->ps_oppid);
proc_reparent(tr, ppr ? ppr : initprocess);
}
/* not being traced any more */
tr->ps_oppid = 0;
atomic_clearbits_int(&tr->ps_flags, PS_TRACED|PS_WAITED);
sendsig:
memset(tr->ps_ptstat, 0, sizeof(*tr->ps_ptstat));
/* Finally, deliver the requested signal (or none). */
if (t->p_stat == SSTOP) {
t->p_xstat = SCARG(uap, data);
SCHED_LOCK(s);
setrunnable(t);
SCHED_UNLOCK(s);
} else {
if (SCARG(uap, data) != 0)
psignal(t, SCARG(uap, data));
}
return (0);
relebad:
return (error);
case PT_KILL:
if (SCARG(uap, pid) < THREAD_PID_OFFSET && tr->ps_single)
t = tr->ps_single;
/* just send the process a KILL signal. */
SCARG(uap, data) = SIGKILL;
goto sendsig; /* in PT_CONTINUE, above. */
case PT_ATTACH:
/*
* As was done in procfs:
* Go ahead and set the trace flag.
* Save the old parent (it's reset in
* _DETACH, and also in kern_exit.c:wait4()
* Reparent the process so that the tracing
* proc gets to see all the action.
* Stop the target.
*/
atomic_setbits_int(&tr->ps_flags, PS_TRACED);
tr->ps_oppid = tr->ps_pptr->ps_pid;
if (tr->ps_pptr != p->p_p)
proc_reparent(tr, p->p_p);
if (tr->ps_ptstat == NULL)
tr->ps_ptstat = malloc(sizeof(*tr->ps_ptstat),
M_SUBPROC, M_WAITOK);
SCARG(uap, data) = SIGSTOP;
goto sendsig;
case PT_GET_EVENT_MASK:
if (SCARG(uap, data) != sizeof(pe))
return (EINVAL);
memset(&pe, 0, sizeof(pe));
pe.pe_set_event = tr->ps_ptmask;
return (copyout(&pe, SCARG(uap, addr), sizeof(pe)));
case PT_SET_EVENT_MASK:
if (SCARG(uap, data) != sizeof(pe))
return (EINVAL);
if ((error = copyin(SCARG(uap, addr), &pe, sizeof(pe))))
return (error);
tr->ps_ptmask = pe.pe_set_event;
return (0);
case PT_GET_PROCESS_STATE:
if (SCARG(uap, data) != sizeof(*tr->ps_ptstat))
return (EINVAL);
if (tr->ps_single)
tr->ps_ptstat->pe_tid =
tr->ps_single->p_pid + THREAD_PID_OFFSET;
return (copyout(tr->ps_ptstat, SCARG(uap, addr),
sizeof(*tr->ps_ptstat)));
case PT_SETREGS:
KASSERT((p->p_flag & P_SYSTEM) == 0);
if ((error = process_checkioperm(p, tr)) != 0)
return (error);
regs = malloc(sizeof(*regs), M_TEMP, M_WAITOK);
error = copyin(SCARG(uap, addr), regs, sizeof(*regs));
if (error == 0) {
error = process_write_regs(t, regs);
}
free(regs, M_TEMP, sizeof(*regs));
return (error);
case PT_GETREGS:
KASSERT((p->p_flag & P_SYSTEM) == 0);
if ((error = process_checkioperm(p, tr)) != 0)
return (error);
regs = malloc(sizeof(*regs), M_TEMP, M_WAITOK);
error = process_read_regs(t, regs);
if (error == 0)
error = copyout(regs,
SCARG(uap, addr), sizeof (*regs));
free(regs, M_TEMP, sizeof(*regs));
return (error);
#ifdef PT_SETFPREGS
case PT_SETFPREGS:
KASSERT((p->p_flag & P_SYSTEM) == 0);
if ((error = process_checkioperm(p, tr)) != 0)
return (error);
fpregs = malloc(sizeof(*fpregs), M_TEMP, M_WAITOK);
error = copyin(SCARG(uap, addr), fpregs, sizeof(*fpregs));
if (error == 0) {
error = process_write_fpregs(t, fpregs);
}
free(fpregs, M_TEMP, sizeof(*fpregs));
return (error);
#endif
#ifdef PT_GETFPREGS
case PT_GETFPREGS:
KASSERT((p->p_flag & P_SYSTEM) == 0);
if ((error = process_checkioperm(p, tr)) != 0)
return (error);
fpregs = malloc(sizeof(*fpregs), M_TEMP, M_WAITOK);
error = process_read_fpregs(t, fpregs);
if (error == 0)
error = copyout(fpregs,
SCARG(uap, addr), sizeof(*fpregs));
free(fpregs, M_TEMP, sizeof(*fpregs));
return (error);
#endif
#ifdef PT_SETXMMREGS
case PT_SETXMMREGS:
KASSERT((p->p_flag & P_SYSTEM) == 0);
if ((error = process_checkioperm(p, tr)) != 0)
return (error);
xmmregs = malloc(sizeof(*xmmregs), M_TEMP, M_WAITOK);
error = copyin(SCARG(uap, addr), xmmregs, sizeof(*xmmregs));
if (error == 0) {
error = process_write_xmmregs(t, xmmregs);
}
free(xmmregs, M_TEMP, sizeof(*xmmregs));
return (error);
#endif
#ifdef PT_GETXMMREGS
case PT_GETXMMREGS:
KASSERT((p->p_flag & P_SYSTEM) == 0);
if ((error = process_checkioperm(p, tr)) != 0)
return (error);
xmmregs = malloc(sizeof(*xmmregs), M_TEMP, M_WAITOK);
error = process_read_xmmregs(t, xmmregs);
if (error == 0)
error = copyout(xmmregs,
SCARG(uap, addr), sizeof(*xmmregs));
free(xmmregs, M_TEMP, sizeof(*xmmregs));
return (error);
#endif
#ifdef PT_WCOOKIE
case PT_WCOOKIE:
wcookie = process_get_wcookie (t);
return (copyout(&wcookie, SCARG(uap, addr),
sizeof (register_t)));
#endif
}
#ifdef DIAGNOSTIC
panic("ptrace: impossible");
#endif
return 0;
}
static int
procfs_control(struct thread *td, struct proc *p, int op)
{
int error = 0;
struct thread *temp;
/*
* Attach - attaches the target process for debugging
* by the calling process.
*/
if (op == PROCFS_CTL_ATTACH) {
sx_xlock(&proctree_lock);
PROC_LOCK(p);
if ((error = p_candebug(td, p)) != 0)
goto out;
if (p->p_flag & P_TRACED) {
error = EBUSY;
goto out;
}
/* Can't trace yourself! */
if (p->p_pid == td->td_proc->p_pid) {
error = EINVAL;
goto out;
}
/*
* Go ahead and set the trace flag.
* Save the old parent (it's reset in
* _DETACH, and also in kern_exit.c:wait4()
* Reparent the process so that the tracing
* proc gets to see all the action.
* Stop the target.
*/
p->p_flag |= P_TRACED;
faultin(p);
p->p_xstat = 0; /* XXX ? */
if (p->p_pptr != td->td_proc) {
p->p_oppid = p->p_pptr->p_pid;
proc_reparent(p, td->td_proc);
}
psignal(p, SIGSTOP);
out:
PROC_UNLOCK(p);
sx_xunlock(&proctree_lock);
return (error);
}
/*
* Authorization check: rely on normal debugging protection, except
* allow processes to disengage debugging on a process onto which
* they have previously attached, but no longer have permission to
* debug.
*/
PROC_LOCK(p);
if (op != PROCFS_CTL_DETACH &&
((error = p_candebug(td, p)))) {
PROC_UNLOCK(p);
return (error);
}
/*
* Target process must be stopped, owned by (td) and
* be set up for tracing (P_TRACED flag set).
* Allow DETACH to take place at any time for sanity.
* Allow WAIT any time, of course.
*/
switch (op) {
case PROCFS_CTL_DETACH:
case PROCFS_CTL_WAIT:
break;
default:
if (!TRACE_WAIT_P(td->td_proc, p)) {
PROC_UNLOCK(p);
return (EBUSY);
}
}
#ifdef FIX_SSTEP
/*
* do single-step fixup if needed
*/
FIX_SSTEP(FIRST_THREAD_IN_PROC(p));
#endif
/*
* Don't deliver any signal by default.
* To continue with a signal, just send
* the signal name to the ctl file
*/
p->p_xstat = 0;
switch (op) {
/*
* Detach. Cleans up the target process, reparent it if possible
* and set it running once more.
*/
case PROCFS_CTL_DETACH:
/* if not being traced, then this is a painless no-op */
if ((p->p_flag & P_TRACED) == 0) {
PROC_UNLOCK(p);
return (0);
}
/* not being traced any more */
p->p_flag &= ~(P_TRACED | P_STOPPED_TRACE);
/* remove pending SIGTRAP, else the process will die */
sigqueue_delete_proc(p, SIGTRAP);
FOREACH_THREAD_IN_PROC(p, temp)
temp->td_dbgflags &= ~TDB_SUSPEND;
PROC_UNLOCK(p);
/* give process back to original parent */
sx_xlock(&proctree_lock);
if (p->p_oppid != p->p_pptr->p_pid) {
struct proc *pp;
pp = pfind(p->p_oppid);
PROC_LOCK(p);
if (pp) {
PROC_UNLOCK(pp);
proc_reparent(p, pp);
}
} else
PROC_LOCK(p);
p->p_oppid = 0;
p->p_flag &= ~P_WAITED; /* XXX ? */
sx_xunlock(&proctree_lock);
wakeup(td->td_proc); /* XXX for CTL_WAIT below ? */
break;
/*
* Step. Let the target process execute a single instruction.
* What does it mean to single step a threaded program?
*/
case PROCFS_CTL_STEP:
error = proc_sstep(FIRST_THREAD_IN_PROC(p));
if (error) {
PROC_UNLOCK(p);
return (error);
}
break;
/*
* Run. Let the target process continue running until a breakpoint
* or some other trap.
*/
case PROCFS_CTL_RUN:
p->p_flag &= ~P_STOPPED_SIG; /* this uses SIGSTOP */
break;
/*
* Wait for the target process to stop.
* If the target is not being traced then just wait
* to enter
*/
case PROCFS_CTL_WAIT:
if (p->p_flag & P_TRACED) {
while (error == 0 &&
(P_SHOULDSTOP(p)) &&
(p->p_flag & P_TRACED) &&
(p->p_pptr == td->td_proc))
error = msleep(p, &p->p_mtx,
PWAIT|PCATCH, "procfsx", 0);
if (error == 0 && !TRACE_WAIT_P(td->td_proc, p))
error = EBUSY;
} else {
while (error == 0 && P_SHOULDSTOP(p))
error = msleep(p, &p->p_mtx,
PWAIT|PCATCH, "procfs", 0);
}
PROC_UNLOCK(p);
return (error);
default:
panic("procfs_control");
}
PROC_SLOCK(p);
thread_unsuspend(p); /* If it can run, let it do so. */
PROC_SUNLOCK(p);
PROC_UNLOCK(p);
return (0);
}
/*
* Process debugging system call.
*/
int
sys_ptrace(struct lwp *l, const struct sys_ptrace_args *uap, register_t *retval)
{
/* {
syscallarg(int) req;
syscallarg(pid_t) pid;
syscallarg(void *) addr;
syscallarg(int) data;
} */
struct proc *p = l->l_proc;
struct lwp *lt;
struct proc *t; /* target process */
struct uio uio;
struct iovec iov;
struct ptrace_io_desc piod;
struct ptrace_lwpinfo pl;
struct vmspace *vm;
int error, write, tmp, req, pheld;
int signo;
ksiginfo_t ksi;
#ifdef COREDUMP
char *path;
#endif
error = 0;
req = SCARG(uap, req);
/*
* If attaching or detaching, we need to get a write hold on the
* proclist lock so that we can re-parent the target process.
*/
mutex_enter(proc_lock);
/* "A foolish consistency..." XXX */
if (req == PT_TRACE_ME) {
t = p;
mutex_enter(t->p_lock);
} else {
/* Find the process we're supposed to be operating on. */
if ((t = p_find(SCARG(uap, pid), PFIND_LOCKED)) == NULL) {
mutex_exit(proc_lock);
return (ESRCH);
}
/* XXX-elad */
mutex_enter(t->p_lock);
error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE,
t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL);
if (error) {
mutex_exit(proc_lock);
mutex_exit(t->p_lock);
return (ESRCH);
}
}
/*
* Grab a reference on the process to prevent it from execing or
* exiting.
*/
if (!rw_tryenter(&t->p_reflock, RW_READER)) {
mutex_exit(proc_lock);
mutex_exit(t->p_lock);
return EBUSY;
}
/* Make sure we can operate on it. */
switch (req) {
case PT_TRACE_ME:
/* Saying that you're being traced is always legal. */
break;
case PT_ATTACH:
/*
* You can't attach to a process if:
* (1) it's the process that's doing the attaching,
*/
if (t->p_pid == p->p_pid) {
error = EINVAL;
break;
}
/*
* (2) it's a system process
*/
if (t->p_flag & PK_SYSTEM) {
error = EPERM;
break;
}
/*
* (3) it's already being traced, or
*/
if (ISSET(t->p_slflag, PSL_TRACED)) {
error = EBUSY;
break;
}
/*
* (4) the tracer is chrooted, and its root directory is
* not at or above the root directory of the tracee
*/
mutex_exit(t->p_lock); /* XXXSMP */
tmp = proc_isunder(t, l);
mutex_enter(t->p_lock); /* XXXSMP */
if (!tmp) {
error = EPERM;
break;
}
break;
case PT_READ_I:
case PT_READ_D:
case PT_WRITE_I:
case PT_WRITE_D:
case PT_IO:
#ifdef PT_GETREGS
case PT_GETREGS:
#endif
#ifdef PT_SETREGS
case PT_SETREGS:
#endif
#ifdef PT_GETFPREGS
case PT_GETFPREGS:
#endif
#ifdef PT_SETFPREGS
case PT_SETFPREGS:
#endif
#ifdef __HAVE_PTRACE_MACHDEP
PTRACE_MACHDEP_REQUEST_CASES
#endif
/*
* You can't read/write the memory or registers of a process
* if the tracer is chrooted, and its root directory is not at
* or above the root directory of the tracee.
*/
mutex_exit(t->p_lock); /* XXXSMP */
tmp = proc_isunder(t, l);
mutex_enter(t->p_lock); /* XXXSMP */
if (!tmp) {
error = EPERM;
break;
}
/*FALLTHROUGH*/
case PT_CONTINUE:
case PT_KILL:
case PT_DETACH:
case PT_LWPINFO:
case PT_SYSCALL:
#ifdef COREDUMP
case PT_DUMPCORE:
#endif
#ifdef PT_STEP
case PT_STEP:
#endif
/*
* You can't do what you want to the process if:
* (1) It's not being traced at all,
*/
if (!ISSET(t->p_slflag, PSL_TRACED)) {
error = EPERM;
break;
}
/*
* (2) it's being traced by procfs (which has
* different signal delivery semantics),
*/
if (ISSET(t->p_slflag, PSL_FSTRACE)) {
uprintf("file system traced\n");
error = EBUSY;
break;
}
/*
* (3) it's not being traced by _you_, or
*/
if (t->p_pptr != p) {
uprintf("parent %d != %d\n", t->p_pptr->p_pid, p->p_pid);
error = EBUSY;
break;
}
/*
* (4) it's not currently stopped.
*/
if (t->p_stat != SSTOP || !t->p_waited /* XXXSMP */) {
uprintf("stat %d flag %d\n", t->p_stat,
!t->p_waited);
error = EBUSY;
break;
}
break;
default: /* It was not a legal request. */
error = EINVAL;
break;
}
if (error == 0)
error = kauth_authorize_process(l->l_cred,
KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req),
NULL, NULL);
if (error != 0) {
mutex_exit(proc_lock);
mutex_exit(t->p_lock);
rw_exit(&t->p_reflock);
return error;
}
/* Do single-step fixup if needed. */
FIX_SSTEP(t);
/*
* XXX NJWLWP
*
* The entire ptrace interface needs work to be useful to a
* process with multiple LWPs. For the moment, we'll kluge
* this; memory access will be fine, but register access will
* be weird.
*/
lt = LIST_FIRST(&t->p_lwps);
KASSERT(lt != NULL);
lwp_addref(lt);
/*
* Which locks do we need held? XXX Ugly.
*/
switch (req) {
#ifdef PT_STEP
case PT_STEP:
#endif
case PT_CONTINUE:
case PT_DETACH:
case PT_KILL:
case PT_SYSCALL:
case PT_ATTACH:
case PT_TRACE_ME:
pheld = 1;
break;
default:
mutex_exit(proc_lock);
mutex_exit(t->p_lock);
pheld = 0;
break;
}
/* Now do the operation. */
write = 0;
*retval = 0;
tmp = 0;
switch (req) {
case PT_TRACE_ME:
/* Just set the trace flag. */
SET(t->p_slflag, PSL_TRACED);
t->p_opptr = t->p_pptr;
break;
case PT_WRITE_I: /* XXX no separate I and D spaces */
case PT_WRITE_D:
#if defined(__HAVE_RAS)
/*
* Can't write to a RAS
*/
if (ras_lookup(t, SCARG(uap, addr)) != (void *)-1) {
error = EACCES;
break;
}
#endif
write = 1;
tmp = SCARG(uap, data);
/* FALLTHROUGH */
case PT_READ_I: /* XXX no separate I and D spaces */
case PT_READ_D:
/* write = 0 done above. */
iov.iov_base = (void *)&tmp;
iov.iov_len = sizeof(tmp);
uio.uio_iov = &iov;
uio.uio_iovcnt = 1;
uio.uio_offset = (off_t)(unsigned long)SCARG(uap, addr);
uio.uio_resid = sizeof(tmp);
uio.uio_rw = write ? UIO_WRITE : UIO_READ;
UIO_SETUP_SYSSPACE(&uio);
error = process_domem(l, lt, &uio);
if (!write)
*retval = tmp;
break;
case PT_IO:
error = copyin(SCARG(uap, addr), &piod, sizeof(piod));
if (error)
break;
switch (piod.piod_op) {
case PIOD_READ_D:
case PIOD_READ_I:
uio.uio_rw = UIO_READ;
break;
case PIOD_WRITE_D:
case PIOD_WRITE_I:
/*
* Can't write to a RAS
*/
if (ras_lookup(t, SCARG(uap, addr)) != (void *)-1) {
return (EACCES);
}
uio.uio_rw = UIO_WRITE;
break;
default:
error = EINVAL;
break;
}
if (error)
break;
error = proc_vmspace_getref(l->l_proc, &vm);
if (error)
break;
iov.iov_base = piod.piod_addr;
iov.iov_len = piod.piod_len;
uio.uio_iov = &iov;
uio.uio_iovcnt = 1;
uio.uio_offset = (off_t)(unsigned long)piod.piod_offs;
uio.uio_resid = piod.piod_len;
uio.uio_vmspace = vm;
error = process_domem(l, lt, &uio);
piod.piod_len -= uio.uio_resid;
(void) copyout(&piod, SCARG(uap, addr), sizeof(piod));
uvmspace_free(vm);
break;
#ifdef COREDUMP
case PT_DUMPCORE:
if ((path = SCARG(uap, addr)) != NULL) {
char *dst;
int len = SCARG(uap, data);
if (len < 0 || len >= MAXPATHLEN) {
error = EINVAL;
break;
}
dst = malloc(len + 1, M_TEMP, M_WAITOK);
if ((error = copyin(path, dst, len)) != 0) {
free(dst, M_TEMP);
break;
}
path = dst;
path[len] = '\0';
}
error = coredump(lt, path);
if (path)
free(path, M_TEMP);
break;
#endif
#ifdef PT_STEP
case PT_STEP:
/*
* From the 4.4BSD PRM:
* "Execution continues as in request PT_CONTINUE; however
* as soon as possible after execution of at least one
* instruction, execution stops again. [ ... ]"
*/
#endif
case PT_CONTINUE:
case PT_SYSCALL:
case PT_DETACH:
if (req == PT_SYSCALL) {
if (!ISSET(t->p_slflag, PSL_SYSCALL)) {
SET(t->p_slflag, PSL_SYSCALL);
#ifdef __HAVE_SYSCALL_INTERN
(*t->p_emul->e_syscall_intern)(t);
#endif
}
} else {
if (ISSET(t->p_slflag, PSL_SYSCALL)) {
CLR(t->p_slflag, PSL_SYSCALL);
#ifdef __HAVE_SYSCALL_INTERN
(*t->p_emul->e_syscall_intern)(t);
#endif
}
}
p->p_trace_enabled = trace_is_enabled(p);
/*
* From the 4.4BSD PRM:
* "The data argument is taken as a signal number and the
* child's execution continues at location addr as if it
* incurred that signal. Normally the signal number will
* be either 0 to indicate that the signal that caused the
* stop should be ignored, or that value fetched out of
* the process's image indicating which signal caused
* the stop. If addr is (int *)1 then execution continues
* from where it stopped."
*/
/* Check that the data is a valid signal number or zero. */
if (SCARG(uap, data) < 0 || SCARG(uap, data) >= NSIG) {
error = EINVAL;
break;
}
uvm_lwp_hold(lt);
/* If the address parameter is not (int *)1, set the pc. */
if ((int *)SCARG(uap, addr) != (int *)1)
if ((error = process_set_pc(lt, SCARG(uap, addr))) != 0) {
uvm_lwp_rele(lt);
break;
}
#ifdef PT_STEP
/*
* Arrange for a single-step, if that's requested and possible.
*/
error = process_sstep(lt, req == PT_STEP);
if (error) {
uvm_lwp_rele(lt);
break;
}
#endif
uvm_lwp_rele(lt);
if (req == PT_DETACH) {
CLR(t->p_slflag, PSL_TRACED|PSL_FSTRACE|PSL_SYSCALL);
/* give process back to original parent or init */
if (t->p_opptr != t->p_pptr) {
struct proc *pp = t->p_opptr;
proc_reparent(t, pp ? pp : initproc);
}
/* not being traced any more */
t->p_opptr = NULL;
}
signo = SCARG(uap, data);
sendsig:
/* Finally, deliver the requested signal (or none). */
if (t->p_stat == SSTOP) {
/*
* Unstop the process. If it needs to take a
* signal, make all efforts to ensure that at
* an LWP runs to see it.
*/
t->p_xstat = signo;
proc_unstop(t);
} else if (signo != 0) {
KSI_INIT_EMPTY(&ksi);
ksi.ksi_signo = signo;
kpsignal2(t, &ksi);
}
break;
case PT_KILL:
/* just send the process a KILL signal. */
signo = SIGKILL;
goto sendsig; /* in PT_CONTINUE, above. */
case PT_ATTACH:
/*
* Go ahead and set the trace flag.
* Save the old parent (it's reset in
* _DETACH, and also in kern_exit.c:wait4()
* Reparent the process so that the tracing
* proc gets to see all the action.
* Stop the target.
*/
t->p_opptr = t->p_pptr;
if (t->p_pptr != p) {
struct proc *parent = t->p_pptr;
if (parent->p_lock < t->p_lock) {
if (!mutex_tryenter(parent->p_lock)) {
mutex_exit(t->p_lock);
mutex_enter(parent->p_lock);
}
} else if (parent->p_lock > t->p_lock) {
mutex_enter(parent->p_lock);
}
parent->p_slflag |= PSL_CHTRACED;
proc_reparent(t, p);
if (parent->p_lock != t->p_lock)
mutex_exit(parent->p_lock);
}
SET(t->p_slflag, PSL_TRACED);
signo = SIGSTOP;
goto sendsig;
case PT_LWPINFO:
if (SCARG(uap, data) != sizeof(pl)) {
error = EINVAL;
break;
}
error = copyin(SCARG(uap, addr), &pl, sizeof(pl));
if (error)
break;
tmp = pl.pl_lwpid;
lwp_delref(lt);
mutex_enter(t->p_lock);
if (tmp == 0)
lt = LIST_FIRST(&t->p_lwps);
else {
lt = lwp_find(t, tmp);
if (lt == NULL) {
mutex_exit(t->p_lock);
error = ESRCH;
break;
}
lt = LIST_NEXT(lt, l_sibling);
}
while (lt != NULL && lt->l_stat == LSZOMB)
lt = LIST_NEXT(lt, l_sibling);
pl.pl_lwpid = 0;
pl.pl_event = 0;
if (lt) {
lwp_addref(lt);
pl.pl_lwpid = lt->l_lid;
if (lt->l_lid == t->p_sigctx.ps_lwp)
pl.pl_event = PL_EVENT_SIGNAL;
}
mutex_exit(t->p_lock);
error = copyout(&pl, SCARG(uap, addr), sizeof(pl));
break;
#ifdef PT_SETREGS
case PT_SETREGS:
write = 1;
#endif
#ifdef PT_GETREGS
case PT_GETREGS:
/* write = 0 done above. */
#endif
#if defined(PT_SETREGS) || defined(PT_GETREGS)
tmp = SCARG(uap, data);
if (tmp != 0 && t->p_nlwps > 1) {
lwp_delref(lt);
mutex_enter(t->p_lock);
lt = lwp_find(t, tmp);
if (lt == NULL) {
mutex_exit(t->p_lock);
error = ESRCH;
break;
}
lwp_addref(lt);
mutex_exit(t->p_lock);
}
if (!process_validregs(lt))
error = EINVAL;
else {
error = proc_vmspace_getref(l->l_proc, &vm);
if (error)
break;
iov.iov_base = SCARG(uap, addr);
iov.iov_len = sizeof(struct reg);
uio.uio_iov = &iov;
uio.uio_iovcnt = 1;
uio.uio_offset = 0;
uio.uio_resid = sizeof(struct reg);
uio.uio_rw = write ? UIO_WRITE : UIO_READ;
uio.uio_vmspace = vm;
error = process_doregs(l, lt, &uio);
uvmspace_free(vm);
}
break;
#endif
#ifdef PT_SETFPREGS
case PT_SETFPREGS:
write = 1;
#endif
#ifdef PT_GETFPREGS
case PT_GETFPREGS:
/* write = 0 done above. */
#endif
#if defined(PT_SETFPREGS) || defined(PT_GETFPREGS)
tmp = SCARG(uap, data);
if (tmp != 0 && t->p_nlwps > 1) {
lwp_delref(lt);
mutex_enter(t->p_lock);
lt = lwp_find(t, tmp);
if (lt == NULL) {
mutex_exit(t->p_lock);
error = ESRCH;
break;
}
lwp_addref(lt);
mutex_exit(t->p_lock);
}
if (!process_validfpregs(lt))
error = EINVAL;
else {
error = proc_vmspace_getref(l->l_proc, &vm);
if (error)
break;
iov.iov_base = SCARG(uap, addr);
iov.iov_len = sizeof(struct fpreg);
uio.uio_iov = &iov;
uio.uio_iovcnt = 1;
uio.uio_offset = 0;
uio.uio_resid = sizeof(struct fpreg);
uio.uio_rw = write ? UIO_WRITE : UIO_READ;
uio.uio_vmspace = vm;
error = process_dofpregs(l, lt, &uio);
uvmspace_free(vm);
}
break;
#endif
#ifdef __HAVE_PTRACE_MACHDEP
PTRACE_MACHDEP_REQUEST_CASES
error = ptrace_machdep_dorequest(l, lt,
req, SCARG(uap, addr), SCARG(uap, data));
break;
#endif
}
if (pheld) {
mutex_exit(t->p_lock);
mutex_exit(proc_lock);
}
if (lt != NULL)
lwp_delref(lt);
rw_exit(&t->p_reflock);
return error;
}
int
kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
{
struct iovec iov;
struct uio uio;
struct proc *curp, *p, *pp;
struct thread *td2;
struct ptrace_io_desc *piod;
int error, write, tmp;
int proctree_locked = 0;
curp = td->td_proc;
/* Lock proctree before locking the process. */
switch (req) {
case PT_TRACE_ME:
case PT_ATTACH:
case PT_STEP:
case PT_CONTINUE:
case PT_DETACH:
sx_xlock(&proctree_lock);
proctree_locked = 1;
break;
default:
break;
}
write = 0;
if (req == PT_TRACE_ME) {
p = td->td_proc;
PROC_LOCK(p);
} else {
if ((p = pfind(pid)) == NULL) {
if (proctree_locked)
sx_xunlock(&proctree_lock);
return (ESRCH);
}
}
if ((error = p_cansee(td, p)) != 0)
goto fail;
if ((error = p_candebug(td, p)) != 0)
goto fail;
/*
* System processes can't be debugged.
*/
if ((p->p_flag & P_SYSTEM) != 0) {
error = EINVAL;
goto fail;
}
/*
* Permissions check
*/
switch (req) {
case PT_TRACE_ME:
/* Always legal. */
break;
case PT_ATTACH:
/* Self */
if (p->p_pid == td->td_proc->p_pid) {
error = EINVAL;
goto fail;
}
/* Already traced */
if (p->p_flag & P_TRACED) {
error = EBUSY;
goto fail;
}
/* Can't trace an ancestor if you're being traced. */
if (curp->p_flag & P_TRACED) {
for (pp = curp->p_pptr; pp != NULL; pp = pp->p_pptr) {
if (pp == p) {
error = EINVAL;
goto fail;
}
}
}
/* OK */
break;
case PT_READ_I:
case PT_READ_D:
case PT_WRITE_I:
case PT_WRITE_D:
case PT_IO:
case PT_CONTINUE:
case PT_KILL:
case PT_STEP:
case PT_DETACH:
case PT_GETREGS:
case PT_SETREGS:
case PT_GETFPREGS:
case PT_SETFPREGS:
case PT_GETDBREGS:
case PT_SETDBREGS:
/* not being traced... */
if ((p->p_flag & P_TRACED) == 0) {
error = EPERM;
goto fail;
}
/* not being traced by YOU */
if (p->p_pptr != td->td_proc) {
error = EBUSY;
goto fail;
}
/* not currently stopped */
if (!P_SHOULDSTOP(p) || (p->p_flag & P_WAITED) == 0) {
error = EBUSY;
goto fail;
}
/* OK */
break;
default:
error = EINVAL;
goto fail;
}
td2 = FIRST_THREAD_IN_PROC(p);
#ifdef FIX_SSTEP
/*
* Single step fixup ala procfs
*/
FIX_SSTEP(td2); /* XXXKSE */
#endif
/*
* Actually do the requests
*/
td->td_retval[0] = 0;
switch (req) {
case PT_TRACE_ME:
/* set my trace flag and "owner" so it can read/write me */
p->p_flag |= P_TRACED;
p->p_oppid = p->p_pptr->p_pid;
PROC_UNLOCK(p);
sx_xunlock(&proctree_lock);
return (0);
case PT_ATTACH:
/* security check done above */
p->p_flag |= P_TRACED;
p->p_oppid = p->p_pptr->p_pid;
if (p->p_pptr != td->td_proc)
proc_reparent(p, td->td_proc);
data = SIGSTOP;
goto sendsig; /* in PT_CONTINUE below */
case PT_STEP:
case PT_CONTINUE:
case PT_DETACH:
/* XXX data is used even in the PT_STEP case. */
if (req != PT_STEP && (unsigned)data > _SIG_MAXSIG) {
error = EINVAL;
goto fail;
}
_PHOLD(p);
if (req == PT_STEP) {
error = ptrace_single_step(td2);
if (error) {
_PRELE(p);
goto fail;
}
}
if (addr != (void *)1) {
error = ptrace_set_pc(td2, (u_long)(uintfptr_t)addr);
if (error) {
_PRELE(p);
goto fail;
}
}
_PRELE(p);
if (req == PT_DETACH) {
/* reset process parent */
if (p->p_oppid != p->p_pptr->p_pid) {
struct proc *pp;
PROC_UNLOCK(p);
pp = pfind(p->p_oppid);
if (pp == NULL)
pp = initproc;
else
PROC_UNLOCK(pp);
PROC_LOCK(p);
proc_reparent(p, pp);
}
p->p_flag &= ~(P_TRACED | P_WAITED);
p->p_oppid = 0;
/* should we send SIGCHLD? */
}
sendsig:
if (proctree_locked)
sx_xunlock(&proctree_lock);
/* deliver or queue signal */
if (P_SHOULDSTOP(p)) {
p->p_xstat = data;
mtx_lock_spin(&sched_lock);
p->p_flag &= ~(P_STOPPED_TRACE|P_STOPPED_SIG);
thread_unsuspend(p);
setrunnable(td2); /* XXXKSE */
/* Need foreach kse in proc, ... make_kse_queued(). */
mtx_unlock_spin(&sched_lock);
} else if (data)
psignal(p, data);
PROC_UNLOCK(p);
return (0);
case PT_WRITE_I:
case PT_WRITE_D:
write = 1;
/* FALLTHROUGH */
case PT_READ_I:
case PT_READ_D:
PROC_UNLOCK(p);
tmp = 0;
/* write = 0 set above */
iov.iov_base = write ? (caddr_t)&data : (caddr_t)&tmp;
iov.iov_len = sizeof(int);
uio.uio_iov = &iov;
uio.uio_iovcnt = 1;
uio.uio_offset = (off_t)(uintptr_t)addr;
uio.uio_resid = sizeof(int);
uio.uio_segflg = UIO_SYSSPACE; /* i.e.: the uap */
uio.uio_rw = write ? UIO_WRITE : UIO_READ;
uio.uio_td = td;
error = proc_rwmem(p, &uio);
if (uio.uio_resid != 0) {
/*
* XXX proc_rwmem() doesn't currently return ENOSPC,
* so I think write() can bogusly return 0.
* XXX what happens for short writes? We don't want
* to write partial data.
* XXX proc_rwmem() returns EPERM for other invalid
* addresses. Convert this to EINVAL. Does this
* clobber returns of EPERM for other reasons?
*/
if (error == 0 || error == ENOSPC || error == EPERM)
error = EINVAL; /* EOF */
}
if (!write)
td->td_retval[0] = tmp;
return (error);
case PT_IO:
PROC_UNLOCK(p);
piod = addr;
iov.iov_base = piod->piod_addr;
iov.iov_len = piod->piod_len;
uio.uio_iov = &iov;
uio.uio_iovcnt = 1;
uio.uio_offset = (off_t)(uintptr_t)piod->piod_offs;
uio.uio_resid = piod->piod_len;
uio.uio_segflg = UIO_USERSPACE;
uio.uio_td = td;
switch (piod->piod_op) {
case PIOD_READ_D:
case PIOD_READ_I:
uio.uio_rw = UIO_READ;
break;
case PIOD_WRITE_D:
case PIOD_WRITE_I:
uio.uio_rw = UIO_WRITE;
break;
default:
return (EINVAL);
}
error = proc_rwmem(p, &uio);
piod->piod_len -= uio.uio_resid;
return (error);
case PT_KILL:
data = SIGKILL;
goto sendsig; /* in PT_CONTINUE above */
case PT_SETREGS:
_PHOLD(p);
error = proc_write_regs(td2, addr);
_PRELE(p);
PROC_UNLOCK(p);
return (error);
case PT_GETREGS:
_PHOLD(p);
error = proc_read_regs(td2, addr);
_PRELE(p);
PROC_UNLOCK(p);
return (error);
case PT_SETFPREGS:
_PHOLD(p);
error = proc_write_fpregs(td2, addr);
_PRELE(p);
PROC_UNLOCK(p);
return (error);
case PT_GETFPREGS:
_PHOLD(p);
error = proc_read_fpregs(td2, addr);
_PRELE(p);
PROC_UNLOCK(p);
return (error);
case PT_SETDBREGS:
_PHOLD(p);
error = proc_write_dbregs(td2, addr);
_PRELE(p);
PROC_UNLOCK(p);
return (error);
case PT_GETDBREGS:
_PHOLD(p);
error = proc_read_dbregs(td2, addr);
_PRELE(p);
PROC_UNLOCK(p);
return (error);
default:
KASSERT(0, ("unreachable code\n"));
break;
}
KASSERT(0, ("unreachable code\n"));
return (0);
fail:
PROC_UNLOCK(p);
if (proctree_locked)
sx_xunlock(&proctree_lock);
return (error);
}
static int
procfs_control(struct proc *curp, struct lwp *lp, int op)
{
struct proc *p = lp->lwp_proc;
int error;
ASSERT_LWKT_TOKEN_HELD(&p->p_token);
ASSERT_LWKT_TOKEN_HELD(&proc_token);
/* Can't trace a process that's currently exec'ing. */
if ((p->p_flags & P_INEXEC) != 0)
return EAGAIN;
/*
* Authorization check: rely on normal debugging protection, except
* allow processes to disengage debugging on a process onto which
* they have previously attached, but no longer have permission to
* debug.
*/
if (op != PROCFS_CTL_DETACH) {
if (securelevel > 0 && p->p_pid == 1)
return (EPERM);
if (!CHECKIO(curp, p) || p_trespass(curp->p_ucred, p->p_ucred))
return (EPERM);
}
/*
* Attach - attaches the target process for debugging
* by the calling process.
*/
if (op == PROCFS_CTL_ATTACH) {
/* check whether already being traced */
if (p->p_flags & P_TRACED)
return (EBUSY);
/* can't trace yourself! */
if (p->p_pid == curp->p_pid)
return (EINVAL);
/*
* Go ahead and set the trace flag.
* Save the old parent (it's reset in
* _DETACH, and also in kern_exit.c:wait4()
* Reparent the process so that the tracing
* proc gets to see all the action.
* Stop the target.
*/
p->p_flags |= P_TRACED;
faultin(p);
p->p_xstat = 0; /* XXX ? */
if (p->p_pptr != curp) {
p->p_oppid = p->p_pptr->p_pid;
proc_reparent(p, curp);
}
proc_stop(p);
return (0);
}
/*
* Target process must be stopped, owned by (curp) and
* be set up for tracing (P_TRACED flag set).
* Allow DETACH to take place at any time for sanity.
* Allow WAIT any time, of course.
*/
switch (op) {
case PROCFS_CTL_DETACH:
case PROCFS_CTL_WAIT:
break;
default:
if (!TRACE_WAIT_P(curp, p))
return (EBUSY);
}
#ifdef FIX_SSTEP
/*
* do single-step fixup if needed
*/
FIX_SSTEP(lp);
#endif
/*
* Don't deliver any signal by default.
* To continue with a signal, just send
* the signal name to the ctl file
*/
p->p_xstat = 0;
switch (op) {
/*
* Detach. Cleans up the target process, reparent it if possible
* and set it running once more.
*/
case PROCFS_CTL_DETACH:
/* if not being traced, then this is a painless no-op */
if ((p->p_flags & P_TRACED) == 0)
return (0);
/* not being traced any more */
p->p_flags &= ~P_TRACED;
/* remove pending SIGTRAP, else the process will die */
spin_lock(&lp->lwp_spin);
lwp_delsig(lp, SIGTRAP);
spin_unlock(&lp->lwp_spin);
/* give process back to original parent */
if (p->p_oppid != p->p_pptr->p_pid) {
struct proc *pp;
pp = pfs_pfind(p->p_oppid);
if (pp) {
proc_reparent(p, pp);
pfs_pdone(pp);
}
}
p->p_oppid = 0;
p->p_flags &= ~P_WAITED; /* XXX ? */
wakeup((caddr_t) curp); /* XXX for CTL_WAIT below ? */
break;
/*
* Step. Let the target process execute a single instruction.
*/
case PROCFS_CTL_STEP:
LWPHOLD(lp);
error = procfs_sstep(lp);
LWPRELE(lp);
if (error)
return (error);
break;
/*
* Run. Let the target process continue running until a breakpoint
* or some other trap.
*/
case PROCFS_CTL_RUN:
break;
/*
* Wait for the target process to stop.
* If the target is not being traced then just wait
* to enter
*/
case PROCFS_CTL_WAIT:
error = 0;
if (p->p_flags & P_TRACED) {
while (error == 0 &&
p->p_stat != SSTOP &&
(p->p_flags & P_TRACED) &&
(p->p_pptr == curp)) {
error = tsleep((caddr_t) p,
PCATCH, "procfsx", 0);
}
if (error == 0 && !TRACE_WAIT_P(curp, p))
error = EBUSY;
} else {
while (error == 0 && p->p_stat != SSTOP) {
error = tsleep((caddr_t) p,
PCATCH, "procfs", 0);
}
}
return (error);
default:
panic("procfs_control");
}
/*
* If the process is in a stopped state, make it runnable again.
* Do not set LWP_MP_BREAKTSLEEP - that is, do not break a tsleep
* that might be in progress.
*/
if (p->p_stat == SSTOP)
proc_unstop(p);
return (0);
}