1 /*- 2 * SPDX-License-Identifier: BSD-4-Clause 3 * 4 * Copyright (c) 1994, Sean Eric Fagan 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by Sean Eric Fagan. 18 * 4. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include <sys/cdefs.h> 35 __FBSDID("$FreeBSD$"); 36 37 #include <sys/param.h> 38 #include <sys/systm.h> 39 #include <sys/ktr.h> 40 #include <sys/limits.h> 41 #include <sys/lock.h> 42 #include <sys/mutex.h> 43 #include <sys/syscallsubr.h> 44 #include <sys/sysent.h> 45 #include <sys/sysproto.h> 46 #include <sys/priv.h> 47 #include <sys/proc.h> 48 #include <sys/vnode.h> 49 #include <sys/ptrace.h> 50 #include <sys/rwlock.h> 51 #include <sys/sx.h> 52 #include <sys/malloc.h> 53 #include <sys/signalvar.h> 54 55 #include <machine/reg.h> 56 57 #include <security/audit/audit.h> 58 59 #include <vm/vm.h> 60 #include <vm/pmap.h> 61 #include <vm/vm_extern.h> 62 #include <vm/vm_map.h> 63 #include <vm/vm_kern.h> 64 #include <vm/vm_object.h> 65 #include <vm/vm_page.h> 66 #include <vm/vm_param.h> 67 68 #ifdef COMPAT_FREEBSD32 69 #include <sys/procfs.h> 70 #include <compat/freebsd32/freebsd32_signal.h> 71 72 struct ptrace_io_desc32 { 73 int piod_op; 74 uint32_t piod_offs; 75 uint32_t piod_addr; 76 uint32_t piod_len; 77 }; 78 79 struct ptrace_sc_ret32 { 80 uint32_t sr_retval[2]; 81 int sr_error; 82 }; 83 84 struct ptrace_vm_entry32 { 85 int pve_entry; 86 int pve_timestamp; 87 uint32_t pve_start; 88 uint32_t pve_end; 89 uint32_t pve_offset; 90 u_int pve_prot; 91 u_int pve_pathlen; 92 int32_t pve_fileid; 93 u_int pve_fsid; 94 uint32_t pve_path; 95 }; 96 #endif 97 98 /* 99 * Functions implemented using PROC_ACTION(): 100 * 101 * proc_read_regs(proc, regs) 102 * Get the current user-visible register set from the process 103 * and copy it into the regs structure (<machine/reg.h>). 104 * The process is stopped at the time read_regs is called. 105 * 106 * proc_write_regs(proc, regs) 107 * Update the current register set from the passed in regs 108 * structure. Take care to avoid clobbering special CPU 109 * registers or privileged bits in the PSL. 110 * Depending on the architecture this may have fix-up work to do, 111 * especially if the IAR or PCW are modified. 112 * The process is stopped at the time write_regs is called. 113 * 114 * proc_read_fpregs, proc_write_fpregs 115 * deal with the floating point register set, otherwise as above. 116 * 117 * proc_read_dbregs, proc_write_dbregs 118 * deal with the processor debug register set, otherwise as above. 119 * 120 * proc_sstep(proc) 121 * Arrange for the process to trap after executing a single instruction. 122 */ 123 124 #define PROC_ACTION(action) do { \ 125 int error; \ 126 \ 127 PROC_LOCK_ASSERT(td->td_proc, MA_OWNED); \ 128 if ((td->td_proc->p_flag & P_INMEM) == 0) \ 129 error = EIO; \ 130 else \ 131 error = (action); \ 132 return (error); \ 133 } while(0) 134 135 int 136 proc_read_regs(struct thread *td, struct reg *regs) 137 { 138 139 PROC_ACTION(fill_regs(td, regs)); 140 } 141 142 int 143 proc_write_regs(struct thread *td, struct reg *regs) 144 { 145 146 PROC_ACTION(set_regs(td, regs)); 147 } 148 149 int 150 proc_read_dbregs(struct thread *td, struct dbreg *dbregs) 151 { 152 153 PROC_ACTION(fill_dbregs(td, dbregs)); 154 } 155 156 int 157 proc_write_dbregs(struct thread *td, struct dbreg *dbregs) 158 { 159 160 PROC_ACTION(set_dbregs(td, dbregs)); 161 } 162 163 /* 164 * Ptrace doesn't support fpregs at all, and there are no security holes 165 * or translations for fpregs, so we can just copy them. 166 */ 167 int 168 proc_read_fpregs(struct thread *td, struct fpreg *fpregs) 169 { 170 171 PROC_ACTION(fill_fpregs(td, fpregs)); 172 } 173 174 int 175 proc_write_fpregs(struct thread *td, struct fpreg *fpregs) 176 { 177 178 PROC_ACTION(set_fpregs(td, fpregs)); 179 } 180 181 #ifdef COMPAT_FREEBSD32 182 /* For 32 bit binaries, we need to expose the 32 bit regs layouts. */ 183 int 184 proc_read_regs32(struct thread *td, struct reg32 *regs32) 185 { 186 187 PROC_ACTION(fill_regs32(td, regs32)); 188 } 189 190 int 191 proc_write_regs32(struct thread *td, struct reg32 *regs32) 192 { 193 194 PROC_ACTION(set_regs32(td, regs32)); 195 } 196 197 int 198 proc_read_dbregs32(struct thread *td, struct dbreg32 *dbregs32) 199 { 200 201 PROC_ACTION(fill_dbregs32(td, dbregs32)); 202 } 203 204 int 205 proc_write_dbregs32(struct thread *td, struct dbreg32 *dbregs32) 206 { 207 208 PROC_ACTION(set_dbregs32(td, dbregs32)); 209 } 210 211 int 212 proc_read_fpregs32(struct thread *td, struct fpreg32 *fpregs32) 213 { 214 215 PROC_ACTION(fill_fpregs32(td, fpregs32)); 216 } 217 218 int 219 proc_write_fpregs32(struct thread *td, struct fpreg32 *fpregs32) 220 { 221 222 PROC_ACTION(set_fpregs32(td, fpregs32)); 223 } 224 #endif 225 226 int 227 proc_sstep(struct thread *td) 228 { 229 230 PROC_ACTION(ptrace_single_step(td)); 231 } 232 233 int 234 proc_rwmem(struct proc *p, struct uio *uio) 235 { 236 vm_map_t map; 237 vm_offset_t pageno; /* page number */ 238 vm_prot_t reqprot; 239 int error, fault_flags, page_offset, writing; 240 241 /* 242 * Assert that someone has locked this vmspace. (Should be 243 * curthread but we can't assert that.) This keeps the process 244 * from exiting out from under us until this operation completes. 245 */ 246 PROC_ASSERT_HELD(p); 247 PROC_LOCK_ASSERT(p, MA_NOTOWNED); 248 249 /* 250 * The map we want... 251 */ 252 map = &p->p_vmspace->vm_map; 253 254 /* 255 * If we are writing, then we request vm_fault() to create a private 256 * copy of each page. Since these copies will not be writeable by the 257 * process, we must explicity request that they be dirtied. 258 */ 259 writing = uio->uio_rw == UIO_WRITE; 260 reqprot = writing ? VM_PROT_COPY | VM_PROT_READ : VM_PROT_READ; 261 fault_flags = writing ? VM_FAULT_DIRTY : VM_FAULT_NORMAL; 262 263 /* 264 * Only map in one page at a time. We don't have to, but it 265 * makes things easier. This way is trivial - right? 266 */ 267 do { 268 vm_offset_t uva; 269 u_int len; 270 vm_page_t m; 271 272 uva = (vm_offset_t)uio->uio_offset; 273 274 /* 275 * Get the page number of this segment. 276 */ 277 pageno = trunc_page(uva); 278 page_offset = uva - pageno; 279 280 /* 281 * How many bytes to copy 282 */ 283 len = min(PAGE_SIZE - page_offset, uio->uio_resid); 284 285 /* 286 * Fault and hold the page on behalf of the process. 287 */ 288 error = vm_fault(map, pageno, reqprot, fault_flags, &m); 289 if (error != KERN_SUCCESS) { 290 if (error == KERN_RESOURCE_SHORTAGE) 291 error = ENOMEM; 292 else 293 error = EFAULT; 294 break; 295 } 296 297 /* 298 * Now do the i/o move. 299 */ 300 error = uiomove_fromphys(&m, page_offset, len, uio); 301 302 /* Make the I-cache coherent for breakpoints. */ 303 if (writing && error == 0) { 304 vm_map_lock_read(map); 305 if (vm_map_check_protection(map, pageno, pageno + 306 PAGE_SIZE, VM_PROT_EXECUTE)) 307 vm_sync_icache(map, uva, len); 308 vm_map_unlock_read(map); 309 } 310 311 /* 312 * Release the page. 313 */ 314 vm_page_unwire(m, PQ_ACTIVE); 315 316 } while (error == 0 && uio->uio_resid > 0); 317 318 return (error); 319 } 320 321 static ssize_t 322 proc_iop(struct thread *td, struct proc *p, vm_offset_t va, void *buf, 323 size_t len, enum uio_rw rw) 324 { 325 struct iovec iov; 326 struct uio uio; 327 ssize_t slen; 328 329 MPASS(len < SSIZE_MAX); 330 slen = (ssize_t)len; 331 332 iov.iov_base = (caddr_t)buf; 333 iov.iov_len = len; 334 uio.uio_iov = &iov; 335 uio.uio_iovcnt = 1; 336 uio.uio_offset = va; 337 uio.uio_resid = slen; 338 uio.uio_segflg = UIO_SYSSPACE; 339 uio.uio_rw = rw; 340 uio.uio_td = td; 341 proc_rwmem(p, &uio); 342 if (uio.uio_resid == slen) 343 return (-1); 344 return (slen - uio.uio_resid); 345 } 346 347 ssize_t 348 proc_readmem(struct thread *td, struct proc *p, vm_offset_t va, void *buf, 349 size_t len) 350 { 351 352 return (proc_iop(td, p, va, buf, len, UIO_READ)); 353 } 354 355 ssize_t 356 proc_writemem(struct thread *td, struct proc *p, vm_offset_t va, void *buf, 357 size_t len) 358 { 359 360 return (proc_iop(td, p, va, buf, len, UIO_WRITE)); 361 } 362 363 static int 364 ptrace_vm_entry(struct thread *td, struct proc *p, struct ptrace_vm_entry *pve) 365 { 366 struct vattr vattr; 367 vm_map_t map; 368 vm_map_entry_t entry; 369 vm_object_t obj, tobj, lobj; 370 struct vmspace *vm; 371 struct vnode *vp; 372 char *freepath, *fullpath; 373 u_int pathlen; 374 int error, index; 375 376 error = 0; 377 obj = NULL; 378 379 vm = vmspace_acquire_ref(p); 380 map = &vm->vm_map; 381 vm_map_lock_read(map); 382 383 do { 384 KASSERT((map->header.eflags & MAP_ENTRY_IS_SUB_MAP) == 0, 385 ("Submap in map header")); 386 index = 0; 387 VM_MAP_ENTRY_FOREACH(entry, map) { 388 if (index >= pve->pve_entry && 389 (entry->eflags & MAP_ENTRY_IS_SUB_MAP) == 0) 390 break; 391 index++; 392 } 393 if (index < pve->pve_entry) { 394 error = EINVAL; 395 break; 396 } 397 if (entry == &map->header) { 398 error = ENOENT; 399 break; 400 } 401 402 /* We got an entry. */ 403 pve->pve_entry = index + 1; 404 pve->pve_timestamp = map->timestamp; 405 pve->pve_start = entry->start; 406 pve->pve_end = entry->end - 1; 407 pve->pve_offset = entry->offset; 408 pve->pve_prot = entry->protection; 409 410 /* Backing object's path needed? */ 411 if (pve->pve_pathlen == 0) 412 break; 413 414 pathlen = pve->pve_pathlen; 415 pve->pve_pathlen = 0; 416 417 obj = entry->object.vm_object; 418 if (obj != NULL) 419 VM_OBJECT_RLOCK(obj); 420 } while (0); 421 422 vm_map_unlock_read(map); 423 424 pve->pve_fsid = VNOVAL; 425 pve->pve_fileid = VNOVAL; 426 427 if (error == 0 && obj != NULL) { 428 lobj = obj; 429 for (tobj = obj; tobj != NULL; tobj = tobj->backing_object) { 430 if (tobj != obj) 431 VM_OBJECT_RLOCK(tobj); 432 if (lobj != obj) 433 VM_OBJECT_RUNLOCK(lobj); 434 lobj = tobj; 435 pve->pve_offset += tobj->backing_object_offset; 436 } 437 vp = vm_object_vnode(lobj); 438 if (vp != NULL) 439 vref(vp); 440 if (lobj != obj) 441 VM_OBJECT_RUNLOCK(lobj); 442 VM_OBJECT_RUNLOCK(obj); 443 444 if (vp != NULL) { 445 freepath = NULL; 446 fullpath = NULL; 447 vn_fullpath(td, vp, &fullpath, &freepath); 448 vn_lock(vp, LK_SHARED | LK_RETRY); 449 if (VOP_GETATTR(vp, &vattr, td->td_ucred) == 0) { 450 pve->pve_fileid = vattr.va_fileid; 451 pve->pve_fsid = vattr.va_fsid; 452 } 453 vput(vp); 454 455 if (fullpath != NULL) { 456 pve->pve_pathlen = strlen(fullpath) + 1; 457 if (pve->pve_pathlen <= pathlen) { 458 error = copyout(fullpath, pve->pve_path, 459 pve->pve_pathlen); 460 } else 461 error = ENAMETOOLONG; 462 } 463 if (freepath != NULL) 464 free(freepath, M_TEMP); 465 } 466 } 467 vmspace_free(vm); 468 if (error == 0) 469 CTR3(KTR_PTRACE, "PT_VM_ENTRY: pid %d, entry %d, start %p", 470 p->p_pid, pve->pve_entry, pve->pve_start); 471 472 return (error); 473 } 474 475 #ifdef COMPAT_FREEBSD32 476 static int 477 ptrace_vm_entry32(struct thread *td, struct proc *p, 478 struct ptrace_vm_entry32 *pve32) 479 { 480 struct ptrace_vm_entry pve; 481 int error; 482 483 pve.pve_entry = pve32->pve_entry; 484 pve.pve_pathlen = pve32->pve_pathlen; 485 pve.pve_path = (void *)(uintptr_t)pve32->pve_path; 486 487 error = ptrace_vm_entry(td, p, &pve); 488 if (error == 0) { 489 pve32->pve_entry = pve.pve_entry; 490 pve32->pve_timestamp = pve.pve_timestamp; 491 pve32->pve_start = pve.pve_start; 492 pve32->pve_end = pve.pve_end; 493 pve32->pve_offset = pve.pve_offset; 494 pve32->pve_prot = pve.pve_prot; 495 pve32->pve_fileid = pve.pve_fileid; 496 pve32->pve_fsid = pve.pve_fsid; 497 } 498 499 pve32->pve_pathlen = pve.pve_pathlen; 500 return (error); 501 } 502 503 static void 504 ptrace_lwpinfo_to32(const struct ptrace_lwpinfo *pl, 505 struct ptrace_lwpinfo32 *pl32) 506 { 507 508 bzero(pl32, sizeof(*pl32)); 509 pl32->pl_lwpid = pl->pl_lwpid; 510 pl32->pl_event = pl->pl_event; 511 pl32->pl_flags = pl->pl_flags; 512 pl32->pl_sigmask = pl->pl_sigmask; 513 pl32->pl_siglist = pl->pl_siglist; 514 siginfo_to_siginfo32(&pl->pl_siginfo, &pl32->pl_siginfo); 515 strcpy(pl32->pl_tdname, pl->pl_tdname); 516 pl32->pl_child_pid = pl->pl_child_pid; 517 pl32->pl_syscall_code = pl->pl_syscall_code; 518 pl32->pl_syscall_narg = pl->pl_syscall_narg; 519 } 520 521 static void 522 ptrace_sc_ret_to32(const struct ptrace_sc_ret *psr, 523 struct ptrace_sc_ret32 *psr32) 524 { 525 526 bzero(psr32, sizeof(*psr32)); 527 psr32->sr_retval[0] = psr->sr_retval[0]; 528 psr32->sr_retval[1] = psr->sr_retval[1]; 529 psr32->sr_error = psr->sr_error; 530 } 531 #endif /* COMPAT_FREEBSD32 */ 532 533 /* 534 * Process debugging system call. 535 */ 536 #ifndef _SYS_SYSPROTO_H_ 537 struct ptrace_args { 538 int req; 539 pid_t pid; 540 caddr_t addr; 541 int data; 542 }; 543 #endif 544 545 #ifdef COMPAT_FREEBSD32 546 /* 547 * This CPP subterfuge is to try and reduce the number of ifdefs in 548 * the body of the code. 549 * COPYIN(uap->addr, &r.reg, sizeof r.reg); 550 * becomes either: 551 * copyin(uap->addr, &r.reg, sizeof r.reg); 552 * or 553 * copyin(uap->addr, &r.reg32, sizeof r.reg32); 554 * .. except this is done at runtime. 555 */ 556 #define BZERO(a, s) wrap32 ? \ 557 bzero(a ## 32, s ## 32) : \ 558 bzero(a, s) 559 #define COPYIN(u, k, s) wrap32 ? \ 560 copyin(u, k ## 32, s ## 32) : \ 561 copyin(u, k, s) 562 #define COPYOUT(k, u, s) wrap32 ? \ 563 copyout(k ## 32, u, s ## 32) : \ 564 copyout(k, u, s) 565 #else 566 #define BZERO(a, s) bzero(a, s) 567 #define COPYIN(u, k, s) copyin(u, k, s) 568 #define COPYOUT(k, u, s) copyout(k, u, s) 569 #endif 570 int 571 sys_ptrace(struct thread *td, struct ptrace_args *uap) 572 { 573 /* 574 * XXX this obfuscation is to reduce stack usage, but the register 575 * structs may be too large to put on the stack anyway. 576 */ 577 union { 578 struct ptrace_io_desc piod; 579 struct ptrace_lwpinfo pl; 580 struct ptrace_vm_entry pve; 581 struct dbreg dbreg; 582 struct fpreg fpreg; 583 struct reg reg; 584 #ifdef COMPAT_FREEBSD32 585 struct dbreg32 dbreg32; 586 struct fpreg32 fpreg32; 587 struct reg32 reg32; 588 struct ptrace_io_desc32 piod32; 589 struct ptrace_lwpinfo32 pl32; 590 struct ptrace_vm_entry32 pve32; 591 #endif 592 char args[sizeof(td->td_sa.args)]; 593 struct ptrace_sc_ret psr; 594 int ptevents; 595 } r; 596 void *addr; 597 int error = 0; 598 #ifdef COMPAT_FREEBSD32 599 int wrap32 = 0; 600 601 if (SV_CURPROC_FLAG(SV_ILP32)) 602 wrap32 = 1; 603 #endif 604 AUDIT_ARG_PID(uap->pid); 605 AUDIT_ARG_CMD(uap->req); 606 AUDIT_ARG_VALUE(uap->data); 607 addr = &r; 608 switch (uap->req) { 609 case PT_GET_EVENT_MASK: 610 case PT_LWPINFO: 611 case PT_GET_SC_ARGS: 612 case PT_GET_SC_RET: 613 break; 614 case PT_GETREGS: 615 BZERO(&r.reg, sizeof r.reg); 616 break; 617 case PT_GETFPREGS: 618 BZERO(&r.fpreg, sizeof r.fpreg); 619 break; 620 case PT_GETDBREGS: 621 BZERO(&r.dbreg, sizeof r.dbreg); 622 break; 623 case PT_SETREGS: 624 error = COPYIN(uap->addr, &r.reg, sizeof r.reg); 625 break; 626 case PT_SETFPREGS: 627 error = COPYIN(uap->addr, &r.fpreg, sizeof r.fpreg); 628 break; 629 case PT_SETDBREGS: 630 error = COPYIN(uap->addr, &r.dbreg, sizeof r.dbreg); 631 break; 632 case PT_SET_EVENT_MASK: 633 if (uap->data != sizeof(r.ptevents)) 634 error = EINVAL; 635 else 636 error = copyin(uap->addr, &r.ptevents, uap->data); 637 break; 638 case PT_IO: 639 error = COPYIN(uap->addr, &r.piod, sizeof r.piod); 640 break; 641 case PT_VM_ENTRY: 642 error = COPYIN(uap->addr, &r.pve, sizeof r.pve); 643 break; 644 default: 645 addr = uap->addr; 646 break; 647 } 648 if (error) 649 return (error); 650 651 error = kern_ptrace(td, uap->req, uap->pid, addr, uap->data); 652 if (error) 653 return (error); 654 655 switch (uap->req) { 656 case PT_VM_ENTRY: 657 error = COPYOUT(&r.pve, uap->addr, sizeof r.pve); 658 break; 659 case PT_IO: 660 error = COPYOUT(&r.piod, uap->addr, sizeof r.piod); 661 break; 662 case PT_GETREGS: 663 error = COPYOUT(&r.reg, uap->addr, sizeof r.reg); 664 break; 665 case PT_GETFPREGS: 666 error = COPYOUT(&r.fpreg, uap->addr, sizeof r.fpreg); 667 break; 668 case PT_GETDBREGS: 669 error = COPYOUT(&r.dbreg, uap->addr, sizeof r.dbreg); 670 break; 671 case PT_GET_EVENT_MASK: 672 /* NB: The size in uap->data is validated in kern_ptrace(). */ 673 error = copyout(&r.ptevents, uap->addr, uap->data); 674 break; 675 case PT_LWPINFO: 676 /* NB: The size in uap->data is validated in kern_ptrace(). */ 677 error = copyout(&r.pl, uap->addr, uap->data); 678 break; 679 case PT_GET_SC_ARGS: 680 error = copyout(r.args, uap->addr, MIN(uap->data, 681 sizeof(r.args))); 682 break; 683 case PT_GET_SC_RET: 684 error = copyout(&r.psr, uap->addr, MIN(uap->data, 685 sizeof(r.psr))); 686 break; 687 } 688 689 return (error); 690 } 691 #undef COPYIN 692 #undef COPYOUT 693 #undef BZERO 694 695 #ifdef COMPAT_FREEBSD32 696 /* 697 * PROC_READ(regs, td2, addr); 698 * becomes either: 699 * proc_read_regs(td2, addr); 700 * or 701 * proc_read_regs32(td2, addr); 702 * .. except this is done at runtime. There is an additional 703 * complication in that PROC_WRITE disallows 32 bit consumers 704 * from writing to 64 bit address space targets. 705 */ 706 #define PROC_READ(w, t, a) wrap32 ? \ 707 proc_read_ ## w ## 32(t, a) : \ 708 proc_read_ ## w (t, a) 709 #define PROC_WRITE(w, t, a) wrap32 ? \ 710 (safe ? proc_write_ ## w ## 32(t, a) : EINVAL ) : \ 711 proc_write_ ## w (t, a) 712 #else 713 #define PROC_READ(w, t, a) proc_read_ ## w (t, a) 714 #define PROC_WRITE(w, t, a) proc_write_ ## w (t, a) 715 #endif 716 717 void 718 proc_set_traced(struct proc *p, bool stop) 719 { 720 721 sx_assert(&proctree_lock, SX_XLOCKED); 722 PROC_LOCK_ASSERT(p, MA_OWNED); 723 p->p_flag |= P_TRACED; 724 if (stop) 725 p->p_flag2 |= P2_PTRACE_FSTP; 726 p->p_ptevents = PTRACE_DEFAULT; 727 } 728 729 int 730 kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data) 731 { 732 struct iovec iov; 733 struct uio uio; 734 struct proc *curp, *p, *pp; 735 struct thread *td2 = NULL, *td3; 736 struct ptrace_io_desc *piod = NULL; 737 struct ptrace_lwpinfo *pl; 738 struct ptrace_sc_ret *psr; 739 int error, num, tmp; 740 int proctree_locked = 0; 741 lwpid_t tid = 0, *buf; 742 #ifdef COMPAT_FREEBSD32 743 int wrap32 = 0, safe = 0; 744 struct ptrace_io_desc32 *piod32 = NULL; 745 struct ptrace_lwpinfo32 *pl32 = NULL; 746 struct ptrace_sc_ret32 *psr32 = NULL; 747 union { 748 struct ptrace_lwpinfo pl; 749 struct ptrace_sc_ret psr; 750 } r; 751 #endif 752 753 curp = td->td_proc; 754 755 /* Lock proctree before locking the process. */ 756 switch (req) { 757 case PT_TRACE_ME: 758 case PT_ATTACH: 759 case PT_STEP: 760 case PT_CONTINUE: 761 case PT_TO_SCE: 762 case PT_TO_SCX: 763 case PT_SYSCALL: 764 case PT_FOLLOW_FORK: 765 case PT_LWP_EVENTS: 766 case PT_GET_EVENT_MASK: 767 case PT_SET_EVENT_MASK: 768 case PT_DETACH: 769 case PT_GET_SC_ARGS: 770 sx_xlock(&proctree_lock); 771 proctree_locked = 1; 772 break; 773 default: 774 break; 775 } 776 777 if (req == PT_TRACE_ME) { 778 p = td->td_proc; 779 PROC_LOCK(p); 780 } else { 781 if (pid <= PID_MAX) { 782 if ((p = pfind(pid)) == NULL) { 783 if (proctree_locked) 784 sx_xunlock(&proctree_lock); 785 return (ESRCH); 786 } 787 } else { 788 td2 = tdfind(pid, -1); 789 if (td2 == NULL) { 790 if (proctree_locked) 791 sx_xunlock(&proctree_lock); 792 return (ESRCH); 793 } 794 p = td2->td_proc; 795 tid = pid; 796 pid = p->p_pid; 797 } 798 } 799 AUDIT_ARG_PROCESS(p); 800 801 if ((p->p_flag & P_WEXIT) != 0) { 802 error = ESRCH; 803 goto fail; 804 } 805 if ((error = p_cansee(td, p)) != 0) 806 goto fail; 807 808 if ((error = p_candebug(td, p)) != 0) 809 goto fail; 810 811 /* 812 * System processes can't be debugged. 813 */ 814 if ((p->p_flag & P_SYSTEM) != 0) { 815 error = EINVAL; 816 goto fail; 817 } 818 819 if (tid == 0) { 820 if ((p->p_flag & P_STOPPED_TRACE) != 0) { 821 KASSERT(p->p_xthread != NULL, ("NULL p_xthread")); 822 td2 = p->p_xthread; 823 } else { 824 td2 = FIRST_THREAD_IN_PROC(p); 825 } 826 tid = td2->td_tid; 827 } 828 829 #ifdef COMPAT_FREEBSD32 830 /* 831 * Test if we're a 32 bit client and what the target is. 832 * Set the wrap controls accordingly. 833 */ 834 if (SV_CURPROC_FLAG(SV_ILP32)) { 835 if (SV_PROC_FLAG(td2->td_proc, SV_ILP32)) 836 safe = 1; 837 wrap32 = 1; 838 } 839 #endif 840 /* 841 * Permissions check 842 */ 843 switch (req) { 844 case PT_TRACE_ME: 845 /* 846 * Always legal, when there is a parent process which 847 * could trace us. Otherwise, reject. 848 */ 849 if ((p->p_flag & P_TRACED) != 0) { 850 error = EBUSY; 851 goto fail; 852 } 853 if (p->p_pptr == initproc) { 854 error = EPERM; 855 goto fail; 856 } 857 break; 858 859 case PT_ATTACH: 860 /* Self */ 861 if (p == td->td_proc) { 862 error = EINVAL; 863 goto fail; 864 } 865 866 /* Already traced */ 867 if (p->p_flag & P_TRACED) { 868 error = EBUSY; 869 goto fail; 870 } 871 872 /* Can't trace an ancestor if you're being traced. */ 873 if (curp->p_flag & P_TRACED) { 874 for (pp = curp->p_pptr; pp != NULL; pp = pp->p_pptr) { 875 if (pp == p) { 876 error = EINVAL; 877 goto fail; 878 } 879 } 880 } 881 882 /* OK */ 883 break; 884 885 case PT_CLEARSTEP: 886 /* Allow thread to clear single step for itself */ 887 if (td->td_tid == tid) 888 break; 889 890 /* FALLTHROUGH */ 891 default: 892 /* not being traced... */ 893 if ((p->p_flag & P_TRACED) == 0) { 894 error = EPERM; 895 goto fail; 896 } 897 898 /* not being traced by YOU */ 899 if (p->p_pptr != td->td_proc) { 900 error = EBUSY; 901 goto fail; 902 } 903 904 /* not currently stopped */ 905 if ((p->p_flag & P_STOPPED_TRACE) == 0 || 906 p->p_suspcount != p->p_numthreads || 907 (p->p_flag & P_WAITED) == 0) { 908 error = EBUSY; 909 goto fail; 910 } 911 912 /* OK */ 913 break; 914 } 915 916 /* Keep this process around until we finish this request. */ 917 _PHOLD(p); 918 919 #ifdef FIX_SSTEP 920 /* 921 * Single step fixup ala procfs 922 */ 923 FIX_SSTEP(td2); 924 #endif 925 926 /* 927 * Actually do the requests 928 */ 929 930 td->td_retval[0] = 0; 931 932 switch (req) { 933 case PT_TRACE_ME: 934 /* set my trace flag and "owner" so it can read/write me */ 935 proc_set_traced(p, false); 936 if (p->p_flag & P_PPWAIT) 937 p->p_flag |= P_PPTRACE; 938 CTR1(KTR_PTRACE, "PT_TRACE_ME: pid %d", p->p_pid); 939 break; 940 941 case PT_ATTACH: 942 /* security check done above */ 943 /* 944 * It would be nice if the tracing relationship was separate 945 * from the parent relationship but that would require 946 * another set of links in the proc struct or for "wait" 947 * to scan the entire proc table. To make life easier, 948 * we just re-parent the process we're trying to trace. 949 * The old parent is remembered so we can put things back 950 * on a "detach". 951 */ 952 proc_set_traced(p, true); 953 proc_reparent(p, td->td_proc, false); 954 CTR2(KTR_PTRACE, "PT_ATTACH: pid %d, oppid %d", p->p_pid, 955 p->p_oppid); 956 957 sx_xunlock(&proctree_lock); 958 proctree_locked = 0; 959 MPASS(p->p_xthread == NULL); 960 MPASS((p->p_flag & P_STOPPED_TRACE) == 0); 961 962 /* 963 * If already stopped due to a stop signal, clear the 964 * existing stop before triggering a traced SIGSTOP. 965 */ 966 if ((p->p_flag & P_STOPPED_SIG) != 0) { 967 PROC_SLOCK(p); 968 p->p_flag &= ~(P_STOPPED_SIG | P_WAITED); 969 thread_unsuspend(p); 970 PROC_SUNLOCK(p); 971 } 972 973 kern_psignal(p, SIGSTOP); 974 break; 975 976 case PT_CLEARSTEP: 977 CTR2(KTR_PTRACE, "PT_CLEARSTEP: tid %d (pid %d)", td2->td_tid, 978 p->p_pid); 979 error = ptrace_clear_single_step(td2); 980 break; 981 982 case PT_SETSTEP: 983 CTR2(KTR_PTRACE, "PT_SETSTEP: tid %d (pid %d)", td2->td_tid, 984 p->p_pid); 985 error = ptrace_single_step(td2); 986 break; 987 988 case PT_SUSPEND: 989 CTR2(KTR_PTRACE, "PT_SUSPEND: tid %d (pid %d)", td2->td_tid, 990 p->p_pid); 991 td2->td_dbgflags |= TDB_SUSPEND; 992 thread_lock(td2); 993 td2->td_flags |= TDF_NEEDSUSPCHK; 994 thread_unlock(td2); 995 break; 996 997 case PT_RESUME: 998 CTR2(KTR_PTRACE, "PT_RESUME: tid %d (pid %d)", td2->td_tid, 999 p->p_pid); 1000 td2->td_dbgflags &= ~TDB_SUSPEND; 1001 break; 1002 1003 case PT_FOLLOW_FORK: 1004 CTR3(KTR_PTRACE, "PT_FOLLOW_FORK: pid %d %s -> %s", p->p_pid, 1005 p->p_ptevents & PTRACE_FORK ? "enabled" : "disabled", 1006 data ? "enabled" : "disabled"); 1007 if (data) 1008 p->p_ptevents |= PTRACE_FORK; 1009 else 1010 p->p_ptevents &= ~PTRACE_FORK; 1011 break; 1012 1013 case PT_LWP_EVENTS: 1014 CTR3(KTR_PTRACE, "PT_LWP_EVENTS: pid %d %s -> %s", p->p_pid, 1015 p->p_ptevents & PTRACE_LWP ? "enabled" : "disabled", 1016 data ? "enabled" : "disabled"); 1017 if (data) 1018 p->p_ptevents |= PTRACE_LWP; 1019 else 1020 p->p_ptevents &= ~PTRACE_LWP; 1021 break; 1022 1023 case PT_GET_EVENT_MASK: 1024 if (data != sizeof(p->p_ptevents)) { 1025 error = EINVAL; 1026 break; 1027 } 1028 CTR2(KTR_PTRACE, "PT_GET_EVENT_MASK: pid %d mask %#x", p->p_pid, 1029 p->p_ptevents); 1030 *(int *)addr = p->p_ptevents; 1031 break; 1032 1033 case PT_SET_EVENT_MASK: 1034 if (data != sizeof(p->p_ptevents)) { 1035 error = EINVAL; 1036 break; 1037 } 1038 tmp = *(int *)addr; 1039 if ((tmp & ~(PTRACE_EXEC | PTRACE_SCE | PTRACE_SCX | 1040 PTRACE_FORK | PTRACE_LWP | PTRACE_VFORK)) != 0) { 1041 error = EINVAL; 1042 break; 1043 } 1044 CTR3(KTR_PTRACE, "PT_SET_EVENT_MASK: pid %d mask %#x -> %#x", 1045 p->p_pid, p->p_ptevents, tmp); 1046 p->p_ptevents = tmp; 1047 break; 1048 1049 case PT_GET_SC_ARGS: 1050 CTR1(KTR_PTRACE, "PT_GET_SC_ARGS: pid %d", p->p_pid); 1051 if ((td2->td_dbgflags & (TDB_SCE | TDB_SCX)) == 0 1052 #ifdef COMPAT_FREEBSD32 1053 || (wrap32 && !safe) 1054 #endif 1055 ) { 1056 error = EINVAL; 1057 break; 1058 } 1059 bzero(addr, sizeof(td2->td_sa.args)); 1060 #ifdef COMPAT_FREEBSD32 1061 if (wrap32) 1062 for (num = 0; num < nitems(td2->td_sa.args); num++) 1063 ((uint32_t *)addr)[num] = (uint32_t) 1064 td2->td_sa.args[num]; 1065 else 1066 #endif 1067 bcopy(td2->td_sa.args, addr, td2->td_sa.narg * 1068 sizeof(register_t)); 1069 break; 1070 1071 case PT_GET_SC_RET: 1072 if ((td2->td_dbgflags & (TDB_SCX)) == 0 1073 #ifdef COMPAT_FREEBSD32 1074 || (wrap32 && !safe) 1075 #endif 1076 ) { 1077 error = EINVAL; 1078 break; 1079 } 1080 #ifdef COMPAT_FREEBSD32 1081 if (wrap32) { 1082 psr = &r.psr; 1083 psr32 = addr; 1084 } else 1085 #endif 1086 psr = addr; 1087 bzero(psr, sizeof(*psr)); 1088 psr->sr_error = td2->td_errno; 1089 if (psr->sr_error == 0) { 1090 psr->sr_retval[0] = td2->td_retval[0]; 1091 psr->sr_retval[1] = td2->td_retval[1]; 1092 } 1093 #ifdef COMPAT_FREEBSD32 1094 if (wrap32) 1095 ptrace_sc_ret_to32(psr, psr32); 1096 #endif 1097 CTR4(KTR_PTRACE, 1098 "PT_GET_SC_RET: pid %d error %d retval %#lx,%#lx", 1099 p->p_pid, psr->sr_error, psr->sr_retval[0], 1100 psr->sr_retval[1]); 1101 break; 1102 1103 case PT_STEP: 1104 case PT_CONTINUE: 1105 case PT_TO_SCE: 1106 case PT_TO_SCX: 1107 case PT_SYSCALL: 1108 case PT_DETACH: 1109 /* Zero means do not send any signal */ 1110 if (data < 0 || data > _SIG_MAXSIG) { 1111 error = EINVAL; 1112 break; 1113 } 1114 1115 switch (req) { 1116 case PT_STEP: 1117 CTR3(KTR_PTRACE, "PT_STEP: tid %d (pid %d), sig = %d", 1118 td2->td_tid, p->p_pid, data); 1119 error = ptrace_single_step(td2); 1120 if (error) 1121 goto out; 1122 break; 1123 case PT_CONTINUE: 1124 case PT_TO_SCE: 1125 case PT_TO_SCX: 1126 case PT_SYSCALL: 1127 if (addr != (void *)1) { 1128 error = ptrace_set_pc(td2, 1129 (u_long)(uintfptr_t)addr); 1130 if (error) 1131 goto out; 1132 } 1133 switch (req) { 1134 case PT_TO_SCE: 1135 p->p_ptevents |= PTRACE_SCE; 1136 CTR4(KTR_PTRACE, 1137 "PT_TO_SCE: pid %d, events = %#x, PC = %#lx, sig = %d", 1138 p->p_pid, p->p_ptevents, 1139 (u_long)(uintfptr_t)addr, data); 1140 break; 1141 case PT_TO_SCX: 1142 p->p_ptevents |= PTRACE_SCX; 1143 CTR4(KTR_PTRACE, 1144 "PT_TO_SCX: pid %d, events = %#x, PC = %#lx, sig = %d", 1145 p->p_pid, p->p_ptevents, 1146 (u_long)(uintfptr_t)addr, data); 1147 break; 1148 case PT_SYSCALL: 1149 p->p_ptevents |= PTRACE_SYSCALL; 1150 CTR4(KTR_PTRACE, 1151 "PT_SYSCALL: pid %d, events = %#x, PC = %#lx, sig = %d", 1152 p->p_pid, p->p_ptevents, 1153 (u_long)(uintfptr_t)addr, data); 1154 break; 1155 case PT_CONTINUE: 1156 CTR3(KTR_PTRACE, 1157 "PT_CONTINUE: pid %d, PC = %#lx, sig = %d", 1158 p->p_pid, (u_long)(uintfptr_t)addr, data); 1159 break; 1160 } 1161 break; 1162 case PT_DETACH: 1163 /* 1164 * Reset the process parent. 1165 * 1166 * NB: This clears P_TRACED before reparenting 1167 * a detached process back to its original 1168 * parent. Otherwise the debugee will be set 1169 * as an orphan of the debugger. 1170 */ 1171 p->p_flag &= ~(P_TRACED | P_WAITED); 1172 if (p->p_oppid != p->p_pptr->p_pid) { 1173 PROC_LOCK(p->p_pptr); 1174 sigqueue_take(p->p_ksi); 1175 PROC_UNLOCK(p->p_pptr); 1176 1177 pp = proc_realparent(p); 1178 proc_reparent(p, pp, false); 1179 if (pp == initproc) 1180 p->p_sigparent = SIGCHLD; 1181 CTR3(KTR_PTRACE, 1182 "PT_DETACH: pid %d reparented to pid %d, sig %d", 1183 p->p_pid, pp->p_pid, data); 1184 } else 1185 CTR2(KTR_PTRACE, "PT_DETACH: pid %d, sig %d", 1186 p->p_pid, data); 1187 p->p_ptevents = 0; 1188 FOREACH_THREAD_IN_PROC(p, td3) { 1189 if ((td3->td_dbgflags & TDB_FSTP) != 0) { 1190 sigqueue_delete(&td3->td_sigqueue, 1191 SIGSTOP); 1192 } 1193 td3->td_dbgflags &= ~(TDB_XSIG | TDB_FSTP | 1194 TDB_SUSPEND); 1195 } 1196 1197 if ((p->p_flag2 & P2_PTRACE_FSTP) != 0) { 1198 sigqueue_delete(&p->p_sigqueue, SIGSTOP); 1199 p->p_flag2 &= ~P2_PTRACE_FSTP; 1200 } 1201 1202 /* should we send SIGCHLD? */ 1203 /* childproc_continued(p); */ 1204 break; 1205 } 1206 1207 sx_xunlock(&proctree_lock); 1208 proctree_locked = 0; 1209 1210 sendsig: 1211 MPASS(proctree_locked == 0); 1212 1213 /* 1214 * Clear the pending event for the thread that just 1215 * reported its event (p_xthread). This may not be 1216 * the thread passed to PT_CONTINUE, PT_STEP, etc. if 1217 * the debugger is resuming a different thread. 1218 * 1219 * Deliver any pending signal via the reporting thread. 1220 */ 1221 MPASS(p->p_xthread != NULL); 1222 p->p_xthread->td_dbgflags &= ~TDB_XSIG; 1223 p->p_xthread->td_xsig = data; 1224 p->p_xthread = NULL; 1225 p->p_xsig = data; 1226 1227 /* 1228 * P_WKILLED is insurance that a PT_KILL/SIGKILL 1229 * always works immediately, even if another thread is 1230 * unsuspended first and attempts to handle a 1231 * different signal or if the POSIX.1b style signal 1232 * queue cannot accommodate any new signals. 1233 */ 1234 if (data == SIGKILL) 1235 proc_wkilled(p); 1236 1237 /* 1238 * Unsuspend all threads. To leave a thread 1239 * suspended, use PT_SUSPEND to suspend it before 1240 * continuing the process. 1241 */ 1242 PROC_SLOCK(p); 1243 p->p_flag &= ~(P_STOPPED_TRACE | P_STOPPED_SIG | P_WAITED); 1244 thread_unsuspend(p); 1245 PROC_SUNLOCK(p); 1246 break; 1247 1248 case PT_WRITE_I: 1249 case PT_WRITE_D: 1250 td2->td_dbgflags |= TDB_USERWR; 1251 PROC_UNLOCK(p); 1252 error = 0; 1253 if (proc_writemem(td, p, (off_t)(uintptr_t)addr, &data, 1254 sizeof(int)) != sizeof(int)) 1255 error = ENOMEM; 1256 else 1257 CTR3(KTR_PTRACE, "PT_WRITE: pid %d: %p <= %#x", 1258 p->p_pid, addr, data); 1259 PROC_LOCK(p); 1260 break; 1261 1262 case PT_READ_I: 1263 case PT_READ_D: 1264 PROC_UNLOCK(p); 1265 error = tmp = 0; 1266 if (proc_readmem(td, p, (off_t)(uintptr_t)addr, &tmp, 1267 sizeof(int)) != sizeof(int)) 1268 error = ENOMEM; 1269 else 1270 CTR3(KTR_PTRACE, "PT_READ: pid %d: %p >= %#x", 1271 p->p_pid, addr, tmp); 1272 td->td_retval[0] = tmp; 1273 PROC_LOCK(p); 1274 break; 1275 1276 case PT_IO: 1277 #ifdef COMPAT_FREEBSD32 1278 if (wrap32) { 1279 piod32 = addr; 1280 iov.iov_base = (void *)(uintptr_t)piod32->piod_addr; 1281 iov.iov_len = piod32->piod_len; 1282 uio.uio_offset = (off_t)(uintptr_t)piod32->piod_offs; 1283 uio.uio_resid = piod32->piod_len; 1284 } else 1285 #endif 1286 { 1287 piod = addr; 1288 iov.iov_base = piod->piod_addr; 1289 iov.iov_len = piod->piod_len; 1290 uio.uio_offset = (off_t)(uintptr_t)piod->piod_offs; 1291 uio.uio_resid = piod->piod_len; 1292 } 1293 uio.uio_iov = &iov; 1294 uio.uio_iovcnt = 1; 1295 uio.uio_segflg = UIO_USERSPACE; 1296 uio.uio_td = td; 1297 #ifdef COMPAT_FREEBSD32 1298 tmp = wrap32 ? piod32->piod_op : piod->piod_op; 1299 #else 1300 tmp = piod->piod_op; 1301 #endif 1302 switch (tmp) { 1303 case PIOD_READ_D: 1304 case PIOD_READ_I: 1305 CTR3(KTR_PTRACE, "PT_IO: pid %d: READ (%p, %#x)", 1306 p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid); 1307 uio.uio_rw = UIO_READ; 1308 break; 1309 case PIOD_WRITE_D: 1310 case PIOD_WRITE_I: 1311 CTR3(KTR_PTRACE, "PT_IO: pid %d: WRITE (%p, %#x)", 1312 p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid); 1313 td2->td_dbgflags |= TDB_USERWR; 1314 uio.uio_rw = UIO_WRITE; 1315 break; 1316 default: 1317 error = EINVAL; 1318 goto out; 1319 } 1320 PROC_UNLOCK(p); 1321 error = proc_rwmem(p, &uio); 1322 #ifdef COMPAT_FREEBSD32 1323 if (wrap32) 1324 piod32->piod_len -= uio.uio_resid; 1325 else 1326 #endif 1327 piod->piod_len -= uio.uio_resid; 1328 PROC_LOCK(p); 1329 break; 1330 1331 case PT_KILL: 1332 CTR1(KTR_PTRACE, "PT_KILL: pid %d", p->p_pid); 1333 data = SIGKILL; 1334 goto sendsig; /* in PT_CONTINUE above */ 1335 1336 case PT_SETREGS: 1337 CTR2(KTR_PTRACE, "PT_SETREGS: tid %d (pid %d)", td2->td_tid, 1338 p->p_pid); 1339 td2->td_dbgflags |= TDB_USERWR; 1340 error = PROC_WRITE(regs, td2, addr); 1341 break; 1342 1343 case PT_GETREGS: 1344 CTR2(KTR_PTRACE, "PT_GETREGS: tid %d (pid %d)", td2->td_tid, 1345 p->p_pid); 1346 error = PROC_READ(regs, td2, addr); 1347 break; 1348 1349 case PT_SETFPREGS: 1350 CTR2(KTR_PTRACE, "PT_SETFPREGS: tid %d (pid %d)", td2->td_tid, 1351 p->p_pid); 1352 td2->td_dbgflags |= TDB_USERWR; 1353 error = PROC_WRITE(fpregs, td2, addr); 1354 break; 1355 1356 case PT_GETFPREGS: 1357 CTR2(KTR_PTRACE, "PT_GETFPREGS: tid %d (pid %d)", td2->td_tid, 1358 p->p_pid); 1359 error = PROC_READ(fpregs, td2, addr); 1360 break; 1361 1362 case PT_SETDBREGS: 1363 CTR2(KTR_PTRACE, "PT_SETDBREGS: tid %d (pid %d)", td2->td_tid, 1364 p->p_pid); 1365 td2->td_dbgflags |= TDB_USERWR; 1366 error = PROC_WRITE(dbregs, td2, addr); 1367 break; 1368 1369 case PT_GETDBREGS: 1370 CTR2(KTR_PTRACE, "PT_GETDBREGS: tid %d (pid %d)", td2->td_tid, 1371 p->p_pid); 1372 error = PROC_READ(dbregs, td2, addr); 1373 break; 1374 1375 case PT_LWPINFO: 1376 if (data <= 0 || 1377 #ifdef COMPAT_FREEBSD32 1378 (!wrap32 && data > sizeof(*pl)) || 1379 (wrap32 && data > sizeof(*pl32))) { 1380 #else 1381 data > sizeof(*pl)) { 1382 #endif 1383 error = EINVAL; 1384 break; 1385 } 1386 #ifdef COMPAT_FREEBSD32 1387 if (wrap32) { 1388 pl = &r.pl; 1389 pl32 = addr; 1390 } else 1391 #endif 1392 pl = addr; 1393 bzero(pl, sizeof(*pl)); 1394 pl->pl_lwpid = td2->td_tid; 1395 pl->pl_event = PL_EVENT_NONE; 1396 pl->pl_flags = 0; 1397 if (td2->td_dbgflags & TDB_XSIG) { 1398 pl->pl_event = PL_EVENT_SIGNAL; 1399 if (td2->td_si.si_signo != 0 && 1400 #ifdef COMPAT_FREEBSD32 1401 ((!wrap32 && data >= offsetof(struct ptrace_lwpinfo, 1402 pl_siginfo) + sizeof(pl->pl_siginfo)) || 1403 (wrap32 && data >= offsetof(struct ptrace_lwpinfo32, 1404 pl_siginfo) + sizeof(struct siginfo32))) 1405 #else 1406 data >= offsetof(struct ptrace_lwpinfo, pl_siginfo) 1407 + sizeof(pl->pl_siginfo) 1408 #endif 1409 ){ 1410 pl->pl_flags |= PL_FLAG_SI; 1411 pl->pl_siginfo = td2->td_si; 1412 } 1413 } 1414 if (td2->td_dbgflags & TDB_SCE) 1415 pl->pl_flags |= PL_FLAG_SCE; 1416 else if (td2->td_dbgflags & TDB_SCX) 1417 pl->pl_flags |= PL_FLAG_SCX; 1418 if (td2->td_dbgflags & TDB_EXEC) 1419 pl->pl_flags |= PL_FLAG_EXEC; 1420 if (td2->td_dbgflags & TDB_FORK) { 1421 pl->pl_flags |= PL_FLAG_FORKED; 1422 pl->pl_child_pid = td2->td_dbg_forked; 1423 if (td2->td_dbgflags & TDB_VFORK) 1424 pl->pl_flags |= PL_FLAG_VFORKED; 1425 } else if ((td2->td_dbgflags & (TDB_SCX | TDB_VFORK)) == 1426 TDB_VFORK) 1427 pl->pl_flags |= PL_FLAG_VFORK_DONE; 1428 if (td2->td_dbgflags & TDB_CHILD) 1429 pl->pl_flags |= PL_FLAG_CHILD; 1430 if (td2->td_dbgflags & TDB_BORN) 1431 pl->pl_flags |= PL_FLAG_BORN; 1432 if (td2->td_dbgflags & TDB_EXIT) 1433 pl->pl_flags |= PL_FLAG_EXITED; 1434 pl->pl_sigmask = td2->td_sigmask; 1435 pl->pl_siglist = td2->td_siglist; 1436 strcpy(pl->pl_tdname, td2->td_name); 1437 if ((td2->td_dbgflags & (TDB_SCE | TDB_SCX)) != 0) { 1438 pl->pl_syscall_code = td2->td_sa.code; 1439 pl->pl_syscall_narg = td2->td_sa.narg; 1440 } else { 1441 pl->pl_syscall_code = 0; 1442 pl->pl_syscall_narg = 0; 1443 } 1444 #ifdef COMPAT_FREEBSD32 1445 if (wrap32) 1446 ptrace_lwpinfo_to32(pl, pl32); 1447 #endif 1448 CTR6(KTR_PTRACE, 1449 "PT_LWPINFO: tid %d (pid %d) event %d flags %#x child pid %d syscall %d", 1450 td2->td_tid, p->p_pid, pl->pl_event, pl->pl_flags, 1451 pl->pl_child_pid, pl->pl_syscall_code); 1452 break; 1453 1454 case PT_GETNUMLWPS: 1455 CTR2(KTR_PTRACE, "PT_GETNUMLWPS: pid %d: %d threads", p->p_pid, 1456 p->p_numthreads); 1457 td->td_retval[0] = p->p_numthreads; 1458 break; 1459 1460 case PT_GETLWPLIST: 1461 CTR3(KTR_PTRACE, "PT_GETLWPLIST: pid %d: data %d, actual %d", 1462 p->p_pid, data, p->p_numthreads); 1463 if (data <= 0) { 1464 error = EINVAL; 1465 break; 1466 } 1467 num = imin(p->p_numthreads, data); 1468 PROC_UNLOCK(p); 1469 buf = malloc(num * sizeof(lwpid_t), M_TEMP, M_WAITOK); 1470 tmp = 0; 1471 PROC_LOCK(p); 1472 FOREACH_THREAD_IN_PROC(p, td2) { 1473 if (tmp >= num) 1474 break; 1475 buf[tmp++] = td2->td_tid; 1476 } 1477 PROC_UNLOCK(p); 1478 error = copyout(buf, addr, tmp * sizeof(lwpid_t)); 1479 free(buf, M_TEMP); 1480 if (!error) 1481 td->td_retval[0] = tmp; 1482 PROC_LOCK(p); 1483 break; 1484 1485 case PT_VM_TIMESTAMP: 1486 CTR2(KTR_PTRACE, "PT_VM_TIMESTAMP: pid %d: timestamp %d", 1487 p->p_pid, p->p_vmspace->vm_map.timestamp); 1488 td->td_retval[0] = p->p_vmspace->vm_map.timestamp; 1489 break; 1490 1491 case PT_VM_ENTRY: 1492 PROC_UNLOCK(p); 1493 #ifdef COMPAT_FREEBSD32 1494 if (wrap32) 1495 error = ptrace_vm_entry32(td, p, addr); 1496 else 1497 #endif 1498 error = ptrace_vm_entry(td, p, addr); 1499 PROC_LOCK(p); 1500 break; 1501 1502 default: 1503 #ifdef __HAVE_PTRACE_MACHDEP 1504 if (req >= PT_FIRSTMACH) { 1505 PROC_UNLOCK(p); 1506 error = cpu_ptrace(td2, req, addr, data); 1507 PROC_LOCK(p); 1508 } else 1509 #endif 1510 /* Unknown request. */ 1511 error = EINVAL; 1512 break; 1513 } 1514 1515 out: 1516 /* Drop our hold on this process now that the request has completed. */ 1517 _PRELE(p); 1518 fail: 1519 PROC_UNLOCK(p); 1520 if (proctree_locked) 1521 sx_xunlock(&proctree_lock); 1522 return (error); 1523 } 1524 #undef PROC_READ 1525 #undef PROC_WRITE 1526