xref: /illumos-gate/usr/src/lib/libproc/common/Pcontrol.c (revision 49f72993927fbcc8093ddd143715f814931de21a)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  *
26  * Portions Copyright 2007 Chad Mynhier
27  * Copyright 2012 DEY Storage Systems, Inc.  All rights reserved.
28  * Copyright (c) 2013 by Delphix. All rights reserved.
29  * Copyright 2015, Joyent, Inc.
30  * Copyright 2020 OmniOS Community Edition (OmniOSce) Association.
31  * Copyright 2024 Oxide Computer Company
32  */
33 
34 #include <assert.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <unistd.h>
38 #include <ctype.h>
39 #include <fcntl.h>
40 #include <string.h>
41 #include <strings.h>
42 #include <memory.h>
43 #include <errno.h>
44 #include <dirent.h>
45 #include <limits.h>
46 #include <signal.h>
47 #include <atomic.h>
48 #include <zone.h>
49 #include <sys/types.h>
50 #include <sys/uio.h>
51 #include <sys/stat.h>
52 #include <sys/resource.h>
53 #include <sys/param.h>
54 #include <sys/stack.h>
55 #include <sys/fault.h>
56 #include <sys/syscall.h>
57 #include <sys/sysmacros.h>
58 #include <sys/systeminfo.h>
59 #include <sys/secflags.h>
60 #include <sys/mnttab.h>
61 #include <sys/mkdev.h>
62 
63 #include "libproc.h"
64 #include "Pcontrol.h"
65 #include "Putil.h"
66 #include "P32ton.h"
67 
68 int	_libproc_debug;		/* set non-zero to enable debugging printfs */
69 int	_libproc_no_qsort;	/* set non-zero to inhibit sorting */
70 				/* of symbol tables */
71 int	_libproc_incore_elf;	/* only use in-core elf data */
72 
73 sigset_t blockable_sigs;	/* signals to block when we need to be safe */
74 static	int	minfd;	/* minimum file descriptor returned by dupfd(fd, 0) */
75 char	procfs_path[PATH_MAX] = "/proc";
76 
77 /*
78  * Function prototypes for static routines in this module.
79  */
80 static	void	deadcheck(struct ps_prochandle *);
81 static	void	restore_tracing_flags(struct ps_prochandle *);
82 static	void	Lfree_internal(struct ps_prochandle *, struct ps_lwphandle *);
83 static  prheader_t *read_lfile(struct ps_prochandle *, const char *);
84 
85 /*
86  * Ops vector functions for live processes.
87  */
88 
89 static ssize_t
90 Pread_live(struct ps_prochandle *P, void *buf, size_t n, uintptr_t addr,
91     void *data)
92 {
93 	return (pread(P->asfd, buf, n, (off_t)addr));
94 }
95 
96 static ssize_t
97 Pwrite_live(struct ps_prochandle *P, const void *buf, size_t n, uintptr_t addr,
98     void *data)
99 {
100 	return (pwrite(P->asfd, buf, n, (off_t)addr));
101 }
102 
103 static int
104 Pread_maps_live(struct ps_prochandle *P, prmap_t **Pmapp, ssize_t *nmapp,
105     void *data)
106 {
107 	char mapfile[PATH_MAX];
108 	int mapfd;
109 	struct stat statb;
110 	ssize_t nmap;
111 	prmap_t *Pmap = NULL;
112 
113 	(void) snprintf(mapfile, sizeof (mapfile), "%s/%d/map",
114 	    procfs_path, (int)P->pid);
115 	if ((mapfd = open(mapfile, O_RDONLY)) < 0 ||
116 	    fstat(mapfd, &statb) != 0 ||
117 	    statb.st_size < sizeof (prmap_t) ||
118 	    (Pmap = malloc(statb.st_size)) == NULL ||
119 	    (nmap = pread(mapfd, Pmap, statb.st_size, 0L)) <= 0 ||
120 	    (nmap /= sizeof (prmap_t)) == 0) {
121 		if (Pmap != NULL)
122 			free(Pmap);
123 		if (mapfd >= 0)
124 			(void) close(mapfd);
125 		Preset_maps(P); /* utter failure; destroy tables */
126 		return (-1);
127 	}
128 	(void) close(mapfd);
129 
130 	*Pmapp = Pmap;
131 	*nmapp = nmap;
132 
133 	return (0);
134 }
135 
136 static void
137 Pread_aux_live(struct ps_prochandle *P, auxv_t **auxvp, int *nauxp, void *data)
138 {
139 	char auxfile[64];
140 	int fd;
141 	struct stat statb;
142 	auxv_t *auxv;
143 	ssize_t naux;
144 
145 	(void) snprintf(auxfile, sizeof (auxfile), "%s/%d/auxv",
146 	    procfs_path, (int)P->pid);
147 	if ((fd = open(auxfile, O_RDONLY)) < 0) {
148 		dprintf("%s: failed to open %s: %s\n",
149 		    __func__, auxfile, strerror(errno));
150 		return;
151 	}
152 
153 	if (fstat(fd, &statb) == 0 &&
154 	    statb.st_size >= sizeof (auxv_t) &&
155 	    (auxv = malloc(statb.st_size + sizeof (auxv_t))) != NULL) {
156 		if ((naux = read(fd, auxv, statb.st_size)) < 0 ||
157 		    (naux /= sizeof (auxv_t)) < 1) {
158 			dprintf("%s: read failed: %s\n",
159 			    __func__, strerror(errno));
160 			free(auxv);
161 		} else {
162 			auxv[naux].a_type = AT_NULL;
163 			auxv[naux].a_un.a_val = 0L;
164 
165 			*auxvp = auxv;
166 			*nauxp = (int)naux;
167 		}
168 	}
169 
170 	(void) close(fd);
171 }
172 
173 static int
174 Pcred_live(struct ps_prochandle *P, prcred_t *pcrp, int ngroups, void *data)
175 {
176 	return (proc_get_cred(P->pid, pcrp, ngroups));
177 }
178 
179 static int
180 Psecflags_live(struct ps_prochandle *P, prsecflags_t **psf, void *data)
181 {
182 	return (proc_get_secflags(P->pid, psf));
183 }
184 
185 static int
186 Ppriv_live(struct ps_prochandle *P, prpriv_t **pprv, void *data)
187 {
188 	prpriv_t *pp;
189 
190 	pp = proc_get_priv(P->pid);
191 	if (pp == NULL) {
192 		return (-1);
193 	}
194 
195 	*pprv = pp;
196 	return (0);
197 }
198 
199 static const psinfo_t *
200 Ppsinfo_live(struct ps_prochandle *P, psinfo_t *psinfo, void *data)
201 {
202 	if (proc_get_psinfo(P->pid, psinfo) == -1)
203 		return (NULL);
204 
205 	return (psinfo);
206 }
207 
208 static prheader_t *
209 Plstatus_live(struct ps_prochandle *P, void *data)
210 {
211 	return (read_lfile(P, "lstatus"));
212 }
213 
214 static prheader_t *
215 Plpsinfo_live(struct ps_prochandle *P, void *data)
216 {
217 	return (read_lfile(P, "lpsinfo"));
218 }
219 
220 static char *
221 Pplatform_live(struct ps_prochandle *P, char *s, size_t n, void *data)
222 {
223 	if (sysinfo(SI_PLATFORM, s, n) == -1)
224 		return (NULL);
225 	return (s);
226 }
227 
228 static int
229 Puname_live(struct ps_prochandle *P, struct utsname *u, void *data)
230 {
231 	return (uname(u));
232 }
233 
234 static char *
235 Pzonename_live(struct ps_prochandle *P, char *s, size_t n, void *data)
236 {
237 	if (getzonenamebyid(P->status.pr_zoneid, s, n) < 0)
238 		return (NULL);
239 	s[n - 1] = '\0';
240 	return (s);
241 }
242 
243 /*
244  * Callback function for Pfindexec().  We return a match if we can stat the
245  * suggested pathname and confirm its device and inode number match our
246  * previous information about the /proc/<pid>/object/a.out file.
247  */
248 static int
249 stat_exec(const char *path, void *arg)
250 {
251 	struct stat64 *stp = arg;
252 	struct stat64 st;
253 
254 	return (stat64(path, &st) == 0 && S_ISREG(st.st_mode) &&
255 	    stp->st_dev == st.st_dev && stp->st_ino == st.st_ino);
256 }
257 
258 static char *
259 Pexecname_live(struct ps_prochandle *P, char *buf, size_t buflen, void *data)
260 {
261 	char exec_name[PATH_MAX];
262 	char cwd[PATH_MAX], *cwdp = NULL;
263 	struct stat64 st;
264 	int ret;
265 
266 	/*
267 	 * Try to get the path information first.
268 	 */
269 	(void) snprintf(exec_name, sizeof (exec_name),
270 	    "%s/%d/path/a.out", procfs_path, (int)P->pid);
271 	if ((ret = readlink(exec_name, buf, buflen - 1)) > 0) {
272 		buf[ret] = '\0';
273 		(void) Pfindobj(P, buf, buf, buflen);
274 		return (buf);
275 	}
276 
277 	/*
278 	 * Stat the executable file so we can compare Pfindexec's
279 	 * suggestions to the actual device and inode number.
280 	 */
281 	(void) snprintf(exec_name, sizeof (exec_name),
282 	    "%s/%d/object/a.out", procfs_path, (int)P->pid);
283 
284 	if (stat64(exec_name, &st) != 0 || !S_ISREG(st.st_mode))
285 		return (NULL);
286 
287 	/*
288 	 * Attempt to figure out the current working directory of the
289 	 * target process.  This only works if the target process has
290 	 * not changed its current directory since it was exec'd.
291 	 */
292 	if (proc_get_cwd(P->pid, cwd, sizeof (cwd)) > 0)
293 		cwdp = cwd;
294 
295 	(void) Pfindexec(P, cwdp, stat_exec, &st);
296 
297 	return (NULL);
298 }
299 
300 /*
301  * Snapshot the cwd for a process. Note, we assume that we do not have the
302  * process held per se (pwdx does not grab the process). If our caller wants to
303  * guarantee this, they are responsible for getting a hold.
304  */
305 static int
306 Pcwd_live(struct ps_prochandle *P, prcwd_t **cwdp, void *data)
307 {
308 	prcwd_t *cwd = NULL;
309 	struct statvfs st;
310 	FILE *tab = NULL;
311 	struct extmnttab ent;
312 	int ret;
313 
314 	cwd = calloc(1, sizeof (prcwd_t));
315 	if (cwd == NULL)
316 		goto err;
317 
318 	if (proc_get_cwd(P->pid, cwd->prcwd_cwd, sizeof (cwd->prcwd_cwd)) < 0)
319 		goto err;
320 
321 	if (statvfs(cwd->prcwd_cwd, &st) != 0)
322 		goto err;
323 
324 	cwd->prcwd_fsid = st.f_fsid;
325 	(void) memcpy(cwd->prcwd_fsname, st.f_basetype, FSTYPSZ);
326 
327 	/*
328 	 * Find the corresponding mountpoint based on the fsid. If we don't find
329 	 * a match, that's weird, but we'll try to get folks something. There's
330 	 * always a possibility of a race going on as we can't stop file system
331 	 * mount points from changing during this operation. Similarly, in lieu
332 	 * of erorring on overflow we opt to truncate as tihs would again be a
333 	 * surprising situation based on system limits.
334 	 */
335 	if ((tab = fopen(MNTTAB, "r")) == NULL)
336 		goto err;
337 	resetmnttab(tab);
338 	dprintf("found fsid %llx\n", cwd->prcwd_fsid);
339 	while ((ret = getextmntent(tab, &ent, sizeof (struct extmnttab))) ==
340 	    0) {
341 		/*
342 		 * statvfs(2) always returns the compressed 32-bit compatible
343 		 * dev, even in an LP64 environment. We must explicitly attempt
344 		 * to convert things as a result to this format as the normal
345 		 * makedev() doesn't quite do the right thing.
346 		 */
347 		if (__makedev(COMPATDEV, ent.mnt_major, ent.mnt_minor) ==
348 		    st.f_fsid) {
349 			(void) strlcpy(cwd->prcwd_mntpt, ent.mnt_mountp,
350 			    sizeof (cwd->prcwd_mntpt));
351 			(void) strlcpy(cwd->prcwd_mntspec, ent.mnt_special,
352 			    sizeof (cwd->prcwd_mntspec));
353 			break;
354 		}
355 	}
356 
357 	if (ret > 0) {
358 		errno = EIO;
359 		goto err;
360 	}
361 
362 	(void) fclose(tab);
363 	*cwdp = cwd;
364 	return (0);
365 
366 err:
367 	(void) fclose(tab);
368 	free(cwd);
369 	return (-1);
370 }
371 
372 #if defined(__i386) || defined(__amd64)
373 static int
374 Pldt_live(struct ps_prochandle *P, struct ssd *pldt, int nldt, void *data)
375 {
376 	return (proc_get_ldt(P->pid, pldt, nldt));
377 }
378 #endif
379 
380 static const ps_ops_t P_live_ops = {
381 	.pop_pread	= Pread_live,
382 	.pop_pwrite	= Pwrite_live,
383 	.pop_read_maps	= Pread_maps_live,
384 	.pop_read_aux	= Pread_aux_live,
385 	.pop_cred	= Pcred_live,
386 	.pop_priv	= Ppriv_live,
387 	.pop_psinfo	= Ppsinfo_live,
388 	.pop_lstatus	= Plstatus_live,
389 	.pop_lpsinfo	= Plpsinfo_live,
390 	.pop_platform	= Pplatform_live,
391 	.pop_uname	= Puname_live,
392 	.pop_zonename	= Pzonename_live,
393 	.pop_execname	= Pexecname_live,
394 	.pop_secflags	= Psecflags_live,
395 	.pop_cwd	= Pcwd_live,
396 #if defined(__i386) || defined(__amd64)
397 	.pop_ldt	= Pldt_live
398 #endif
399 };
400 
401 /*
402  * This is the library's .init handler.
403  */
404 #pragma init(_libproc_init)
405 void
406 _libproc_init(void)
407 {
408 	_libproc_debug = getenv("LIBPROC_DEBUG") != NULL;
409 	_libproc_no_qsort = getenv("LIBPROC_NO_QSORT") != NULL;
410 	_libproc_incore_elf = getenv("LIBPROC_INCORE_ELF") != NULL;
411 
412 	(void) sigfillset(&blockable_sigs);
413 	(void) sigdelset(&blockable_sigs, SIGKILL);
414 	(void) sigdelset(&blockable_sigs, SIGSTOP);
415 }
416 
417 void
418 Pset_procfs_path(const char *path)
419 {
420 	(void) snprintf(procfs_path, sizeof (procfs_path), "%s", path);
421 }
422 
423 /*
424  * Call set_minfd() once before calling dupfd() several times.
425  * We assume that the application will not reduce its current file
426  * descriptor limit lower than 512 once it has set at least that value.
427  */
428 int
429 set_minfd(void)
430 {
431 	static mutex_t minfd_lock = DEFAULTMUTEX;
432 	struct rlimit rlim;
433 	int fd;
434 
435 	if ((fd = minfd) < 256) {
436 		(void) mutex_lock(&minfd_lock);
437 		if ((fd = minfd) < 256) {
438 			if (getrlimit(RLIMIT_NOFILE, &rlim) != 0)
439 				rlim.rlim_cur = rlim.rlim_max = 0;
440 			if (rlim.rlim_cur >= 512)
441 				fd = 256;
442 			else if ((fd = rlim.rlim_cur / 2) < 3)
443 				fd = 3;
444 			membar_producer();
445 			minfd = fd;
446 		}
447 		(void) mutex_unlock(&minfd_lock);
448 	}
449 	return (fd);
450 }
451 
452 int
453 dupfd(int fd, int dfd)
454 {
455 	int mfd;
456 
457 	/*
458 	 * Make fd be greater than 255 (the 32-bit stdio limit),
459 	 * or at least make it greater than 2 so that the
460 	 * program will work when spawned by init(8).
461 	 * Also, if dfd is non-zero, dup the fd to be dfd.
462 	 */
463 	if ((mfd = minfd) == 0)
464 		mfd = set_minfd();
465 	if (dfd > 0 || (0 <= fd && fd < mfd)) {
466 		if (dfd <= 0)
467 			dfd = mfd;
468 		dfd = fcntl(fd, F_DUPFD, dfd);
469 		(void) close(fd);
470 		fd = dfd;
471 	}
472 	/*
473 	 * Mark it close-on-exec so any created process doesn't inherit it.
474 	 */
475 	if (fd >= 0)
476 		(void) fcntl(fd, F_SETFD, FD_CLOEXEC);
477 	return (fd);
478 }
479 
480 /*
481  * Create a new controlled process.
482  * Leave it stopped on successful exit from exec() or execve().
483  * Return an opaque pointer to its process control structure.
484  * Return NULL if process cannot be created (fork()/exec() not successful).
485  */
486 struct ps_prochandle *
487 Pxcreate(const char *file,	/* executable file name */
488     char *const *argv,		/* argument vector */
489     char *const *envp,		/* environment */
490     int *perr,			/* pointer to error return code */
491     char *path,		/* if non-null, holds exec path name on return */
492     size_t len)			/* size of the path buffer */
493 {
494 	char execpath[PATH_MAX];
495 	char procname[PATH_MAX];
496 	struct ps_prochandle *P;
497 	pid_t pid;
498 	int fd;
499 	char *fname;
500 	int rc;
501 	int lasterrno = 0;
502 
503 	if (len == 0)	/* zero length, no path */
504 		path = NULL;
505 	if (path != NULL)
506 		*path = '\0';
507 
508 	if ((P = malloc(sizeof (struct ps_prochandle))) == NULL) {
509 		*perr = C_STRANGE;
510 		return (NULL);
511 	}
512 
513 	if ((pid = fork1()) == -1) {
514 		free(P);
515 		*perr = C_FORK;
516 		return (NULL);
517 	}
518 
519 	if (pid == 0) {			/* child process */
520 		id_t id;
521 		extern char **environ;
522 
523 		/*
524 		 * If running setuid or setgid, reset credentials to normal.
525 		 */
526 		if ((id = getgid()) != getegid())
527 			(void) setgid(id);
528 		if ((id = getuid()) != geteuid())
529 			(void) setuid(id);
530 
531 		Pcreate_callback(P);	/* execute callback (see below) */
532 		(void) pause();		/* wait for PRSABORT from parent */
533 
534 		/*
535 		 * This is ugly.  There is no execvep() function that takes a
536 		 * path and an environment.  We cheat here by replacing the
537 		 * global 'environ' variable right before we call this.
538 		 */
539 		if (envp)
540 			environ = (char **)envp;
541 
542 		(void) execvp(file, argv);  /* execute the program */
543 		_exit(127);
544 	}
545 
546 	/*
547 	 * Initialize the process structure.
548 	 */
549 	(void) memset(P, 0, sizeof (*P));
550 	(void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
551 	P->flags |= CREATED;
552 	P->state = PS_RUN;
553 	P->pid = pid;
554 	P->asfd = -1;
555 	P->ctlfd = -1;
556 	P->statfd = -1;
557 	P->agentctlfd = -1;
558 	P->agentstatfd = -1;
559 	Pinit_ops(&P->ops, &P_live_ops);
560 	Pinitsym(P);
561 	Pinitfd(P);
562 
563 	/*
564 	 * Open the /proc/pid files.
565 	 */
566 	(void) snprintf(procname, sizeof (procname), "%s/%d/",
567 	    procfs_path, (int)pid);
568 	fname = procname + strlen(procname);
569 	(void) set_minfd();
570 
571 	/*
572 	 * Exclusive write open advises others not to interfere.
573 	 * There is no reason for any of these open()s to fail.
574 	 */
575 	(void) strcpy(fname, "as");
576 	if ((fd = open(procname, (O_RDWR|O_EXCL))) < 0 ||
577 	    (fd = dupfd(fd, 0)) < 0) {
578 		dprintf("Pcreate: failed to open %s: %s\n",
579 		    procname, strerror(errno));
580 		rc = C_STRANGE;
581 		goto bad;
582 	}
583 	P->asfd = fd;
584 
585 	(void) strcpy(fname, "status");
586 	if ((fd = open(procname, O_RDONLY)) < 0 ||
587 	    (fd = dupfd(fd, 0)) < 0) {
588 		dprintf("Pcreate: failed to open %s: %s\n",
589 		    procname, strerror(errno));
590 		rc = C_STRANGE;
591 		goto bad;
592 	}
593 	P->statfd = fd;
594 
595 	(void) strcpy(fname, "ctl");
596 	if ((fd = open(procname, O_WRONLY)) < 0 ||
597 	    (fd = dupfd(fd, 0)) < 0) {
598 		dprintf("Pcreate: failed to open %s: %s\n",
599 		    procname, strerror(errno));
600 		rc = C_STRANGE;
601 		goto bad;
602 	}
603 	P->ctlfd = fd;
604 
605 	(void) Pstop(P, 0);	/* stop the controlled process */
606 
607 	/*
608 	 * Wait for process to sleep in pause().
609 	 * If the process has already called pause(), then it should be
610 	 * stopped (PR_REQUESTED) while asleep in pause and we are done.
611 	 * Else we set up to catch entry/exit to pause() and set the process
612 	 * running again, expecting it to stop when it reaches pause().
613 	 * There is no reason for this to fail other than an interrupt.
614 	 */
615 	(void) Psysentry(P, SYS_pause, 1);
616 	(void) Psysexit(P, SYS_pause, 1);
617 	for (;;) {
618 		if (P->state == PS_STOP &&
619 		    P->status.pr_lwp.pr_syscall == SYS_pause &&
620 		    (P->status.pr_lwp.pr_why == PR_REQUESTED ||
621 		    P->status.pr_lwp.pr_why == PR_SYSENTRY ||
622 		    P->status.pr_lwp.pr_why == PR_SYSEXIT))
623 			break;
624 
625 		if (P->state != PS_STOP ||	/* interrupt or process died */
626 		    Psetrun(P, 0, 0) != 0) {	/* can't restart */
627 			if (errno == EINTR || errno == ERESTART)
628 				rc = C_INTR;
629 			else {
630 				dprintf("Pcreate: Psetrun failed: %s\n",
631 				    strerror(errno));
632 				rc = C_STRANGE;
633 			}
634 			goto bad;
635 		}
636 
637 		(void) Pwait(P, 0);
638 	}
639 	(void) Psysentry(P, SYS_pause, 0);
640 	(void) Psysexit(P, SYS_pause, 0);
641 
642 	/*
643 	 * Kick the process off the pause() and catch
644 	 * it again on entry to exec() or exit().
645 	 */
646 	(void) Psysentry(P, SYS_exit, 1);
647 	(void) Psysentry(P, SYS_execve, 1);
648 	if (Psetrun(P, 0, PRSABORT) == -1) {
649 		dprintf("Pcreate: Psetrun failed: %s\n", strerror(errno));
650 		rc = C_STRANGE;
651 		goto bad;
652 	}
653 	(void) Pwait(P, 0);
654 	if (P->state != PS_STOP) {
655 		dprintf("Pcreate: Pwait failed: %s\n", strerror(errno));
656 		rc = C_STRANGE;
657 		goto bad;
658 	}
659 
660 	/*
661 	 * Move the process through instances of failed exec()s
662 	 * to reach the point of stopped on successful exec().
663 	 */
664 	(void) Psysexit(P, SYS_execve, TRUE);
665 
666 	while (P->state == PS_STOP &&
667 	    P->status.pr_lwp.pr_why == PR_SYSENTRY &&
668 	    P->status.pr_lwp.pr_what == SYS_execve) {
669 		/*
670 		 * Fetch the exec path name now, before we complete
671 		 * the exec().  We may lose the process and be unable
672 		 * to get the information later.
673 		 */
674 		(void) Pread_string(P, execpath, sizeof (execpath),
675 		    (off_t)P->status.pr_lwp.pr_sysarg[0]);
676 		if (path != NULL)
677 			(void) strncpy(path, execpath, len);
678 		/*
679 		 * Set the process running and wait for
680 		 * it to stop on exit from the exec().
681 		 */
682 		(void) Psetrun(P, 0, 0);
683 		(void) Pwait(P, 0);
684 
685 		if (P->state == PS_LOST &&		/* we lost control */
686 		    Preopen(P) != 0) {		/* and we can't get it back */
687 			rc = C_PERM;
688 			goto bad;
689 		}
690 
691 		/*
692 		 * If the exec() failed, continue the loop, expecting
693 		 * there to be more attempts to exec(), based on PATH.
694 		 */
695 		if (P->state == PS_STOP &&
696 		    P->status.pr_lwp.pr_why == PR_SYSEXIT &&
697 		    P->status.pr_lwp.pr_what == SYS_execve &&
698 		    (lasterrno = P->status.pr_lwp.pr_errno) != 0) {
699 			/*
700 			 * The exec() failed.  Set the process running and
701 			 * wait for it to stop on entry to the next exec().
702 			 */
703 			(void) Psetrun(P, 0, 0);
704 			(void) Pwait(P, 0);
705 
706 			continue;
707 		}
708 		break;
709 	}
710 
711 	if (P->state == PS_STOP &&
712 	    P->status.pr_lwp.pr_why == PR_SYSEXIT &&
713 	    P->status.pr_lwp.pr_what == SYS_execve &&
714 	    P->status.pr_lwp.pr_errno == 0) {
715 		/*
716 		 * The process is stopped on successful exec() or execve().
717 		 * Turn off all tracing flags and return success.
718 		 */
719 		restore_tracing_flags(P);
720 #ifndef _LP64
721 		/* We must be a 64-bit process to deal with a 64-bit process */
722 		if (P->status.pr_dmodel == PR_MODEL_LP64) {
723 			rc = C_LP64;
724 			goto bad;
725 		}
726 #endif
727 		/*
728 		 * Set run-on-last-close so the controlled process
729 		 * runs even if we die on a signal.
730 		 */
731 		(void) Psetflags(P, PR_RLC);
732 		*perr = 0;
733 		return (P);
734 	}
735 
736 	rc = lasterrno == ENOENT ? C_NOENT : C_NOEXEC;
737 
738 bad:
739 	(void) kill(pid, SIGKILL);
740 	if (path != NULL && rc != C_PERM && rc != C_LP64)
741 		*path = '\0';
742 	Pfree(P);
743 	*perr = rc;
744 	return (NULL);
745 }
746 
747 struct ps_prochandle *
748 Pcreate(
749 	const char *file,	/* executable file name */
750 	char *const *argv,	/* argument vector */
751 	int *perr,	/* pointer to error return code */
752 	char *path,	/* if non-null, holds exec path name on return */
753 	size_t len)	/* size of the path buffer */
754 {
755 	return (Pxcreate(file, argv, NULL, perr, path, len));
756 }
757 
758 /*
759  * Return a printable string corresponding to a Pcreate() error return.
760  */
761 const char *
762 Pcreate_error(int error)
763 {
764 	const char *str;
765 
766 	switch (error) {
767 	case C_FORK:
768 		str = "cannot fork";
769 		break;
770 	case C_PERM:
771 		str = "file is set-id or unreadable";
772 		break;
773 	case C_NOEXEC:
774 		str = "cannot execute file";
775 		break;
776 	case C_INTR:
777 		str = "operation interrupted";
778 		break;
779 	case C_LP64:
780 		str = "program is _LP64, self is not";
781 		break;
782 	case C_STRANGE:
783 		str = "unanticipated system error";
784 		break;
785 	case C_NOENT:
786 		str = "cannot find executable file";
787 		break;
788 	default:
789 		str = "unknown error";
790 		break;
791 	}
792 
793 	return (str);
794 }
795 
796 /*
797  * Callback to execute in each child process created with Pcreate() after fork
798  * but before it execs the new process image.  By default, we do nothing, but
799  * by calling this function we allow the client program to define its own
800  * version of the function which will interpose on our empty default.  This
801  * may be useful for clients that need to modify signal dispositions, terminal
802  * attributes, or process group and session properties for each new victim.
803  */
804 void
805 Pcreate_callback(struct ps_prochandle *P)
806 {
807 	/* nothing to do here */
808 }
809 
810 /*
811  * Grab an existing process.
812  * Return an opaque pointer to its process control structure.
813  *
814  * pid:		UNIX process ID.
815  * flags:
816  *	PGRAB_RETAIN	Retain tracing flags (default clears all tracing flags).
817  *	PGRAB_FORCE	Grab regardless of whether process is already traced.
818  *	PGRAB_RDONLY	Open the address space file O_RDONLY instead of O_RDWR,
819  *                      and do not open the process control file.
820  *	PGRAB_NOSTOP	Open the process but do not force it to stop.
821  * perr:	pointer to error return code.
822  */
823 struct ps_prochandle *
824 Pgrab(pid_t pid, int flags, int *perr)
825 {
826 	struct ps_prochandle *P;
827 	int fd, omode;
828 	char procname[PATH_MAX];
829 	char *fname;
830 	int rc = 0;
831 
832 	/*
833 	 * PGRAB_RDONLY means that we do not open the /proc/<pid>/control file,
834 	 * and so it implies RETAIN and NOSTOP since both require control.
835 	 */
836 	if (flags & PGRAB_RDONLY)
837 		flags |= PGRAB_RETAIN | PGRAB_NOSTOP;
838 
839 	if ((P = malloc(sizeof (struct ps_prochandle))) == NULL) {
840 		*perr = G_STRANGE;
841 		return (NULL);
842 	}
843 
844 	P->asfd = -1;
845 	P->ctlfd = -1;
846 	P->statfd = -1;
847 
848 again:	/* Come back here if we lose it in the Window of Vulnerability */
849 	if (P->ctlfd >= 0)
850 		(void) close(P->ctlfd);
851 	if (P->asfd >= 0)
852 		(void) close(P->asfd);
853 	if (P->statfd >= 0)
854 		(void) close(P->statfd);
855 	(void) memset(P, 0, sizeof (*P));
856 	(void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
857 	P->ctlfd = -1;
858 	P->asfd = -1;
859 	P->statfd = -1;
860 	P->agentctlfd = -1;
861 	P->agentstatfd = -1;
862 	Pinit_ops(&P->ops, &P_live_ops);
863 	Pinitsym(P);
864 	Pinitfd(P);
865 
866 	/*
867 	 * Open the /proc/pid files
868 	 */
869 	(void) snprintf(procname, sizeof (procname), "%s/%d/",
870 	    procfs_path, (int)pid);
871 	fname = procname + strlen(procname);
872 	(void) set_minfd();
873 
874 	/*
875 	 * Request exclusive open to avoid grabbing someone else's
876 	 * process and to prevent others from interfering afterwards.
877 	 * If this fails and the 'PGRAB_FORCE' flag is set, attempt to
878 	 * open non-exclusively.
879 	 */
880 	(void) strcpy(fname, "as");
881 	omode = (flags & PGRAB_RDONLY) ? O_RDONLY : O_RDWR;
882 
883 	if (((fd = open(procname, omode | O_EXCL)) < 0 &&
884 	    (fd = ((flags & PGRAB_FORCE)? open(procname, omode) : -1)) < 0) ||
885 	    (fd = dupfd(fd, 0)) < 0) {
886 		switch (errno) {
887 		case ENOENT:
888 			rc = G_NOPROC;
889 			break;
890 		case EACCES:
891 		case EPERM:
892 			rc = G_PERM;
893 			break;
894 		case EMFILE:
895 			rc = G_NOFD;
896 			break;
897 		case EBUSY:
898 			if (!(flags & PGRAB_FORCE) || geteuid() != 0) {
899 				rc = G_BUSY;
900 				break;
901 			}
902 			/* FALLTHROUGH */
903 		default:
904 			dprintf("Pgrab: failed to open %s: %s\n",
905 			    procname, strerror(errno));
906 			rc = G_STRANGE;
907 			break;
908 		}
909 		goto err;
910 	}
911 	P->asfd = fd;
912 
913 	(void) strcpy(fname, "status");
914 	if ((fd = open(procname, O_RDONLY)) < 0 ||
915 	    (fd = dupfd(fd, 0)) < 0) {
916 		switch (errno) {
917 		case ENOENT:
918 			rc = G_NOPROC;
919 			break;
920 		case EMFILE:
921 			rc = G_NOFD;
922 			break;
923 		default:
924 			dprintf("Pgrab: failed to open %s: %s\n",
925 			    procname, strerror(errno));
926 			rc = G_STRANGE;
927 			break;
928 		}
929 		goto err;
930 	}
931 	P->statfd = fd;
932 
933 	if (!(flags & PGRAB_RDONLY)) {
934 		(void) strcpy(fname, "ctl");
935 		if ((fd = open(procname, O_WRONLY)) < 0 ||
936 		    (fd = dupfd(fd, 0)) < 0) {
937 			switch (errno) {
938 			case ENOENT:
939 				rc = G_NOPROC;
940 				break;
941 			case EMFILE:
942 				rc = G_NOFD;
943 				break;
944 			default:
945 				dprintf("Pgrab: failed to open %s: %s\n",
946 				    procname, strerror(errno));
947 				rc = G_STRANGE;
948 				break;
949 			}
950 			goto err;
951 		}
952 		P->ctlfd = fd;
953 	}
954 
955 	P->state = PS_RUN;
956 	P->pid = pid;
957 
958 	/*
959 	 * We are now in the Window of Vulnerability (WoV).  The process may
960 	 * exec() a setuid/setgid or unreadable object file between the open()
961 	 * and the PCSTOP.  We will get EAGAIN in this case and must start over.
962 	 * As Pstopstatus will trigger the first read() from a /proc file,
963 	 * we also need to handle EOVERFLOW here when 32-bit as an indicator
964 	 * that this process is 64-bit.  Finally, if the process has become
965 	 * a zombie (PS_UNDEAD) while we were trying to grab it, just remain
966 	 * silent about this and pretend there was no process.
967 	 */
968 	if (Pstopstatus(P, PCNULL, 0) != 0) {
969 #ifndef _LP64
970 		if (errno == EOVERFLOW) {
971 			rc = G_LP64;
972 			goto err;
973 		}
974 #endif
975 		if (P->state == PS_LOST) {	/* WoV */
976 			(void) mutex_destroy(&P->proc_lock);
977 			goto again;
978 		}
979 
980 		if (P->state == PS_UNDEAD)
981 			rc = G_NOPROC;
982 		else
983 			rc = G_STRANGE;
984 
985 		goto err;
986 	}
987 
988 	/*
989 	 * If the process is a system process, we can't control it even as root
990 	 */
991 	if (P->status.pr_flags & PR_ISSYS) {
992 		rc = G_SYS;
993 		goto err;
994 	}
995 #ifndef _LP64
996 	/*
997 	 * We must be a 64-bit process to deal with a 64-bit process
998 	 */
999 	if (P->status.pr_dmodel == PR_MODEL_LP64) {
1000 		rc = G_LP64;
1001 		goto err;
1002 	}
1003 #endif
1004 
1005 	/*
1006 	 * Remember the status for use by Prelease().
1007 	 */
1008 	P->orig_status = P->status;	/* structure copy */
1009 
1010 	/*
1011 	 * Before stopping the process, make sure we are not grabbing ourselves.
1012 	 * If we are, make sure we are doing it PGRAB_RDONLY.
1013 	 */
1014 	if (pid == getpid()) {
1015 		/*
1016 		 * Verify that the process is really ourself:
1017 		 * Set a magic number, read it through the
1018 		 * /proc file and see if the results match.
1019 		 */
1020 		uint32_t magic1 = 0;
1021 		uint32_t magic2 = 2;
1022 
1023 		errno = 0;
1024 
1025 		if (Pread(P, &magic2, sizeof (magic2), (uintptr_t)&magic1)
1026 		    == sizeof (magic2) &&
1027 		    magic2 == 0 &&
1028 		    (magic1 = 0xfeedbeef) &&
1029 		    Pread(P, &magic2, sizeof (magic2), (uintptr_t)&magic1)
1030 		    == sizeof (magic2) &&
1031 		    magic2 == 0xfeedbeef &&
1032 		    !(flags & PGRAB_RDONLY)) {
1033 			rc = G_SELF;
1034 			goto err;
1035 		}
1036 	}
1037 
1038 	/*
1039 	 * If the process is already stopped or has been directed
1040 	 * to stop via /proc, do not set run-on-last-close.
1041 	 */
1042 	if (!(P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) &&
1043 	    !(flags & PGRAB_RDONLY)) {
1044 		/*
1045 		 * Mark the process run-on-last-close so
1046 		 * it runs even if we die from SIGKILL.
1047 		 */
1048 		if (Psetflags(P, PR_RLC) != 0) {
1049 			if (errno == EAGAIN) {	/* WoV */
1050 				(void) mutex_destroy(&P->proc_lock);
1051 				goto again;
1052 			}
1053 			if (errno == ENOENT)	/* No complaint about zombies */
1054 				rc = G_ZOMB;
1055 			else {
1056 				dprintf("Pgrab: failed to set RLC\n");
1057 				rc = G_STRANGE;
1058 			}
1059 			goto err;
1060 		}
1061 	}
1062 
1063 	/*
1064 	 * If a stop directive is pending and the process has not yet stopped,
1065 	 * then synchronously wait for the stop directive to take effect.
1066 	 * Limit the time spent waiting for the process to stop by iterating
1067 	 * at most 10 times. The time-out of 20 ms corresponds to the time
1068 	 * between sending the stop directive and the process actually stopped
1069 	 * as measured by DTrace on a slow, busy system. If the process doesn't
1070 	 * stop voluntarily, clear the PR_DSTOP flag so that the code below
1071 	 * forces the process to stop.
1072 	 */
1073 	if (!(flags & PGRAB_RDONLY)) {
1074 		int niter = 0;
1075 		while ((P->status.pr_lwp.pr_flags & (PR_STOPPED|PR_DSTOP)) ==
1076 		    PR_DSTOP && niter < 10 &&
1077 		    Pstopstatus(P, PCTWSTOP, 20) != 0) {
1078 			niter++;
1079 			if (flags & PGRAB_NOSTOP)
1080 				break;
1081 		}
1082 		if (niter == 10 && !(flags & PGRAB_NOSTOP)) {
1083 			/* Try it harder down below */
1084 			P->status.pr_lwp.pr_flags &= ~PR_DSTOP;
1085 		}
1086 	}
1087 
1088 	/*
1089 	 * If the process is not already stopped or directed to stop
1090 	 * and PGRAB_NOSTOP was not specified, stop the process now.
1091 	 */
1092 	if (!(P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) &&
1093 	    !(flags & PGRAB_NOSTOP)) {
1094 		/*
1095 		 * Stop the process, get its status and signal/syscall masks.
1096 		 */
1097 		if (((P->status.pr_lwp.pr_flags & PR_STOPPED) &&
1098 		    Pstopstatus(P, PCDSTOP, 0) != 0) ||
1099 		    Pstopstatus(P, PCSTOP, 2000) != 0) {
1100 #ifndef _LP64
1101 			if (errno == EOVERFLOW) {
1102 				rc = G_LP64;
1103 				goto err;
1104 			}
1105 #endif
1106 			if (P->state == PS_LOST) {	/* WoV */
1107 				(void) mutex_destroy(&P->proc_lock);
1108 				goto again;
1109 			}
1110 			if ((errno != EINTR && errno != ERESTART) ||
1111 			    (P->state != PS_STOP &&
1112 			    !(P->status.pr_flags & PR_DSTOP))) {
1113 				if (P->state != PS_RUN && errno != ENOENT) {
1114 					dprintf("Pgrab: failed to PCSTOP\n");
1115 					rc = G_STRANGE;
1116 				} else {
1117 					rc = G_ZOMB;
1118 				}
1119 				goto err;
1120 			}
1121 		}
1122 
1123 		/*
1124 		 * Process should now either be stopped via /proc or there
1125 		 * should be an outstanding stop directive.
1126 		 */
1127 		if (!(P->status.pr_flags & (PR_ISTOP|PR_DSTOP))) {
1128 			dprintf("Pgrab: process is not stopped\n");
1129 			rc = G_STRANGE;
1130 			goto err;
1131 		}
1132 #ifndef _LP64
1133 		/*
1134 		 * Test this again now because the 32-bit victim process may
1135 		 * have exec'd a 64-bit process in the meantime.
1136 		 */
1137 		if (P->status.pr_dmodel == PR_MODEL_LP64) {
1138 			rc = G_LP64;
1139 			goto err;
1140 		}
1141 #endif
1142 	}
1143 
1144 	/*
1145 	 * Cancel all tracing flags unless the PGRAB_RETAIN flag is set.
1146 	 */
1147 	if (!(flags & PGRAB_RETAIN)) {
1148 		(void) Psysentry(P, 0, FALSE);
1149 		(void) Psysexit(P, 0, FALSE);
1150 		(void) Psignal(P, 0, FALSE);
1151 		(void) Pfault(P, 0, FALSE);
1152 		Psync(P);
1153 	}
1154 
1155 	*perr = 0;
1156 	return (P);
1157 
1158 err:
1159 	Pfree(P);
1160 	*perr = rc;
1161 	return (NULL);
1162 }
1163 
1164 /*
1165  * Return a printable string corresponding to a Pgrab() error return.
1166  */
1167 const char *
1168 Pgrab_error(int error)
1169 {
1170 	const char *str;
1171 
1172 	switch (error) {
1173 	case G_NOPROC:
1174 		str = "no such process";
1175 		break;
1176 	case G_NOCORE:
1177 		str = "no such core file";
1178 		break;
1179 	case G_NOPROCORCORE:
1180 		str = "no such process or core file";
1181 		break;
1182 	case G_NOEXEC:
1183 		str = "cannot find executable file";
1184 		break;
1185 	case G_ZOMB:
1186 		str = "zombie process";
1187 		break;
1188 	case G_PERM:
1189 		str = "permission denied";
1190 		break;
1191 	case G_BUSY:
1192 		str = "process is traced";
1193 		break;
1194 	case G_SYS:
1195 		str = "system process";
1196 		break;
1197 	case G_SELF:
1198 		str = "attempt to grab self";
1199 		break;
1200 	case G_INTR:
1201 		str = "operation interrupted";
1202 		break;
1203 	case G_LP64:
1204 		str = "program is _LP64, self is not";
1205 		break;
1206 	case G_FORMAT:
1207 		str = "file is not an ELF core file";
1208 		break;
1209 	case G_ELF:
1210 		str = "libelf error";
1211 		break;
1212 	case G_NOTE:
1213 		str = "core file is corrupt or missing required data";
1214 		break;
1215 	case G_STRANGE:
1216 		str = "unanticipated system error";
1217 		break;
1218 	case G_ISAINVAL:
1219 		str = "wrong ELF machine type";
1220 		break;
1221 	case G_BADLWPS:
1222 		str = "bad lwp specification";
1223 		break;
1224 	case G_NOFD:
1225 		str = "too many open files";
1226 		break;
1227 	default:
1228 		str = "unknown error";
1229 		break;
1230 	}
1231 
1232 	return (str);
1233 }
1234 
1235 /*
1236  * Free a process control structure.
1237  * Close the file descriptors but don't do the Prelease logic.
1238  */
1239 void
1240 Pfree(struct ps_prochandle *P)
1241 {
1242 	uint_t i;
1243 	fd_info_t *fip;
1244 
1245 	if (P->ucaddrs != NULL) {
1246 		free(P->ucaddrs);
1247 		P->ucaddrs = NULL;
1248 		P->ucnelems = 0;
1249 	}
1250 
1251 	(void) mutex_lock(&P->proc_lock);
1252 	if (P->hashtab != NULL) {
1253 		struct ps_lwphandle *L;
1254 		for (i = 0; i < HASHSIZE; i++) {
1255 			while ((L = P->hashtab[i]) != NULL)
1256 				Lfree_internal(P, L);
1257 		}
1258 		free(P->hashtab);
1259 	}
1260 
1261 	while ((fip = list_remove_head(&P->fd_head)) != NULL) {
1262 		proc_fdinfo_free(fip->fd_info);
1263 		free(fip);
1264 	}
1265 	(void) mutex_unlock(&P->proc_lock);
1266 	(void) mutex_destroy(&P->proc_lock);
1267 
1268 	free(P->zoneroot);
1269 
1270 	if (P->agentctlfd >= 0)
1271 		(void) close(P->agentctlfd);
1272 	if (P->agentstatfd >= 0)
1273 		(void) close(P->agentstatfd);
1274 	if (P->ctlfd >= 0)
1275 		(void) close(P->ctlfd);
1276 	if (P->asfd >= 0)
1277 		(void) close(P->asfd);
1278 	if (P->statfd >= 0)
1279 		(void) close(P->statfd);
1280 	Preset_maps(P);
1281 	P->ops.pop_fini(P, P->data);
1282 
1283 	/* clear out the structure as a precaution against reuse */
1284 	(void) memset(P, 0, sizeof (*P));
1285 	P->ctlfd = -1;
1286 	P->asfd = -1;
1287 	P->statfd = -1;
1288 	P->agentctlfd = -1;
1289 	P->agentstatfd = -1;
1290 
1291 	free(P);
1292 }
1293 
1294 /*
1295  * Return the state of the process, one of the PS_* values.
1296  */
1297 int
1298 Pstate(struct ps_prochandle *P)
1299 {
1300 	return (P->state);
1301 }
1302 
1303 /*
1304  * Return the open address space file descriptor for the process.
1305  * Clients must not close this file descriptor, not use it
1306  * after the process is freed.
1307  */
1308 int
1309 Pasfd(struct ps_prochandle *P)
1310 {
1311 	return (P->asfd);
1312 }
1313 
1314 /*
1315  * Return the open control file descriptor for the process.
1316  * Clients must not close this file descriptor, not use it
1317  * after the process is freed.
1318  */
1319 int
1320 Pctlfd(struct ps_prochandle *P)
1321 {
1322 	return (P->ctlfd);
1323 }
1324 
1325 /*
1326  * Return a pointer to the process psinfo structure.
1327  * Clients should not hold on to this pointer indefinitely.
1328  * It will become invalid on Prelease().
1329  */
1330 const psinfo_t *
1331 Ppsinfo(struct ps_prochandle *P)
1332 {
1333 	return (P->ops.pop_psinfo(P, &P->psinfo, P->data));
1334 }
1335 
1336 /*
1337  * Return a pointer to the process status structure.
1338  * Clients should not hold on to this pointer indefinitely.
1339  * It will become invalid on Prelease().
1340  */
1341 const pstatus_t *
1342 Pstatus(struct ps_prochandle *P)
1343 {
1344 	return (&P->status);
1345 }
1346 
1347 static void
1348 Pread_status(struct ps_prochandle *P)
1349 {
1350 	P->ops.pop_status(P, &P->status, P->data);
1351 }
1352 
1353 /*
1354  * Fill in a pointer to a process credentials structure.  The ngroups parameter
1355  * is the number of supplementary group entries allocated in the caller's cred
1356  * structure.  It should equal zero or one unless extra space has been
1357  * allocated for the group list by the caller.
1358  */
1359 int
1360 Pcred(struct ps_prochandle *P, prcred_t *pcrp, int ngroups)
1361 {
1362 	return (P->ops.pop_cred(P, pcrp, ngroups, P->data));
1363 }
1364 
1365 /* Return an allocated prsecflags_t */
1366 int
1367 Psecflags(struct ps_prochandle *P, prsecflags_t **psf)
1368 {
1369 	int ret;
1370 
1371 	if ((ret = P->ops.pop_secflags(P, psf, P->data)) == 0) {
1372 		if ((*psf)->pr_version != PRSECFLAGS_VERSION_1) {
1373 			free(*psf);
1374 			*psf = NULL;
1375 			errno = EINVAL;
1376 			return (-1);
1377 		}
1378 	}
1379 
1380 	return (ret);
1381 }
1382 
1383 void
1384 Psecflags_free(prsecflags_t *psf)
1385 {
1386 	free(psf);
1387 }
1388 
1389 int
1390 Pcwd(struct ps_prochandle *P, prcwd_t **cwd)
1391 {
1392 	return (P->ops.pop_cwd(P, cwd, P->data));
1393 }
1394 
1395 void
1396 Pcwd_free(prcwd_t *cwd)
1397 {
1398 	free(cwd);
1399 }
1400 
1401 static prheader_t *
1402 Plstatus(struct ps_prochandle *P)
1403 {
1404 	return (P->ops.pop_lstatus(P, P->data));
1405 }
1406 
1407 static prheader_t *
1408 Plpsinfo(struct ps_prochandle *P)
1409 {
1410 	return (P->ops.pop_lpsinfo(P, P->data));
1411 }
1412 
1413 
1414 #if defined(__i386) || defined(__amd64)
1415 /*
1416  * Fill in a pointer to a process LDT structure.
1417  * The caller provides a buffer of size 'nldt * sizeof (struct ssd)';
1418  * If pldt == NULL or nldt == 0, we return the number of existing LDT entries.
1419  * Otherwise we return the actual number of LDT entries fetched (<= nldt).
1420  */
1421 int
1422 Pldt(struct ps_prochandle *P, struct ssd *pldt, int nldt)
1423 {
1424 	return (P->ops.pop_ldt(P, pldt, nldt, P->data));
1425 
1426 }
1427 #endif	/* __i386 */
1428 
1429 void
1430 Ppriv_free(struct ps_prochandle *P, prpriv_t *prv)
1431 {
1432 	free(prv);
1433 }
1434 
1435 /*
1436  * Return a malloced process privilege structure in *pprv.
1437  */
1438 int
1439 Ppriv(struct ps_prochandle *P, prpriv_t **pprv)
1440 {
1441 	return (P->ops.pop_priv(P, pprv, P->data));
1442 }
1443 
1444 int
1445 Psetpriv(struct ps_prochandle *P, prpriv_t *pprv)
1446 {
1447 	int rc;
1448 	long *ctl;
1449 	size_t sz;
1450 
1451 	if (P->state == PS_DEAD) {
1452 		errno = EBADF;
1453 		return (-1);
1454 	}
1455 
1456 	sz = PRIV_PRPRIV_SIZE(pprv) + sizeof (long);
1457 
1458 	sz = ((sz - 1) / sizeof (long) + 1) * sizeof (long);
1459 
1460 	ctl = malloc(sz);
1461 	if (ctl == NULL)
1462 		return (-1);
1463 
1464 	ctl[0] = PCSPRIV;
1465 
1466 	(void) memcpy(&ctl[1], pprv, PRIV_PRPRIV_SIZE(pprv));
1467 
1468 	if (write(P->ctlfd, ctl, sz) != sz)
1469 		rc = -1;
1470 	else
1471 		rc = 0;
1472 
1473 	free(ctl);
1474 
1475 	return (rc);
1476 }
1477 
1478 void *
1479 Pprivinfo(struct ps_prochandle *P)
1480 {
1481 	core_info_t *core = P->data;
1482 
1483 	/* Use default from libc */
1484 	if (P->state != PS_DEAD)
1485 		return (NULL);
1486 
1487 	return (core->core_privinfo);
1488 }
1489 
1490 /*
1491  * Ensure that all cached state is written to the process.
1492  * The cached state is the LWP's signal mask and registers
1493  * and the process's tracing flags.
1494  */
1495 void
1496 Psync(struct ps_prochandle *P)
1497 {
1498 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
1499 	long cmd[6];
1500 	iovec_t iov[12];
1501 	int n = 0;
1502 
1503 	if (P->flags & SETHOLD) {
1504 		cmd[0] = PCSHOLD;
1505 		iov[n].iov_base = (caddr_t)&cmd[0];
1506 		iov[n++].iov_len = sizeof (long);
1507 		iov[n].iov_base = (caddr_t)&P->status.pr_lwp.pr_lwphold;
1508 		iov[n++].iov_len = sizeof (P->status.pr_lwp.pr_lwphold);
1509 	}
1510 	if (P->flags & SETREGS) {
1511 		cmd[1] = PCSREG;
1512 #ifdef __i386
1513 		/* XX64 we should probably restore REG_GS after this */
1514 		if (ctlfd == P->agentctlfd)
1515 			P->status.pr_lwp.pr_reg[GS] = 0;
1516 #elif defined(__amd64)
1517 		/* XX64 */
1518 #endif
1519 		iov[n].iov_base = (caddr_t)&cmd[1];
1520 		iov[n++].iov_len = sizeof (long);
1521 		iov[n].iov_base = (caddr_t)&P->status.pr_lwp.pr_reg[0];
1522 		iov[n++].iov_len = sizeof (P->status.pr_lwp.pr_reg);
1523 	}
1524 	if (P->flags & SETSIG) {
1525 		cmd[2] = PCSTRACE;
1526 		iov[n].iov_base = (caddr_t)&cmd[2];
1527 		iov[n++].iov_len = sizeof (long);
1528 		iov[n].iov_base = (caddr_t)&P->status.pr_sigtrace;
1529 		iov[n++].iov_len = sizeof (P->status.pr_sigtrace);
1530 	}
1531 	if (P->flags & SETFAULT) {
1532 		cmd[3] = PCSFAULT;
1533 		iov[n].iov_base = (caddr_t)&cmd[3];
1534 		iov[n++].iov_len = sizeof (long);
1535 		iov[n].iov_base = (caddr_t)&P->status.pr_flttrace;
1536 		iov[n++].iov_len = sizeof (P->status.pr_flttrace);
1537 	}
1538 	if (P->flags & SETENTRY) {
1539 		cmd[4] = PCSENTRY;
1540 		iov[n].iov_base = (caddr_t)&cmd[4];
1541 		iov[n++].iov_len = sizeof (long);
1542 		iov[n].iov_base = (caddr_t)&P->status.pr_sysentry;
1543 		iov[n++].iov_len = sizeof (P->status.pr_sysentry);
1544 	}
1545 	if (P->flags & SETEXIT) {
1546 		cmd[5] = PCSEXIT;
1547 		iov[n].iov_base = (caddr_t)&cmd[5];
1548 		iov[n++].iov_len = sizeof (long);
1549 		iov[n].iov_base = (caddr_t)&P->status.pr_sysexit;
1550 		iov[n++].iov_len = sizeof (P->status.pr_sysexit);
1551 	}
1552 
1553 	if (n == 0 || writev(ctlfd, iov, n) < 0)
1554 		return;		/* nothing to do or write failed */
1555 
1556 	P->flags &= ~(SETSIG|SETFAULT|SETENTRY|SETEXIT|SETHOLD|SETREGS);
1557 }
1558 
1559 /*
1560  * Reopen the /proc file (after PS_LOST).
1561  */
1562 int
1563 Preopen(struct ps_prochandle *P)
1564 {
1565 	int fd;
1566 	char procname[PATH_MAX];
1567 	char *fname;
1568 
1569 	if (P->state == PS_DEAD || P->state == PS_IDLE)
1570 		return (0);
1571 
1572 	if (P->agentcnt > 0) {
1573 		P->agentcnt = 1;
1574 		Pdestroy_agent(P);
1575 	}
1576 
1577 	(void) snprintf(procname, sizeof (procname), "%s/%d/",
1578 	    procfs_path, (int)P->pid);
1579 	fname = procname + strlen(procname);
1580 
1581 	(void) strcpy(fname, "as");
1582 	if ((fd = open(procname, O_RDWR)) < 0 ||
1583 	    close(P->asfd) < 0 ||
1584 	    (fd = dupfd(fd, P->asfd)) != P->asfd) {
1585 		dprintf("Preopen: failed to open %s: %s\n",
1586 		    procname, strerror(errno));
1587 		if (fd >= 0)
1588 			(void) close(fd);
1589 		return (-1);
1590 	}
1591 	P->asfd = fd;
1592 
1593 	(void) strcpy(fname, "status");
1594 	if ((fd = open(procname, O_RDONLY)) < 0 ||
1595 	    close(P->statfd) < 0 ||
1596 	    (fd = dupfd(fd, P->statfd)) != P->statfd) {
1597 		dprintf("Preopen: failed to open %s: %s\n",
1598 		    procname, strerror(errno));
1599 		if (fd >= 0)
1600 			(void) close(fd);
1601 		return (-1);
1602 	}
1603 	P->statfd = fd;
1604 
1605 	(void) strcpy(fname, "ctl");
1606 	if ((fd = open(procname, O_WRONLY)) < 0 ||
1607 	    close(P->ctlfd) < 0 ||
1608 	    (fd = dupfd(fd, P->ctlfd)) != P->ctlfd) {
1609 		dprintf("Preopen: failed to open %s: %s\n",
1610 		    procname, strerror(errno));
1611 		if (fd >= 0)
1612 			(void) close(fd);
1613 		return (-1);
1614 	}
1615 	P->ctlfd = fd;
1616 
1617 	/*
1618 	 * Set the state to PS_RUN and wait for the process to stop so that
1619 	 * we re-read the status from the new P->statfd.  If this fails, Pwait
1620 	 * will reset the state to PS_LOST and we fail the reopen.  Before
1621 	 * returning, we also forge a bit of P->status to allow the debugger to
1622 	 * see that we are PS_LOST following a successful exec.
1623 	 */
1624 	P->state = PS_RUN;
1625 	if (Pwait(P, 0) == -1) {
1626 #ifdef _ILP32
1627 		if (errno == EOVERFLOW)
1628 			P->status.pr_dmodel = PR_MODEL_LP64;
1629 #endif
1630 		P->status.pr_lwp.pr_why = PR_SYSEXIT;
1631 		P->status.pr_lwp.pr_what = SYS_execve;
1632 		P->status.pr_lwp.pr_errno = 0;
1633 		return (-1);
1634 	}
1635 
1636 	/*
1637 	 * The process should be stopped on exec (REQUESTED)
1638 	 * or else should be stopped on exit from exec() (SYSEXIT)
1639 	 */
1640 	if (P->state == PS_STOP &&
1641 	    (P->status.pr_lwp.pr_why == PR_REQUESTED ||
1642 	    (P->status.pr_lwp.pr_why == PR_SYSEXIT &&
1643 	    P->status.pr_lwp.pr_what == SYS_execve))) {
1644 		/* fake up stop-on-exit-from-execve */
1645 		if (P->status.pr_lwp.pr_why == PR_REQUESTED) {
1646 			P->status.pr_lwp.pr_why = PR_SYSEXIT;
1647 			P->status.pr_lwp.pr_what = SYS_execve;
1648 			P->status.pr_lwp.pr_errno = 0;
1649 		}
1650 	} else {
1651 		dprintf("Preopen: expected REQUESTED or "
1652 		    "SYSEXIT(SYS_execve) stop\n");
1653 	}
1654 
1655 	return (0);
1656 }
1657 
1658 /*
1659  * Define all settable flags other than the microstate accounting flags.
1660  */
1661 #define	ALL_SETTABLE_FLAGS (PR_FORK|PR_RLC|PR_KLC|PR_ASYNC|PR_BPTADJ|PR_PTRACE)
1662 
1663 /*
1664  * Restore /proc tracing flags to their original values
1665  * in preparation for releasing the process.
1666  * Also called by Pcreate() to clear all tracing flags.
1667  */
1668 static void
1669 restore_tracing_flags(struct ps_prochandle *P)
1670 {
1671 	long flags;
1672 	long cmd[4];
1673 	iovec_t iov[8];
1674 
1675 	if (P->flags & CREATED) {
1676 		/* we created this process; clear all tracing flags */
1677 		premptyset(&P->status.pr_sigtrace);
1678 		premptyset(&P->status.pr_flttrace);
1679 		premptyset(&P->status.pr_sysentry);
1680 		premptyset(&P->status.pr_sysexit);
1681 		if ((P->status.pr_flags & ALL_SETTABLE_FLAGS) != 0)
1682 			(void) Punsetflags(P, ALL_SETTABLE_FLAGS);
1683 	} else {
1684 		/* we grabbed the process; restore its tracing flags */
1685 		P->status.pr_sigtrace = P->orig_status.pr_sigtrace;
1686 		P->status.pr_flttrace = P->orig_status.pr_flttrace;
1687 		P->status.pr_sysentry = P->orig_status.pr_sysentry;
1688 		P->status.pr_sysexit  = P->orig_status.pr_sysexit;
1689 		if ((P->status.pr_flags & ALL_SETTABLE_FLAGS) !=
1690 		    (flags = (P->orig_status.pr_flags & ALL_SETTABLE_FLAGS))) {
1691 			(void) Punsetflags(P, ALL_SETTABLE_FLAGS);
1692 			if (flags)
1693 				(void) Psetflags(P, flags);
1694 		}
1695 	}
1696 
1697 	cmd[0] = PCSTRACE;
1698 	iov[0].iov_base = (caddr_t)&cmd[0];
1699 	iov[0].iov_len = sizeof (long);
1700 	iov[1].iov_base = (caddr_t)&P->status.pr_sigtrace;
1701 	iov[1].iov_len = sizeof (P->status.pr_sigtrace);
1702 
1703 	cmd[1] = PCSFAULT;
1704 	iov[2].iov_base = (caddr_t)&cmd[1];
1705 	iov[2].iov_len = sizeof (long);
1706 	iov[3].iov_base = (caddr_t)&P->status.pr_flttrace;
1707 	iov[3].iov_len = sizeof (P->status.pr_flttrace);
1708 
1709 	cmd[2] = PCSENTRY;
1710 	iov[4].iov_base = (caddr_t)&cmd[2];
1711 	iov[4].iov_len = sizeof (long);
1712 	iov[5].iov_base = (caddr_t)&P->status.pr_sysentry;
1713 	iov[5].iov_len = sizeof (P->status.pr_sysentry);
1714 
1715 	cmd[3] = PCSEXIT;
1716 	iov[6].iov_base = (caddr_t)&cmd[3];
1717 	iov[6].iov_len = sizeof (long);
1718 	iov[7].iov_base = (caddr_t)&P->status.pr_sysexit;
1719 	iov[7].iov_len = sizeof (P->status.pr_sysexit);
1720 
1721 	(void) writev(P->ctlfd, iov, 8);
1722 
1723 	P->flags &= ~(SETSIG|SETFAULT|SETENTRY|SETEXIT);
1724 }
1725 
1726 /*
1727  * Release the process.  Frees the process control structure.
1728  * flags:
1729  *	PRELEASE_CLEAR	Clear all tracing flags.
1730  *	PRELEASE_RETAIN	Retain current tracing flags.
1731  *	PRELEASE_HANG	Leave the process stopped and abandoned.
1732  *	PRELEASE_KILL	Terminate the process with SIGKILL.
1733  */
1734 void
1735 Prelease(struct ps_prochandle *P, int flags)
1736 {
1737 	if (P->state == PS_DEAD) {
1738 		dprintf("Prelease: releasing handle %p PS_DEAD of pid %d\n",
1739 		    (void *)P, (int)P->pid);
1740 		Pfree(P);
1741 		return;
1742 	}
1743 
1744 	if (P->state == PS_IDLE) {
1745 		file_info_t *fptr = list_head(&P->file_head);
1746 		dprintf("Prelease: releasing handle %p PS_IDLE of file %s\n",
1747 		    (void *)P, fptr->file_pname);
1748 		Pfree(P);
1749 		return;
1750 	}
1751 
1752 	dprintf("Prelease: releasing handle %p pid %d\n",
1753 	    (void *)P, (int)P->pid);
1754 
1755 	if (P->ctlfd == -1) {
1756 		Pfree(P);
1757 		return;
1758 	}
1759 
1760 	if (P->agentcnt > 0) {
1761 		P->agentcnt = 1;
1762 		Pdestroy_agent(P);
1763 	}
1764 
1765 	/*
1766 	 * Attempt to stop the process.
1767 	 */
1768 	P->state = PS_RUN;
1769 	(void) Pstop(P, 1000);
1770 
1771 	if (flags & PRELEASE_KILL) {
1772 		if (P->state == PS_STOP)
1773 			(void) Psetrun(P, SIGKILL, 0);
1774 		(void) kill(P->pid, SIGKILL);
1775 		Pfree(P);
1776 		return;
1777 	}
1778 
1779 	/*
1780 	 * If we lost control, all we can do now is close the files.
1781 	 * In this case, the last close sets the process running.
1782 	 */
1783 	if (P->state != PS_STOP &&
1784 	    (P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) == 0) {
1785 		Pfree(P);
1786 		return;
1787 	}
1788 
1789 	/*
1790 	 * We didn't lose control; we do more.
1791 	 */
1792 	Psync(P);
1793 
1794 	if (flags & PRELEASE_CLEAR)
1795 		P->flags |= CREATED;
1796 
1797 	if (!(flags & PRELEASE_RETAIN))
1798 		restore_tracing_flags(P);
1799 
1800 	if (flags & PRELEASE_HANG) {
1801 		/* Leave the process stopped and abandoned */
1802 		(void) Punsetflags(P, PR_RLC|PR_KLC);
1803 		Pfree(P);
1804 		return;
1805 	}
1806 
1807 	/*
1808 	 * Set the process running if we created it or if it was
1809 	 * not originally stopped or directed to stop via /proc
1810 	 * or if we were given the PRELEASE_CLEAR flag.
1811 	 */
1812 	if ((P->flags & CREATED) ||
1813 	    (P->orig_status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) == 0) {
1814 		(void) Psetflags(P, PR_RLC);
1815 		/*
1816 		 * We do this repeatedly because the process may have
1817 		 * more than one LWP stopped on an event of interest.
1818 		 * This makes sure all of them are set running.
1819 		 */
1820 		do {
1821 			if (Psetrun(P, 0, 0) == -1 && errno == EBUSY)
1822 				break; /* Agent LWP may be stuck */
1823 		} while (Pstopstatus(P, PCNULL, 0) == 0 &&
1824 		    P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP));
1825 
1826 		if (P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP))
1827 			dprintf("Prelease: failed to set process running\n");
1828 	}
1829 
1830 	Pfree(P);
1831 }
1832 
1833 /* debugging */
1834 void
1835 prldump(const char *caller, lwpstatus_t *lsp)
1836 {
1837 	char name[32];
1838 	uint32_t bits;
1839 
1840 	switch (lsp->pr_why) {
1841 	case PR_REQUESTED:
1842 		dprintf("%s: REQUESTED\n", caller);
1843 		break;
1844 	case PR_SIGNALLED:
1845 		dprintf("%s: SIGNALLED %s\n", caller,
1846 		    proc_signame(lsp->pr_what, name, sizeof (name)));
1847 		break;
1848 	case PR_FAULTED:
1849 		dprintf("%s: FAULTED %s\n", caller,
1850 		    proc_fltname(lsp->pr_what, name, sizeof (name)));
1851 		break;
1852 	case PR_SYSENTRY:
1853 		dprintf("%s: SYSENTRY %s\n", caller,
1854 		    proc_sysname(lsp->pr_what, name, sizeof (name)));
1855 		break;
1856 	case PR_SYSEXIT:
1857 		dprintf("%s: SYSEXIT %s\n", caller,
1858 		    proc_sysname(lsp->pr_what, name, sizeof (name)));
1859 		break;
1860 	case PR_JOBCONTROL:
1861 		dprintf("%s: JOBCONTROL %s\n", caller,
1862 		    proc_signame(lsp->pr_what, name, sizeof (name)));
1863 		break;
1864 	case PR_SUSPENDED:
1865 		dprintf("%s: SUSPENDED\n", caller);
1866 		break;
1867 	default:
1868 		dprintf("%s: Unknown\n", caller);
1869 		break;
1870 	}
1871 
1872 	if (lsp->pr_cursig)
1873 		dprintf("%s: p_cursig  = %d\n", caller, lsp->pr_cursig);
1874 
1875 	bits = *((uint32_t *)&lsp->pr_lwppend);
1876 	if (bits)
1877 		dprintf("%s: pr_lwppend = 0x%.8X\n", caller, bits);
1878 }
1879 
1880 /* debugging */
1881 static void
1882 prdump(struct ps_prochandle *P)
1883 {
1884 	uint32_t bits;
1885 
1886 	prldump("Pstopstatus", &P->status.pr_lwp);
1887 
1888 	bits = *((uint32_t *)&P->status.pr_sigpend);
1889 	if (bits)
1890 		dprintf("Pstopstatus: pr_sigpend = 0x%.8X\n", bits);
1891 }
1892 
1893 /*
1894  * Wait for the specified process to stop or terminate.
1895  * Or, just get the current status (PCNULL).
1896  * Or, direct it to stop and get the current status (PCDSTOP).
1897  * If the agent LWP exists, do these things to the agent,
1898  * else do these things to the process as a whole.
1899  */
1900 int
1901 Pstopstatus(struct ps_prochandle *P,
1902     long request,		/* PCNULL, PCDSTOP, PCSTOP, PCWSTOP */
1903     uint_t msec)		/* if non-zero, timeout in milliseconds */
1904 {
1905 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
1906 	long ctl[3];
1907 	ssize_t rc;
1908 	int err;
1909 	int old_state = P->state;
1910 
1911 	switch (P->state) {
1912 	case PS_RUN:
1913 		break;
1914 	case PS_STOP:
1915 		if (request != PCNULL && request != PCDSTOP)
1916 			return (0);
1917 		break;
1918 	case PS_LOST:
1919 		if (request != PCNULL) {
1920 			errno = EAGAIN;
1921 			return (-1);
1922 		}
1923 		break;
1924 	case PS_UNDEAD:
1925 	case PS_DEAD:
1926 	case PS_IDLE:
1927 		if (request != PCNULL) {
1928 			errno = ENOENT;
1929 			return (-1);
1930 		}
1931 		break;
1932 	default:	/* corrupted state */
1933 		dprintf("Pstopstatus: corrupted state: %d\n", P->state);
1934 		errno = EINVAL;
1935 		return (-1);
1936 	}
1937 
1938 	ctl[0] = PCDSTOP;
1939 	ctl[1] = PCTWSTOP;
1940 	ctl[2] = (long)msec;
1941 	rc = 0;
1942 	switch (request) {
1943 	case PCSTOP:
1944 		rc = write(ctlfd, &ctl[0], 3*sizeof (long));
1945 		break;
1946 	case PCWSTOP:
1947 		rc = write(ctlfd, &ctl[1], 2*sizeof (long));
1948 		break;
1949 	case PCDSTOP:
1950 		rc = write(ctlfd, &ctl[0], 1*sizeof (long));
1951 		break;
1952 	case PCNULL:
1953 		if (P->state == PS_DEAD || P->state == PS_IDLE)
1954 			return (0);
1955 		break;
1956 	default:	/* programming error */
1957 		errno = EINVAL;
1958 		return (-1);
1959 	}
1960 	err = (rc < 0)? errno : 0;
1961 	Psync(P);
1962 
1963 	if (P->agentstatfd < 0) {
1964 		if (pread(P->statfd, &P->status,
1965 		    sizeof (P->status), (off_t)0) < 0)
1966 			err = errno;
1967 	} else {
1968 		if (pread(P->agentstatfd, &P->status.pr_lwp,
1969 		    sizeof (P->status.pr_lwp), (off_t)0) < 0)
1970 			err = errno;
1971 		P->status.pr_flags = P->status.pr_lwp.pr_flags;
1972 	}
1973 
1974 	if (err) {
1975 		switch (err) {
1976 		case EINTR:		/* user typed ctl-C */
1977 		case ERESTART:
1978 			dprintf("Pstopstatus: EINTR\n");
1979 			break;
1980 		case EAGAIN:		/* we lost control of the the process */
1981 		case EOVERFLOW:
1982 			dprintf("Pstopstatus: PS_LOST, errno=%d\n", err);
1983 			P->state = PS_LOST;
1984 			break;
1985 		default:		/* check for dead process */
1986 			if (_libproc_debug) {
1987 				const char *errstr;
1988 
1989 				switch (request) {
1990 				case PCNULL:
1991 					errstr = "Pstopstatus PCNULL"; break;
1992 				case PCSTOP:
1993 					errstr = "Pstopstatus PCSTOP"; break;
1994 				case PCDSTOP:
1995 					errstr = "Pstopstatus PCDSTOP"; break;
1996 				case PCWSTOP:
1997 					errstr = "Pstopstatus PCWSTOP"; break;
1998 				default:
1999 					errstr = "Pstopstatus PC???"; break;
2000 				}
2001 				dprintf("%s: %s\n", errstr, strerror(err));
2002 			}
2003 			deadcheck(P);
2004 			break;
2005 		}
2006 		if (err != EINTR && err != ERESTART) {
2007 			errno = err;
2008 			return (-1);
2009 		}
2010 	}
2011 
2012 	if (!(P->status.pr_flags & PR_STOPPED)) {
2013 		P->state = PS_RUN;
2014 		if (request == PCNULL || request == PCDSTOP || msec != 0)
2015 			return (0);
2016 		dprintf("Pstopstatus: process is not stopped\n");
2017 		errno = EPROTO;
2018 		return (-1);
2019 	}
2020 
2021 	P->state = PS_STOP;
2022 
2023 	if (_libproc_debug)	/* debugging */
2024 		prdump(P);
2025 
2026 	/*
2027 	 * If the process was already stopped coming into Pstopstatus(),
2028 	 * then don't use its PC to set P->sysaddr since it may have been
2029 	 * changed since the time the process originally stopped.
2030 	 */
2031 	if (old_state == PS_STOP)
2032 		return (0);
2033 
2034 	switch (P->status.pr_lwp.pr_why) {
2035 	case PR_SYSENTRY:
2036 	case PR_SYSEXIT:
2037 		if (Pissyscall_prev(P, P->status.pr_lwp.pr_reg[R_PC],
2038 		    &P->sysaddr) == 0)
2039 			P->sysaddr = P->status.pr_lwp.pr_reg[R_PC];
2040 		break;
2041 	case PR_REQUESTED:
2042 	case PR_SIGNALLED:
2043 	case PR_FAULTED:
2044 	case PR_JOBCONTROL:
2045 	case PR_SUSPENDED:
2046 		break;
2047 	default:
2048 		errno = EPROTO;
2049 		return (-1);
2050 	}
2051 
2052 	return (0);
2053 }
2054 
2055 /*
2056  * Wait for the process to stop for any reason.
2057  */
2058 int
2059 Pwait(struct ps_prochandle *P, uint_t msec)
2060 {
2061 	return (Pstopstatus(P, PCWSTOP, msec));
2062 }
2063 
2064 /*
2065  * Direct the process to stop; wait for it to stop.
2066  */
2067 int
2068 Pstop(struct ps_prochandle *P, uint_t msec)
2069 {
2070 	return (Pstopstatus(P, PCSTOP, msec));
2071 }
2072 
2073 /*
2074  * Direct the process to stop; don't wait.
2075  */
2076 int
2077 Pdstop(struct ps_prochandle *P)
2078 {
2079 	return (Pstopstatus(P, PCDSTOP, 0));
2080 }
2081 
2082 static void
2083 deadcheck(struct ps_prochandle *P)
2084 {
2085 	int fd;
2086 	void *buf;
2087 	size_t size;
2088 
2089 	if (P->statfd < 0)
2090 		P->state = PS_UNDEAD;
2091 	else {
2092 		if (P->agentstatfd < 0) {
2093 			fd = P->statfd;
2094 			buf = &P->status;
2095 			size = sizeof (P->status);
2096 		} else {
2097 			fd = P->agentstatfd;
2098 			buf = &P->status.pr_lwp;
2099 			size = sizeof (P->status.pr_lwp);
2100 		}
2101 		while (pread(fd, buf, size, (off_t)0) != size) {
2102 			switch (errno) {
2103 			default:
2104 				P->state = PS_UNDEAD;
2105 				break;
2106 			case EINTR:
2107 			case ERESTART:
2108 				continue;
2109 			case EAGAIN:
2110 				P->state = PS_LOST;
2111 				break;
2112 			}
2113 			break;
2114 		}
2115 		P->status.pr_flags = P->status.pr_lwp.pr_flags;
2116 	}
2117 }
2118 
2119 /*
2120  * Get the value of one register from stopped process.
2121  */
2122 int
2123 Pgetareg(struct ps_prochandle *P, int regno, prgreg_t *preg)
2124 {
2125 	if (regno < 0 || regno >= NPRGREG) {
2126 		errno = EINVAL;
2127 		return (-1);
2128 	}
2129 
2130 	if (P->state == PS_IDLE) {
2131 		errno = ENODATA;
2132 		return (-1);
2133 	}
2134 
2135 	if (P->state != PS_STOP && P->state != PS_DEAD) {
2136 		errno = EBUSY;
2137 		return (-1);
2138 	}
2139 
2140 	*preg = P->status.pr_lwp.pr_reg[regno];
2141 	return (0);
2142 }
2143 
2144 /*
2145  * Put value of one register into stopped process.
2146  */
2147 int
2148 Pputareg(struct ps_prochandle *P, int regno, prgreg_t reg)
2149 {
2150 	if (regno < 0 || regno >= NPRGREG) {
2151 		errno = EINVAL;
2152 		return (-1);
2153 	}
2154 
2155 	if (P->state != PS_STOP) {
2156 		errno = EBUSY;
2157 		return (-1);
2158 	}
2159 
2160 	P->status.pr_lwp.pr_reg[regno] = reg;
2161 	P->flags |= SETREGS;	/* set registers before continuing */
2162 	return (0);
2163 }
2164 
2165 int
2166 Psetrun(struct ps_prochandle *P,
2167     int sig,	/* signal to pass to process */
2168     int flags)	/* PRSTEP|PRSABORT|PRSTOP|PRCSIG|PRCFAULT */
2169 {
2170 	int ctlfd = (P->agentctlfd >= 0) ? P->agentctlfd : P->ctlfd;
2171 	int sbits = (PR_DSTOP | PR_ISTOP | PR_ASLEEP);
2172 
2173 	long ctl[1 +					/* PCCFAULT	*/
2174 	    1 + sizeof (siginfo_t)/sizeof (long) +	/* PCSSIG/PCCSIG */
2175 	    2 ];					/* PCRUN	*/
2176 
2177 	long *ctlp = ctl;
2178 	size_t size;
2179 
2180 	if (P->state != PS_STOP && (P->status.pr_lwp.pr_flags & sbits) == 0) {
2181 		errno = EBUSY;
2182 		return (-1);
2183 	}
2184 
2185 	Psync(P);	/* flush tracing flags and registers */
2186 
2187 	if (flags & PRCFAULT) {		/* clear current fault */
2188 		*ctlp++ = PCCFAULT;
2189 		flags &= ~PRCFAULT;
2190 	}
2191 
2192 	if (flags & PRCSIG) {		/* clear current signal */
2193 		*ctlp++ = PCCSIG;
2194 		flags &= ~PRCSIG;
2195 	} else if (sig && sig != P->status.pr_lwp.pr_cursig) {
2196 		/* make current signal */
2197 		siginfo_t *infop;
2198 
2199 		*ctlp++ = PCSSIG;
2200 		infop = (siginfo_t *)ctlp;
2201 		(void) memset(infop, 0, sizeof (*infop));
2202 		infop->si_signo = sig;
2203 		ctlp += sizeof (siginfo_t) / sizeof (long);
2204 	}
2205 
2206 	*ctlp++ = PCRUN;
2207 	*ctlp++ = flags;
2208 	size = (char *)ctlp - (char *)ctl;
2209 
2210 	P->info_valid = 0;	/* will need to update map and file info */
2211 
2212 	/*
2213 	 * If we've cached ucontext-list information while we were stopped,
2214 	 * free it now.
2215 	 */
2216 	if (P->ucaddrs != NULL) {
2217 		free(P->ucaddrs);
2218 		P->ucaddrs = NULL;
2219 		P->ucnelems = 0;
2220 	}
2221 
2222 	if (write(ctlfd, ctl, size) != size) {
2223 		/* If it is dead or lost, return the real status, not PS_RUN */
2224 		if (errno == ENOENT || errno == EAGAIN) {
2225 			(void) Pstopstatus(P, PCNULL, 0);
2226 			return (0);
2227 		}
2228 		/* If it is not in a jobcontrol stop, issue an error message */
2229 		if (errno != EBUSY ||
2230 		    P->status.pr_lwp.pr_why != PR_JOBCONTROL) {
2231 			dprintf("Psetrun: %s\n", strerror(errno));
2232 			return (-1);
2233 		}
2234 		/* Otherwise pretend that the job-stopped process is running */
2235 	}
2236 
2237 	P->state = PS_RUN;
2238 	return (0);
2239 }
2240 
2241 ssize_t
2242 Pread(struct ps_prochandle *P,
2243     void *buf,		/* caller's buffer */
2244     size_t nbyte,	/* number of bytes to read */
2245     uintptr_t address)	/* address in process */
2246 {
2247 	return (P->ops.pop_pread(P, buf, nbyte, address, P->data));
2248 }
2249 
2250 ssize_t
2251 Pread_string(struct ps_prochandle *P,
2252     char *buf,			/* caller's buffer */
2253     size_t size,		/* upper limit on bytes to read */
2254     uintptr_t addr)		/* address in process */
2255 {
2256 	enum { STRSZ = 40 };
2257 	char string[STRSZ + 1];
2258 	ssize_t leng = 0;
2259 	int nbyte;
2260 
2261 	if (size < 2) {
2262 		errno = EINVAL;
2263 		return (-1);
2264 	}
2265 
2266 	size--;			/* ensure trailing null fits in buffer */
2267 
2268 	*buf = '\0';
2269 	string[STRSZ] = '\0';
2270 
2271 	for (nbyte = STRSZ; nbyte == STRSZ && leng < size; addr += STRSZ) {
2272 		if ((nbyte = P->ops.pop_pread(P, string, STRSZ, addr,
2273 		    P->data)) <= 0) {
2274 			buf[leng] = '\0';
2275 			return (leng ? leng : -1);
2276 		}
2277 		if ((nbyte = strlen(string)) > 0) {
2278 			if (leng + nbyte > size)
2279 				nbyte = size - leng;
2280 			(void) strncpy(buf + leng, string, nbyte);
2281 			leng += nbyte;
2282 		}
2283 	}
2284 	buf[leng] = '\0';
2285 	return (leng);
2286 }
2287 
2288 ssize_t
2289 Pwrite(struct ps_prochandle *P,
2290     const void *buf,	/* caller's buffer */
2291     size_t nbyte,	/* number of bytes to write */
2292     uintptr_t address)	/* address in process */
2293 {
2294 	return (P->ops.pop_pwrite(P, buf, nbyte, address, P->data));
2295 }
2296 
2297 int
2298 Pclearsig(struct ps_prochandle *P)
2299 {
2300 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2301 	long ctl = PCCSIG;
2302 
2303 	if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
2304 		return (-1);
2305 	P->status.pr_lwp.pr_cursig = 0;
2306 	return (0);
2307 }
2308 
2309 int
2310 Pclearfault(struct ps_prochandle *P)
2311 {
2312 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2313 	long ctl = PCCFAULT;
2314 
2315 	if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
2316 		return (-1);
2317 	return (0);
2318 }
2319 
2320 /*
2321  * Set a breakpoint trap, return original instruction.
2322  */
2323 int
2324 Psetbkpt(struct ps_prochandle *P, uintptr_t address, ulong_t *saved)
2325 {
2326 	long ctl[1 + sizeof (priovec_t) / sizeof (long) +	/* PCREAD */
2327 	    1 + sizeof (priovec_t) / sizeof (long)];	/* PCWRITE */
2328 	long *ctlp = ctl;
2329 	size_t size;
2330 	priovec_t *iovp;
2331 	instr_t bpt = BPT;
2332 	instr_t old;
2333 
2334 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2335 	    P->state == PS_IDLE) {
2336 		errno = ENOENT;
2337 		return (-1);
2338 	}
2339 
2340 	/* fetch the old instruction */
2341 	*ctlp++ = PCREAD;
2342 	iovp = (priovec_t *)ctlp;
2343 	iovp->pio_base = &old;
2344 	iovp->pio_len = sizeof (old);
2345 	iovp->pio_offset = address;
2346 	ctlp += sizeof (priovec_t) / sizeof (long);
2347 
2348 	/* write the BPT instruction */
2349 	*ctlp++ = PCWRITE;
2350 	iovp = (priovec_t *)ctlp;
2351 	iovp->pio_base = &bpt;
2352 	iovp->pio_len = sizeof (bpt);
2353 	iovp->pio_offset = address;
2354 	ctlp += sizeof (priovec_t) / sizeof (long);
2355 
2356 	size = (char *)ctlp - (char *)ctl;
2357 	if (write(P->ctlfd, ctl, size) != size)
2358 		return (-1);
2359 
2360 	/*
2361 	 * Fail if there was already a breakpoint there from another debugger
2362 	 * or DTrace's user-level tracing on x86.
2363 	 */
2364 	if (old == BPT) {
2365 		errno = EBUSY;
2366 		return (-1);
2367 	}
2368 
2369 	*saved = (ulong_t)old;
2370 	return (0);
2371 }
2372 
2373 /*
2374  * Restore original instruction where a breakpoint was set.
2375  */
2376 int
2377 Pdelbkpt(struct ps_prochandle *P, uintptr_t address, ulong_t saved)
2378 {
2379 	instr_t old = (instr_t)saved;
2380 	instr_t cur;
2381 
2382 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2383 	    P->state == PS_IDLE) {
2384 		errno = ENOENT;
2385 		return (-1);
2386 	}
2387 
2388 	/*
2389 	 * If the breakpoint instruction we had placed has been overwritten
2390 	 * with a new instruction, then don't try to replace it with the
2391 	 * old instruction. Doing do can cause problems with self-modifying
2392 	 * code -- PLTs for example. If the Pread() fails, we assume that we
2393 	 * should proceed though most likely the Pwrite() will also fail.
2394 	 */
2395 	if (Pread(P, &cur, sizeof (cur), address) == sizeof (cur) &&
2396 	    cur != BPT)
2397 		return (0);
2398 
2399 	if (Pwrite(P, &old, sizeof (old), address) != sizeof (old))
2400 		return (-1);
2401 
2402 	return (0);
2403 }
2404 
2405 /*
2406  * Common code for Pxecbkpt() and Lxecbkpt().
2407  * Develop the array of requests that will do the job, then
2408  * write them to the specified control file descriptor.
2409  * Return the non-zero errno if the write fails.
2410  */
2411 static int
2412 execute_bkpt(
2413 	int ctlfd,		/* process or LWP control file descriptor */
2414 	const fltset_t *faultset,	/* current set of traced faults */
2415 	const sigset_t *sigmask,	/* current signal mask */
2416 	uintptr_t address,		/* address of breakpint */
2417 	ulong_t saved)			/* the saved instruction */
2418 {
2419 	long ctl[
2420 	    1 + sizeof (sigset_t) / sizeof (long) +		/* PCSHOLD */
2421 	    1 + sizeof (fltset_t) / sizeof (long) +		/* PCSFAULT */
2422 	    1 + sizeof (priovec_t) / sizeof (long) +		/* PCWRITE */
2423 	    2 +							/* PCRUN */
2424 	    1 +							/* PCWSTOP */
2425 	    1 +							/* PCCFAULT */
2426 	    1 + sizeof (priovec_t) / sizeof (long) +		/* PCWRITE */
2427 	    1 + sizeof (fltset_t) / sizeof (long) +		/* PCSFAULT */
2428 	    1 + sizeof (sigset_t) / sizeof (long)];		/* PCSHOLD */
2429 	long *ctlp = ctl;
2430 	sigset_t unblock;
2431 	size_t size;
2432 	ssize_t ssize;
2433 	priovec_t *iovp;
2434 	sigset_t *holdp;
2435 	fltset_t *faultp;
2436 	instr_t old = (instr_t)saved;
2437 	instr_t bpt = BPT;
2438 	int error = 0;
2439 
2440 	/* block our signals for the duration */
2441 	(void) sigprocmask(SIG_BLOCK, &blockable_sigs, &unblock);
2442 
2443 	/* hold posted signals */
2444 	*ctlp++ = PCSHOLD;
2445 	holdp = (sigset_t *)ctlp;
2446 	prfillset(holdp);
2447 	prdelset(holdp, SIGKILL);
2448 	prdelset(holdp, SIGSTOP);
2449 	ctlp += sizeof (sigset_t) / sizeof (long);
2450 
2451 	/* force tracing of FLTTRACE */
2452 	if (!(prismember(faultset, FLTTRACE))) {
2453 		*ctlp++ = PCSFAULT;
2454 		faultp = (fltset_t *)ctlp;
2455 		*faultp = *faultset;
2456 		praddset(faultp, FLTTRACE);
2457 		ctlp += sizeof (fltset_t) / sizeof (long);
2458 	}
2459 
2460 	/* restore the old instruction */
2461 	*ctlp++ = PCWRITE;
2462 	iovp = (priovec_t *)ctlp;
2463 	iovp->pio_base = &old;
2464 	iovp->pio_len = sizeof (old);
2465 	iovp->pio_offset = address;
2466 	ctlp += sizeof (priovec_t) / sizeof (long);
2467 
2468 	/* clear current signal and fault; set running w/ single-step */
2469 	*ctlp++ = PCRUN;
2470 	*ctlp++ = PRCSIG | PRCFAULT | PRSTEP;
2471 
2472 	/* wait for stop, cancel the fault */
2473 	*ctlp++ = PCWSTOP;
2474 	*ctlp++ = PCCFAULT;
2475 
2476 	/* restore the breakpoint trap */
2477 	*ctlp++ = PCWRITE;
2478 	iovp = (priovec_t *)ctlp;
2479 	iovp->pio_base = &bpt;
2480 	iovp->pio_len = sizeof (bpt);
2481 	iovp->pio_offset = address;
2482 	ctlp += sizeof (priovec_t) / sizeof (long);
2483 
2484 	/* restore fault tracing set */
2485 	if (!(prismember(faultset, FLTTRACE))) {
2486 		*ctlp++ = PCSFAULT;
2487 		*(fltset_t *)ctlp = *faultset;
2488 		ctlp += sizeof (fltset_t) / sizeof (long);
2489 	}
2490 
2491 	/* restore the hold mask */
2492 	*ctlp++ = PCSHOLD;
2493 	*(sigset_t *)ctlp = *sigmask;
2494 	ctlp += sizeof (sigset_t) / sizeof (long);
2495 
2496 	size = (char *)ctlp - (char *)ctl;
2497 	if ((ssize = write(ctlfd, ctl, size)) != size)
2498 		error = (ssize == -1)? errno : EINTR;
2499 	(void) sigprocmask(SIG_SETMASK, &unblock, NULL);
2500 	return (error);
2501 }
2502 
2503 /*
2504  * Step over a breakpoint, i.e., execute the instruction that
2505  * really belongs at the breakpoint location (the current %pc)
2506  * and leave the process stopped at the next instruction.
2507  */
2508 int
2509 Pxecbkpt(struct ps_prochandle *P, ulong_t saved)
2510 {
2511 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2512 	int rv, error;
2513 
2514 	if (P->state != PS_STOP) {
2515 		errno = EBUSY;
2516 		return (-1);
2517 	}
2518 
2519 	Psync(P);
2520 
2521 	error = execute_bkpt(ctlfd,
2522 	    &P->status.pr_flttrace, &P->status.pr_lwp.pr_lwphold,
2523 	    P->status.pr_lwp.pr_reg[R_PC], saved);
2524 	rv = Pstopstatus(P, PCNULL, 0);
2525 
2526 	if (error != 0) {
2527 		if (P->status.pr_lwp.pr_why == PR_JOBCONTROL &&
2528 		    error == EBUSY) {	/* jobcontrol stop -- back off */
2529 			P->state = PS_RUN;
2530 			return (0);
2531 		}
2532 		if (error == ENOENT)
2533 			return (0);
2534 		errno = error;
2535 		return (-1);
2536 	}
2537 
2538 	return (rv);
2539 }
2540 
2541 /*
2542  * Install the watchpoint described by wp.
2543  */
2544 int
2545 Psetwapt(struct ps_prochandle *P, const prwatch_t *wp)
2546 {
2547 	long ctl[1 + sizeof (prwatch_t) / sizeof (long)];
2548 	prwatch_t *cwp = (prwatch_t *)&ctl[1];
2549 
2550 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2551 	    P->state == PS_IDLE) {
2552 		errno = ENOENT;
2553 		return (-1);
2554 	}
2555 
2556 	ctl[0] = PCWATCH;
2557 	cwp->pr_vaddr = wp->pr_vaddr;
2558 	cwp->pr_size = wp->pr_size;
2559 	cwp->pr_wflags = wp->pr_wflags;
2560 
2561 	if (write(P->ctlfd, ctl, sizeof (ctl)) != sizeof (ctl))
2562 		return (-1);
2563 
2564 	return (0);
2565 }
2566 
2567 /*
2568  * Remove the watchpoint described by wp.
2569  */
2570 int
2571 Pdelwapt(struct ps_prochandle *P, const prwatch_t *wp)
2572 {
2573 	long ctl[1 + sizeof (prwatch_t) / sizeof (long)];
2574 	prwatch_t *cwp = (prwatch_t *)&ctl[1];
2575 
2576 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2577 	    P->state == PS_IDLE) {
2578 		errno = ENOENT;
2579 		return (-1);
2580 	}
2581 
2582 	ctl[0] = PCWATCH;
2583 	cwp->pr_vaddr = wp->pr_vaddr;
2584 	cwp->pr_size = wp->pr_size;
2585 	cwp->pr_wflags = 0;
2586 
2587 	if (write(P->ctlfd, ctl, sizeof (ctl)) != sizeof (ctl))
2588 		return (-1);
2589 
2590 	return (0);
2591 }
2592 
2593 /*
2594  * Common code for Pxecwapt() and Lxecwapt().  Develop the array of requests
2595  * that will do the job, then write them to the specified control file
2596  * descriptor.  Return the non-zero errno if the write fails.
2597  */
2598 static int
2599 execute_wapt(
2600 	int ctlfd,		/* process or LWP control file descriptor */
2601 	const fltset_t *faultset,	/* current set of traced faults */
2602 	const sigset_t *sigmask,	/* current signal mask */
2603 	const prwatch_t *wp)		/* watchpoint descriptor */
2604 {
2605 	long ctl[
2606 	    1 + sizeof (sigset_t) / sizeof (long) +		/* PCSHOLD */
2607 	    1 + sizeof (fltset_t) / sizeof (long) +		/* PCSFAULT */
2608 	    1 + sizeof (prwatch_t) / sizeof (long) +		/* PCWATCH */
2609 	    2 +							/* PCRUN */
2610 	    1 +							/* PCWSTOP */
2611 	    1 +							/* PCCFAULT */
2612 	    1 + sizeof (prwatch_t) / sizeof (long) +		/* PCWATCH */
2613 	    1 + sizeof (fltset_t) / sizeof (long) +		/* PCSFAULT */
2614 	    1 + sizeof (sigset_t) / sizeof (long)];		/* PCSHOLD */
2615 
2616 	long *ctlp = ctl;
2617 	int error = 0;
2618 
2619 	sigset_t unblock;
2620 	sigset_t *holdp;
2621 	fltset_t *faultp;
2622 	prwatch_t *prw;
2623 	ssize_t ssize;
2624 	size_t size;
2625 
2626 	(void) sigprocmask(SIG_BLOCK, &blockable_sigs, &unblock);
2627 
2628 	/*
2629 	 * Hold all posted signals in the victim process prior to stepping.
2630 	 */
2631 	*ctlp++ = PCSHOLD;
2632 	holdp = (sigset_t *)ctlp;
2633 	prfillset(holdp);
2634 	prdelset(holdp, SIGKILL);
2635 	prdelset(holdp, SIGSTOP);
2636 	ctlp += sizeof (sigset_t) / sizeof (long);
2637 
2638 	/*
2639 	 * Force tracing of FLTTRACE since we need to single step.
2640 	 */
2641 	if (!(prismember(faultset, FLTTRACE))) {
2642 		*ctlp++ = PCSFAULT;
2643 		faultp = (fltset_t *)ctlp;
2644 		*faultp = *faultset;
2645 		praddset(faultp, FLTTRACE);
2646 		ctlp += sizeof (fltset_t) / sizeof (long);
2647 	}
2648 
2649 	/*
2650 	 * Clear only the current watchpoint by setting pr_wflags to zero.
2651 	 */
2652 	*ctlp++ = PCWATCH;
2653 	prw = (prwatch_t *)ctlp;
2654 	prw->pr_vaddr = wp->pr_vaddr;
2655 	prw->pr_size = wp->pr_size;
2656 	prw->pr_wflags = 0;
2657 	ctlp += sizeof (prwatch_t) / sizeof (long);
2658 
2659 	/*
2660 	 * Clear the current signal and fault; set running with single-step.
2661 	 * Then wait for the victim to stop and cancel the FLTTRACE.
2662 	 */
2663 	*ctlp++ = PCRUN;
2664 	*ctlp++ = PRCSIG | PRCFAULT | PRSTEP;
2665 	*ctlp++ = PCWSTOP;
2666 	*ctlp++ = PCCFAULT;
2667 
2668 	/*
2669 	 * Restore the current watchpoint.
2670 	 */
2671 	*ctlp++ = PCWATCH;
2672 	(void) memcpy(ctlp, wp, sizeof (prwatch_t));
2673 	ctlp += sizeof (prwatch_t) / sizeof (long);
2674 
2675 	/*
2676 	 * Restore fault tracing set if we modified it.
2677 	 */
2678 	if (!(prismember(faultset, FLTTRACE))) {
2679 		*ctlp++ = PCSFAULT;
2680 		*(fltset_t *)ctlp = *faultset;
2681 		ctlp += sizeof (fltset_t) / sizeof (long);
2682 	}
2683 
2684 	/*
2685 	 * Restore the hold mask to the current hold mask (i.e. the one
2686 	 * before we executed any of the previous operations).
2687 	 */
2688 	*ctlp++ = PCSHOLD;
2689 	*(sigset_t *)ctlp = *sigmask;
2690 	ctlp += sizeof (sigset_t) / sizeof (long);
2691 
2692 	size = (char *)ctlp - (char *)ctl;
2693 	if ((ssize = write(ctlfd, ctl, size)) != size)
2694 		error = (ssize == -1)? errno : EINTR;
2695 	(void) sigprocmask(SIG_SETMASK, &unblock, NULL);
2696 	return (error);
2697 }
2698 
2699 /*
2700  * Step over a watchpoint, i.e., execute the instruction that was stopped by
2701  * the watchpoint, and then leave the LWP stopped at the next instruction.
2702  */
2703 int
2704 Pxecwapt(struct ps_prochandle *P, const prwatch_t *wp)
2705 {
2706 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2707 	int rv, error;
2708 
2709 	if (P->state != PS_STOP) {
2710 		errno = EBUSY;
2711 		return (-1);
2712 	}
2713 
2714 	Psync(P);
2715 	error = execute_wapt(ctlfd,
2716 	    &P->status.pr_flttrace, &P->status.pr_lwp.pr_lwphold, wp);
2717 	rv = Pstopstatus(P, PCNULL, 0);
2718 
2719 	if (error != 0) {
2720 		if (P->status.pr_lwp.pr_why == PR_JOBCONTROL &&
2721 		    error == EBUSY) {	/* jobcontrol stop -- back off */
2722 			P->state = PS_RUN;
2723 			return (0);
2724 		}
2725 		if (error == ENOENT)
2726 			return (0);
2727 		errno = error;
2728 		return (-1);
2729 	}
2730 
2731 	return (rv);
2732 }
2733 
2734 int
2735 Psetflags(struct ps_prochandle *P, long flags)
2736 {
2737 	int rc;
2738 	long ctl[2];
2739 
2740 	ctl[0] = PCSET;
2741 	ctl[1] = flags;
2742 
2743 	if (write(P->ctlfd, ctl, 2*sizeof (long)) != 2*sizeof (long)) {
2744 		rc = -1;
2745 	} else {
2746 		P->status.pr_flags |= flags;
2747 		P->status.pr_lwp.pr_flags |= flags;
2748 		rc = 0;
2749 	}
2750 
2751 	return (rc);
2752 }
2753 
2754 int
2755 Punsetflags(struct ps_prochandle *P, long flags)
2756 {
2757 	int rc;
2758 	long ctl[2];
2759 
2760 	ctl[0] = PCUNSET;
2761 	ctl[1] = flags;
2762 
2763 	if (write(P->ctlfd, ctl, 2*sizeof (long)) != 2*sizeof (long)) {
2764 		rc = -1;
2765 	} else {
2766 		P->status.pr_flags &= ~flags;
2767 		P->status.pr_lwp.pr_flags &= ~flags;
2768 		rc = 0;
2769 	}
2770 
2771 	return (rc);
2772 }
2773 
2774 /*
2775  * Common function to allow clients to manipulate the action to be taken
2776  * on receipt of a signal, receipt of machine fault, entry to a system call,
2777  * or exit from a system call.  We make use of our private prset_* functions
2778  * in order to make this code be common.  The 'which' parameter identifies
2779  * the code for the event of interest (0 means change the entire set), and
2780  * the 'stop' parameter is a boolean indicating whether the process should
2781  * stop when the event of interest occurs.  The previous value is returned
2782  * to the caller; -1 is returned if an error occurred.
2783  */
2784 static int
2785 Psetaction(struct ps_prochandle *P, void *sp, size_t size,
2786     uint_t flag, int max, int which, int stop)
2787 {
2788 	int oldval;
2789 
2790 	if (which < 0 || which > max) {
2791 		errno = EINVAL;
2792 		return (-1);
2793 	}
2794 
2795 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2796 	    P->state == PS_IDLE) {
2797 		errno = ENOENT;
2798 		return (-1);
2799 	}
2800 
2801 	oldval = prset_ismember(sp, size, which) ? TRUE : FALSE;
2802 
2803 	if (stop) {
2804 		if (which == 0) {
2805 			prset_fill(sp, size);
2806 			P->flags |= flag;
2807 		} else if (!oldval) {
2808 			prset_add(sp, size, which);
2809 			P->flags |= flag;
2810 		}
2811 	} else {
2812 		if (which == 0) {
2813 			prset_empty(sp, size);
2814 			P->flags |= flag;
2815 		} else if (oldval) {
2816 			prset_del(sp, size, which);
2817 			P->flags |= flag;
2818 		}
2819 	}
2820 
2821 	if (P->state == PS_RUN)
2822 		Psync(P);
2823 
2824 	return (oldval);
2825 }
2826 
2827 /*
2828  * Set action on specified signal.
2829  */
2830 int
2831 Psignal(struct ps_prochandle *P, int which, int stop)
2832 {
2833 	int oldval;
2834 
2835 	if (which == SIGKILL && stop != 0) {
2836 		errno = EINVAL;
2837 		return (-1);
2838 	}
2839 
2840 	oldval = Psetaction(P, &P->status.pr_sigtrace, sizeof (sigset_t),
2841 	    SETSIG, PRMAXSIG, which, stop);
2842 
2843 	if (oldval != -1 && which == 0 && stop != 0)
2844 		prdelset(&P->status.pr_sigtrace, SIGKILL);
2845 
2846 	return (oldval);
2847 }
2848 
2849 /*
2850  * Set all signal tracing flags.
2851  */
2852 void
2853 Psetsignal(struct ps_prochandle *P, const sigset_t *set)
2854 {
2855 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2856 	    P->state == PS_IDLE)
2857 		return;
2858 
2859 	P->status.pr_sigtrace = *set;
2860 	P->flags |= SETSIG;
2861 
2862 	if (P->state == PS_RUN)
2863 		Psync(P);
2864 }
2865 
2866 /*
2867  * Set action on specified fault.
2868  */
2869 int
2870 Pfault(struct ps_prochandle *P, int which, int stop)
2871 {
2872 	return (Psetaction(P, &P->status.pr_flttrace, sizeof (fltset_t),
2873 	    SETFAULT, PRMAXFAULT, which, stop));
2874 }
2875 
2876 /*
2877  * Set all machine fault tracing flags.
2878  */
2879 void
2880 Psetfault(struct ps_prochandle *P, const fltset_t *set)
2881 {
2882 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2883 	    P->state == PS_IDLE)
2884 		return;
2885 
2886 	P->status.pr_flttrace = *set;
2887 	P->flags |= SETFAULT;
2888 
2889 	if (P->state == PS_RUN)
2890 		Psync(P);
2891 }
2892 
2893 /*
2894  * Set action on specified system call entry.
2895  */
2896 int
2897 Psysentry(struct ps_prochandle *P, int which, int stop)
2898 {
2899 	return (Psetaction(P, &P->status.pr_sysentry, sizeof (sysset_t),
2900 	    SETENTRY, PRMAXSYS, which, stop));
2901 }
2902 
2903 /*
2904  * Set all system call entry tracing flags.
2905  */
2906 void
2907 Psetsysentry(struct ps_prochandle *P, const sysset_t *set)
2908 {
2909 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2910 	    P->state == PS_IDLE)
2911 		return;
2912 
2913 	P->status.pr_sysentry = *set;
2914 	P->flags |= SETENTRY;
2915 
2916 	if (P->state == PS_RUN)
2917 		Psync(P);
2918 }
2919 
2920 /*
2921  * Set action on specified system call exit.
2922  */
2923 int
2924 Psysexit(struct ps_prochandle *P, int which, int stop)
2925 {
2926 	return (Psetaction(P, &P->status.pr_sysexit, sizeof (sysset_t),
2927 	    SETEXIT, PRMAXSYS, which, stop));
2928 }
2929 
2930 /*
2931  * Set all system call exit tracing flags.
2932  */
2933 void
2934 Psetsysexit(struct ps_prochandle *P, const sysset_t *set)
2935 {
2936 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2937 	    P->state == PS_IDLE)
2938 		return;
2939 
2940 	P->status.pr_sysexit = *set;
2941 	P->flags |= SETEXIT;
2942 
2943 	if (P->state == PS_RUN)
2944 		Psync(P);
2945 }
2946 
2947 /*
2948  * Utility function to read the contents of a file that contains a
2949  * prheader_t at the start (/proc/pid/lstatus or /proc/pid/lpsinfo).
2950  * Returns a malloc()d buffer or NULL on failure.
2951  */
2952 static prheader_t *
2953 read_lfile(struct ps_prochandle *P, const char *lname)
2954 {
2955 	prheader_t *Lhp;
2956 	char lpath[PATH_MAX];
2957 	struct stat64 statb;
2958 	int fd;
2959 	size_t size;
2960 	ssize_t rval;
2961 
2962 	(void) snprintf(lpath, sizeof (lpath), "%s/%d/%s", procfs_path,
2963 	    (int)P->status.pr_pid, lname);
2964 	if ((fd = open(lpath, O_RDONLY)) < 0 || fstat64(fd, &statb) != 0) {
2965 		if (fd >= 0)
2966 			(void) close(fd);
2967 		return (NULL);
2968 	}
2969 
2970 	/*
2971 	 * 'size' is just the initial guess at the buffer size.
2972 	 * It will have to grow if the number of lwps increases
2973 	 * while we are looking at the process.
2974 	 * 'size' must be larger than the actual file size.
2975 	 */
2976 	size = statb.st_size + 32;
2977 
2978 	for (;;) {
2979 		if ((Lhp = malloc(size)) == NULL)
2980 			break;
2981 		if ((rval = pread(fd, Lhp, size, 0)) < 0 ||
2982 		    rval <= sizeof (prheader_t)) {
2983 			free(Lhp);
2984 			Lhp = NULL;
2985 			break;
2986 		}
2987 		if (rval < size)
2988 			break;
2989 		/* need a bigger buffer */
2990 		free(Lhp);
2991 		size *= 2;
2992 	}
2993 
2994 	(void) close(fd);
2995 	return (Lhp);
2996 }
2997 
2998 /*
2999  * LWP iteration interface.
3000  */
3001 int
3002 Plwp_iter(struct ps_prochandle *P, proc_lwp_f *func, void *cd)
3003 {
3004 	prheader_t *Lhp;
3005 	lwpstatus_t *Lsp;
3006 	long nlwp;
3007 	int rv;
3008 
3009 	switch (P->state) {
3010 	case PS_RUN:
3011 		(void) Pstopstatus(P, PCNULL, 0);
3012 		break;
3013 
3014 	case PS_STOP:
3015 		Psync(P);
3016 		break;
3017 
3018 	case PS_IDLE:
3019 		errno = ENODATA;
3020 		return (-1);
3021 	}
3022 
3023 	/*
3024 	 * For either live processes or cores, the single LWP case is easy:
3025 	 * the pstatus_t contains the lwpstatus_t for the only LWP.
3026 	 */
3027 	if (P->status.pr_nlwp <= 1)
3028 		return (func(cd, &P->status.pr_lwp));
3029 
3030 	/*
3031 	 * For the core file multi-LWP case, we just iterate through the
3032 	 * list of LWP structs we read in from the core file.
3033 	 */
3034 	if (P->state == PS_DEAD) {
3035 		core_info_t *core = P->data;
3036 		lwp_info_t *lwp;
3037 
3038 		for (lwp = list_tail(&core->core_lwp_head); lwp != NULL;
3039 		    lwp = list_prev(&core->core_lwp_head, lwp)) {
3040 			if (lwp->lwp_psinfo.pr_sname != 'Z' &&
3041 			    (rv = func(cd, &lwp->lwp_status)) != 0)
3042 				break;
3043 		}
3044 
3045 		return (rv);
3046 	}
3047 
3048 	/*
3049 	 * For the live process multi-LWP case, we have to work a little
3050 	 * harder: the /proc/pid/lstatus file has the array of LWP structs.
3051 	 */
3052 	if ((Lhp = Plstatus(P)) == NULL)
3053 		return (-1);
3054 
3055 	for (nlwp = Lhp->pr_nent, Lsp = (lwpstatus_t *)(uintptr_t)(Lhp + 1);
3056 	    nlwp > 0;
3057 	    nlwp--, Lsp = (lwpstatus_t *)((uintptr_t)Lsp + Lhp->pr_entsize)) {
3058 		if ((rv = func(cd, Lsp)) != 0)
3059 			break;
3060 	}
3061 
3062 	free(Lhp);
3063 	return (rv);
3064 }
3065 
3066 /*
3067  * Extended LWP iteration interface.
3068  * Iterate over all LWPs, active and zombie.
3069  */
3070 int
3071 Plwp_iter_all(struct ps_prochandle *P, proc_lwp_all_f *func, void *cd)
3072 {
3073 	prheader_t *Lhp = NULL;
3074 	lwpstatus_t *Lsp;
3075 	lwpstatus_t *sp;
3076 	prheader_t *Lphp = NULL;
3077 	lwpsinfo_t *Lpsp;
3078 	long nstat;
3079 	long ninfo;
3080 	int rv;
3081 
3082 retry:
3083 	if (Lhp != NULL)
3084 		free(Lhp);
3085 	if (Lphp != NULL)
3086 		free(Lphp);
3087 	if (P->state == PS_RUN)
3088 		(void) Pstopstatus(P, PCNULL, 0);
3089 	(void) Ppsinfo(P);
3090 
3091 	if (P->state == PS_STOP)
3092 		Psync(P);
3093 
3094 	/*
3095 	 * For either live processes or cores, the single LWP case is easy:
3096 	 * the pstatus_t contains the lwpstatus_t for the only LWP and
3097 	 * the psinfo_t contains the lwpsinfo_t for the only LWP.
3098 	 */
3099 	if (P->status.pr_nlwp + P->status.pr_nzomb <= 1)
3100 		return (func(cd, &P->status.pr_lwp, &P->psinfo.pr_lwp));
3101 
3102 	/*
3103 	 * For the core file multi-LWP case, we just iterate through the
3104 	 * list of LWP structs we read in from the core file.
3105 	 */
3106 	if (P->state == PS_DEAD) {
3107 		core_info_t *core = P->data;
3108 		lwp_info_t *lwp;
3109 
3110 		for (lwp = list_tail(&core->core_lwp_head); lwp != NULL;
3111 		    lwp = list_prev(&core->core_lwp_head, lwp)) {
3112 			sp = (lwp->lwp_psinfo.pr_sname == 'Z')? NULL :
3113 			    &lwp->lwp_status;
3114 			if ((rv = func(cd, sp, &lwp->lwp_psinfo)) != 0)
3115 				break;
3116 		}
3117 
3118 		return (rv);
3119 	}
3120 
3121 	/*
3122 	 * For all other cases retrieve the array of lwpstatus_t's and
3123 	 * lwpsinfo_t's.
3124 	 */
3125 	if ((Lhp = Plstatus(P)) == NULL)
3126 		return (-1);
3127 	if ((Lphp = Plpsinfo(P)) == NULL) {
3128 		free(Lhp);
3129 		return (-1);
3130 	}
3131 
3132 	/*
3133 	 * If we are looking at a running process, or one we do not control,
3134 	 * the active and zombie lwps in the process may have changed since
3135 	 * we read the process status structure.  If so, just start over.
3136 	 */
3137 	if (Lhp->pr_nent != P->status.pr_nlwp ||
3138 	    Lphp->pr_nent != P->status.pr_nlwp + P->status.pr_nzomb)
3139 		goto retry;
3140 
3141 	/*
3142 	 * To be perfectly safe, prescan the two arrays, checking consistency.
3143 	 * We rely on /proc giving us lwpstatus_t's and lwpsinfo_t's in the
3144 	 * same order (the lwp directory order) in their respective files.
3145 	 * We also rely on there being (possibly) more lwpsinfo_t's than
3146 	 * lwpstatus_t's (the extra lwpsinfo_t's are for zombie lwps).
3147 	 */
3148 	Lsp = (lwpstatus_t *)(uintptr_t)(Lhp + 1);
3149 	Lpsp = (lwpsinfo_t *)(uintptr_t)(Lphp + 1);
3150 	nstat = Lhp->pr_nent;
3151 	for (ninfo = Lphp->pr_nent; ninfo != 0; ninfo--) {
3152 		if (Lpsp->pr_sname != 'Z') {
3153 			/*
3154 			 * Not a zombie lwp; check for matching lwpids.
3155 			 */
3156 			if (nstat == 0 || Lsp->pr_lwpid != Lpsp->pr_lwpid)
3157 				goto retry;
3158 			Lsp = (lwpstatus_t *)((uintptr_t)Lsp + Lhp->pr_entsize);
3159 			nstat--;
3160 		}
3161 		Lpsp = (lwpsinfo_t *)((uintptr_t)Lpsp + Lphp->pr_entsize);
3162 	}
3163 	if (nstat != 0)
3164 		goto retry;
3165 
3166 	/*
3167 	 * Rescan, this time for real.
3168 	 */
3169 	Lsp = (lwpstatus_t *)(uintptr_t)(Lhp + 1);
3170 	Lpsp = (lwpsinfo_t *)(uintptr_t)(Lphp + 1);
3171 	for (ninfo = Lphp->pr_nent; ninfo != 0; ninfo--) {
3172 		if (Lpsp->pr_sname != 'Z') {
3173 			sp = Lsp;
3174 			Lsp = (lwpstatus_t *)((uintptr_t)Lsp + Lhp->pr_entsize);
3175 		} else {
3176 			sp = NULL;
3177 		}
3178 		if ((rv = func(cd, sp, Lpsp)) != 0)
3179 			break;
3180 		Lpsp = (lwpsinfo_t *)((uintptr_t)Lpsp + Lphp->pr_entsize);
3181 	}
3182 
3183 	free(Lhp);
3184 	free(Lphp);
3185 	return (rv);
3186 }
3187 
3188 core_content_t
3189 Pcontent(struct ps_prochandle *P)
3190 {
3191 	core_info_t *core = P->data;
3192 
3193 	if (P->state == PS_DEAD)
3194 		return (core->core_content);
3195 	if (P->state == PS_IDLE)
3196 		return (CC_CONTENT_TEXT | CC_CONTENT_DATA | CC_CONTENT_CTF);
3197 
3198 	return (CC_CONTENT_ALL);
3199 }
3200 
3201 /*
3202  * =================================================================
3203  * The remainder of the functions in this file are for the
3204  * control of individual LWPs in the controlled process.
3205  * =================================================================
3206  */
3207 
3208 /*
3209  * Find an entry in the process hash table for the specified lwpid.
3210  * The entry will either point to an existing struct ps_lwphandle
3211  * or it will point to an empty slot for a new struct ps_lwphandle.
3212  */
3213 static struct ps_lwphandle **
3214 Lfind_slot(struct ps_prochandle *P, lwpid_t lwpid)
3215 {
3216 	struct ps_lwphandle **Lp;
3217 	struct ps_lwphandle *L;
3218 
3219 	for (Lp = &P->hashtab[lwpid % (HASHSIZE - 1)];
3220 	    (L = *Lp) != NULL; Lp = &L->lwp_hash)
3221 		if (L->lwp_id == lwpid)
3222 			break;
3223 	return (Lp);
3224 }
3225 
3226 /*
3227  * A wrapper around Lfind_slot() that is suitable for the rest of the internal
3228  * consumers who don't care about a slot, merely existence.
3229  */
3230 struct ps_lwphandle *
3231 Lfind(struct ps_prochandle *P, lwpid_t lwpid)
3232 {
3233 	if (P->hashtab == NULL) {
3234 		return (NULL);
3235 	}
3236 
3237 	return (*Lfind_slot(P, lwpid));
3238 }
3239 
3240 /*
3241  * Grab an LWP contained within the controlled process.
3242  * Return an opaque pointer to its LWP control structure.
3243  *	perr: pointer to error return code.
3244  */
3245 struct ps_lwphandle *
3246 Lgrab(struct ps_prochandle *P, lwpid_t lwpid, int *perr)
3247 {
3248 	struct ps_lwphandle **Lp;
3249 	struct ps_lwphandle *L;
3250 	int fd;
3251 	char procname[PATH_MAX];
3252 	char *fname;
3253 	int rc = 0;
3254 
3255 	(void) mutex_lock(&P->proc_lock);
3256 
3257 	if (P->state == PS_UNDEAD || P->state == PS_IDLE)
3258 		rc = G_NOPROC;
3259 	else if (P->hashtab == NULL &&
3260 	    (P->hashtab = calloc(HASHSIZE, sizeof (struct ps_lwphandle *)))
3261 	    == NULL)
3262 		rc = G_STRANGE;
3263 	else if (*(Lp = Lfind_slot(P, lwpid)) != NULL)
3264 		rc = G_BUSY;
3265 	else if ((L = malloc(sizeof (struct ps_lwphandle))) == NULL)
3266 		rc = G_STRANGE;
3267 	if (rc) {
3268 		*perr = rc;
3269 		(void) mutex_unlock(&P->proc_lock);
3270 		return (NULL);
3271 	}
3272 
3273 	(void) memset(L, 0, sizeof (*L));
3274 	L->lwp_ctlfd = -1;
3275 	L->lwp_statfd = -1;
3276 	L->lwp_proc = P;
3277 	L->lwp_id = lwpid;
3278 	*Lp = L;	/* insert into the hash table */
3279 
3280 	if (P->state == PS_DEAD) {	/* core file */
3281 		if (getlwpstatus(P, lwpid, &L->lwp_status) == -1) {
3282 			rc = G_NOPROC;
3283 			goto err;
3284 		}
3285 		L->lwp_state = PS_DEAD;
3286 		*perr = 0;
3287 		(void) mutex_unlock(&P->proc_lock);
3288 		return (L);
3289 	}
3290 
3291 	/*
3292 	 * Open the /proc/<pid>/lwp/<lwpid> files
3293 	 */
3294 	(void) snprintf(procname, sizeof (procname), "%s/%d/lwp/%d/",
3295 	    procfs_path, (int)P->pid, (int)lwpid);
3296 	fname = procname + strlen(procname);
3297 	(void) set_minfd();
3298 
3299 	(void) strcpy(fname, "lwpstatus");
3300 	if ((fd = open(procname, O_RDONLY)) < 0 ||
3301 	    (fd = dupfd(fd, 0)) < 0) {
3302 		switch (errno) {
3303 		case ENOENT:
3304 			rc = G_NOPROC;
3305 			break;
3306 		default:
3307 			dprintf("Lgrab: failed to open %s: %s\n",
3308 			    procname, strerror(errno));
3309 			rc = G_STRANGE;
3310 			break;
3311 		}
3312 		goto err;
3313 	}
3314 	L->lwp_statfd = fd;
3315 
3316 	if (pread(fd, &L->lwp_status, sizeof (L->lwp_status), (off_t)0) < 0) {
3317 		switch (errno) {
3318 		case ENOENT:
3319 			rc = G_NOPROC;
3320 			break;
3321 		default:
3322 			dprintf("Lgrab: failed to read %s: %s\n",
3323 			    procname, strerror(errno));
3324 			rc = G_STRANGE;
3325 			break;
3326 		}
3327 		goto err;
3328 	}
3329 
3330 	(void) strcpy(fname, "lwpctl");
3331 	if ((fd = open(procname, O_WRONLY)) < 0 ||
3332 	    (fd = dupfd(fd, 0)) < 0) {
3333 		switch (errno) {
3334 		case ENOENT:
3335 			rc = G_NOPROC;
3336 			break;
3337 		default:
3338 			dprintf("Lgrab: failed to open %s: %s\n",
3339 			    procname, strerror(errno));
3340 			rc = G_STRANGE;
3341 			break;
3342 		}
3343 		goto err;
3344 	}
3345 	L->lwp_ctlfd = fd;
3346 
3347 	L->lwp_state =
3348 	    ((L->lwp_status.pr_flags & (PR_STOPPED|PR_ISTOP))
3349 	    == (PR_STOPPED|PR_ISTOP))?
3350 	    PS_STOP : PS_RUN;
3351 
3352 	*perr = 0;
3353 	(void) mutex_unlock(&P->proc_lock);
3354 	return (L);
3355 
3356 err:
3357 	Lfree_internal(P, L);
3358 	*perr = rc;
3359 	(void) mutex_unlock(&P->proc_lock);
3360 	return (NULL);
3361 }
3362 
3363 /*
3364  * Return a printable string corresponding to an Lgrab() error return.
3365  */
3366 const char *
3367 Lgrab_error(int error)
3368 {
3369 	const char *str;
3370 
3371 	switch (error) {
3372 	case G_NOPROC:
3373 		str = "no such LWP";
3374 		break;
3375 	case G_BUSY:
3376 		str = "LWP already grabbed";
3377 		break;
3378 	case G_STRANGE:
3379 		str = "unanticipated system error";
3380 		break;
3381 	default:
3382 		str = "unknown error";
3383 		break;
3384 	}
3385 
3386 	return (str);
3387 }
3388 
3389 /*
3390  * Free an LWP control structure.
3391  */
3392 void
3393 Lfree(struct ps_lwphandle *L)
3394 {
3395 	struct ps_prochandle *P = L->lwp_proc;
3396 
3397 	(void) mutex_lock(&P->proc_lock);
3398 	Lfree_internal(P, L);
3399 	(void) mutex_unlock(&P->proc_lock);
3400 }
3401 
3402 static void
3403 Lfree_internal(struct ps_prochandle *P, struct ps_lwphandle *L)
3404 {
3405 	*Lfind_slot(P, L->lwp_id) = L->lwp_hash; /* delete from hash table */
3406 	if (L->lwp_ctlfd >= 0)
3407 		(void) close(L->lwp_ctlfd);
3408 	if (L->lwp_statfd >= 0)
3409 		(void) close(L->lwp_statfd);
3410 
3411 	/* clear out the structure as a precaution against reuse */
3412 	(void) memset(L, 0, sizeof (*L));
3413 	L->lwp_ctlfd = -1;
3414 	L->lwp_statfd = -1;
3415 
3416 	free(L);
3417 }
3418 
3419 /*
3420  * Return the state of the process, one of the PS_* values.
3421  */
3422 int
3423 Lstate(struct ps_lwphandle *L)
3424 {
3425 	return (L->lwp_state);
3426 }
3427 
3428 /*
3429  * Return the open control file descriptor for the LWP.
3430  * Clients must not close this file descriptor, nor use it
3431  * after the LWP is freed.
3432  */
3433 int
3434 Lctlfd(struct ps_lwphandle *L)
3435 {
3436 	return (L->lwp_ctlfd);
3437 }
3438 
3439 /*
3440  * Return a pointer to the LWP lwpsinfo structure.
3441  * Clients should not hold on to this pointer indefinitely.
3442  * It will become invalid on Lfree().
3443  */
3444 const lwpsinfo_t *
3445 Lpsinfo(struct ps_lwphandle *L)
3446 {
3447 	if (Plwp_getpsinfo(L->lwp_proc, L->lwp_id, &L->lwp_psinfo) == -1)
3448 		return (NULL);
3449 
3450 	return (&L->lwp_psinfo);
3451 }
3452 
3453 /*
3454  * Return a pointer to the LWP status structure.
3455  * Clients should not hold on to this pointer indefinitely.
3456  * It will become invalid on Lfree().
3457  */
3458 const lwpstatus_t *
3459 Lstatus(struct ps_lwphandle *L)
3460 {
3461 	return (&L->lwp_status);
3462 }
3463 
3464 /*
3465  * Given an LWP handle, return the process handle.
3466  */
3467 struct ps_prochandle *
3468 Lprochandle(struct ps_lwphandle *L)
3469 {
3470 	return (L->lwp_proc);
3471 }
3472 
3473 /*
3474  * Ensure that all cached state is written to the LWP.
3475  * The cached state is the LWP's signal mask and registers.
3476  */
3477 void
3478 Lsync(struct ps_lwphandle *L)
3479 {
3480 	int ctlfd = L->lwp_ctlfd;
3481 	long cmd[2];
3482 	iovec_t iov[4];
3483 	int n = 0;
3484 
3485 	if (L->lwp_flags & SETHOLD) {
3486 		cmd[0] = PCSHOLD;
3487 		iov[n].iov_base = (caddr_t)&cmd[0];
3488 		iov[n++].iov_len = sizeof (long);
3489 		iov[n].iov_base = (caddr_t)&L->lwp_status.pr_lwphold;
3490 		iov[n++].iov_len = sizeof (L->lwp_status.pr_lwphold);
3491 	}
3492 	if (L->lwp_flags & SETREGS) {
3493 		cmd[1] = PCSREG;
3494 		iov[n].iov_base = (caddr_t)&cmd[1];
3495 		iov[n++].iov_len = sizeof (long);
3496 		iov[n].iov_base = (caddr_t)&L->lwp_status.pr_reg[0];
3497 		iov[n++].iov_len = sizeof (L->lwp_status.pr_reg);
3498 	}
3499 
3500 	if (n == 0 || writev(ctlfd, iov, n) < 0)
3501 		return;		/* nothing to do or write failed */
3502 
3503 	L->lwp_flags &= ~(SETHOLD|SETREGS);
3504 }
3505 
3506 /*
3507  * Wait for the specified LWP to stop or terminate.
3508  * Or, just get the current status (PCNULL).
3509  * Or, direct it to stop and get the current status (PCDSTOP).
3510  */
3511 int
3512 Lstopstatus(struct ps_lwphandle *L,
3513     long request,		/* PCNULL, PCDSTOP, PCSTOP, PCWSTOP */
3514     uint_t msec)		/* if non-zero, timeout in milliseconds */
3515 {
3516 	int ctlfd = L->lwp_ctlfd;
3517 	long ctl[3];
3518 	ssize_t rc;
3519 	int err;
3520 
3521 	switch (L->lwp_state) {
3522 	case PS_RUN:
3523 		break;
3524 	case PS_STOP:
3525 		if (request != PCNULL && request != PCDSTOP)
3526 			return (0);
3527 		break;
3528 	case PS_LOST:
3529 		if (request != PCNULL) {
3530 			errno = EAGAIN;
3531 			return (-1);
3532 		}
3533 		break;
3534 	case PS_UNDEAD:
3535 	case PS_DEAD:
3536 		if (request != PCNULL) {
3537 			errno = ENOENT;
3538 			return (-1);
3539 		}
3540 		break;
3541 	default:	/* corrupted state */
3542 		dprintf("Lstopstatus: corrupted state: %d\n", L->lwp_state);
3543 		errno = EINVAL;
3544 		return (-1);
3545 	}
3546 
3547 	ctl[0] = PCDSTOP;
3548 	ctl[1] = PCTWSTOP;
3549 	ctl[2] = (long)msec;
3550 	rc = 0;
3551 	switch (request) {
3552 	case PCSTOP:
3553 		rc = write(ctlfd, &ctl[0], 3*sizeof (long));
3554 		break;
3555 	case PCWSTOP:
3556 		rc = write(ctlfd, &ctl[1], 2*sizeof (long));
3557 		break;
3558 	case PCDSTOP:
3559 		rc = write(ctlfd, &ctl[0], 1*sizeof (long));
3560 		break;
3561 	case PCNULL:
3562 		if (L->lwp_state == PS_DEAD)
3563 			return (0); /* Nothing else to do for cores */
3564 		break;
3565 	default:	/* programming error */
3566 		errno = EINVAL;
3567 		return (-1);
3568 	}
3569 	err = (rc < 0)? errno : 0;
3570 	Lsync(L);
3571 
3572 	if (pread(L->lwp_statfd, &L->lwp_status,
3573 	    sizeof (L->lwp_status), (off_t)0) < 0)
3574 		err = errno;
3575 
3576 	if (err) {
3577 		switch (err) {
3578 		case EINTR:		/* user typed ctl-C */
3579 		case ERESTART:
3580 			dprintf("Lstopstatus: EINTR\n");
3581 			break;
3582 		case EAGAIN:		/* we lost control of the the process */
3583 			dprintf("Lstopstatus: EAGAIN\n");
3584 			L->lwp_state = PS_LOST;
3585 			errno = err;
3586 			return (-1);
3587 		default:
3588 			if (_libproc_debug) {
3589 				const char *errstr;
3590 
3591 				switch (request) {
3592 				case PCNULL:
3593 					errstr = "Lstopstatus PCNULL"; break;
3594 				case PCSTOP:
3595 					errstr = "Lstopstatus PCSTOP"; break;
3596 				case PCDSTOP:
3597 					errstr = "Lstopstatus PCDSTOP"; break;
3598 				case PCWSTOP:
3599 					errstr = "Lstopstatus PCWSTOP"; break;
3600 				default:
3601 					errstr = "Lstopstatus PC???"; break;
3602 				}
3603 				dprintf("%s: %s\n", errstr, strerror(err));
3604 			}
3605 			L->lwp_state = PS_UNDEAD;
3606 			errno = err;
3607 			return (-1);
3608 		}
3609 	}
3610 
3611 	if ((L->lwp_status.pr_flags & (PR_STOPPED|PR_ISTOP))
3612 	    != (PR_STOPPED|PR_ISTOP)) {
3613 		L->lwp_state = PS_RUN;
3614 		if (request == PCNULL || request == PCDSTOP || msec != 0)
3615 			return (0);
3616 		dprintf("Lstopstatus: LWP is not stopped\n");
3617 		errno = EPROTO;
3618 		return (-1);
3619 	}
3620 
3621 	L->lwp_state = PS_STOP;
3622 
3623 	if (_libproc_debug)	/* debugging */
3624 		prldump("Lstopstatus", &L->lwp_status);
3625 
3626 	switch (L->lwp_status.pr_why) {
3627 	case PR_SYSENTRY:
3628 	case PR_SYSEXIT:
3629 	case PR_REQUESTED:
3630 	case PR_SIGNALLED:
3631 	case PR_FAULTED:
3632 	case PR_JOBCONTROL:
3633 	case PR_SUSPENDED:
3634 		break;
3635 	default:
3636 		errno = EPROTO;
3637 		return (-1);
3638 	}
3639 
3640 	return (0);
3641 }
3642 
3643 /*
3644  * Wait for the LWP to stop for any reason.
3645  */
3646 int
3647 Lwait(struct ps_lwphandle *L, uint_t msec)
3648 {
3649 	return (Lstopstatus(L, PCWSTOP, msec));
3650 }
3651 
3652 /*
3653  * Direct the LWP to stop; wait for it to stop.
3654  */
3655 int
3656 Lstop(struct ps_lwphandle *L, uint_t msec)
3657 {
3658 	return (Lstopstatus(L, PCSTOP, msec));
3659 }
3660 
3661 /*
3662  * Direct the LWP to stop; don't wait.
3663  */
3664 int
3665 Ldstop(struct ps_lwphandle *L)
3666 {
3667 	return (Lstopstatus(L, PCDSTOP, 0));
3668 }
3669 
3670 /*
3671  * Get the value of one register from stopped LWP.
3672  */
3673 int
3674 Lgetareg(struct ps_lwphandle *L, int regno, prgreg_t *preg)
3675 {
3676 	if (regno < 0 || regno >= NPRGREG) {
3677 		errno = EINVAL;
3678 		return (-1);
3679 	}
3680 
3681 	if (L->lwp_state != PS_STOP) {
3682 		errno = EBUSY;
3683 		return (-1);
3684 	}
3685 
3686 	*preg = L->lwp_status.pr_reg[regno];
3687 	return (0);
3688 }
3689 
3690 /*
3691  * Put value of one register into stopped LWP.
3692  */
3693 int
3694 Lputareg(struct ps_lwphandle *L, int regno, prgreg_t reg)
3695 {
3696 	if (regno < 0 || regno >= NPRGREG) {
3697 		errno = EINVAL;
3698 		return (-1);
3699 	}
3700 
3701 	if (L->lwp_state != PS_STOP) {
3702 		errno = EBUSY;
3703 		return (-1);
3704 	}
3705 
3706 	L->lwp_status.pr_reg[regno] = reg;
3707 	L->lwp_flags |= SETREGS;	/* set registers before continuing */
3708 	return (0);
3709 }
3710 
3711 int
3712 Lsetrun(struct ps_lwphandle *L,
3713     int sig,	/* signal to pass to LWP */
3714     int flags)	/* PRSTEP|PRSABORT|PRSTOP|PRCSIG|PRCFAULT */
3715 {
3716 	int ctlfd = L->lwp_ctlfd;
3717 	int sbits = (PR_DSTOP | PR_ISTOP | PR_ASLEEP);
3718 
3719 	long ctl[1 +					/* PCCFAULT	*/
3720 	    1 + sizeof (siginfo_t)/sizeof (long) +	/* PCSSIG/PCCSIG */
3721 	    2 ];					/* PCRUN	*/
3722 
3723 	long *ctlp = ctl;
3724 	size_t size;
3725 
3726 	if (L->lwp_state != PS_STOP &&
3727 	    (L->lwp_status.pr_flags & sbits) == 0) {
3728 		errno = EBUSY;
3729 		return (-1);
3730 	}
3731 
3732 	Lsync(L);	/* flush registers */
3733 
3734 	if (flags & PRCFAULT) {		/* clear current fault */
3735 		*ctlp++ = PCCFAULT;
3736 		flags &= ~PRCFAULT;
3737 	}
3738 
3739 	if (flags & PRCSIG) {		/* clear current signal */
3740 		*ctlp++ = PCCSIG;
3741 		flags &= ~PRCSIG;
3742 	} else if (sig && sig != L->lwp_status.pr_cursig) {
3743 		/* make current signal */
3744 		siginfo_t *infop;
3745 
3746 		*ctlp++ = PCSSIG;
3747 		infop = (siginfo_t *)ctlp;
3748 		(void) memset(infop, 0, sizeof (*infop));
3749 		infop->si_signo = sig;
3750 		ctlp += sizeof (siginfo_t) / sizeof (long);
3751 	}
3752 
3753 	*ctlp++ = PCRUN;
3754 	*ctlp++ = flags;
3755 	size = (char *)ctlp - (char *)ctl;
3756 
3757 	L->lwp_proc->info_valid = 0; /* will need to update map and file info */
3758 	L->lwp_proc->state = PS_RUN;
3759 	L->lwp_state = PS_RUN;
3760 
3761 	if (write(ctlfd, ctl, size) != size) {
3762 		/* Pretend that a job-stopped LWP is running */
3763 		if (errno != EBUSY || L->lwp_status.pr_why != PR_JOBCONTROL)
3764 			return (Lstopstatus(L, PCNULL, 0));
3765 	}
3766 
3767 	return (0);
3768 }
3769 
3770 int
3771 Lclearsig(struct ps_lwphandle *L)
3772 {
3773 	int ctlfd = L->lwp_ctlfd;
3774 	long ctl = PCCSIG;
3775 
3776 	if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
3777 		return (-1);
3778 	L->lwp_status.pr_cursig = 0;
3779 	return (0);
3780 }
3781 
3782 int
3783 Lclearfault(struct ps_lwphandle *L)
3784 {
3785 	int ctlfd = L->lwp_ctlfd;
3786 	long ctl = PCCFAULT;
3787 
3788 	if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
3789 		return (-1);
3790 	return (0);
3791 }
3792 
3793 /*
3794  * Step over a breakpoint, i.e., execute the instruction that
3795  * really belongs at the breakpoint location (the current %pc)
3796  * and leave the LWP stopped at the next instruction.
3797  */
3798 int
3799 Lxecbkpt(struct ps_lwphandle *L, ulong_t saved)
3800 {
3801 	struct ps_prochandle *P = L->lwp_proc;
3802 	int rv, error;
3803 
3804 	if (L->lwp_state != PS_STOP) {
3805 		errno = EBUSY;
3806 		return (-1);
3807 	}
3808 
3809 	Lsync(L);
3810 	error = execute_bkpt(L->lwp_ctlfd,
3811 	    &P->status.pr_flttrace, &L->lwp_status.pr_lwphold,
3812 	    L->lwp_status.pr_reg[R_PC], saved);
3813 	rv = Lstopstatus(L, PCNULL, 0);
3814 
3815 	if (error != 0) {
3816 		if (L->lwp_status.pr_why == PR_JOBCONTROL &&
3817 		    error == EBUSY) {	/* jobcontrol stop -- back off */
3818 			L->lwp_state = PS_RUN;
3819 			return (0);
3820 		}
3821 		if (error == ENOENT)
3822 			return (0);
3823 		errno = error;
3824 		return (-1);
3825 	}
3826 
3827 	return (rv);
3828 }
3829 
3830 /*
3831  * Step over a watchpoint, i.e., execute the instruction that was stopped by
3832  * the watchpoint, and then leave the LWP stopped at the next instruction.
3833  */
3834 int
3835 Lxecwapt(struct ps_lwphandle *L, const prwatch_t *wp)
3836 {
3837 	struct ps_prochandle *P = L->lwp_proc;
3838 	int rv, error;
3839 
3840 	if (L->lwp_state != PS_STOP) {
3841 		errno = EBUSY;
3842 		return (-1);
3843 	}
3844 
3845 	Lsync(L);
3846 	error = execute_wapt(L->lwp_ctlfd,
3847 	    &P->status.pr_flttrace, &L->lwp_status.pr_lwphold, wp);
3848 	rv = Lstopstatus(L, PCNULL, 0);
3849 
3850 	if (error != 0) {
3851 		if (L->lwp_status.pr_why == PR_JOBCONTROL &&
3852 		    error == EBUSY) {	/* jobcontrol stop -- back off */
3853 			L->lwp_state = PS_RUN;
3854 			return (0);
3855 		}
3856 		if (error == ENOENT)
3857 			return (0);
3858 		errno = error;
3859 		return (-1);
3860 	}
3861 
3862 	return (rv);
3863 }
3864 
3865 int
3866 Lstack(struct ps_lwphandle *L, stack_t *stkp)
3867 {
3868 	struct ps_prochandle *P = L->lwp_proc;
3869 	uintptr_t addr = L->lwp_status.pr_ustack;
3870 
3871 	if (P->status.pr_dmodel == PR_MODEL_NATIVE) {
3872 		if (Pread(P, stkp, sizeof (*stkp), addr) != sizeof (*stkp))
3873 			return (-1);
3874 #ifdef _LP64
3875 	} else {
3876 		stack32_t stk32;
3877 
3878 		if (Pread(P, &stk32, sizeof (stk32), addr) != sizeof (stk32))
3879 			return (-1);
3880 
3881 		stack_32_to_n(&stk32, stkp);
3882 #endif
3883 	}
3884 
3885 	return (0);
3886 }
3887 
3888 int
3889 Lmain_stack(struct ps_lwphandle *L, stack_t *stkp)
3890 {
3891 	struct ps_prochandle *P = L->lwp_proc;
3892 
3893 	if (Lstack(L, stkp) != 0)
3894 		return (-1);
3895 
3896 	/*
3897 	 * If the SS_ONSTACK flag is set then this LWP is operating on the
3898 	 * alternate signal stack. We can recover the original stack from
3899 	 * pr_oldcontext.
3900 	 */
3901 	if (!(stkp->ss_flags & SS_ONSTACK))
3902 		return (0);
3903 
3904 	if (P->status.pr_dmodel == PR_MODEL_NATIVE) {
3905 		ucontext_t *ctxp = (void *)L->lwp_status.pr_oldcontext;
3906 
3907 		if (Pread(P, stkp, sizeof (*stkp),
3908 		    (uintptr_t)&ctxp->uc_stack) != sizeof (*stkp))
3909 			return (-1);
3910 #ifdef _LP64
3911 	} else {
3912 		ucontext32_t *ctxp = (void *)L->lwp_status.pr_oldcontext;
3913 		stack32_t stk32;
3914 
3915 		if (Pread(P, &stk32, sizeof (stk32),
3916 		    (uintptr_t)&ctxp->uc_stack) != sizeof (stk32))
3917 			return (-1);
3918 
3919 		stack_32_to_n(&stk32, stkp);
3920 #endif
3921 	}
3922 
3923 	return (0);
3924 }
3925 
3926 int
3927 Lalt_stack(struct ps_lwphandle *L, stack_t *stkp)
3928 {
3929 	if (L->lwp_status.pr_altstack.ss_flags & SS_DISABLE) {
3930 		errno = ENODATA;
3931 		return (-1);
3932 	}
3933 
3934 	*stkp = L->lwp_status.pr_altstack;
3935 
3936 	return (0);
3937 }
3938 
3939 /*
3940  * Add a mapping to the given proc handle.  Resizes the array as appropriate and
3941  * manages reference counts on the given file_info_t.
3942  *
3943  * The 'map_relocate' member is used to tell Psort_mappings() that the
3944  * associated file_map pointer needs to be relocated after the mappings have
3945  * been sorted.  It is only set for the first mapping, and has no meaning
3946  * outside these two functions.
3947  */
3948 int
3949 Padd_mapping(struct ps_prochandle *P, off64_t off, file_info_t *fp,
3950     prmap_t *pmap)
3951 {
3952 	map_info_t *mp;
3953 
3954 	if (P->map_count == P->map_alloc) {
3955 		size_t next = P->map_alloc ? P->map_alloc * 2 : 16;
3956 
3957 		if ((P->mappings = realloc(P->mappings,
3958 		    next * sizeof (map_info_t))) == NULL)
3959 			return (-1);
3960 
3961 		P->map_alloc = next;
3962 	}
3963 
3964 	mp = &P->mappings[P->map_count++];
3965 
3966 	mp->map_offset = off;
3967 	mp->map_pmap = *pmap;
3968 	mp->map_relocate = 0;
3969 	if ((mp->map_file = fp) != NULL) {
3970 		if (fp->file_map == NULL) {
3971 			fp->file_map = mp;
3972 			mp->map_relocate = 1;
3973 		}
3974 		fp->file_ref++;
3975 	}
3976 
3977 	return (0);
3978 }
3979 
3980 static int
3981 map_sort(const void *a, const void *b)
3982 {
3983 	const map_info_t *ap = a, *bp = b;
3984 
3985 	if (ap->map_pmap.pr_vaddr < bp->map_pmap.pr_vaddr)
3986 		return (-1);
3987 	else if (ap->map_pmap.pr_vaddr > bp->map_pmap.pr_vaddr)
3988 		return (1);
3989 	else
3990 		return (0);
3991 }
3992 
3993 /*
3994  * Sort the current set of mappings.  Should be called during target
3995  * initialization after all calls to Padd_mapping() have been made.
3996  */
3997 void
3998 Psort_mappings(struct ps_prochandle *P)
3999 {
4000 	int i;
4001 	map_info_t *mp;
4002 
4003 	qsort(P->mappings, P->map_count, sizeof (map_info_t), map_sort);
4004 
4005 	/*
4006 	 * Update all the file_map pointers to refer to the new locations.
4007 	 */
4008 	for (i = 0; i < P->map_count; i++) {
4009 		mp = &P->mappings[i];
4010 		if (mp->map_relocate)
4011 			mp->map_file->file_map = mp;
4012 		mp->map_relocate = 0;
4013 	}
4014 }
4015 
4016 struct ps_prochandle *
4017 Pgrab_ops(pid_t pid, void *data, const ps_ops_t *ops, int flags)
4018 {
4019 	struct ps_prochandle *P;
4020 
4021 	if ((P = calloc(1, sizeof (*P))) == NULL) {
4022 		return (NULL);
4023 	}
4024 
4025 	Pinit_ops(&P->ops, ops);
4026 	(void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
4027 	P->pid = pid;
4028 	P->state = PS_STOP;
4029 	P->asfd = -1;
4030 	P->ctlfd = -1;
4031 	P->statfd = -1;
4032 	P->agentctlfd = -1;
4033 	P->agentstatfd = -1;
4034 	Pinitsym(P);
4035 	Pinitfd(P);
4036 	P->data = data;
4037 	Pread_status(P);
4038 
4039 	if (flags & PGRAB_INCORE) {
4040 		P->flags |= INCORE;
4041 	}
4042 
4043 	return (P);
4044 }
4045