1 /*- 2 * Copyright (c) 1989, 1992, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from software developed by the Computer Systems 6 * Engineering group at Lawrence Berkeley Laboratory under DARPA contract 7 * BG 91-66 and contributed to Berkeley. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed by the University of 20 * California, Berkeley and its contributors. 21 * 4. Neither the name of the University nor the names of its contributors 22 * may be used to endorse or promote products derived from this software 23 * without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 */ 37 38 #if defined(LIBC_SCCS) && !defined(lint) 39 static char sccsid[] = "@(#)kvm_proc.c 8.3 (Berkeley) 9/23/93"; 40 #endif /* LIBC_SCCS and not lint */ 41 42 /* 43 * Proc traversal interface for kvm. ps and w are (probably) the exclusive 44 * users of this code, so we've factored it out into a separate module. 45 * Thus, we keep this grunge out of the other kvm applications (i.e., 46 * most other applications are interested only in open/close/read/nlist). 47 */ 48 49 #include <sys/param.h> 50 #include <sys/user.h> 51 #include <sys/proc.h> 52 #include <sys/exec.h> 53 #include <sys/stat.h> 54 #include <sys/ioctl.h> 55 #include <sys/tty.h> 56 #include <sys/file.h> 57 #include <unistd.h> 58 #include <nlist.h> 59 #include <kvm.h> 60 61 #include <vm/vm.h> 62 #include <vm/vm_param.h> 63 #include <vm/swap_pager.h> 64 65 #include <sys/sysctl.h> 66 67 #include <limits.h> 68 #include <memory.h> 69 #include <db.h> 70 #include <paths.h> 71 72 #include "kvm_private.h" 73 74 static char * 75 kvm_readswap(kd, p, va, cnt) 76 kvm_t *kd; 77 const struct proc *p; 78 u_long va; 79 u_long *cnt; 80 { 81 #ifdef __FreeBSD__ 82 /* XXX Stubbed out, our vm system is differnet */ 83 _kvm_err(kd, kd->program, "kvm_readswap not implemented"); 84 return(0); 85 #endif /* __FreeBSD__ */ 86 } 87 88 #define KREAD(kd, addr, obj) \ 89 (kvm_read(kd, addr, (char *)(obj), sizeof(*obj)) != sizeof(*obj)) 90 91 /* 92 * Read proc's from memory file into buffer bp, which has space to hold 93 * at most maxcnt procs. 94 */ 95 static int 96 kvm_proclist(kd, what, arg, p, bp, maxcnt) 97 kvm_t *kd; 98 int what, arg; 99 struct proc *p; 100 struct kinfo_proc *bp; 101 int maxcnt; 102 { 103 register int cnt = 0; 104 struct eproc eproc; 105 struct pgrp pgrp; 106 struct session sess; 107 struct tty tty; 108 struct proc proc; 109 110 for (; cnt < maxcnt && p != NULL; p = proc.p_next) { 111 if (KREAD(kd, (u_long)p, &proc)) { 112 _kvm_err(kd, kd->program, "can't read proc at %x", p); 113 return (-1); 114 } 115 if (KREAD(kd, (u_long)proc.p_cred, &eproc.e_pcred) == 0) 116 KREAD(kd, (u_long)eproc.e_pcred.pc_ucred, 117 &eproc.e_ucred); 118 119 switch(what) { 120 121 case KERN_PROC_PID: 122 if (proc.p_pid != (pid_t)arg) 123 continue; 124 break; 125 126 case KERN_PROC_UID: 127 if (eproc.e_ucred.cr_uid != (uid_t)arg) 128 continue; 129 break; 130 131 case KERN_PROC_RUID: 132 if (eproc.e_pcred.p_ruid != (uid_t)arg) 133 continue; 134 break; 135 } 136 /* 137 * We're going to add another proc to the set. If this 138 * will overflow the buffer, assume the reason is because 139 * nprocs (or the proc list) is corrupt and declare an error. 140 */ 141 if (cnt >= maxcnt) { 142 _kvm_err(kd, kd->program, "nprocs corrupt"); 143 return (-1); 144 } 145 /* 146 * gather eproc 147 */ 148 eproc.e_paddr = p; 149 if (KREAD(kd, (u_long)proc.p_pgrp, &pgrp)) { 150 _kvm_err(kd, kd->program, "can't read pgrp at %x", 151 proc.p_pgrp); 152 return (-1); 153 } 154 eproc.e_sess = pgrp.pg_session; 155 eproc.e_pgid = pgrp.pg_id; 156 eproc.e_jobc = pgrp.pg_jobc; 157 if (KREAD(kd, (u_long)pgrp.pg_session, &sess)) { 158 _kvm_err(kd, kd->program, "can't read session at %x", 159 pgrp.pg_session); 160 return (-1); 161 } 162 (void)memcpy(eproc.e_login, sess.s_login, 163 sizeof(eproc.e_login)); 164 if ((proc.p_flag & P_CONTROLT) && sess.s_ttyp != NULL) { 165 if (KREAD(kd, (u_long)sess.s_ttyp, &tty)) { 166 _kvm_err(kd, kd->program, 167 "can't read tty at %x", sess.s_ttyp); 168 return (-1); 169 } 170 eproc.e_tdev = tty.t_dev; 171 eproc.e_tsess = tty.t_session; 172 if (tty.t_pgrp != NULL) { 173 if (KREAD(kd, (u_long)tty.t_pgrp, &pgrp)) { 174 _kvm_err(kd, kd->program, 175 "can't read tpgrp at &x", 176 tty.t_pgrp); 177 return (-1); 178 } 179 eproc.e_tpgid = pgrp.pg_id; 180 } else 181 eproc.e_tpgid = -1; 182 } else 183 eproc.e_tdev = NODEV; 184 eproc.e_flag = sess.s_ttyvp ? EPROC_CTTY : 0; 185 if (sess.s_leader == p) 186 eproc.e_flag |= EPROC_SLEADER; 187 if (proc.p_wmesg) 188 (void)kvm_read(kd, (u_long)proc.p_wmesg, 189 eproc.e_wmesg, WMESGLEN); 190 191 #ifdef sparc 192 (void)kvm_read(kd, (u_long)&proc.p_vmspace->vm_rssize, 193 (char *)&eproc.e_vm.vm_rssize, 194 sizeof(eproc.e_vm.vm_rssize)); 195 (void)kvm_read(kd, (u_long)&proc.p_vmspace->vm_tsize, 196 (char *)&eproc.e_vm.vm_tsize, 197 3 * sizeof(eproc.e_vm.vm_rssize)); /* XXX */ 198 #else 199 (void)kvm_read(kd, (u_long)proc.p_vmspace, 200 (char *)&eproc.e_vm, sizeof(eproc.e_vm)); 201 #endif 202 eproc.e_xsize = eproc.e_xrssize = 0; 203 eproc.e_xccount = eproc.e_xswrss = 0; 204 205 switch (what) { 206 207 case KERN_PROC_PGRP: 208 if (eproc.e_pgid != (pid_t)arg) 209 continue; 210 break; 211 212 case KERN_PROC_TTY: 213 if ((proc.p_flag & P_CONTROLT) == 0 || 214 eproc.e_tdev != (dev_t)arg) 215 continue; 216 break; 217 } 218 bcopy(&proc, &bp->kp_proc, sizeof(proc)); 219 bcopy(&eproc, &bp->kp_eproc, sizeof(eproc)); 220 ++bp; 221 ++cnt; 222 } 223 return (cnt); 224 } 225 226 /* 227 * Build proc info array by reading in proc list from a crash dump. 228 * Return number of procs read. maxcnt is the max we will read. 229 */ 230 static int 231 kvm_deadprocs(kd, what, arg, a_allproc, a_zombproc, maxcnt) 232 kvm_t *kd; 233 int what, arg; 234 u_long a_allproc; 235 u_long a_zombproc; 236 int maxcnt; 237 { 238 register struct kinfo_proc *bp = kd->procbase; 239 register int acnt, zcnt; 240 struct proc *p; 241 242 if (KREAD(kd, a_allproc, &p)) { 243 _kvm_err(kd, kd->program, "cannot read allproc"); 244 return (-1); 245 } 246 acnt = kvm_proclist(kd, what, arg, p, bp, maxcnt); 247 if (acnt < 0) 248 return (acnt); 249 250 if (KREAD(kd, a_zombproc, &p)) { 251 _kvm_err(kd, kd->program, "cannot read zombproc"); 252 return (-1); 253 } 254 zcnt = kvm_proclist(kd, what, arg, p, bp + acnt, maxcnt - acnt); 255 if (zcnt < 0) 256 zcnt = 0; 257 258 return (acnt + zcnt); 259 } 260 261 struct kinfo_proc * 262 kvm_getprocs(kd, op, arg, cnt) 263 kvm_t *kd; 264 int op, arg; 265 int *cnt; 266 { 267 int mib[4], size, st, nprocs; 268 269 if (kd->procbase != 0) { 270 free((void *)kd->procbase); 271 /* 272 * Clear this pointer in case this call fails. Otherwise, 273 * kvm_close() will free it again. 274 */ 275 kd->procbase = 0; 276 } 277 if (ISALIVE(kd)) { 278 size = 0; 279 mib[0] = CTL_KERN; 280 mib[1] = KERN_PROC; 281 mib[2] = op; 282 mib[3] = arg; 283 st = sysctl(mib, 4, NULL, &size, NULL, 0); 284 if (st == -1) { 285 _kvm_syserr(kd, kd->program, "kvm_getprocs"); 286 return (0); 287 } 288 kd->procbase = (struct kinfo_proc *)_kvm_malloc(kd, size); 289 if (kd->procbase == 0) 290 return (0); 291 st = sysctl(mib, 4, kd->procbase, &size, NULL, 0); 292 if (st == -1) { 293 _kvm_syserr(kd, kd->program, "kvm_getprocs"); 294 return (0); 295 } 296 if (size % sizeof(struct kinfo_proc) != 0) { 297 _kvm_err(kd, kd->program, 298 "proc size mismatch (%d total, %d chunks)", 299 size, sizeof(struct kinfo_proc)); 300 return (0); 301 } 302 nprocs = size / sizeof(struct kinfo_proc); 303 } else { 304 struct nlist nl[4], *p; 305 306 nl[0].n_name = "_nprocs"; 307 nl[1].n_name = "_allproc"; 308 nl[2].n_name = "_zombproc"; 309 nl[3].n_name = 0; 310 311 if (kvm_nlist(kd, nl) != 0) { 312 for (p = nl; p->n_type != 0; ++p) 313 ; 314 _kvm_err(kd, kd->program, 315 "%s: no such symbol", p->n_name); 316 return (0); 317 } 318 if (KREAD(kd, nl[0].n_value, &nprocs)) { 319 _kvm_err(kd, kd->program, "can't read nprocs"); 320 return (0); 321 } 322 size = nprocs * sizeof(struct kinfo_proc); 323 kd->procbase = (struct kinfo_proc *)_kvm_malloc(kd, size); 324 if (kd->procbase == 0) 325 return (0); 326 327 nprocs = kvm_deadprocs(kd, op, arg, nl[1].n_value, 328 nl[2].n_value, nprocs); 329 #ifdef notdef 330 size = nprocs * sizeof(struct kinfo_proc); 331 (void)realloc(kd->procbase, size); 332 #endif 333 } 334 *cnt = nprocs; 335 return (kd->procbase); 336 } 337 338 void 339 _kvm_freeprocs(kd) 340 kvm_t *kd; 341 { 342 if (kd->procbase) { 343 free(kd->procbase); 344 kd->procbase = 0; 345 } 346 } 347 348 void * 349 _kvm_realloc(kd, p, n) 350 kvm_t *kd; 351 void *p; 352 size_t n; 353 { 354 void *np = (void *)realloc(p, n); 355 356 if (np == 0) 357 _kvm_err(kd, kd->program, "out of memory"); 358 return (np); 359 } 360 361 #ifndef MAX 362 #define MAX(a, b) ((a) > (b) ? (a) : (b)) 363 #endif 364 365 /* 366 * Read in an argument vector from the user address space of process p. 367 * addr if the user-space base address of narg null-terminated contiguous 368 * strings. This is used to read in both the command arguments and 369 * environment strings. Read at most maxcnt characters of strings. 370 */ 371 static char ** 372 kvm_argv(kd, p, addr, narg, maxcnt) 373 kvm_t *kd; 374 const struct proc *p; 375 register u_long addr; 376 register int narg; 377 register int maxcnt; 378 { 379 register char *np, *cp, *ep, *ap; 380 register u_long oaddr = -1; 381 register int len, cc; 382 register char **argv; 383 384 /* 385 * Check that there aren't an unreasonable number of agruments, 386 * and that the address is in user space. 387 */ 388 if (narg > 512 || addr < VM_MIN_ADDRESS || addr >= VM_MAXUSER_ADDRESS) 389 return (0); 390 391 /* 392 * kd->argv : work space for fetching the strings from the target 393 * process's space, and is converted for returning to caller 394 */ 395 if (kd->argv == 0) { 396 /* 397 * Try to avoid reallocs. 398 */ 399 kd->argc = MAX(narg + 1, 32); 400 kd->argv = (char **)_kvm_malloc(kd, kd->argc * 401 sizeof(*kd->argv)); 402 if (kd->argv == 0) 403 return (0); 404 } else if (narg + 1 > kd->argc) { 405 kd->argc = MAX(2 * kd->argc, narg + 1); 406 kd->argv = (char **)_kvm_realloc(kd, kd->argv, kd->argc * 407 sizeof(*kd->argv)); 408 if (kd->argv == 0) 409 return (0); 410 } 411 /* 412 * kd->argspc : returned to user, this is where the kd->argv 413 * arrays are left pointing to the collected strings. 414 */ 415 if (kd->argspc == 0) { 416 kd->argspc = (char *)_kvm_malloc(kd, NBPG); 417 if (kd->argspc == 0) 418 return (0); 419 kd->arglen = NBPG; 420 } 421 /* 422 * kd->argbuf : used to pull in pages from the target process. 423 * the strings are copied out of here. 424 */ 425 if (kd->argbuf == 0) { 426 kd->argbuf = (char *)_kvm_malloc(kd, NBPG); 427 if (kd->argbuf == 0) 428 return (0); 429 } 430 431 /* Pull in the target process'es argv vector */ 432 cc = sizeof(char *) * narg; 433 if (kvm_uread(kd, p, addr, (char *)kd->argv, cc) != cc) 434 return (0); 435 /* 436 * ap : saved start address of string we're working on in kd->argspc 437 * np : pointer to next place to write in kd->argspc 438 * len: length of data in kd->argspc 439 * argv: pointer to the argv vector that we are hunting around the 440 * target process space for, and converting to addresses in 441 * our address space (kd->argspc). 442 */ 443 ap = np = kd->argspc; 444 argv = kd->argv; 445 len = 0; 446 /* 447 * Loop over pages, filling in the argument vector. 448 * Note that the argv strings could be pointing *anywhere* in 449 * the user address space and are no longer contiguous. 450 * Note that *argv is modified when we are going to fetch a string 451 * that crosses a page boundary. We copy the next part of the string 452 * into to "np" and eventually convert the pointer. 453 */ 454 while (argv < kd->argv + narg && *argv != 0) { 455 456 /* get the address that the current argv string is on */ 457 addr = (u_long)*argv & ~(NBPG - 1); 458 459 /* is it the same page as the last one? */ 460 if (addr != oaddr) { 461 if (kvm_uread(kd, p, addr, kd->argbuf, NBPG) != 462 NBPG) 463 return (0); 464 oaddr = addr; 465 } 466 467 /* offset within the page... kd->argbuf */ 468 addr = (u_long)*argv & (NBPG - 1); 469 470 /* cp = start of string, cc = count of chars in this chunk */ 471 cp = kd->argbuf + addr; 472 cc = NBPG - addr; 473 474 /* dont get more than asked for by user process */ 475 if (maxcnt > 0 && cc > maxcnt - len) 476 cc = maxcnt - len; 477 478 /* pointer to end of string if we found it in this page */ 479 ep = memchr(cp, '\0', cc); 480 if (ep != 0) 481 cc = ep - cp + 1; 482 /* 483 * at this point, cc is the count of the chars that we are 484 * going to retrieve this time. we may or may not have found 485 * the end of it. (ep points to the null if the end is known) 486 */ 487 488 /* will we exceed the malloc/realloced buffer? */ 489 if (len + cc > kd->arglen) { 490 register int off; 491 register char **pp; 492 register char *op = kd->argspc; 493 494 kd->arglen *= 2; 495 kd->argspc = (char *)_kvm_realloc(kd, kd->argspc, 496 kd->arglen); 497 if (kd->argspc == 0) 498 return (0); 499 /* 500 * Adjust argv pointers in case realloc moved 501 * the string space. 502 */ 503 off = kd->argspc - op; 504 for (pp = kd->argv; pp < argv; pp++) 505 *pp += off; 506 ap += off; 507 np += off; 508 } 509 /* np = where to put the next part of the string in kd->argspc*/ 510 /* np is kinda redundant.. could use "kd->argspc + len" */ 511 memcpy(np, cp, cc); 512 np += cc; /* inc counters */ 513 len += cc; 514 515 /* 516 * if end of string found, set the *argv pointer to the 517 * saved beginning of string, and advance. argv points to 518 * somewhere in kd->argv.. This is initially relative 519 * to the target process, but when we close it off, we set 520 * it to point in our address space. 521 */ 522 if (ep != 0) { 523 *argv++ = ap; 524 ap = np; 525 } else { 526 /* update the address relative to the target process */ 527 *argv += cc; 528 } 529 530 if (maxcnt > 0 && len >= maxcnt) { 531 /* 532 * We're stopping prematurely. Terminate the 533 * current string. 534 */ 535 if (ep == 0) { 536 *np = '\0'; 537 *argv++ = ap; 538 } 539 break; 540 } 541 } 542 /* Make sure argv is terminated. */ 543 *argv = 0; 544 return (kd->argv); 545 } 546 547 static void 548 ps_str_a(p, addr, n) 549 struct ps_strings *p; 550 u_long *addr; 551 int *n; 552 { 553 *addr = (u_long)p->ps_argvstr; 554 *n = p->ps_nargvstr; 555 } 556 557 static void 558 ps_str_e(p, addr, n) 559 struct ps_strings *p; 560 u_long *addr; 561 int *n; 562 { 563 *addr = (u_long)p->ps_envstr; 564 *n = p->ps_nenvstr; 565 } 566 567 /* 568 * Determine if the proc indicated by p is still active. 569 * This test is not 100% foolproof in theory, but chances of 570 * being wrong are very low. 571 */ 572 static int 573 proc_verify(kd, kernp, p) 574 kvm_t *kd; 575 u_long kernp; 576 const struct proc *p; 577 { 578 struct proc kernproc; 579 580 /* 581 * Just read in the whole proc. It's not that big relative 582 * to the cost of the read system call. 583 */ 584 if (kvm_read(kd, kernp, (char *)&kernproc, sizeof(kernproc)) != 585 sizeof(kernproc)) 586 return (0); 587 return (p->p_pid == kernproc.p_pid && 588 (kernproc.p_stat != SZOMB || p->p_stat == SZOMB)); 589 } 590 591 static char ** 592 kvm_doargv(kd, kp, nchr, info) 593 kvm_t *kd; 594 const struct kinfo_proc *kp; 595 int nchr; 596 void (*info)(struct ps_strings *, u_long *, int *); 597 { 598 register const struct proc *p = &kp->kp_proc; 599 register char **ap; 600 u_long addr; 601 int cnt; 602 struct ps_strings arginfo, *ps_strings; 603 int mib[2]; 604 size_t len; 605 606 ps_strings = NULL; 607 mib[0] = CTL_KERN; 608 mib[1] = KERN_PS_STRINGS; 609 len = sizeof(ps_strings); 610 if (sysctl(mib, 2, &ps_strings, &len, NULL, 0) < 0 || 611 ps_strings == NULL) 612 ps_strings = PS_STRINGS; 613 614 /* 615 * Pointers are stored at the top of the user stack. 616 */ 617 if (p->p_stat == SZOMB || 618 kvm_uread(kd, p, ps_strings, (char *)&arginfo, 619 sizeof(arginfo)) != sizeof(arginfo)) 620 return (0); 621 622 (*info)(&arginfo, &addr, &cnt); 623 if (cnt == 0) 624 return (0); 625 ap = kvm_argv(kd, p, addr, cnt, nchr); 626 /* 627 * For live kernels, make sure this process didn't go away. 628 */ 629 if (ap != 0 && ISALIVE(kd) && 630 !proc_verify(kd, (u_long)kp->kp_eproc.e_paddr, p)) 631 ap = 0; 632 return (ap); 633 } 634 635 /* 636 * Get the command args. This code is now machine independent. 637 */ 638 char ** 639 kvm_getargv(kd, kp, nchr) 640 kvm_t *kd; 641 const struct kinfo_proc *kp; 642 int nchr; 643 { 644 return (kvm_doargv(kd, kp, nchr, ps_str_a)); 645 } 646 647 char ** 648 kvm_getenvv(kd, kp, nchr) 649 kvm_t *kd; 650 const struct kinfo_proc *kp; 651 int nchr; 652 { 653 return (kvm_doargv(kd, kp, nchr, ps_str_e)); 654 } 655 656 /* 657 * Read from user space. The user context is given by p. 658 */ 659 ssize_t 660 kvm_uread(kd, p, uva, buf, len) 661 kvm_t *kd; 662 register struct proc *p; 663 register u_long uva; 664 register char *buf; 665 register size_t len; 666 { 667 register char *cp; 668 char procfile[MAXPATHLEN]; 669 ssize_t amount; 670 int fd; 671 672 if (!ISALIVE(kd)) { 673 _kvm_err(kd, kd->program, "cannot read user space from dead kernel"); 674 return(0); 675 } 676 677 cp = buf; 678 679 sprintf(procfile, "/proc/%d/mem", p->p_pid); 680 fd = open(procfile, O_RDONLY, 0); 681 682 if (fd < 0) { 683 _kvm_err(kd, kd->program, "cannot open %s", procfile); 684 close(fd); 685 return (0); 686 } 687 688 689 while (len > 0) { 690 if (lseek(fd, (off_t)uva, 0) == -1 && errno != 0) { 691 _kvm_err(kd, kd->program, "invalid address (%x) in %s", uva, procfile); 692 break; 693 } 694 amount = read(fd, cp, len); 695 if (amount < 0) { 696 _kvm_err(kd, kd->program, "error reading %s", procfile); 697 break; 698 } 699 cp += amount; 700 uva += amount; 701 len -= amount; 702 } 703 704 close(fd); 705 return (ssize_t)(cp - buf); 706 } 707