1 /* 2 * Copyright (c) 1994, Sean Eric Fagan 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by Sean Eric Fagan. 16 * 4. The name of the author may not be used to endorse or promote products 17 * derived from this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 * $FreeBSD$ 32 */ 33 34 #include <sys/param.h> 35 #include <sys/systm.h> 36 #include <sys/lock.h> 37 #include <sys/mutex.h> 38 #include <sys/sysproto.h> 39 #include <sys/proc.h> 40 #include <sys/vnode.h> 41 #include <sys/ptrace.h> 42 #include <sys/sx.h> 43 #include <sys/user.h> 44 45 #include <machine/reg.h> 46 47 #include <vm/vm.h> 48 #include <vm/pmap.h> 49 #include <vm/vm_map.h> 50 #include <vm/vm_page.h> 51 52 #include <fs/procfs/procfs.h> 53 54 /* use the equivalent procfs code */ 55 #if 0 56 static int 57 pread (struct proc *procp, unsigned int addr, unsigned int *retval) { 58 int rv; 59 vm_map_t map, tmap; 60 vm_object_t object; 61 vm_offset_t kva = 0; 62 int page_offset; /* offset into page */ 63 vm_offset_t pageno; /* page number */ 64 vm_map_entry_t out_entry; 65 vm_prot_t out_prot; 66 boolean_t wired; 67 vm_pindex_t pindex; 68 69 /* Map page into kernel space */ 70 71 map = &procp->p_vmspace->vm_map; 72 73 page_offset = addr - trunc_page(addr); 74 pageno = trunc_page(addr); 75 76 tmap = map; 77 rv = vm_map_lookup (&tmap, pageno, VM_PROT_READ, &out_entry, 78 &object, &pindex, &out_prot, &wired); 79 80 if (rv != KERN_SUCCESS) 81 return EINVAL; 82 83 vm_map_lookup_done (tmap, out_entry); 84 85 /* Find space in kernel_map for the page we're interested in */ 86 rv = vm_map_find (kernel_map, object, IDX_TO_OFF(pindex), 87 &kva, PAGE_SIZE, 0, VM_PROT_ALL, VM_PROT_ALL, 0); 88 89 if (!rv) { 90 vm_object_reference (object); 91 92 rv = vm_map_pageable (kernel_map, kva, kva + PAGE_SIZE, 0); 93 if (!rv) { 94 *retval = 0; 95 bcopy ((caddr_t)kva + page_offset, 96 retval, sizeof *retval); 97 } 98 vm_map_remove (kernel_map, kva, kva + PAGE_SIZE); 99 } 100 101 return rv; 102 } 103 104 static int 105 pwrite (struct proc *procp, unsigned int addr, unsigned int datum) { 106 int rv; 107 vm_map_t map, tmap; 108 vm_object_t object; 109 vm_offset_t kva = 0; 110 int page_offset; /* offset into page */ 111 vm_offset_t pageno; /* page number */ 112 vm_map_entry_t out_entry; 113 vm_prot_t out_prot; 114 boolean_t wired; 115 vm_pindex_t pindex; 116 boolean_t fix_prot = 0; 117 118 /* Map page into kernel space */ 119 120 map = &procp->p_vmspace->vm_map; 121 122 page_offset = addr - trunc_page(addr); 123 pageno = trunc_page(addr); 124 125 /* 126 * Check the permissions for the area we're interested in. 127 */ 128 129 if (vm_map_check_protection (map, pageno, pageno + PAGE_SIZE, 130 VM_PROT_WRITE) == FALSE) { 131 /* 132 * If the page was not writable, we make it so. 133 * XXX It is possible a page may *not* be read/executable, 134 * if a process changes that! 135 */ 136 fix_prot = 1; 137 /* The page isn't writable, so let's try making it so... */ 138 if ((rv = vm_map_protect (map, pageno, pageno + PAGE_SIZE, 139 VM_PROT_ALL, 0)) != KERN_SUCCESS) 140 return EFAULT; /* I guess... */ 141 } 142 143 /* 144 * Now we need to get the page. out_entry, out_prot, wired, and 145 * single_use aren't used. One would think the vm code would be 146 * a *bit* nicer... We use tmap because vm_map_lookup() can 147 * change the map argument. 148 */ 149 150 tmap = map; 151 rv = vm_map_lookup (&tmap, pageno, VM_PROT_WRITE, &out_entry, 152 &object, &pindex, &out_prot, &wired); 153 if (rv != KERN_SUCCESS) { 154 return EINVAL; 155 } 156 157 /* 158 * Okay, we've got the page. Let's release tmap. 159 */ 160 161 vm_map_lookup_done (tmap, out_entry); 162 163 /* 164 * Fault the page in... 165 */ 166 167 rv = vm_fault(map, pageno, VM_PROT_WRITE|VM_PROT_READ, FALSE); 168 if (rv != KERN_SUCCESS) 169 return EFAULT; 170 171 /* Find space in kernel_map for the page we're interested in */ 172 rv = vm_map_find (kernel_map, object, IDX_TO_OFF(pindex), 173 &kva, PAGE_SIZE, 0, 174 VM_PROT_ALL, VM_PROT_ALL, 0); 175 if (!rv) { 176 vm_object_reference (object); 177 178 rv = vm_map_pageable (kernel_map, kva, kva + PAGE_SIZE, 0); 179 if (!rv) { 180 bcopy (&datum, (caddr_t)kva + page_offset, sizeof datum); 181 } 182 vm_map_remove (kernel_map, kva, kva + PAGE_SIZE); 183 } 184 185 if (fix_prot) 186 vm_map_protect (map, pageno, pageno + PAGE_SIZE, 187 VM_PROT_READ|VM_PROT_EXECUTE, 0); 188 return rv; 189 } 190 #endif 191 192 /* 193 * Process debugging system call. 194 */ 195 #ifndef _SYS_SYSPROTO_H_ 196 struct ptrace_args { 197 int req; 198 pid_t pid; 199 caddr_t addr; 200 int data; 201 }; 202 #endif 203 204 int 205 ptrace(curp, uap) 206 struct proc *curp; 207 struct ptrace_args *uap; 208 { 209 struct proc *p; 210 struct iovec iov; 211 struct uio uio; 212 int error = 0; 213 int write; 214 215 write = 0; 216 if (uap->req == PT_TRACE_ME) { 217 p = curp; 218 PROC_LOCK(p); 219 } else { 220 if ((p = pfind(uap->pid)) == NULL) 221 return ESRCH; 222 } 223 if (p_cansee(curp, p)) { 224 PROC_UNLOCK(p); 225 return (ESRCH); 226 } 227 228 /* 229 * Permissions check 230 */ 231 switch (uap->req) { 232 case PT_TRACE_ME: 233 /* Always legal. */ 234 break; 235 236 case PT_ATTACH: 237 /* Self */ 238 if (p->p_pid == curp->p_pid) { 239 PROC_UNLOCK(p); 240 return EINVAL; 241 } 242 243 /* Already traced */ 244 if (p->p_flag & P_TRACED) { 245 PROC_UNLOCK(p); 246 return EBUSY; 247 } 248 249 if ((error = p_candebug(curp, p))) { 250 PROC_UNLOCK(p); 251 return error; 252 } 253 254 /* OK */ 255 break; 256 257 case PT_READ_I: 258 case PT_READ_D: 259 case PT_READ_U: 260 case PT_WRITE_I: 261 case PT_WRITE_D: 262 case PT_WRITE_U: 263 case PT_CONTINUE: 264 case PT_KILL: 265 case PT_STEP: 266 case PT_DETACH: 267 #ifdef PT_GETREGS 268 case PT_GETREGS: 269 #endif 270 #ifdef PT_SETREGS 271 case PT_SETREGS: 272 #endif 273 #ifdef PT_GETFPREGS 274 case PT_GETFPREGS: 275 #endif 276 #ifdef PT_SETFPREGS 277 case PT_SETFPREGS: 278 #endif 279 #ifdef PT_GETDBREGS 280 case PT_GETDBREGS: 281 #endif 282 #ifdef PT_SETDBREGS 283 case PT_SETDBREGS: 284 #endif 285 /* not being traced... */ 286 if ((p->p_flag & P_TRACED) == 0) { 287 PROC_UNLOCK(p); 288 return EPERM; 289 } 290 291 /* not being traced by YOU */ 292 if (p->p_pptr != curp) { 293 PROC_UNLOCK(p); 294 return EBUSY; 295 } 296 297 /* not currently stopped */ 298 mtx_lock_spin(&sched_lock); 299 if (p->p_stat != SSTOP || (p->p_flag & P_WAITED) == 0) { 300 mtx_unlock_spin(&sched_lock); 301 PROC_UNLOCK(p); 302 return EBUSY; 303 } 304 mtx_unlock_spin(&sched_lock); 305 306 /* OK */ 307 break; 308 309 default: 310 PROC_UNLOCK(p); 311 return EINVAL; 312 } 313 314 PROC_UNLOCK(p); 315 #ifdef FIX_SSTEP 316 /* 317 * Single step fixup ala procfs 318 */ 319 FIX_SSTEP(p); 320 #endif 321 322 /* 323 * Actually do the requests 324 */ 325 326 curp->p_retval[0] = 0; 327 328 switch (uap->req) { 329 case PT_TRACE_ME: 330 /* set my trace flag and "owner" so it can read/write me */ 331 sx_xlock(&proctree_lock); 332 PROC_LOCK(p); 333 p->p_flag |= P_TRACED; 334 p->p_oppid = p->p_pptr->p_pid; 335 PROC_UNLOCK(p); 336 sx_xunlock(&proctree_lock); 337 return 0; 338 339 case PT_ATTACH: 340 /* security check done above */ 341 sx_xlock(&proctree_lock); 342 PROC_LOCK(p); 343 p->p_flag |= P_TRACED; 344 p->p_oppid = p->p_pptr->p_pid; 345 if (p->p_pptr != curp) 346 proc_reparent(p, curp); 347 PROC_UNLOCK(p); 348 sx_xunlock(&proctree_lock); 349 uap->data = SIGSTOP; 350 goto sendsig; /* in PT_CONTINUE below */ 351 352 case PT_STEP: 353 case PT_CONTINUE: 354 case PT_DETACH: 355 if ((uap->req != PT_STEP) && ((unsigned)uap->data >= NSIG)) 356 return EINVAL; 357 358 PHOLD(p); 359 360 if (uap->req == PT_STEP) { 361 if ((error = ptrace_single_step (p))) { 362 PRELE(p); 363 return error; 364 } 365 } 366 367 if (uap->addr != (caddr_t)1) { 368 fill_kinfo_proc (p, &p->p_addr->u_kproc); 369 if ((error = ptrace_set_pc (p, 370 (u_long)(uintfptr_t)uap->addr))) { 371 PRELE(p); 372 return error; 373 } 374 } 375 PRELE(p); 376 377 if (uap->req == PT_DETACH) { 378 /* reset process parent */ 379 sx_xlock(&proctree_lock); 380 if (p->p_oppid != p->p_pptr->p_pid) { 381 struct proc *pp; 382 383 pp = pfind(p->p_oppid); 384 if (pp != NULL) 385 PROC_UNLOCK(pp); 386 else 387 pp = initproc; 388 PROC_LOCK(p); 389 proc_reparent(p, pp); 390 } else 391 PROC_LOCK(p); 392 p->p_flag &= ~(P_TRACED | P_WAITED); 393 p->p_oppid = 0; 394 395 PROC_UNLOCK(p); 396 sx_xunlock(&proctree_lock); 397 398 /* should we send SIGCHLD? */ 399 400 } 401 402 sendsig: 403 /* deliver or queue signal */ 404 PROC_LOCK(p); 405 mtx_lock_spin(&sched_lock); 406 if (p->p_stat == SSTOP) { 407 p->p_xstat = uap->data; 408 setrunnable(p); 409 mtx_unlock_spin(&sched_lock); 410 } else { 411 mtx_unlock_spin(&sched_lock); 412 if (uap->data) 413 psignal(p, uap->data); 414 415 } 416 PROC_UNLOCK(p); 417 return 0; 418 419 case PT_WRITE_I: 420 case PT_WRITE_D: 421 write = 1; 422 /* fallthrough */ 423 case PT_READ_I: 424 case PT_READ_D: 425 /* write = 0 set above */ 426 iov.iov_base = write ? (caddr_t)&uap->data : (caddr_t)curp->p_retval; 427 iov.iov_len = sizeof(int); 428 uio.uio_iov = &iov; 429 uio.uio_iovcnt = 1; 430 uio.uio_offset = (off_t)(uintptr_t)uap->addr; 431 uio.uio_resid = sizeof(int); 432 uio.uio_segflg = UIO_SYSSPACE; /* ie: the uap */ 433 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 434 uio.uio_procp = p; 435 error = procfs_domem(curp, p, NULL, &uio); 436 if (uio.uio_resid != 0) { 437 /* 438 * XXX procfs_domem() doesn't currently return ENOSPC, 439 * so I think write() can bogusly return 0. 440 * XXX what happens for short writes? We don't want 441 * to write partial data. 442 * XXX procfs_domem() returns EPERM for other invalid 443 * addresses. Convert this to EINVAL. Does this 444 * clobber returns of EPERM for other reasons? 445 */ 446 if (error == 0 || error == ENOSPC || error == EPERM) 447 error = EINVAL; /* EOF */ 448 } 449 return (error); 450 451 case PT_READ_U: 452 if ((uintptr_t)uap->addr > UPAGES * PAGE_SIZE - sizeof(int)) { 453 return EFAULT; 454 } 455 if ((uintptr_t)uap->addr & (sizeof(int) - 1)) { 456 return EFAULT; 457 } 458 if (ptrace_read_u_check(p,(vm_offset_t) uap->addr, 459 sizeof(int))) { 460 return EFAULT; 461 } 462 error = 0; 463 PHOLD(p); /* user had damn well better be incore! */ 464 mtx_lock_spin(&sched_lock); 465 if (p->p_sflag & PS_INMEM) { 466 mtx_unlock_spin(&sched_lock); 467 fill_kinfo_proc (p, &p->p_addr->u_kproc); 468 curp->p_retval[0] = *(int *) 469 ((uintptr_t)p->p_addr + (uintptr_t)uap->addr); 470 } else { 471 mtx_unlock_spin(&sched_lock); 472 curp->p_retval[0] = 0; 473 error = EFAULT; 474 } 475 PRELE(p); 476 return error; 477 478 case PT_WRITE_U: 479 PHOLD(p); /* user had damn well better be incore! */ 480 mtx_lock_spin(&sched_lock); 481 if (p->p_sflag & PS_INMEM) { 482 mtx_unlock_spin(&sched_lock); 483 fill_kinfo_proc (p, &p->p_addr->u_kproc); 484 error = ptrace_write_u(p, (vm_offset_t)uap->addr, uap->data); 485 } else { 486 mtx_unlock_spin(&sched_lock); 487 error = EFAULT; 488 } 489 PRELE(p); 490 return error; 491 492 case PT_KILL: 493 uap->data = SIGKILL; 494 goto sendsig; /* in PT_CONTINUE above */ 495 496 #ifdef PT_SETREGS 497 case PT_SETREGS: 498 write = 1; 499 /* fallthrough */ 500 #endif /* PT_SETREGS */ 501 #ifdef PT_GETREGS 502 case PT_GETREGS: 503 /* write = 0 above */ 504 #endif /* PT_SETREGS */ 505 #if defined(PT_SETREGS) || defined(PT_GETREGS) 506 if (!procfs_validregs(p)) /* no P_SYSTEM procs please */ 507 return EINVAL; 508 else { 509 iov.iov_base = uap->addr; 510 iov.iov_len = sizeof(struct reg); 511 uio.uio_iov = &iov; 512 uio.uio_iovcnt = 1; 513 uio.uio_offset = 0; 514 uio.uio_resid = sizeof(struct reg); 515 uio.uio_segflg = UIO_USERSPACE; 516 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 517 uio.uio_procp = curp; 518 return (procfs_doregs(curp, p, NULL, &uio)); 519 } 520 #endif /* defined(PT_SETREGS) || defined(PT_GETREGS) */ 521 522 #ifdef PT_SETFPREGS 523 case PT_SETFPREGS: 524 write = 1; 525 /* fallthrough */ 526 #endif /* PT_SETFPREGS */ 527 #ifdef PT_GETFPREGS 528 case PT_GETFPREGS: 529 /* write = 0 above */ 530 #endif /* PT_SETFPREGS */ 531 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 532 if (!procfs_validfpregs(p)) /* no P_SYSTEM procs please */ 533 return EINVAL; 534 else { 535 iov.iov_base = uap->addr; 536 iov.iov_len = sizeof(struct fpreg); 537 uio.uio_iov = &iov; 538 uio.uio_iovcnt = 1; 539 uio.uio_offset = 0; 540 uio.uio_resid = sizeof(struct fpreg); 541 uio.uio_segflg = UIO_USERSPACE; 542 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 543 uio.uio_procp = curp; 544 return (procfs_dofpregs(curp, p, NULL, &uio)); 545 } 546 #endif /* defined(PT_SETFPREGS) || defined(PT_GETFPREGS) */ 547 548 #ifdef PT_SETDBREGS 549 case PT_SETDBREGS: 550 write = 1; 551 /* fallthrough */ 552 #endif /* PT_SETDBREGS */ 553 #ifdef PT_GETDBREGS 554 case PT_GETDBREGS: 555 /* write = 0 above */ 556 #endif /* PT_SETDBREGS */ 557 #if defined(PT_SETDBREGS) || defined(PT_GETDBREGS) 558 if (!procfs_validdbregs(p)) /* no P_SYSTEM procs please */ 559 return EINVAL; 560 else { 561 iov.iov_base = uap->addr; 562 iov.iov_len = sizeof(struct dbreg); 563 uio.uio_iov = &iov; 564 uio.uio_iovcnt = 1; 565 uio.uio_offset = 0; 566 uio.uio_resid = sizeof(struct dbreg); 567 uio.uio_segflg = UIO_USERSPACE; 568 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 569 uio.uio_procp = curp; 570 return (procfs_dodbregs(curp, p, NULL, &uio)); 571 } 572 #endif /* defined(PT_SETDBREGS) || defined(PT_GETDBREGS) */ 573 574 default: 575 break; 576 } 577 578 return 0; 579 } 580 581 int 582 trace_req(p) 583 struct proc *p; 584 { 585 return 1; 586 } 587 588 /* 589 * stopevent() 590 * Stop a process because of a procfs event; 591 * stay stopped until p->p_step is cleared 592 * (cleared by PIOCCONT in procfs). 593 * 594 * Must be called with the proc struct mutex held. 595 */ 596 597 void 598 stopevent(p, event, val) 599 struct proc *p; 600 unsigned int event; 601 unsigned int val; 602 { 603 604 PROC_LOCK_ASSERT(p, MA_OWNED | MA_NOTRECURSED); 605 p->p_step = 1; 606 607 do { 608 p->p_xstat = val; 609 p->p_stype = event; /* Which event caused the stop? */ 610 wakeup(&p->p_stype); /* Wake up any PIOCWAIT'ing procs */ 611 msleep(&p->p_step, &p->p_mtx, PWAIT, "stopevent", 0); 612 } while (p->p_step); 613 } 614