1 /*- 2 * Copyright (c) 2014 John Baldwin 3 * Copyright (c) 2014, 2016 The FreeBSD Foundation 4 * 5 * Portions of this software were developed by Konstantin Belousov 6 * under sponsorship from the FreeBSD Foundation. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 */ 29 30 #include <sys/cdefs.h> 31 __FBSDID("$FreeBSD$"); 32 33 #include <sys/param.h> 34 #include <sys/_unrhdr.h> 35 #include <sys/systm.h> 36 #include <sys/capsicum.h> 37 #include <sys/lock.h> 38 #include <sys/mman.h> 39 #include <sys/mutex.h> 40 #include <sys/priv.h> 41 #include <sys/proc.h> 42 #include <sys/procctl.h> 43 #include <sys/sx.h> 44 #include <sys/syscallsubr.h> 45 #include <sys/sysproto.h> 46 #include <sys/taskqueue.h> 47 #include <sys/wait.h> 48 49 #include <vm/vm.h> 50 #include <vm/pmap.h> 51 #include <vm/vm_map.h> 52 #include <vm/vm_extern.h> 53 54 static int 55 protect_setchild(struct thread *td, struct proc *p, int flags) 56 { 57 58 PROC_LOCK_ASSERT(p, MA_OWNED); 59 if (p->p_flag & P_SYSTEM || p_cansched(td, p) != 0) 60 return (0); 61 if (flags & PPROT_SET) { 62 p->p_flag |= P_PROTECTED; 63 if (flags & PPROT_INHERIT) 64 p->p_flag2 |= P2_INHERIT_PROTECTED; 65 } else { 66 p->p_flag &= ~P_PROTECTED; 67 p->p_flag2 &= ~P2_INHERIT_PROTECTED; 68 } 69 return (1); 70 } 71 72 static int 73 protect_setchildren(struct thread *td, struct proc *top, int flags) 74 { 75 struct proc *p; 76 int ret; 77 78 p = top; 79 ret = 0; 80 sx_assert(&proctree_lock, SX_LOCKED); 81 for (;;) { 82 ret |= protect_setchild(td, p, flags); 83 PROC_UNLOCK(p); 84 /* 85 * If this process has children, descend to them next, 86 * otherwise do any siblings, and if done with this level, 87 * follow back up the tree (but not past top). 88 */ 89 if (!LIST_EMPTY(&p->p_children)) 90 p = LIST_FIRST(&p->p_children); 91 else for (;;) { 92 if (p == top) { 93 PROC_LOCK(p); 94 return (ret); 95 } 96 if (LIST_NEXT(p, p_sibling)) { 97 p = LIST_NEXT(p, p_sibling); 98 break; 99 } 100 p = p->p_pptr; 101 } 102 PROC_LOCK(p); 103 } 104 } 105 106 static int 107 protect_set(struct thread *td, struct proc *p, void *data) 108 { 109 int error, flags, ret; 110 111 flags = *(int *)data; 112 switch (PPROT_OP(flags)) { 113 case PPROT_SET: 114 case PPROT_CLEAR: 115 break; 116 default: 117 return (EINVAL); 118 } 119 120 if ((PPROT_FLAGS(flags) & ~(PPROT_DESCEND | PPROT_INHERIT)) != 0) 121 return (EINVAL); 122 123 error = priv_check(td, PRIV_VM_MADV_PROTECT); 124 if (error) 125 return (error); 126 127 if (flags & PPROT_DESCEND) 128 ret = protect_setchildren(td, p, flags); 129 else 130 ret = protect_setchild(td, p, flags); 131 if (ret == 0) 132 return (EPERM); 133 return (0); 134 } 135 136 static int 137 reap_acquire(struct thread *td, struct proc *p, void *data __unused) 138 { 139 140 sx_assert(&proctree_lock, SX_XLOCKED); 141 if (p != td->td_proc) 142 return (EPERM); 143 if ((p->p_treeflag & P_TREE_REAPER) != 0) 144 return (EBUSY); 145 p->p_treeflag |= P_TREE_REAPER; 146 /* 147 * We do not reattach existing children and the whole tree 148 * under them to us, since p->p_reaper already seen them. 149 */ 150 return (0); 151 } 152 153 static int 154 reap_release(struct thread *td, struct proc *p, void *data __unused) 155 { 156 157 sx_assert(&proctree_lock, SX_XLOCKED); 158 if (p != td->td_proc) 159 return (EPERM); 160 if (p == initproc) 161 return (EINVAL); 162 if ((p->p_treeflag & P_TREE_REAPER) == 0) 163 return (EINVAL); 164 reaper_abandon_children(p, false); 165 return (0); 166 } 167 168 static int 169 reap_status(struct thread *td, struct proc *p, void *data) 170 { 171 struct proc *reap, *p2, *first_p; 172 struct procctl_reaper_status *rs; 173 174 rs = data; 175 sx_assert(&proctree_lock, SX_LOCKED); 176 if ((p->p_treeflag & P_TREE_REAPER) == 0) { 177 reap = p->p_reaper; 178 } else { 179 reap = p; 180 rs->rs_flags |= REAPER_STATUS_OWNED; 181 } 182 if (reap == initproc) 183 rs->rs_flags |= REAPER_STATUS_REALINIT; 184 rs->rs_reaper = reap->p_pid; 185 rs->rs_descendants = 0; 186 rs->rs_children = 0; 187 if (!LIST_EMPTY(&reap->p_reaplist)) { 188 first_p = LIST_FIRST(&reap->p_children); 189 if (first_p == NULL) 190 first_p = LIST_FIRST(&reap->p_reaplist); 191 rs->rs_pid = first_p->p_pid; 192 LIST_FOREACH(p2, &reap->p_reaplist, p_reapsibling) { 193 if (proc_realparent(p2) == reap) 194 rs->rs_children++; 195 rs->rs_descendants++; 196 } 197 } else { 198 rs->rs_pid = -1; 199 } 200 return (0); 201 } 202 203 static int 204 reap_getpids(struct thread *td, struct proc *p, void *data) 205 { 206 struct proc *reap, *p2; 207 struct procctl_reaper_pidinfo *pi, *pip; 208 struct procctl_reaper_pids *rp; 209 u_int i, n; 210 int error; 211 212 rp = data; 213 sx_assert(&proctree_lock, SX_LOCKED); 214 PROC_UNLOCK(p); 215 reap = (p->p_treeflag & P_TREE_REAPER) == 0 ? p->p_reaper : p; 216 n = i = 0; 217 error = 0; 218 LIST_FOREACH(p2, &reap->p_reaplist, p_reapsibling) 219 n++; 220 sx_unlock(&proctree_lock); 221 if (rp->rp_count < n) 222 n = rp->rp_count; 223 pi = malloc(n * sizeof(*pi), M_TEMP, M_WAITOK); 224 sx_slock(&proctree_lock); 225 LIST_FOREACH(p2, &reap->p_reaplist, p_reapsibling) { 226 if (i == n) 227 break; 228 pip = &pi[i]; 229 bzero(pip, sizeof(*pip)); 230 pip->pi_pid = p2->p_pid; 231 pip->pi_subtree = p2->p_reapsubtree; 232 pip->pi_flags = REAPER_PIDINFO_VALID; 233 if (proc_realparent(p2) == reap) 234 pip->pi_flags |= REAPER_PIDINFO_CHILD; 235 if ((p2->p_treeflag & P_TREE_REAPER) != 0) 236 pip->pi_flags |= REAPER_PIDINFO_REAPER; 237 if ((p2->p_flag & P_STOPPED) != 0) 238 pip->pi_flags |= REAPER_PIDINFO_STOPPED; 239 if (p2->p_state == PRS_ZOMBIE) 240 pip->pi_flags |= REAPER_PIDINFO_ZOMBIE; 241 else if ((p2->p_flag & P_WEXIT) != 0) 242 pip->pi_flags |= REAPER_PIDINFO_EXITING; 243 i++; 244 } 245 sx_sunlock(&proctree_lock); 246 error = copyout(pi, rp->rp_pids, i * sizeof(*pi)); 247 free(pi, M_TEMP); 248 sx_slock(&proctree_lock); 249 PROC_LOCK(p); 250 return (error); 251 } 252 253 struct reap_kill_proc_work { 254 struct ucred *cr; 255 struct proc *target; 256 ksiginfo_t *ksi; 257 struct procctl_reaper_kill *rk; 258 int *error; 259 struct task t; 260 }; 261 262 static void 263 reap_kill_proc_locked(struct reap_kill_proc_work *w) 264 { 265 int error1; 266 bool need_stop; 267 268 PROC_LOCK_ASSERT(w->target, MA_OWNED); 269 PROC_ASSERT_HELD(w->target); 270 271 error1 = cr_cansignal(w->cr, w->target, w->rk->rk_sig); 272 if (error1 != 0) { 273 if (*w->error == ESRCH) { 274 w->rk->rk_fpid = w->target->p_pid; 275 *w->error = error1; 276 } 277 return; 278 } 279 280 /* 281 * The need_stop indicates if the target process needs to be 282 * suspended before being signalled. This is needed when we 283 * guarantee that all processes in subtree are signalled, 284 * avoiding the race with some process not yet fully linked 285 * into all structures during fork, ignored by iterator, and 286 * then escaping signalling. 287 * 288 * The thread cannot usefully stop itself anyway, and if other 289 * thread of the current process forks while the current 290 * thread signals the whole subtree, it is an application 291 * race. 292 */ 293 if ((w->target->p_flag & (P_KPROC | P_SYSTEM | P_STOPPED)) == 0) 294 need_stop = thread_single(w->target, SINGLE_ALLPROC) == 0; 295 else 296 need_stop = false; 297 298 (void)pksignal(w->target, w->rk->rk_sig, w->ksi); 299 w->rk->rk_killed++; 300 *w->error = error1; 301 302 if (need_stop) 303 thread_single_end(w->target, SINGLE_ALLPROC); 304 } 305 306 static void 307 reap_kill_proc_work(void *arg, int pending __unused) 308 { 309 struct reap_kill_proc_work *w; 310 311 w = arg; 312 PROC_LOCK(w->target); 313 if ((w->target->p_flag2 & P2_WEXIT) == 0) 314 reap_kill_proc_locked(w); 315 PROC_UNLOCK(w->target); 316 317 sx_xlock(&proctree_lock); 318 w->target = NULL; 319 wakeup(&w->target); 320 sx_xunlock(&proctree_lock); 321 } 322 323 struct reap_kill_tracker { 324 struct proc *parent; 325 TAILQ_ENTRY(reap_kill_tracker) link; 326 }; 327 328 TAILQ_HEAD(reap_kill_tracker_head, reap_kill_tracker); 329 330 static void 331 reap_kill_sched(struct reap_kill_tracker_head *tracker, struct proc *p2) 332 { 333 struct reap_kill_tracker *t; 334 335 PROC_LOCK(p2); 336 if ((p2->p_flag2 & P2_WEXIT) != 0) { 337 PROC_UNLOCK(p2); 338 return; 339 } 340 _PHOLD_LITE(p2); 341 PROC_UNLOCK(p2); 342 t = malloc(sizeof(struct reap_kill_tracker), M_TEMP, M_WAITOK); 343 t->parent = p2; 344 TAILQ_INSERT_TAIL(tracker, t, link); 345 } 346 347 static void 348 reap_kill_sched_free(struct reap_kill_tracker *t) 349 { 350 PRELE(t->parent); 351 free(t, M_TEMP); 352 } 353 354 static void 355 reap_kill_children(struct thread *td, struct proc *reaper, 356 struct procctl_reaper_kill *rk, ksiginfo_t *ksi, int *error) 357 { 358 struct proc *p2; 359 int error1; 360 361 LIST_FOREACH(p2, &reaper->p_children, p_sibling) { 362 PROC_LOCK(p2); 363 if ((p2->p_flag2 & P2_WEXIT) == 0) { 364 error1 = p_cansignal(td, p2, rk->rk_sig); 365 if (error1 != 0) { 366 if (*error == ESRCH) { 367 rk->rk_fpid = p2->p_pid; 368 *error = error1; 369 } 370 371 /* 372 * Do not end the loop on error, 373 * signal everything we can. 374 */ 375 } else { 376 (void)pksignal(p2, rk->rk_sig, ksi); 377 rk->rk_killed++; 378 } 379 } 380 PROC_UNLOCK(p2); 381 } 382 } 383 384 static bool 385 reap_kill_subtree_once(struct thread *td, struct proc *p, struct proc *reaper, 386 struct unrhdr *pids, struct reap_kill_proc_work *w) 387 { 388 struct reap_kill_tracker_head tracker; 389 struct reap_kill_tracker *t; 390 struct proc *p2; 391 int r, xlocked; 392 bool res, st; 393 394 res = false; 395 TAILQ_INIT(&tracker); 396 reap_kill_sched(&tracker, reaper); 397 while ((t = TAILQ_FIRST(&tracker)) != NULL) { 398 TAILQ_REMOVE(&tracker, t, link); 399 400 /* 401 * Since reap_kill_proc() drops proctree_lock sx, it 402 * is possible that the tracked reaper is no longer. 403 * In this case the subtree is reparented to the new 404 * reaper, which should handle it. 405 */ 406 if ((t->parent->p_treeflag & P_TREE_REAPER) == 0) { 407 reap_kill_sched_free(t); 408 res = true; 409 continue; 410 } 411 412 LIST_FOREACH(p2, &t->parent->p_reaplist, p_reapsibling) { 413 if (t->parent == reaper && 414 (w->rk->rk_flags & REAPER_KILL_SUBTREE) != 0 && 415 p2->p_reapsubtree != w->rk->rk_subtree) 416 continue; 417 if ((p2->p_treeflag & P_TREE_REAPER) != 0) 418 reap_kill_sched(&tracker, p2); 419 if (alloc_unr_specific(pids, p2->p_pid) != p2->p_pid) 420 continue; 421 if (p2 == td->td_proc) { 422 if ((p2->p_flag & P_HADTHREADS) != 0 && 423 (p2->p_flag2 & P2_WEXIT) == 0) { 424 xlocked = sx_xlocked(&proctree_lock); 425 sx_unlock(&proctree_lock); 426 st = true; 427 } else { 428 st = false; 429 } 430 PROC_LOCK(p2); 431 if (st) 432 r = thread_single(p2, SINGLE_NO_EXIT); 433 (void)pksignal(p2, w->rk->rk_sig, w->ksi); 434 w->rk->rk_killed++; 435 if (st && r == 0) 436 thread_single_end(p2, SINGLE_NO_EXIT); 437 PROC_UNLOCK(p2); 438 if (st) { 439 if (xlocked) 440 sx_xlock(&proctree_lock); 441 else 442 sx_slock(&proctree_lock); 443 } 444 } else { 445 PROC_LOCK(p2); 446 if ((p2->p_flag2 & P2_WEXIT) == 0) { 447 _PHOLD_LITE(p2); 448 PROC_UNLOCK(p2); 449 w->target = p2; 450 taskqueue_enqueue(taskqueue_thread, 451 &w->t); 452 while (w->target != NULL) { 453 sx_sleep(&w->target, 454 &proctree_lock, PWAIT, 455 "reapst", 0); 456 } 457 PROC_LOCK(p2); 458 _PRELE(p2); 459 } 460 PROC_UNLOCK(p2); 461 } 462 res = true; 463 } 464 reap_kill_sched_free(t); 465 } 466 return (res); 467 } 468 469 static void 470 reap_kill_subtree(struct thread *td, struct proc *p, struct proc *reaper, 471 struct reap_kill_proc_work *w) 472 { 473 struct unrhdr pids; 474 475 /* 476 * pids records processes which were already signalled, to 477 * avoid doubling signals to them if iteration needs to be 478 * repeated. 479 */ 480 init_unrhdr(&pids, 1, PID_MAX, UNR_NO_MTX); 481 PROC_LOCK(td->td_proc); 482 if ((td->td_proc->p_flag2 & P2_WEXIT) != 0) { 483 PROC_UNLOCK(td->td_proc); 484 goto out; 485 } 486 PROC_UNLOCK(td->td_proc); 487 while (reap_kill_subtree_once(td, p, reaper, &pids, w)) 488 ; 489 out: 490 clean_unrhdr(&pids); 491 clear_unrhdr(&pids); 492 } 493 494 static bool 495 reap_kill_sapblk(struct thread *td __unused, void *data) 496 { 497 struct procctl_reaper_kill *rk; 498 499 rk = data; 500 return ((rk->rk_flags & REAPER_KILL_CHILDREN) == 0); 501 } 502 503 static int 504 reap_kill(struct thread *td, struct proc *p, void *data) 505 { 506 struct reap_kill_proc_work w; 507 struct proc *reaper; 508 ksiginfo_t ksi; 509 struct procctl_reaper_kill *rk; 510 int error; 511 512 rk = data; 513 sx_assert(&proctree_lock, SX_LOCKED); 514 if (IN_CAPABILITY_MODE(td)) 515 return (ECAPMODE); 516 if (rk->rk_sig <= 0 || rk->rk_sig > _SIG_MAXSIG || 517 (rk->rk_flags & ~(REAPER_KILL_CHILDREN | 518 REAPER_KILL_SUBTREE)) != 0 || (rk->rk_flags & 519 (REAPER_KILL_CHILDREN | REAPER_KILL_SUBTREE)) == 520 (REAPER_KILL_CHILDREN | REAPER_KILL_SUBTREE)) 521 return (EINVAL); 522 PROC_UNLOCK(p); 523 reaper = (p->p_treeflag & P_TREE_REAPER) == 0 ? p->p_reaper : p; 524 ksiginfo_init(&ksi); 525 ksi.ksi_signo = rk->rk_sig; 526 ksi.ksi_code = SI_USER; 527 ksi.ksi_pid = td->td_proc->p_pid; 528 ksi.ksi_uid = td->td_ucred->cr_ruid; 529 error = ESRCH; 530 rk->rk_killed = 0; 531 rk->rk_fpid = -1; 532 if ((rk->rk_flags & REAPER_KILL_CHILDREN) != 0) { 533 reap_kill_children(td, reaper, rk, &ksi, &error); 534 } else { 535 w.cr = crhold(td->td_ucred); 536 w.ksi = &ksi; 537 w.rk = rk; 538 w.error = &error; 539 TASK_INIT(&w.t, 0, reap_kill_proc_work, &w); 540 541 /* 542 * Prevent swapout, since w, ksi, and possibly rk, are 543 * allocated on the stack. We sleep in 544 * reap_kill_subtree_once() waiting for task to 545 * complete single-threading. 546 */ 547 PHOLD(td->td_proc); 548 549 reap_kill_subtree(td, p, reaper, &w); 550 PRELE(td->td_proc); 551 crfree(w.cr); 552 } 553 PROC_LOCK(p); 554 return (error); 555 } 556 557 static int 558 trace_ctl(struct thread *td, struct proc *p, void *data) 559 { 560 int state; 561 562 PROC_LOCK_ASSERT(p, MA_OWNED); 563 state = *(int *)data; 564 565 /* 566 * Ktrace changes p_traceflag from or to zero under the 567 * process lock, so the test does not need to acquire ktrace 568 * mutex. 569 */ 570 if ((p->p_flag & P_TRACED) != 0 || p->p_traceflag != 0) 571 return (EBUSY); 572 573 switch (state) { 574 case PROC_TRACE_CTL_ENABLE: 575 if (td->td_proc != p) 576 return (EPERM); 577 p->p_flag2 &= ~(P2_NOTRACE | P2_NOTRACE_EXEC); 578 break; 579 case PROC_TRACE_CTL_DISABLE_EXEC: 580 p->p_flag2 |= P2_NOTRACE_EXEC | P2_NOTRACE; 581 break; 582 case PROC_TRACE_CTL_DISABLE: 583 if ((p->p_flag2 & P2_NOTRACE_EXEC) != 0) { 584 KASSERT((p->p_flag2 & P2_NOTRACE) != 0, 585 ("dandling P2_NOTRACE_EXEC")); 586 if (td->td_proc != p) 587 return (EPERM); 588 p->p_flag2 &= ~P2_NOTRACE_EXEC; 589 } else { 590 p->p_flag2 |= P2_NOTRACE; 591 } 592 break; 593 default: 594 return (EINVAL); 595 } 596 return (0); 597 } 598 599 static int 600 trace_status(struct thread *td, struct proc *p, void *data) 601 { 602 int *status; 603 604 status = data; 605 if ((p->p_flag2 & P2_NOTRACE) != 0) { 606 KASSERT((p->p_flag & P_TRACED) == 0, 607 ("%d traced but tracing disabled", p->p_pid)); 608 *status = -1; 609 } else if ((p->p_flag & P_TRACED) != 0) { 610 *status = p->p_pptr->p_pid; 611 } else { 612 *status = 0; 613 } 614 return (0); 615 } 616 617 static int 618 trapcap_ctl(struct thread *td, struct proc *p, void *data) 619 { 620 int state; 621 622 PROC_LOCK_ASSERT(p, MA_OWNED); 623 state = *(int *)data; 624 625 switch (state) { 626 case PROC_TRAPCAP_CTL_ENABLE: 627 p->p_flag2 |= P2_TRAPCAP; 628 break; 629 case PROC_TRAPCAP_CTL_DISABLE: 630 p->p_flag2 &= ~P2_TRAPCAP; 631 break; 632 default: 633 return (EINVAL); 634 } 635 return (0); 636 } 637 638 static int 639 trapcap_status(struct thread *td, struct proc *p, void *data) 640 { 641 int *status; 642 643 status = data; 644 *status = (p->p_flag2 & P2_TRAPCAP) != 0 ? PROC_TRAPCAP_CTL_ENABLE : 645 PROC_TRAPCAP_CTL_DISABLE; 646 return (0); 647 } 648 649 static int 650 no_new_privs_ctl(struct thread *td, struct proc *p, void *data) 651 { 652 int state; 653 654 PROC_LOCK_ASSERT(p, MA_OWNED); 655 state = *(int *)data; 656 657 if (state != PROC_NO_NEW_PRIVS_ENABLE) 658 return (EINVAL); 659 p->p_flag2 |= P2_NO_NEW_PRIVS; 660 return (0); 661 } 662 663 static int 664 no_new_privs_status(struct thread *td, struct proc *p, void *data) 665 { 666 667 *(int *)data = (p->p_flag2 & P2_NO_NEW_PRIVS) != 0 ? 668 PROC_NO_NEW_PRIVS_ENABLE : PROC_NO_NEW_PRIVS_DISABLE; 669 return (0); 670 } 671 672 static int 673 protmax_ctl(struct thread *td, struct proc *p, void *data) 674 { 675 int state; 676 677 PROC_LOCK_ASSERT(p, MA_OWNED); 678 state = *(int *)data; 679 680 switch (state) { 681 case PROC_PROTMAX_FORCE_ENABLE: 682 p->p_flag2 &= ~P2_PROTMAX_DISABLE; 683 p->p_flag2 |= P2_PROTMAX_ENABLE; 684 break; 685 case PROC_PROTMAX_FORCE_DISABLE: 686 p->p_flag2 |= P2_PROTMAX_DISABLE; 687 p->p_flag2 &= ~P2_PROTMAX_ENABLE; 688 break; 689 case PROC_PROTMAX_NOFORCE: 690 p->p_flag2 &= ~(P2_PROTMAX_ENABLE | P2_PROTMAX_DISABLE); 691 break; 692 default: 693 return (EINVAL); 694 } 695 return (0); 696 } 697 698 static int 699 protmax_status(struct thread *td, struct proc *p, void *data) 700 { 701 int d; 702 703 switch (p->p_flag2 & (P2_PROTMAX_ENABLE | P2_PROTMAX_DISABLE)) { 704 case 0: 705 d = PROC_PROTMAX_NOFORCE; 706 break; 707 case P2_PROTMAX_ENABLE: 708 d = PROC_PROTMAX_FORCE_ENABLE; 709 break; 710 case P2_PROTMAX_DISABLE: 711 d = PROC_PROTMAX_FORCE_DISABLE; 712 break; 713 } 714 if (kern_mmap_maxprot(p, PROT_READ) == PROT_READ) 715 d |= PROC_PROTMAX_ACTIVE; 716 *(int *)data = d; 717 return (0); 718 } 719 720 static int 721 aslr_ctl(struct thread *td, struct proc *p, void *data) 722 { 723 int state; 724 725 PROC_LOCK_ASSERT(p, MA_OWNED); 726 state = *(int *)data; 727 728 switch (state) { 729 case PROC_ASLR_FORCE_ENABLE: 730 p->p_flag2 &= ~P2_ASLR_DISABLE; 731 p->p_flag2 |= P2_ASLR_ENABLE; 732 break; 733 case PROC_ASLR_FORCE_DISABLE: 734 p->p_flag2 |= P2_ASLR_DISABLE; 735 p->p_flag2 &= ~P2_ASLR_ENABLE; 736 break; 737 case PROC_ASLR_NOFORCE: 738 p->p_flag2 &= ~(P2_ASLR_ENABLE | P2_ASLR_DISABLE); 739 break; 740 default: 741 return (EINVAL); 742 } 743 return (0); 744 } 745 746 static int 747 aslr_status(struct thread *td, struct proc *p, void *data) 748 { 749 struct vmspace *vm; 750 int d; 751 752 switch (p->p_flag2 & (P2_ASLR_ENABLE | P2_ASLR_DISABLE)) { 753 case 0: 754 d = PROC_ASLR_NOFORCE; 755 break; 756 case P2_ASLR_ENABLE: 757 d = PROC_ASLR_FORCE_ENABLE; 758 break; 759 case P2_ASLR_DISABLE: 760 d = PROC_ASLR_FORCE_DISABLE; 761 break; 762 } 763 if ((p->p_flag & P_WEXIT) == 0) { 764 _PHOLD(p); 765 PROC_UNLOCK(p); 766 vm = vmspace_acquire_ref(p); 767 if (vm != NULL) { 768 if ((vm->vm_map.flags & MAP_ASLR) != 0) 769 d |= PROC_ASLR_ACTIVE; 770 vmspace_free(vm); 771 } 772 PROC_LOCK(p); 773 _PRELE(p); 774 } 775 *(int *)data = d; 776 return (0); 777 } 778 779 static int 780 stackgap_ctl(struct thread *td, struct proc *p, void *data) 781 { 782 int state; 783 784 PROC_LOCK_ASSERT(p, MA_OWNED); 785 state = *(int *)data; 786 787 if ((state & ~(PROC_STACKGAP_ENABLE | PROC_STACKGAP_DISABLE | 788 PROC_STACKGAP_ENABLE_EXEC | PROC_STACKGAP_DISABLE_EXEC)) != 0) 789 return (EINVAL); 790 switch (state & (PROC_STACKGAP_ENABLE | PROC_STACKGAP_DISABLE)) { 791 case PROC_STACKGAP_ENABLE: 792 if ((p->p_flag2 & P2_STKGAP_DISABLE) != 0) 793 return (EINVAL); 794 break; 795 case PROC_STACKGAP_DISABLE: 796 p->p_flag2 |= P2_STKGAP_DISABLE; 797 break; 798 case 0: 799 break; 800 default: 801 return (EINVAL); 802 } 803 switch (state & (PROC_STACKGAP_ENABLE_EXEC | 804 PROC_STACKGAP_DISABLE_EXEC)) { 805 case PROC_STACKGAP_ENABLE_EXEC: 806 p->p_flag2 &= ~P2_STKGAP_DISABLE_EXEC; 807 break; 808 case PROC_STACKGAP_DISABLE_EXEC: 809 p->p_flag2 |= P2_STKGAP_DISABLE_EXEC; 810 break; 811 case 0: 812 break; 813 default: 814 return (EINVAL); 815 } 816 return (0); 817 } 818 819 static int 820 stackgap_status(struct thread *td, struct proc *p, void *data) 821 { 822 int d; 823 824 PROC_LOCK_ASSERT(p, MA_OWNED); 825 826 d = (p->p_flag2 & P2_STKGAP_DISABLE) != 0 ? PROC_STACKGAP_DISABLE : 827 PROC_STACKGAP_ENABLE; 828 d |= (p->p_flag2 & P2_STKGAP_DISABLE_EXEC) != 0 ? 829 PROC_STACKGAP_DISABLE_EXEC : PROC_STACKGAP_ENABLE_EXEC; 830 *(int *)data = d; 831 return (0); 832 } 833 834 static int 835 wxmap_ctl(struct thread *td, struct proc *p, void *data) 836 { 837 struct vmspace *vm; 838 vm_map_t map; 839 int state; 840 841 PROC_LOCK_ASSERT(p, MA_OWNED); 842 if ((p->p_flag & P_WEXIT) != 0) 843 return (ESRCH); 844 state = *(int *)data; 845 846 switch (state) { 847 case PROC_WX_MAPPINGS_PERMIT: 848 p->p_flag2 |= P2_WXORX_DISABLE; 849 _PHOLD(p); 850 PROC_UNLOCK(p); 851 vm = vmspace_acquire_ref(p); 852 if (vm != NULL) { 853 map = &vm->vm_map; 854 vm_map_lock(map); 855 map->flags &= ~MAP_WXORX; 856 vm_map_unlock(map); 857 vmspace_free(vm); 858 } 859 PROC_LOCK(p); 860 _PRELE(p); 861 break; 862 case PROC_WX_MAPPINGS_DISALLOW_EXEC: 863 p->p_flag2 |= P2_WXORX_ENABLE_EXEC; 864 break; 865 default: 866 return (EINVAL); 867 } 868 869 return (0); 870 } 871 872 static int 873 wxmap_status(struct thread *td, struct proc *p, void *data) 874 { 875 struct vmspace *vm; 876 int d; 877 878 PROC_LOCK_ASSERT(p, MA_OWNED); 879 if ((p->p_flag & P_WEXIT) != 0) 880 return (ESRCH); 881 882 d = 0; 883 if ((p->p_flag2 & P2_WXORX_DISABLE) != 0) 884 d |= PROC_WX_MAPPINGS_PERMIT; 885 if ((p->p_flag2 & P2_WXORX_ENABLE_EXEC) != 0) 886 d |= PROC_WX_MAPPINGS_DISALLOW_EXEC; 887 _PHOLD(p); 888 PROC_UNLOCK(p); 889 vm = vmspace_acquire_ref(p); 890 if (vm != NULL) { 891 if ((vm->vm_map.flags & MAP_WXORX) != 0) 892 d |= PROC_WXORX_ENFORCE; 893 vmspace_free(vm); 894 } 895 PROC_LOCK(p); 896 _PRELE(p); 897 *(int *)data = d; 898 return (0); 899 } 900 901 static int 902 pdeathsig_ctl(struct thread *td, struct proc *p, void *data) 903 { 904 int signum; 905 906 signum = *(int *)data; 907 if (p != td->td_proc || (signum != 0 && !_SIG_VALID(signum))) 908 return (EINVAL); 909 p->p_pdeathsig = signum; 910 return (0); 911 } 912 913 static int 914 pdeathsig_status(struct thread *td, struct proc *p, void *data) 915 { 916 if (p != td->td_proc) 917 return (EINVAL); 918 *(int *)data = p->p_pdeathsig; 919 return (0); 920 } 921 922 enum { 923 PCTL_SLOCKED, 924 PCTL_XLOCKED, 925 PCTL_UNLOCKED, 926 }; 927 928 struct procctl_cmd_info { 929 int lock_tree; 930 bool one_proc : 1; 931 bool esrch_is_einval : 1; 932 bool copyout_on_error : 1; 933 bool no_nonnull_data : 1; 934 bool need_candebug : 1; 935 int copyin_sz; 936 int copyout_sz; 937 int (*exec)(struct thread *, struct proc *, void *); 938 bool (*sapblk)(struct thread *, void *); 939 }; 940 static const struct procctl_cmd_info procctl_cmds_info[] = { 941 [PROC_SPROTECT] = 942 { .lock_tree = PCTL_SLOCKED, .one_proc = false, 943 .esrch_is_einval = false, .no_nonnull_data = false, 944 .need_candebug = false, 945 .copyin_sz = sizeof(int), .copyout_sz = 0, 946 .exec = protect_set, .copyout_on_error = false, }, 947 [PROC_REAP_ACQUIRE] = 948 { .lock_tree = PCTL_XLOCKED, .one_proc = true, 949 .esrch_is_einval = false, .no_nonnull_data = true, 950 .need_candebug = false, 951 .copyin_sz = 0, .copyout_sz = 0, 952 .exec = reap_acquire, .copyout_on_error = false, }, 953 [PROC_REAP_RELEASE] = 954 { .lock_tree = PCTL_XLOCKED, .one_proc = true, 955 .esrch_is_einval = false, .no_nonnull_data = true, 956 .need_candebug = false, 957 .copyin_sz = 0, .copyout_sz = 0, 958 .exec = reap_release, .copyout_on_error = false, }, 959 [PROC_REAP_STATUS] = 960 { .lock_tree = PCTL_SLOCKED, .one_proc = true, 961 .esrch_is_einval = false, .no_nonnull_data = false, 962 .need_candebug = false, 963 .copyin_sz = 0, 964 .copyout_sz = sizeof(struct procctl_reaper_status), 965 .exec = reap_status, .copyout_on_error = false, }, 966 [PROC_REAP_GETPIDS] = 967 { .lock_tree = PCTL_SLOCKED, .one_proc = true, 968 .esrch_is_einval = false, .no_nonnull_data = false, 969 .need_candebug = false, 970 .copyin_sz = sizeof(struct procctl_reaper_pids), 971 .copyout_sz = 0, 972 .exec = reap_getpids, .copyout_on_error = false, }, 973 [PROC_REAP_KILL] = 974 { .lock_tree = PCTL_SLOCKED, .one_proc = true, 975 .esrch_is_einval = false, .no_nonnull_data = false, 976 .need_candebug = false, 977 .copyin_sz = sizeof(struct procctl_reaper_kill), 978 .copyout_sz = sizeof(struct procctl_reaper_kill), 979 .exec = reap_kill, .copyout_on_error = true, 980 .sapblk = reap_kill_sapblk, }, 981 [PROC_TRACE_CTL] = 982 { .lock_tree = PCTL_SLOCKED, .one_proc = false, 983 .esrch_is_einval = false, .no_nonnull_data = false, 984 .need_candebug = true, 985 .copyin_sz = sizeof(int), .copyout_sz = 0, 986 .exec = trace_ctl, .copyout_on_error = false, }, 987 [PROC_TRACE_STATUS] = 988 { .lock_tree = PCTL_UNLOCKED, .one_proc = true, 989 .esrch_is_einval = false, .no_nonnull_data = false, 990 .need_candebug = false, 991 .copyin_sz = 0, .copyout_sz = sizeof(int), 992 .exec = trace_status, .copyout_on_error = false, }, 993 [PROC_TRAPCAP_CTL] = 994 { .lock_tree = PCTL_SLOCKED, .one_proc = false, 995 .esrch_is_einval = false, .no_nonnull_data = false, 996 .need_candebug = true, 997 .copyin_sz = sizeof(int), .copyout_sz = 0, 998 .exec = trapcap_ctl, .copyout_on_error = false, }, 999 [PROC_TRAPCAP_STATUS] = 1000 { .lock_tree = PCTL_UNLOCKED, .one_proc = true, 1001 .esrch_is_einval = false, .no_nonnull_data = false, 1002 .need_candebug = false, 1003 .copyin_sz = 0, .copyout_sz = sizeof(int), 1004 .exec = trapcap_status, .copyout_on_error = false, }, 1005 [PROC_PDEATHSIG_CTL] = 1006 { .lock_tree = PCTL_UNLOCKED, .one_proc = true, 1007 .esrch_is_einval = true, .no_nonnull_data = false, 1008 .need_candebug = false, 1009 .copyin_sz = sizeof(int), .copyout_sz = 0, 1010 .exec = pdeathsig_ctl, .copyout_on_error = false, }, 1011 [PROC_PDEATHSIG_STATUS] = 1012 { .lock_tree = PCTL_UNLOCKED, .one_proc = true, 1013 .esrch_is_einval = true, .no_nonnull_data = false, 1014 .need_candebug = false, 1015 .copyin_sz = 0, .copyout_sz = sizeof(int), 1016 .exec = pdeathsig_status, .copyout_on_error = false, }, 1017 [PROC_ASLR_CTL] = 1018 { .lock_tree = PCTL_UNLOCKED, .one_proc = true, 1019 .esrch_is_einval = false, .no_nonnull_data = false, 1020 .need_candebug = true, 1021 .copyin_sz = sizeof(int), .copyout_sz = 0, 1022 .exec = aslr_ctl, .copyout_on_error = false, }, 1023 [PROC_ASLR_STATUS] = 1024 { .lock_tree = PCTL_UNLOCKED, .one_proc = true, 1025 .esrch_is_einval = false, .no_nonnull_data = false, 1026 .need_candebug = false, 1027 .copyin_sz = 0, .copyout_sz = sizeof(int), 1028 .exec = aslr_status, .copyout_on_error = false, }, 1029 [PROC_PROTMAX_CTL] = 1030 { .lock_tree = PCTL_UNLOCKED, .one_proc = true, 1031 .esrch_is_einval = false, .no_nonnull_data = false, 1032 .need_candebug = true, 1033 .copyin_sz = sizeof(int), .copyout_sz = 0, 1034 .exec = protmax_ctl, .copyout_on_error = false, }, 1035 [PROC_PROTMAX_STATUS] = 1036 { .lock_tree = PCTL_UNLOCKED, .one_proc = true, 1037 .esrch_is_einval = false, .no_nonnull_data = false, 1038 .need_candebug = false, 1039 .copyin_sz = 0, .copyout_sz = sizeof(int), 1040 .exec = protmax_status, .copyout_on_error = false, }, 1041 [PROC_STACKGAP_CTL] = 1042 { .lock_tree = PCTL_UNLOCKED, .one_proc = true, 1043 .esrch_is_einval = false, .no_nonnull_data = false, 1044 .need_candebug = true, 1045 .copyin_sz = sizeof(int), .copyout_sz = 0, 1046 .exec = stackgap_ctl, .copyout_on_error = false, }, 1047 [PROC_STACKGAP_STATUS] = 1048 { .lock_tree = PCTL_UNLOCKED, .one_proc = true, 1049 .esrch_is_einval = false, .no_nonnull_data = false, 1050 .need_candebug = false, 1051 .copyin_sz = 0, .copyout_sz = sizeof(int), 1052 .exec = stackgap_status, .copyout_on_error = false, }, 1053 [PROC_NO_NEW_PRIVS_CTL] = 1054 { .lock_tree = PCTL_SLOCKED, .one_proc = true, 1055 .esrch_is_einval = false, .no_nonnull_data = false, 1056 .need_candebug = true, 1057 .copyin_sz = sizeof(int), .copyout_sz = 0, 1058 .exec = no_new_privs_ctl, .copyout_on_error = false, }, 1059 [PROC_NO_NEW_PRIVS_STATUS] = 1060 { .lock_tree = PCTL_UNLOCKED, .one_proc = true, 1061 .esrch_is_einval = false, .no_nonnull_data = false, 1062 .need_candebug = false, 1063 .copyin_sz = 0, .copyout_sz = sizeof(int), 1064 .exec = no_new_privs_status, .copyout_on_error = false, }, 1065 [PROC_WXMAP_CTL] = 1066 { .lock_tree = PCTL_UNLOCKED, .one_proc = true, 1067 .esrch_is_einval = false, .no_nonnull_data = false, 1068 .need_candebug = true, 1069 .copyin_sz = sizeof(int), .copyout_sz = 0, 1070 .exec = wxmap_ctl, .copyout_on_error = false, }, 1071 [PROC_WXMAP_STATUS] = 1072 { .lock_tree = PCTL_UNLOCKED, .one_proc = true, 1073 .esrch_is_einval = false, .no_nonnull_data = false, 1074 .need_candebug = false, 1075 .copyin_sz = 0, .copyout_sz = sizeof(int), 1076 .exec = wxmap_status, .copyout_on_error = false, }, 1077 }; 1078 1079 int 1080 sys_procctl(struct thread *td, struct procctl_args *uap) 1081 { 1082 union { 1083 struct procctl_reaper_status rs; 1084 struct procctl_reaper_pids rp; 1085 struct procctl_reaper_kill rk; 1086 int flags; 1087 } x; 1088 const struct procctl_cmd_info *cmd_info; 1089 int error, error1; 1090 1091 if (uap->com >= PROC_PROCCTL_MD_MIN) 1092 return (cpu_procctl(td, uap->idtype, uap->id, 1093 uap->com, uap->data)); 1094 if (uap->com == 0 || uap->com >= nitems(procctl_cmds_info)) 1095 return (EINVAL); 1096 cmd_info = &procctl_cmds_info[uap->com]; 1097 bzero(&x, sizeof(x)); 1098 1099 if (cmd_info->copyin_sz > 0) { 1100 error = copyin(uap->data, &x, cmd_info->copyin_sz); 1101 if (error != 0) 1102 return (error); 1103 } else if (cmd_info->no_nonnull_data && uap->data != NULL) { 1104 return (EINVAL); 1105 } 1106 1107 error = kern_procctl(td, uap->idtype, uap->id, uap->com, &x); 1108 1109 if (cmd_info->copyout_sz > 0 && (error == 0 || 1110 cmd_info->copyout_on_error)) { 1111 error1 = copyout(&x, uap->data, cmd_info->copyout_sz); 1112 if (error == 0) 1113 error = error1; 1114 } 1115 return (error); 1116 } 1117 1118 static int 1119 kern_procctl_single(struct thread *td, struct proc *p, int com, void *data) 1120 { 1121 1122 PROC_LOCK_ASSERT(p, MA_OWNED); 1123 return (procctl_cmds_info[com].exec(td, p, data)); 1124 } 1125 1126 int 1127 kern_procctl(struct thread *td, idtype_t idtype, id_t id, int com, void *data) 1128 { 1129 struct pgrp *pg; 1130 struct proc *p; 1131 const struct procctl_cmd_info *cmd_info; 1132 int error, first_error, ok; 1133 bool sapblk; 1134 1135 MPASS(com > 0 && com < nitems(procctl_cmds_info)); 1136 cmd_info = &procctl_cmds_info[com]; 1137 if (idtype != P_PID && cmd_info->one_proc) 1138 return (EINVAL); 1139 1140 sapblk = false; 1141 if (cmd_info->sapblk != NULL) { 1142 sapblk = cmd_info->sapblk(td, data); 1143 if (sapblk && !stop_all_proc_block()) 1144 return (ERESTART); 1145 } 1146 1147 switch (cmd_info->lock_tree) { 1148 case PCTL_XLOCKED: 1149 sx_xlock(&proctree_lock); 1150 break; 1151 case PCTL_SLOCKED: 1152 sx_slock(&proctree_lock); 1153 break; 1154 default: 1155 break; 1156 } 1157 1158 switch (idtype) { 1159 case P_PID: 1160 if (id == 0) { 1161 p = td->td_proc; 1162 error = 0; 1163 PROC_LOCK(p); 1164 } else { 1165 p = pfind(id); 1166 if (p == NULL) { 1167 error = cmd_info->esrch_is_einval ? 1168 EINVAL : ESRCH; 1169 break; 1170 } 1171 error = cmd_info->need_candebug ? p_candebug(td, p) : 1172 p_cansee(td, p); 1173 } 1174 if (error == 0) 1175 error = kern_procctl_single(td, p, com, data); 1176 PROC_UNLOCK(p); 1177 break; 1178 case P_PGID: 1179 /* 1180 * Attempt to apply the operation to all members of the 1181 * group. Ignore processes in the group that can't be 1182 * seen. Ignore errors so long as at least one process is 1183 * able to complete the request successfully. 1184 */ 1185 pg = pgfind(id); 1186 if (pg == NULL) { 1187 error = ESRCH; 1188 break; 1189 } 1190 PGRP_UNLOCK(pg); 1191 ok = 0; 1192 first_error = 0; 1193 LIST_FOREACH(p, &pg->pg_members, p_pglist) { 1194 PROC_LOCK(p); 1195 if (p->p_state == PRS_NEW || 1196 p->p_state == PRS_ZOMBIE || 1197 (cmd_info->need_candebug ? p_candebug(td, p) : 1198 p_cansee(td, p)) != 0) { 1199 PROC_UNLOCK(p); 1200 continue; 1201 } 1202 error = kern_procctl_single(td, p, com, data); 1203 PROC_UNLOCK(p); 1204 if (error == 0) 1205 ok = 1; 1206 else if (first_error == 0) 1207 first_error = error; 1208 } 1209 if (ok) 1210 error = 0; 1211 else if (first_error != 0) 1212 error = first_error; 1213 else 1214 /* 1215 * Was not able to see any processes in the 1216 * process group. 1217 */ 1218 error = ESRCH; 1219 break; 1220 default: 1221 error = EINVAL; 1222 break; 1223 } 1224 1225 switch (cmd_info->lock_tree) { 1226 case PCTL_XLOCKED: 1227 sx_xunlock(&proctree_lock); 1228 break; 1229 case PCTL_SLOCKED: 1230 sx_sunlock(&proctree_lock); 1231 break; 1232 default: 1233 break; 1234 } 1235 if (sapblk) 1236 stop_all_proc_unblock(); 1237 return (error); 1238 } 1239