1 /*- 2 * SPDX-License-Identifier: BSD-4-Clause 3 * 4 * Copyright (c) 1994, Sean Eric Fagan 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by Sean Eric Fagan. 18 * 4. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include <sys/cdefs.h> 35 __FBSDID("$FreeBSD$"); 36 37 #include <sys/param.h> 38 #include <sys/systm.h> 39 #include <sys/ktr.h> 40 #include <sys/lock.h> 41 #include <sys/mutex.h> 42 #include <sys/syscallsubr.h> 43 #include <sys/sysent.h> 44 #include <sys/sysproto.h> 45 #include <sys/pioctl.h> 46 #include <sys/priv.h> 47 #include <sys/proc.h> 48 #include <sys/vnode.h> 49 #include <sys/ptrace.h> 50 #include <sys/rwlock.h> 51 #include <sys/sx.h> 52 #include <sys/malloc.h> 53 #include <sys/signalvar.h> 54 55 #include <machine/reg.h> 56 57 #include <security/audit/audit.h> 58 59 #include <vm/vm.h> 60 #include <vm/pmap.h> 61 #include <vm/vm_extern.h> 62 #include <vm/vm_map.h> 63 #include <vm/vm_kern.h> 64 #include <vm/vm_object.h> 65 #include <vm/vm_page.h> 66 #include <vm/vm_param.h> 67 68 #ifdef COMPAT_FREEBSD32 69 #include <sys/procfs.h> 70 #include <compat/freebsd32/freebsd32_signal.h> 71 72 struct ptrace_io_desc32 { 73 int piod_op; 74 uint32_t piod_offs; 75 uint32_t piod_addr; 76 uint32_t piod_len; 77 }; 78 79 struct ptrace_vm_entry32 { 80 int pve_entry; 81 int pve_timestamp; 82 uint32_t pve_start; 83 uint32_t pve_end; 84 uint32_t pve_offset; 85 u_int pve_prot; 86 u_int pve_pathlen; 87 int32_t pve_fileid; 88 u_int pve_fsid; 89 uint32_t pve_path; 90 }; 91 #endif 92 93 /* 94 * Functions implemented using PROC_ACTION(): 95 * 96 * proc_read_regs(proc, regs) 97 * Get the current user-visible register set from the process 98 * and copy it into the regs structure (<machine/reg.h>). 99 * The process is stopped at the time read_regs is called. 100 * 101 * proc_write_regs(proc, regs) 102 * Update the current register set from the passed in regs 103 * structure. Take care to avoid clobbering special CPU 104 * registers or privileged bits in the PSL. 105 * Depending on the architecture this may have fix-up work to do, 106 * especially if the IAR or PCW are modified. 107 * The process is stopped at the time write_regs is called. 108 * 109 * proc_read_fpregs, proc_write_fpregs 110 * deal with the floating point register set, otherwise as above. 111 * 112 * proc_read_dbregs, proc_write_dbregs 113 * deal with the processor debug register set, otherwise as above. 114 * 115 * proc_sstep(proc) 116 * Arrange for the process to trap after executing a single instruction. 117 */ 118 119 #define PROC_ACTION(action) do { \ 120 int error; \ 121 \ 122 PROC_LOCK_ASSERT(td->td_proc, MA_OWNED); \ 123 if ((td->td_proc->p_flag & P_INMEM) == 0) \ 124 error = EIO; \ 125 else \ 126 error = (action); \ 127 return (error); \ 128 } while(0) 129 130 int 131 proc_read_regs(struct thread *td, struct reg *regs) 132 { 133 134 PROC_ACTION(fill_regs(td, regs)); 135 } 136 137 int 138 proc_write_regs(struct thread *td, struct reg *regs) 139 { 140 141 PROC_ACTION(set_regs(td, regs)); 142 } 143 144 int 145 proc_read_dbregs(struct thread *td, struct dbreg *dbregs) 146 { 147 148 PROC_ACTION(fill_dbregs(td, dbregs)); 149 } 150 151 int 152 proc_write_dbregs(struct thread *td, struct dbreg *dbregs) 153 { 154 155 PROC_ACTION(set_dbregs(td, dbregs)); 156 } 157 158 /* 159 * Ptrace doesn't support fpregs at all, and there are no security holes 160 * or translations for fpregs, so we can just copy them. 161 */ 162 int 163 proc_read_fpregs(struct thread *td, struct fpreg *fpregs) 164 { 165 166 PROC_ACTION(fill_fpregs(td, fpregs)); 167 } 168 169 int 170 proc_write_fpregs(struct thread *td, struct fpreg *fpregs) 171 { 172 173 PROC_ACTION(set_fpregs(td, fpregs)); 174 } 175 176 #ifdef COMPAT_FREEBSD32 177 /* For 32 bit binaries, we need to expose the 32 bit regs layouts. */ 178 int 179 proc_read_regs32(struct thread *td, struct reg32 *regs32) 180 { 181 182 PROC_ACTION(fill_regs32(td, regs32)); 183 } 184 185 int 186 proc_write_regs32(struct thread *td, struct reg32 *regs32) 187 { 188 189 PROC_ACTION(set_regs32(td, regs32)); 190 } 191 192 int 193 proc_read_dbregs32(struct thread *td, struct dbreg32 *dbregs32) 194 { 195 196 PROC_ACTION(fill_dbregs32(td, dbregs32)); 197 } 198 199 int 200 proc_write_dbregs32(struct thread *td, struct dbreg32 *dbregs32) 201 { 202 203 PROC_ACTION(set_dbregs32(td, dbregs32)); 204 } 205 206 int 207 proc_read_fpregs32(struct thread *td, struct fpreg32 *fpregs32) 208 { 209 210 PROC_ACTION(fill_fpregs32(td, fpregs32)); 211 } 212 213 int 214 proc_write_fpregs32(struct thread *td, struct fpreg32 *fpregs32) 215 { 216 217 PROC_ACTION(set_fpregs32(td, fpregs32)); 218 } 219 #endif 220 221 int 222 proc_sstep(struct thread *td) 223 { 224 225 PROC_ACTION(ptrace_single_step(td)); 226 } 227 228 int 229 proc_rwmem(struct proc *p, struct uio *uio) 230 { 231 vm_map_t map; 232 vm_offset_t pageno; /* page number */ 233 vm_prot_t reqprot; 234 int error, fault_flags, page_offset, writing; 235 236 /* 237 * Assert that someone has locked this vmspace. (Should be 238 * curthread but we can't assert that.) This keeps the process 239 * from exiting out from under us until this operation completes. 240 */ 241 PROC_ASSERT_HELD(p); 242 PROC_LOCK_ASSERT(p, MA_NOTOWNED); 243 244 /* 245 * The map we want... 246 */ 247 map = &p->p_vmspace->vm_map; 248 249 /* 250 * If we are writing, then we request vm_fault() to create a private 251 * copy of each page. Since these copies will not be writeable by the 252 * process, we must explicity request that they be dirtied. 253 */ 254 writing = uio->uio_rw == UIO_WRITE; 255 reqprot = writing ? VM_PROT_COPY | VM_PROT_READ : VM_PROT_READ; 256 fault_flags = writing ? VM_FAULT_DIRTY : VM_FAULT_NORMAL; 257 258 /* 259 * Only map in one page at a time. We don't have to, but it 260 * makes things easier. This way is trivial - right? 261 */ 262 do { 263 vm_offset_t uva; 264 u_int len; 265 vm_page_t m; 266 267 uva = (vm_offset_t)uio->uio_offset; 268 269 /* 270 * Get the page number of this segment. 271 */ 272 pageno = trunc_page(uva); 273 page_offset = uva - pageno; 274 275 /* 276 * How many bytes to copy 277 */ 278 len = min(PAGE_SIZE - page_offset, uio->uio_resid); 279 280 /* 281 * Fault and hold the page on behalf of the process. 282 */ 283 error = vm_fault_hold(map, pageno, reqprot, fault_flags, &m); 284 if (error != KERN_SUCCESS) { 285 if (error == KERN_RESOURCE_SHORTAGE) 286 error = ENOMEM; 287 else 288 error = EFAULT; 289 break; 290 } 291 292 /* 293 * Now do the i/o move. 294 */ 295 error = uiomove_fromphys(&m, page_offset, len, uio); 296 297 /* Make the I-cache coherent for breakpoints. */ 298 if (writing && error == 0) { 299 vm_map_lock_read(map); 300 if (vm_map_check_protection(map, pageno, pageno + 301 PAGE_SIZE, VM_PROT_EXECUTE)) 302 vm_sync_icache(map, uva, len); 303 vm_map_unlock_read(map); 304 } 305 306 /* 307 * Release the page. 308 */ 309 vm_page_lock(m); 310 if (vm_page_unwire(m, PQ_ACTIVE) && m->object == NULL) 311 vm_page_free(m); 312 vm_page_unlock(m); 313 314 } while (error == 0 && uio->uio_resid > 0); 315 316 return (error); 317 } 318 319 static ssize_t 320 proc_iop(struct thread *td, struct proc *p, vm_offset_t va, void *buf, 321 size_t len, enum uio_rw rw) 322 { 323 struct iovec iov; 324 struct uio uio; 325 ssize_t slen; 326 327 MPASS(len < SSIZE_MAX); 328 slen = (ssize_t)len; 329 330 iov.iov_base = (caddr_t)buf; 331 iov.iov_len = len; 332 uio.uio_iov = &iov; 333 uio.uio_iovcnt = 1; 334 uio.uio_offset = va; 335 uio.uio_resid = slen; 336 uio.uio_segflg = UIO_SYSSPACE; 337 uio.uio_rw = rw; 338 uio.uio_td = td; 339 proc_rwmem(p, &uio); 340 if (uio.uio_resid == slen) 341 return (-1); 342 return (slen - uio.uio_resid); 343 } 344 345 ssize_t 346 proc_readmem(struct thread *td, struct proc *p, vm_offset_t va, void *buf, 347 size_t len) 348 { 349 350 return (proc_iop(td, p, va, buf, len, UIO_READ)); 351 } 352 353 ssize_t 354 proc_writemem(struct thread *td, struct proc *p, vm_offset_t va, void *buf, 355 size_t len) 356 { 357 358 return (proc_iop(td, p, va, buf, len, UIO_WRITE)); 359 } 360 361 static int 362 ptrace_vm_entry(struct thread *td, struct proc *p, struct ptrace_vm_entry *pve) 363 { 364 struct vattr vattr; 365 vm_map_t map; 366 vm_map_entry_t entry; 367 vm_object_t obj, tobj, lobj; 368 struct vmspace *vm; 369 struct vnode *vp; 370 char *freepath, *fullpath; 371 u_int pathlen; 372 int error, index; 373 374 error = 0; 375 obj = NULL; 376 377 vm = vmspace_acquire_ref(p); 378 map = &vm->vm_map; 379 vm_map_lock_read(map); 380 381 do { 382 entry = map->header.next; 383 index = 0; 384 while (index < pve->pve_entry && entry != &map->header) { 385 entry = entry->next; 386 index++; 387 } 388 if (index != pve->pve_entry) { 389 error = EINVAL; 390 break; 391 } 392 KASSERT((map->header.eflags & MAP_ENTRY_IS_SUB_MAP) == 0, 393 ("Submap in map header")); 394 while ((entry->eflags & MAP_ENTRY_IS_SUB_MAP) != 0) { 395 entry = entry->next; 396 index++; 397 } 398 if (entry == &map->header) { 399 error = ENOENT; 400 break; 401 } 402 403 /* We got an entry. */ 404 pve->pve_entry = index + 1; 405 pve->pve_timestamp = map->timestamp; 406 pve->pve_start = entry->start; 407 pve->pve_end = entry->end - 1; 408 pve->pve_offset = entry->offset; 409 pve->pve_prot = entry->protection; 410 411 /* Backing object's path needed? */ 412 if (pve->pve_pathlen == 0) 413 break; 414 415 pathlen = pve->pve_pathlen; 416 pve->pve_pathlen = 0; 417 418 obj = entry->object.vm_object; 419 if (obj != NULL) 420 VM_OBJECT_RLOCK(obj); 421 } while (0); 422 423 vm_map_unlock_read(map); 424 425 pve->pve_fsid = VNOVAL; 426 pve->pve_fileid = VNOVAL; 427 428 if (error == 0 && obj != NULL) { 429 lobj = obj; 430 for (tobj = obj; tobj != NULL; tobj = tobj->backing_object) { 431 if (tobj != obj) 432 VM_OBJECT_RLOCK(tobj); 433 if (lobj != obj) 434 VM_OBJECT_RUNLOCK(lobj); 435 lobj = tobj; 436 pve->pve_offset += tobj->backing_object_offset; 437 } 438 vp = vm_object_vnode(lobj); 439 if (vp != NULL) 440 vref(vp); 441 if (lobj != obj) 442 VM_OBJECT_RUNLOCK(lobj); 443 VM_OBJECT_RUNLOCK(obj); 444 445 if (vp != NULL) { 446 freepath = NULL; 447 fullpath = NULL; 448 vn_fullpath(td, vp, &fullpath, &freepath); 449 vn_lock(vp, LK_SHARED | LK_RETRY); 450 if (VOP_GETATTR(vp, &vattr, td->td_ucred) == 0) { 451 pve->pve_fileid = vattr.va_fileid; 452 pve->pve_fsid = vattr.va_fsid; 453 } 454 vput(vp); 455 456 if (fullpath != NULL) { 457 pve->pve_pathlen = strlen(fullpath) + 1; 458 if (pve->pve_pathlen <= pathlen) { 459 error = copyout(fullpath, pve->pve_path, 460 pve->pve_pathlen); 461 } else 462 error = ENAMETOOLONG; 463 } 464 if (freepath != NULL) 465 free(freepath, M_TEMP); 466 } 467 } 468 vmspace_free(vm); 469 if (error == 0) 470 CTR3(KTR_PTRACE, "PT_VM_ENTRY: pid %d, entry %d, start %p", 471 p->p_pid, pve->pve_entry, pve->pve_start); 472 473 return (error); 474 } 475 476 #ifdef COMPAT_FREEBSD32 477 static int 478 ptrace_vm_entry32(struct thread *td, struct proc *p, 479 struct ptrace_vm_entry32 *pve32) 480 { 481 struct ptrace_vm_entry pve; 482 int error; 483 484 pve.pve_entry = pve32->pve_entry; 485 pve.pve_pathlen = pve32->pve_pathlen; 486 pve.pve_path = (void *)(uintptr_t)pve32->pve_path; 487 488 error = ptrace_vm_entry(td, p, &pve); 489 if (error == 0) { 490 pve32->pve_entry = pve.pve_entry; 491 pve32->pve_timestamp = pve.pve_timestamp; 492 pve32->pve_start = pve.pve_start; 493 pve32->pve_end = pve.pve_end; 494 pve32->pve_offset = pve.pve_offset; 495 pve32->pve_prot = pve.pve_prot; 496 pve32->pve_fileid = pve.pve_fileid; 497 pve32->pve_fsid = pve.pve_fsid; 498 } 499 500 pve32->pve_pathlen = pve.pve_pathlen; 501 return (error); 502 } 503 504 static void 505 ptrace_lwpinfo_to32(const struct ptrace_lwpinfo *pl, 506 struct ptrace_lwpinfo32 *pl32) 507 { 508 509 bzero(pl32, sizeof(*pl32)); 510 pl32->pl_lwpid = pl->pl_lwpid; 511 pl32->pl_event = pl->pl_event; 512 pl32->pl_flags = pl->pl_flags; 513 pl32->pl_sigmask = pl->pl_sigmask; 514 pl32->pl_siglist = pl->pl_siglist; 515 siginfo_to_siginfo32(&pl->pl_siginfo, &pl32->pl_siginfo); 516 strcpy(pl32->pl_tdname, pl->pl_tdname); 517 pl32->pl_child_pid = pl->pl_child_pid; 518 pl32->pl_syscall_code = pl->pl_syscall_code; 519 pl32->pl_syscall_narg = pl->pl_syscall_narg; 520 } 521 #endif /* COMPAT_FREEBSD32 */ 522 523 /* 524 * Process debugging system call. 525 */ 526 #ifndef _SYS_SYSPROTO_H_ 527 struct ptrace_args { 528 int req; 529 pid_t pid; 530 caddr_t addr; 531 int data; 532 }; 533 #endif 534 535 #ifdef COMPAT_FREEBSD32 536 /* 537 * This CPP subterfuge is to try and reduce the number of ifdefs in 538 * the body of the code. 539 * COPYIN(uap->addr, &r.reg, sizeof r.reg); 540 * becomes either: 541 * copyin(uap->addr, &r.reg, sizeof r.reg); 542 * or 543 * copyin(uap->addr, &r.reg32, sizeof r.reg32); 544 * .. except this is done at runtime. 545 */ 546 #define BZERO(a, s) wrap32 ? \ 547 bzero(a ## 32, s ## 32) : \ 548 bzero(a, s) 549 #define COPYIN(u, k, s) wrap32 ? \ 550 copyin(u, k ## 32, s ## 32) : \ 551 copyin(u, k, s) 552 #define COPYOUT(k, u, s) wrap32 ? \ 553 copyout(k ## 32, u, s ## 32) : \ 554 copyout(k, u, s) 555 #else 556 #define BZERO(a, s) bzero(a, s) 557 #define COPYIN(u, k, s) copyin(u, k, s) 558 #define COPYOUT(k, u, s) copyout(k, u, s) 559 #endif 560 int 561 sys_ptrace(struct thread *td, struct ptrace_args *uap) 562 { 563 /* 564 * XXX this obfuscation is to reduce stack usage, but the register 565 * structs may be too large to put on the stack anyway. 566 */ 567 union { 568 struct ptrace_io_desc piod; 569 struct ptrace_lwpinfo pl; 570 struct ptrace_vm_entry pve; 571 struct dbreg dbreg; 572 struct fpreg fpreg; 573 struct reg reg; 574 #ifdef COMPAT_FREEBSD32 575 struct dbreg32 dbreg32; 576 struct fpreg32 fpreg32; 577 struct reg32 reg32; 578 struct ptrace_io_desc32 piod32; 579 struct ptrace_lwpinfo32 pl32; 580 struct ptrace_vm_entry32 pve32; 581 #endif 582 char args[sizeof(td->td_sa.args)]; 583 int ptevents; 584 } r; 585 void *addr; 586 int error = 0; 587 #ifdef COMPAT_FREEBSD32 588 int wrap32 = 0; 589 590 if (SV_CURPROC_FLAG(SV_ILP32)) 591 wrap32 = 1; 592 #endif 593 AUDIT_ARG_PID(uap->pid); 594 AUDIT_ARG_CMD(uap->req); 595 AUDIT_ARG_VALUE(uap->data); 596 addr = &r; 597 switch (uap->req) { 598 case PT_GET_EVENT_MASK: 599 case PT_LWPINFO: 600 case PT_GET_SC_ARGS: 601 break; 602 case PT_GETREGS: 603 BZERO(&r.reg, sizeof r.reg); 604 break; 605 case PT_GETFPREGS: 606 BZERO(&r.fpreg, sizeof r.fpreg); 607 break; 608 case PT_GETDBREGS: 609 BZERO(&r.dbreg, sizeof r.dbreg); 610 break; 611 case PT_SETREGS: 612 error = COPYIN(uap->addr, &r.reg, sizeof r.reg); 613 break; 614 case PT_SETFPREGS: 615 error = COPYIN(uap->addr, &r.fpreg, sizeof r.fpreg); 616 break; 617 case PT_SETDBREGS: 618 error = COPYIN(uap->addr, &r.dbreg, sizeof r.dbreg); 619 break; 620 case PT_SET_EVENT_MASK: 621 if (uap->data != sizeof(r.ptevents)) 622 error = EINVAL; 623 else 624 error = copyin(uap->addr, &r.ptevents, uap->data); 625 break; 626 case PT_IO: 627 error = COPYIN(uap->addr, &r.piod, sizeof r.piod); 628 break; 629 case PT_VM_ENTRY: 630 error = COPYIN(uap->addr, &r.pve, sizeof r.pve); 631 break; 632 default: 633 addr = uap->addr; 634 break; 635 } 636 if (error) 637 return (error); 638 639 error = kern_ptrace(td, uap->req, uap->pid, addr, uap->data); 640 if (error) 641 return (error); 642 643 switch (uap->req) { 644 case PT_VM_ENTRY: 645 error = COPYOUT(&r.pve, uap->addr, sizeof r.pve); 646 break; 647 case PT_IO: 648 error = COPYOUT(&r.piod, uap->addr, sizeof r.piod); 649 break; 650 case PT_GETREGS: 651 error = COPYOUT(&r.reg, uap->addr, sizeof r.reg); 652 break; 653 case PT_GETFPREGS: 654 error = COPYOUT(&r.fpreg, uap->addr, sizeof r.fpreg); 655 break; 656 case PT_GETDBREGS: 657 error = COPYOUT(&r.dbreg, uap->addr, sizeof r.dbreg); 658 break; 659 case PT_GET_EVENT_MASK: 660 /* NB: The size in uap->data is validated in kern_ptrace(). */ 661 error = copyout(&r.ptevents, uap->addr, uap->data); 662 break; 663 case PT_LWPINFO: 664 /* NB: The size in uap->data is validated in kern_ptrace(). */ 665 error = copyout(&r.pl, uap->addr, uap->data); 666 break; 667 case PT_GET_SC_ARGS: 668 error = copyout(r.args, uap->addr, MIN(uap->data, 669 sizeof(r.args))); 670 break; 671 } 672 673 return (error); 674 } 675 #undef COPYIN 676 #undef COPYOUT 677 #undef BZERO 678 679 #ifdef COMPAT_FREEBSD32 680 /* 681 * PROC_READ(regs, td2, addr); 682 * becomes either: 683 * proc_read_regs(td2, addr); 684 * or 685 * proc_read_regs32(td2, addr); 686 * .. except this is done at runtime. There is an additional 687 * complication in that PROC_WRITE disallows 32 bit consumers 688 * from writing to 64 bit address space targets. 689 */ 690 #define PROC_READ(w, t, a) wrap32 ? \ 691 proc_read_ ## w ## 32(t, a) : \ 692 proc_read_ ## w (t, a) 693 #define PROC_WRITE(w, t, a) wrap32 ? \ 694 (safe ? proc_write_ ## w ## 32(t, a) : EINVAL ) : \ 695 proc_write_ ## w (t, a) 696 #else 697 #define PROC_READ(w, t, a) proc_read_ ## w (t, a) 698 #define PROC_WRITE(w, t, a) proc_write_ ## w (t, a) 699 #endif 700 701 void 702 proc_set_traced(struct proc *p, bool stop) 703 { 704 705 sx_assert(&proctree_lock, SX_XLOCKED); 706 PROC_LOCK_ASSERT(p, MA_OWNED); 707 p->p_flag |= P_TRACED; 708 if (stop) 709 p->p_flag2 |= P2_PTRACE_FSTP; 710 p->p_ptevents = PTRACE_DEFAULT; 711 } 712 713 int 714 kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data) 715 { 716 struct iovec iov; 717 struct uio uio; 718 struct proc *curp, *p, *pp; 719 struct thread *td2 = NULL, *td3; 720 struct ptrace_io_desc *piod = NULL; 721 struct ptrace_lwpinfo *pl; 722 int error, num, tmp; 723 int proctree_locked = 0; 724 lwpid_t tid = 0, *buf; 725 #ifdef COMPAT_FREEBSD32 726 int wrap32 = 0, safe = 0; 727 struct ptrace_io_desc32 *piod32 = NULL; 728 struct ptrace_lwpinfo32 *pl32 = NULL; 729 struct ptrace_lwpinfo plr; 730 #endif 731 732 curp = td->td_proc; 733 734 /* Lock proctree before locking the process. */ 735 switch (req) { 736 case PT_TRACE_ME: 737 case PT_ATTACH: 738 case PT_STEP: 739 case PT_CONTINUE: 740 case PT_TO_SCE: 741 case PT_TO_SCX: 742 case PT_SYSCALL: 743 case PT_FOLLOW_FORK: 744 case PT_LWP_EVENTS: 745 case PT_GET_EVENT_MASK: 746 case PT_SET_EVENT_MASK: 747 case PT_DETACH: 748 case PT_GET_SC_ARGS: 749 sx_xlock(&proctree_lock); 750 proctree_locked = 1; 751 break; 752 default: 753 break; 754 } 755 756 if (req == PT_TRACE_ME) { 757 p = td->td_proc; 758 PROC_LOCK(p); 759 } else { 760 if (pid <= PID_MAX) { 761 if ((p = pfind(pid)) == NULL) { 762 if (proctree_locked) 763 sx_xunlock(&proctree_lock); 764 return (ESRCH); 765 } 766 } else { 767 td2 = tdfind(pid, -1); 768 if (td2 == NULL) { 769 if (proctree_locked) 770 sx_xunlock(&proctree_lock); 771 return (ESRCH); 772 } 773 p = td2->td_proc; 774 tid = pid; 775 pid = p->p_pid; 776 } 777 } 778 AUDIT_ARG_PROCESS(p); 779 780 if ((p->p_flag & P_WEXIT) != 0) { 781 error = ESRCH; 782 goto fail; 783 } 784 if ((error = p_cansee(td, p)) != 0) 785 goto fail; 786 787 if ((error = p_candebug(td, p)) != 0) 788 goto fail; 789 790 /* 791 * System processes can't be debugged. 792 */ 793 if ((p->p_flag & P_SYSTEM) != 0) { 794 error = EINVAL; 795 goto fail; 796 } 797 798 if (tid == 0) { 799 if ((p->p_flag & P_STOPPED_TRACE) != 0) { 800 KASSERT(p->p_xthread != NULL, ("NULL p_xthread")); 801 td2 = p->p_xthread; 802 } else { 803 td2 = FIRST_THREAD_IN_PROC(p); 804 } 805 tid = td2->td_tid; 806 } 807 808 #ifdef COMPAT_FREEBSD32 809 /* 810 * Test if we're a 32 bit client and what the target is. 811 * Set the wrap controls accordingly. 812 */ 813 if (SV_CURPROC_FLAG(SV_ILP32)) { 814 if (SV_PROC_FLAG(td2->td_proc, SV_ILP32)) 815 safe = 1; 816 wrap32 = 1; 817 } 818 #endif 819 /* 820 * Permissions check 821 */ 822 switch (req) { 823 case PT_TRACE_ME: 824 /* 825 * Always legal, when there is a parent process which 826 * could trace us. Otherwise, reject. 827 */ 828 if ((p->p_flag & P_TRACED) != 0) { 829 error = EBUSY; 830 goto fail; 831 } 832 if (p->p_pptr == initproc) { 833 error = EPERM; 834 goto fail; 835 } 836 break; 837 838 case PT_ATTACH: 839 /* Self */ 840 if (p == td->td_proc) { 841 error = EINVAL; 842 goto fail; 843 } 844 845 /* Already traced */ 846 if (p->p_flag & P_TRACED) { 847 error = EBUSY; 848 goto fail; 849 } 850 851 /* Can't trace an ancestor if you're being traced. */ 852 if (curp->p_flag & P_TRACED) { 853 for (pp = curp->p_pptr; pp != NULL; pp = pp->p_pptr) { 854 if (pp == p) { 855 error = EINVAL; 856 goto fail; 857 } 858 } 859 } 860 861 862 /* OK */ 863 break; 864 865 case PT_CLEARSTEP: 866 /* Allow thread to clear single step for itself */ 867 if (td->td_tid == tid) 868 break; 869 870 /* FALLTHROUGH */ 871 default: 872 /* not being traced... */ 873 if ((p->p_flag & P_TRACED) == 0) { 874 error = EPERM; 875 goto fail; 876 } 877 878 /* not being traced by YOU */ 879 if (p->p_pptr != td->td_proc) { 880 error = EBUSY; 881 goto fail; 882 } 883 884 /* not currently stopped */ 885 if ((p->p_flag & P_STOPPED_TRACE) == 0 || 886 p->p_suspcount != p->p_numthreads || 887 (p->p_flag & P_WAITED) == 0) { 888 error = EBUSY; 889 goto fail; 890 } 891 892 /* OK */ 893 break; 894 } 895 896 /* Keep this process around until we finish this request. */ 897 _PHOLD(p); 898 899 #ifdef FIX_SSTEP 900 /* 901 * Single step fixup ala procfs 902 */ 903 FIX_SSTEP(td2); 904 #endif 905 906 /* 907 * Actually do the requests 908 */ 909 910 td->td_retval[0] = 0; 911 912 switch (req) { 913 case PT_TRACE_ME: 914 /* set my trace flag and "owner" so it can read/write me */ 915 proc_set_traced(p, false); 916 if (p->p_flag & P_PPWAIT) 917 p->p_flag |= P_PPTRACE; 918 CTR1(KTR_PTRACE, "PT_TRACE_ME: pid %d", p->p_pid); 919 break; 920 921 case PT_ATTACH: 922 /* security check done above */ 923 /* 924 * It would be nice if the tracing relationship was separate 925 * from the parent relationship but that would require 926 * another set of links in the proc struct or for "wait" 927 * to scan the entire proc table. To make life easier, 928 * we just re-parent the process we're trying to trace. 929 * The old parent is remembered so we can put things back 930 * on a "detach". 931 */ 932 proc_set_traced(p, true); 933 if (p->p_pptr != td->td_proc) { 934 proc_reparent(p, td->td_proc, false); 935 } 936 CTR2(KTR_PTRACE, "PT_ATTACH: pid %d, oppid %d", p->p_pid, 937 p->p_oppid); 938 939 sx_xunlock(&proctree_lock); 940 proctree_locked = 0; 941 MPASS(p->p_xthread == NULL); 942 MPASS((p->p_flag & P_STOPPED_TRACE) == 0); 943 944 /* 945 * If already stopped due to a stop signal, clear the 946 * existing stop before triggering a traced SIGSTOP. 947 */ 948 if ((p->p_flag & P_STOPPED_SIG) != 0) { 949 PROC_SLOCK(p); 950 p->p_flag &= ~(P_STOPPED_SIG | P_WAITED); 951 thread_unsuspend(p); 952 PROC_SUNLOCK(p); 953 } 954 955 kern_psignal(p, SIGSTOP); 956 break; 957 958 case PT_CLEARSTEP: 959 CTR2(KTR_PTRACE, "PT_CLEARSTEP: tid %d (pid %d)", td2->td_tid, 960 p->p_pid); 961 error = ptrace_clear_single_step(td2); 962 break; 963 964 case PT_SETSTEP: 965 CTR2(KTR_PTRACE, "PT_SETSTEP: tid %d (pid %d)", td2->td_tid, 966 p->p_pid); 967 error = ptrace_single_step(td2); 968 break; 969 970 case PT_SUSPEND: 971 CTR2(KTR_PTRACE, "PT_SUSPEND: tid %d (pid %d)", td2->td_tid, 972 p->p_pid); 973 td2->td_dbgflags |= TDB_SUSPEND; 974 thread_lock(td2); 975 td2->td_flags |= TDF_NEEDSUSPCHK; 976 thread_unlock(td2); 977 break; 978 979 case PT_RESUME: 980 CTR2(KTR_PTRACE, "PT_RESUME: tid %d (pid %d)", td2->td_tid, 981 p->p_pid); 982 td2->td_dbgflags &= ~TDB_SUSPEND; 983 break; 984 985 case PT_FOLLOW_FORK: 986 CTR3(KTR_PTRACE, "PT_FOLLOW_FORK: pid %d %s -> %s", p->p_pid, 987 p->p_ptevents & PTRACE_FORK ? "enabled" : "disabled", 988 data ? "enabled" : "disabled"); 989 if (data) 990 p->p_ptevents |= PTRACE_FORK; 991 else 992 p->p_ptevents &= ~PTRACE_FORK; 993 break; 994 995 case PT_LWP_EVENTS: 996 CTR3(KTR_PTRACE, "PT_LWP_EVENTS: pid %d %s -> %s", p->p_pid, 997 p->p_ptevents & PTRACE_LWP ? "enabled" : "disabled", 998 data ? "enabled" : "disabled"); 999 if (data) 1000 p->p_ptevents |= PTRACE_LWP; 1001 else 1002 p->p_ptevents &= ~PTRACE_LWP; 1003 break; 1004 1005 case PT_GET_EVENT_MASK: 1006 if (data != sizeof(p->p_ptevents)) { 1007 error = EINVAL; 1008 break; 1009 } 1010 CTR2(KTR_PTRACE, "PT_GET_EVENT_MASK: pid %d mask %#x", p->p_pid, 1011 p->p_ptevents); 1012 *(int *)addr = p->p_ptevents; 1013 break; 1014 1015 case PT_SET_EVENT_MASK: 1016 if (data != sizeof(p->p_ptevents)) { 1017 error = EINVAL; 1018 break; 1019 } 1020 tmp = *(int *)addr; 1021 if ((tmp & ~(PTRACE_EXEC | PTRACE_SCE | PTRACE_SCX | 1022 PTRACE_FORK | PTRACE_LWP | PTRACE_VFORK)) != 0) { 1023 error = EINVAL; 1024 break; 1025 } 1026 CTR3(KTR_PTRACE, "PT_SET_EVENT_MASK: pid %d mask %#x -> %#x", 1027 p->p_pid, p->p_ptevents, tmp); 1028 p->p_ptevents = tmp; 1029 break; 1030 1031 case PT_GET_SC_ARGS: 1032 CTR1(KTR_PTRACE, "PT_GET_SC_ARGS: pid %d", p->p_pid); 1033 if ((td2->td_dbgflags & (TDB_SCE | TDB_SCX)) == 0 1034 #ifdef COMPAT_FREEBSD32 1035 || (wrap32 && !safe) 1036 #endif 1037 ) { 1038 error = EINVAL; 1039 break; 1040 } 1041 bzero(addr, sizeof(td2->td_sa.args)); 1042 #ifdef COMPAT_FREEBSD32 1043 if (wrap32) 1044 for (num = 0; num < nitems(td2->td_sa.args); num++) 1045 ((uint32_t *)addr)[num] = (uint32_t) 1046 td2->td_sa.args[num]; 1047 else 1048 #endif 1049 bcopy(td2->td_sa.args, addr, td2->td_sa.narg * 1050 sizeof(register_t)); 1051 break; 1052 1053 case PT_STEP: 1054 case PT_CONTINUE: 1055 case PT_TO_SCE: 1056 case PT_TO_SCX: 1057 case PT_SYSCALL: 1058 case PT_DETACH: 1059 /* Zero means do not send any signal */ 1060 if (data < 0 || data > _SIG_MAXSIG) { 1061 error = EINVAL; 1062 break; 1063 } 1064 1065 switch (req) { 1066 case PT_STEP: 1067 CTR3(KTR_PTRACE, "PT_STEP: tid %d (pid %d), sig = %d", 1068 td2->td_tid, p->p_pid, data); 1069 error = ptrace_single_step(td2); 1070 if (error) 1071 goto out; 1072 break; 1073 case PT_CONTINUE: 1074 case PT_TO_SCE: 1075 case PT_TO_SCX: 1076 case PT_SYSCALL: 1077 if (addr != (void *)1) { 1078 error = ptrace_set_pc(td2, 1079 (u_long)(uintfptr_t)addr); 1080 if (error) 1081 goto out; 1082 } 1083 switch (req) { 1084 case PT_TO_SCE: 1085 p->p_ptevents |= PTRACE_SCE; 1086 CTR4(KTR_PTRACE, 1087 "PT_TO_SCE: pid %d, events = %#x, PC = %#lx, sig = %d", 1088 p->p_pid, p->p_ptevents, 1089 (u_long)(uintfptr_t)addr, data); 1090 break; 1091 case PT_TO_SCX: 1092 p->p_ptevents |= PTRACE_SCX; 1093 CTR4(KTR_PTRACE, 1094 "PT_TO_SCX: pid %d, events = %#x, PC = %#lx, sig = %d", 1095 p->p_pid, p->p_ptevents, 1096 (u_long)(uintfptr_t)addr, data); 1097 break; 1098 case PT_SYSCALL: 1099 p->p_ptevents |= PTRACE_SYSCALL; 1100 CTR4(KTR_PTRACE, 1101 "PT_SYSCALL: pid %d, events = %#x, PC = %#lx, sig = %d", 1102 p->p_pid, p->p_ptevents, 1103 (u_long)(uintfptr_t)addr, data); 1104 break; 1105 case PT_CONTINUE: 1106 CTR3(KTR_PTRACE, 1107 "PT_CONTINUE: pid %d, PC = %#lx, sig = %d", 1108 p->p_pid, (u_long)(uintfptr_t)addr, data); 1109 break; 1110 } 1111 break; 1112 case PT_DETACH: 1113 /* 1114 * Reset the process parent. 1115 * 1116 * NB: This clears P_TRACED before reparenting 1117 * a detached process back to its original 1118 * parent. Otherwise the debugee will be set 1119 * as an orphan of the debugger. 1120 */ 1121 p->p_flag &= ~(P_TRACED | P_WAITED); 1122 if (p->p_oppid != p->p_pptr->p_pid) { 1123 PROC_LOCK(p->p_pptr); 1124 sigqueue_take(p->p_ksi); 1125 PROC_UNLOCK(p->p_pptr); 1126 1127 pp = proc_realparent(p); 1128 proc_reparent(p, pp, false); 1129 if (pp == initproc) 1130 p->p_sigparent = SIGCHLD; 1131 CTR3(KTR_PTRACE, 1132 "PT_DETACH: pid %d reparented to pid %d, sig %d", 1133 p->p_pid, pp->p_pid, data); 1134 } else 1135 CTR2(KTR_PTRACE, "PT_DETACH: pid %d, sig %d", 1136 p->p_pid, data); 1137 p->p_ptevents = 0; 1138 FOREACH_THREAD_IN_PROC(p, td3) { 1139 if ((td3->td_dbgflags & TDB_FSTP) != 0) { 1140 sigqueue_delete(&td3->td_sigqueue, 1141 SIGSTOP); 1142 } 1143 td3->td_dbgflags &= ~(TDB_XSIG | TDB_FSTP | 1144 TDB_SUSPEND); 1145 } 1146 1147 if ((p->p_flag2 & P2_PTRACE_FSTP) != 0) { 1148 sigqueue_delete(&p->p_sigqueue, SIGSTOP); 1149 p->p_flag2 &= ~P2_PTRACE_FSTP; 1150 } 1151 1152 /* should we send SIGCHLD? */ 1153 /* childproc_continued(p); */ 1154 break; 1155 } 1156 1157 sx_xunlock(&proctree_lock); 1158 proctree_locked = 0; 1159 1160 sendsig: 1161 MPASS(proctree_locked == 0); 1162 1163 /* 1164 * Clear the pending event for the thread that just 1165 * reported its event (p_xthread). This may not be 1166 * the thread passed to PT_CONTINUE, PT_STEP, etc. if 1167 * the debugger is resuming a different thread. 1168 * 1169 * Deliver any pending signal via the reporting thread. 1170 */ 1171 MPASS(p->p_xthread != NULL); 1172 p->p_xthread->td_dbgflags &= ~TDB_XSIG; 1173 p->p_xthread->td_xsig = data; 1174 p->p_xthread = NULL; 1175 p->p_xsig = data; 1176 1177 /* 1178 * P_WKILLED is insurance that a PT_KILL/SIGKILL 1179 * always works immediately, even if another thread is 1180 * unsuspended first and attempts to handle a 1181 * different signal or if the POSIX.1b style signal 1182 * queue cannot accommodate any new signals. 1183 */ 1184 if (data == SIGKILL) 1185 proc_wkilled(p); 1186 1187 /* 1188 * Unsuspend all threads. To leave a thread 1189 * suspended, use PT_SUSPEND to suspend it before 1190 * continuing the process. 1191 */ 1192 PROC_SLOCK(p); 1193 p->p_flag &= ~(P_STOPPED_TRACE | P_STOPPED_SIG | P_WAITED); 1194 thread_unsuspend(p); 1195 PROC_SUNLOCK(p); 1196 break; 1197 1198 case PT_WRITE_I: 1199 case PT_WRITE_D: 1200 td2->td_dbgflags |= TDB_USERWR; 1201 PROC_UNLOCK(p); 1202 error = 0; 1203 if (proc_writemem(td, p, (off_t)(uintptr_t)addr, &data, 1204 sizeof(int)) != sizeof(int)) 1205 error = ENOMEM; 1206 else 1207 CTR3(KTR_PTRACE, "PT_WRITE: pid %d: %p <= %#x", 1208 p->p_pid, addr, data); 1209 PROC_LOCK(p); 1210 break; 1211 1212 case PT_READ_I: 1213 case PT_READ_D: 1214 PROC_UNLOCK(p); 1215 error = tmp = 0; 1216 if (proc_readmem(td, p, (off_t)(uintptr_t)addr, &tmp, 1217 sizeof(int)) != sizeof(int)) 1218 error = ENOMEM; 1219 else 1220 CTR3(KTR_PTRACE, "PT_READ: pid %d: %p >= %#x", 1221 p->p_pid, addr, tmp); 1222 td->td_retval[0] = tmp; 1223 PROC_LOCK(p); 1224 break; 1225 1226 case PT_IO: 1227 #ifdef COMPAT_FREEBSD32 1228 if (wrap32) { 1229 piod32 = addr; 1230 iov.iov_base = (void *)(uintptr_t)piod32->piod_addr; 1231 iov.iov_len = piod32->piod_len; 1232 uio.uio_offset = (off_t)(uintptr_t)piod32->piod_offs; 1233 uio.uio_resid = piod32->piod_len; 1234 } else 1235 #endif 1236 { 1237 piod = addr; 1238 iov.iov_base = piod->piod_addr; 1239 iov.iov_len = piod->piod_len; 1240 uio.uio_offset = (off_t)(uintptr_t)piod->piod_offs; 1241 uio.uio_resid = piod->piod_len; 1242 } 1243 uio.uio_iov = &iov; 1244 uio.uio_iovcnt = 1; 1245 uio.uio_segflg = UIO_USERSPACE; 1246 uio.uio_td = td; 1247 #ifdef COMPAT_FREEBSD32 1248 tmp = wrap32 ? piod32->piod_op : piod->piod_op; 1249 #else 1250 tmp = piod->piod_op; 1251 #endif 1252 switch (tmp) { 1253 case PIOD_READ_D: 1254 case PIOD_READ_I: 1255 CTR3(KTR_PTRACE, "PT_IO: pid %d: READ (%p, %#x)", 1256 p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid); 1257 uio.uio_rw = UIO_READ; 1258 break; 1259 case PIOD_WRITE_D: 1260 case PIOD_WRITE_I: 1261 CTR3(KTR_PTRACE, "PT_IO: pid %d: WRITE (%p, %#x)", 1262 p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid); 1263 td2->td_dbgflags |= TDB_USERWR; 1264 uio.uio_rw = UIO_WRITE; 1265 break; 1266 default: 1267 error = EINVAL; 1268 goto out; 1269 } 1270 PROC_UNLOCK(p); 1271 error = proc_rwmem(p, &uio); 1272 #ifdef COMPAT_FREEBSD32 1273 if (wrap32) 1274 piod32->piod_len -= uio.uio_resid; 1275 else 1276 #endif 1277 piod->piod_len -= uio.uio_resid; 1278 PROC_LOCK(p); 1279 break; 1280 1281 case PT_KILL: 1282 CTR1(KTR_PTRACE, "PT_KILL: pid %d", p->p_pid); 1283 data = SIGKILL; 1284 goto sendsig; /* in PT_CONTINUE above */ 1285 1286 case PT_SETREGS: 1287 CTR2(KTR_PTRACE, "PT_SETREGS: tid %d (pid %d)", td2->td_tid, 1288 p->p_pid); 1289 td2->td_dbgflags |= TDB_USERWR; 1290 error = PROC_WRITE(regs, td2, addr); 1291 break; 1292 1293 case PT_GETREGS: 1294 CTR2(KTR_PTRACE, "PT_GETREGS: tid %d (pid %d)", td2->td_tid, 1295 p->p_pid); 1296 error = PROC_READ(regs, td2, addr); 1297 break; 1298 1299 case PT_SETFPREGS: 1300 CTR2(KTR_PTRACE, "PT_SETFPREGS: tid %d (pid %d)", td2->td_tid, 1301 p->p_pid); 1302 td2->td_dbgflags |= TDB_USERWR; 1303 error = PROC_WRITE(fpregs, td2, addr); 1304 break; 1305 1306 case PT_GETFPREGS: 1307 CTR2(KTR_PTRACE, "PT_GETFPREGS: tid %d (pid %d)", td2->td_tid, 1308 p->p_pid); 1309 error = PROC_READ(fpregs, td2, addr); 1310 break; 1311 1312 case PT_SETDBREGS: 1313 CTR2(KTR_PTRACE, "PT_SETDBREGS: tid %d (pid %d)", td2->td_tid, 1314 p->p_pid); 1315 td2->td_dbgflags |= TDB_USERWR; 1316 error = PROC_WRITE(dbregs, td2, addr); 1317 break; 1318 1319 case PT_GETDBREGS: 1320 CTR2(KTR_PTRACE, "PT_GETDBREGS: tid %d (pid %d)", td2->td_tid, 1321 p->p_pid); 1322 error = PROC_READ(dbregs, td2, addr); 1323 break; 1324 1325 case PT_LWPINFO: 1326 if (data <= 0 || 1327 #ifdef COMPAT_FREEBSD32 1328 (!wrap32 && data > sizeof(*pl)) || 1329 (wrap32 && data > sizeof(*pl32))) { 1330 #else 1331 data > sizeof(*pl)) { 1332 #endif 1333 error = EINVAL; 1334 break; 1335 } 1336 #ifdef COMPAT_FREEBSD32 1337 if (wrap32) { 1338 pl = &plr; 1339 pl32 = addr; 1340 } else 1341 #endif 1342 pl = addr; 1343 bzero(pl, sizeof(*pl)); 1344 pl->pl_lwpid = td2->td_tid; 1345 pl->pl_event = PL_EVENT_NONE; 1346 pl->pl_flags = 0; 1347 if (td2->td_dbgflags & TDB_XSIG) { 1348 pl->pl_event = PL_EVENT_SIGNAL; 1349 if (td2->td_si.si_signo != 0 && 1350 #ifdef COMPAT_FREEBSD32 1351 ((!wrap32 && data >= offsetof(struct ptrace_lwpinfo, 1352 pl_siginfo) + sizeof(pl->pl_siginfo)) || 1353 (wrap32 && data >= offsetof(struct ptrace_lwpinfo32, 1354 pl_siginfo) + sizeof(struct siginfo32))) 1355 #else 1356 data >= offsetof(struct ptrace_lwpinfo, pl_siginfo) 1357 + sizeof(pl->pl_siginfo) 1358 #endif 1359 ){ 1360 pl->pl_flags |= PL_FLAG_SI; 1361 pl->pl_siginfo = td2->td_si; 1362 } 1363 } 1364 if (td2->td_dbgflags & TDB_SCE) 1365 pl->pl_flags |= PL_FLAG_SCE; 1366 else if (td2->td_dbgflags & TDB_SCX) 1367 pl->pl_flags |= PL_FLAG_SCX; 1368 if (td2->td_dbgflags & TDB_EXEC) 1369 pl->pl_flags |= PL_FLAG_EXEC; 1370 if (td2->td_dbgflags & TDB_FORK) { 1371 pl->pl_flags |= PL_FLAG_FORKED; 1372 pl->pl_child_pid = td2->td_dbg_forked; 1373 if (td2->td_dbgflags & TDB_VFORK) 1374 pl->pl_flags |= PL_FLAG_VFORKED; 1375 } else if ((td2->td_dbgflags & (TDB_SCX | TDB_VFORK)) == 1376 TDB_VFORK) 1377 pl->pl_flags |= PL_FLAG_VFORK_DONE; 1378 if (td2->td_dbgflags & TDB_CHILD) 1379 pl->pl_flags |= PL_FLAG_CHILD; 1380 if (td2->td_dbgflags & TDB_BORN) 1381 pl->pl_flags |= PL_FLAG_BORN; 1382 if (td2->td_dbgflags & TDB_EXIT) 1383 pl->pl_flags |= PL_FLAG_EXITED; 1384 pl->pl_sigmask = td2->td_sigmask; 1385 pl->pl_siglist = td2->td_siglist; 1386 strcpy(pl->pl_tdname, td2->td_name); 1387 if ((td2->td_dbgflags & (TDB_SCE | TDB_SCX)) != 0) { 1388 pl->pl_syscall_code = td2->td_sa.code; 1389 pl->pl_syscall_narg = td2->td_sa.narg; 1390 } else { 1391 pl->pl_syscall_code = 0; 1392 pl->pl_syscall_narg = 0; 1393 } 1394 #ifdef COMPAT_FREEBSD32 1395 if (wrap32) 1396 ptrace_lwpinfo_to32(pl, pl32); 1397 #endif 1398 CTR6(KTR_PTRACE, 1399 "PT_LWPINFO: tid %d (pid %d) event %d flags %#x child pid %d syscall %d", 1400 td2->td_tid, p->p_pid, pl->pl_event, pl->pl_flags, 1401 pl->pl_child_pid, pl->pl_syscall_code); 1402 break; 1403 1404 case PT_GETNUMLWPS: 1405 CTR2(KTR_PTRACE, "PT_GETNUMLWPS: pid %d: %d threads", p->p_pid, 1406 p->p_numthreads); 1407 td->td_retval[0] = p->p_numthreads; 1408 break; 1409 1410 case PT_GETLWPLIST: 1411 CTR3(KTR_PTRACE, "PT_GETLWPLIST: pid %d: data %d, actual %d", 1412 p->p_pid, data, p->p_numthreads); 1413 if (data <= 0) { 1414 error = EINVAL; 1415 break; 1416 } 1417 num = imin(p->p_numthreads, data); 1418 PROC_UNLOCK(p); 1419 buf = malloc(num * sizeof(lwpid_t), M_TEMP, M_WAITOK); 1420 tmp = 0; 1421 PROC_LOCK(p); 1422 FOREACH_THREAD_IN_PROC(p, td2) { 1423 if (tmp >= num) 1424 break; 1425 buf[tmp++] = td2->td_tid; 1426 } 1427 PROC_UNLOCK(p); 1428 error = copyout(buf, addr, tmp * sizeof(lwpid_t)); 1429 free(buf, M_TEMP); 1430 if (!error) 1431 td->td_retval[0] = tmp; 1432 PROC_LOCK(p); 1433 break; 1434 1435 case PT_VM_TIMESTAMP: 1436 CTR2(KTR_PTRACE, "PT_VM_TIMESTAMP: pid %d: timestamp %d", 1437 p->p_pid, p->p_vmspace->vm_map.timestamp); 1438 td->td_retval[0] = p->p_vmspace->vm_map.timestamp; 1439 break; 1440 1441 case PT_VM_ENTRY: 1442 PROC_UNLOCK(p); 1443 #ifdef COMPAT_FREEBSD32 1444 if (wrap32) 1445 error = ptrace_vm_entry32(td, p, addr); 1446 else 1447 #endif 1448 error = ptrace_vm_entry(td, p, addr); 1449 PROC_LOCK(p); 1450 break; 1451 1452 default: 1453 #ifdef __HAVE_PTRACE_MACHDEP 1454 if (req >= PT_FIRSTMACH) { 1455 PROC_UNLOCK(p); 1456 error = cpu_ptrace(td2, req, addr, data); 1457 PROC_LOCK(p); 1458 } else 1459 #endif 1460 /* Unknown request. */ 1461 error = EINVAL; 1462 break; 1463 } 1464 1465 out: 1466 /* Drop our hold on this process now that the request has completed. */ 1467 _PRELE(p); 1468 fail: 1469 PROC_UNLOCK(p); 1470 if (proctree_locked) 1471 sx_xunlock(&proctree_lock); 1472 return (error); 1473 } 1474 #undef PROC_READ 1475 #undef PROC_WRITE 1476 1477 /* 1478 * Stop a process because of a debugging event; 1479 * stay stopped until p->p_step is cleared 1480 * (cleared by PIOCCONT in procfs). 1481 */ 1482 void 1483 stopevent(struct proc *p, unsigned int event, unsigned int val) 1484 { 1485 1486 PROC_LOCK_ASSERT(p, MA_OWNED); 1487 p->p_step = 1; 1488 CTR3(KTR_PTRACE, "stopevent: pid %d event %u val %u", p->p_pid, event, 1489 val); 1490 do { 1491 if (event != S_EXIT) 1492 p->p_xsig = val; 1493 p->p_xthread = NULL; 1494 p->p_stype = event; /* Which event caused the stop? */ 1495 wakeup(&p->p_stype); /* Wake up any PIOCWAIT'ing procs */ 1496 msleep(&p->p_step, &p->p_mtx, PWAIT, "stopevent", 0); 1497 } while (p->p_step); 1498 } 1499