1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * Copyright (c) 2013, Joyent, Inc. All rights reserved. 29 * Copyright 2023 Oxide Computer Company 30 */ 31 32 #include <sys/types.h> 33 #include <sys/uio.h> 34 #include <sys/param.h> 35 #include <sys/cmn_err.h> 36 #include <sys/cred.h> 37 #include <sys/policy.h> 38 #include <sys/debug.h> 39 #include <sys/errno.h> 40 #include <sys/file.h> 41 #include <sys/inline.h> 42 #include <sys/kmem.h> 43 #include <sys/proc.h> 44 #include <sys/brand.h> 45 #include <sys/regset.h> 46 #include <sys/sysmacros.h> 47 #include <sys/systm.h> 48 #include <sys/vfs.h> 49 #include <sys/vnode.h> 50 #include <sys/signal.h> 51 #include <sys/auxv.h> 52 #include <sys/user.h> 53 #include <sys/class.h> 54 #include <sys/fault.h> 55 #include <sys/syscall.h> 56 #include <sys/procfs.h> 57 #include <sys/zone.h> 58 #include <sys/copyops.h> 59 #include <sys/schedctl.h> 60 #include <vm/as.h> 61 #include <vm/seg.h> 62 #include <fs/proc/prdata.h> 63 #include <sys/contract/process_impl.h> 64 #include <sys/stdalign.h> 65 66 static void pr_settrace(proc_t *, sigset_t *); 67 static int pr_setfpregs(prnode_t *, prfpregset_t *); 68 static int pr_setxregs(prnode_t *, prxregset_t *); 69 static int pr_setvaddr(prnode_t *, caddr_t); 70 static int pr_clearsig(prnode_t *); 71 static int pr_clearflt(prnode_t *); 72 static int pr_watch(prnode_t *, prwatch_t *, int *); 73 static int pr_agent(prnode_t *, prgregset_t, int *); 74 static int pr_rdwr(proc_t *, enum uio_rw, priovec_t *); 75 static int pr_scred(proc_t *, prcred_t *, cred_t *, boolean_t); 76 static int pr_spriv(proc_t *, prpriv_t *, cred_t *); 77 static int pr_szoneid(proc_t *, zoneid_t, cred_t *); 78 static void pauselwps(proc_t *); 79 static void unpauselwps(proc_t *); 80 81 /* 82 * This union represents the size of commands that are generally fixed size in 83 * /proc. There are some commands that are variable size because the actual data 84 * is structured. Of things in the latter category, some of these are the same 85 * across all architectures (e.g. prcred_t, prpriv_t) and some vary and are 86 * opaque (e.g. the prxregset_t). 87 */ 88 typedef union { 89 long sig; /* PCKILL, PCUNKILL */ 90 long nice; /* PCNICE */ 91 long timeo; /* PCTWSTOP */ 92 ulong_t flags; /* PCRUN, PCSET, PCUNSET */ 93 caddr_t vaddr; /* PCSVADDR */ 94 siginfo_t siginfo; /* PCSSIG */ 95 sigset_t sigset; /* PCSTRACE, PCSHOLD */ 96 fltset_t fltset; /* PCSFAULT */ 97 sysset_t sysset; /* PCSENTRY, PCSEXIT */ 98 prgregset_t prgregset; /* PCSREG, PCAGENT */ 99 prfpregset_t prfpregset; /* PCSFPREG */ 100 prwatch_t prwatch; /* PCWATCH */ 101 priovec_t priovec; /* PCREAD, PCWRITE */ 102 prcred_t prcred; /* PCSCRED */ 103 prpriv_t prpriv; /* PCSPRIV */ 104 long przoneid; /* PCSZONE */ 105 } arg_t; 106 107 static boolean_t 108 prwritectl_pcscredx_sizef(const void *datap, size_t *sizep) 109 { 110 const prcred_t *cred = datap; 111 112 if (cred->pr_ngroups < 0 || cred->pr_ngroups > ngroups_max) { 113 return (B_FALSE); 114 } 115 116 if (cred->pr_ngroups == 0) { 117 *sizep = 0; 118 } else { 119 *sizep = (cred->pr_ngroups - 1) * sizeof (gid_t); 120 } 121 return (B_TRUE); 122 } 123 124 static boolean_t 125 prwritectl_pcspriv_sizef(const void *datap, size_t *sizep) 126 { 127 const prpriv_t *priv = datap; 128 *sizep = priv_prgetprivsize(priv) - sizeof (prpriv_t); 129 return (B_TRUE); 130 } 131 132 /* 133 * This structure represents a single /proc write command that we support and 134 * metadata about how to ensure we have sufficient data for it. To determine the 135 * data that we need to read, this combines information from three different 136 * sources for a given named command in 'pcs_cmd'. The main goal is to first 137 * make sure we have the right minimum amount of information so we can read and 138 * validate the data around variable length structures. 139 * 140 * o Most commands have a fixed static size. This is represented in the 141 * pcs_size member. This also is used to represent the base structure size 142 * in the case of entries like PCSCREDX. 143 * 144 * o Other commands have an unknown minimum size to determine how much data 145 * there is and they use the pcs_minf() function to determine the right 146 * value. This is often unknown at compile time because it is say a 147 * machdep or ISA based feature (ala PCSXREGS) and we'd rather not #ifdef 148 * this code to death. This may be skipped and is for most things. The value 149 * it returns is added to the static value. 150 * 151 * o The final piece is the pcs_sizef() function pointer which determines the 152 * total required size for this. It is given a pointer that has at least 153 * pcs_size and pcs_minf() bytes. This is used to determine the total 154 * expected size of the structure. Callers must not dereference data beyond 155 * what they've indicated previously. This should only return extra bytes 156 * that are required beyond what was already indicated between the two 157 * functions. 158 * 159 * In all cases, the core prwritectl() logic will determine if there is 160 * sufficient step along the way for each of these to proceed. 161 */ 162 typedef struct proc_control_info { 163 long pcs_cmd; 164 size_t pcs_size; 165 boolean_t (*pcs_minf)(size_t *); 166 boolean_t (*pcs_sizef)(const void *, size_t *); 167 } proc_control_info_t; 168 169 static const proc_control_info_t proc_ctl_info[] = { 170 { PCNULL, 0, NULL, NULL }, 171 { PCSTOP, 0, NULL, NULL }, 172 { PCDSTOP, 0, NULL, NULL }, 173 { PCWSTOP, 0, NULL, NULL }, 174 { PCCSIG, 0, NULL, NULL }, 175 { PCCFAULT, 0, NULL, NULL }, 176 { PCSSIG, sizeof (siginfo_t), NULL, NULL }, 177 { PCTWSTOP, sizeof (long), NULL, NULL }, 178 { PCKILL, sizeof (long), NULL, NULL }, 179 { PCUNKILL, sizeof (long), NULL, NULL }, 180 { PCNICE, sizeof (long), NULL, NULL }, 181 { PCRUN, sizeof (ulong_t), NULL, NULL }, 182 { PCSET, sizeof (ulong_t), NULL, NULL }, 183 { PCUNSET, sizeof (ulong_t), NULL, NULL }, 184 { PCSTRACE, sizeof (sigset_t), NULL, NULL }, 185 { PCSHOLD, sizeof (sigset_t), NULL, NULL }, 186 { PCSFAULT, sizeof (fltset_t), NULL, NULL }, 187 { PCSENTRY, sizeof (sysset_t), NULL, NULL }, 188 { PCSEXIT, sizeof (sysset_t), NULL, NULL }, 189 { PCSREG, sizeof (prgregset_t), NULL, NULL }, 190 { PCAGENT, sizeof (prgregset_t), NULL, NULL }, 191 { PCSFPREG, sizeof (prfpregset_t), NULL, NULL }, 192 { PCSXREG, 0, prwriteminxreg, 193 prwritesizexreg }, 194 { PCWATCH, sizeof (prwatch_t), NULL, NULL }, 195 { PCREAD, sizeof (priovec_t), NULL, NULL }, 196 { PCWRITE, sizeof (priovec_t), NULL, NULL }, 197 { PCSCRED, sizeof (prcred_t), NULL, NULL }, 198 { PCSCREDX, sizeof (prcred_t), NULL, 199 prwritectl_pcscredx_sizef }, 200 { PCSPRIV, sizeof (prpriv_t), NULL, 201 prwritectl_pcspriv_sizef }, 202 { PCSZONE, sizeof (long), NULL, NULL }, 203 }; 204 205 /* 206 * We need a default buffer that we're going to allocate when we need memory to 207 * read control operations. This is on average large enough to hold multiple 208 * control operations. We leave this as a smaller value on debug builds just 209 * to exercise our reallocation logic. 210 */ 211 #ifdef DEBUG 212 #define PROC_CTL_DEFSIZE 32 213 #else 214 #define PROC_CTL_DEFSIZE 1024 215 #endif 216 217 /* 218 * This structure is used to track all of the information that we have around a 219 * prwritectl call. This is used to reduce function parameters and make state 220 * clear. 221 */ 222 typedef struct { 223 void *prwc_buf; 224 size_t prwc_buflen; 225 size_t prwc_curvalid; 226 uio_t *prwc_uiop; 227 prnode_t *prwc_pnp; 228 boolean_t prwc_locked; 229 boolean_t prwc_need32; 230 void *prwc_buf32; 231 } prwritectl_t; 232 233 /* 234 * Ensure that we have at least "needed" data marked as valid and present. If we 235 * require additional data, then we will read that in from uio_t. When we read 236 * data, we try to buffer as much data as will fit in our internal buffers in 237 * one go. 238 */ 239 static int 240 prwritectl_readin(prwritectl_t *prwc, size_t needed) 241 { 242 int ret; 243 size_t toread; 244 void *start; 245 246 /* 247 * If we have as much data as we need then we're good to go. 248 */ 249 if (prwc->prwc_curvalid > needed) { 250 ASSERT3U(prwc->prwc_buflen, >=, prwc->prwc_curvalid); 251 ASSERT3U(prwc->prwc_buflen, >=, needed); 252 return (0); 253 } 254 255 /* 256 * We don't have all of our data. We must make sure of several things: 257 * 258 * 1. That there actually is enough data in the uio_t for what we 259 * need, considering what we've already read. 260 * 2. If the process is locked, at this point, we want to unlock it 261 * before we deal with any I/O or memory allocation. Otherwise we 262 * can wreak havoc with p_lock / paging. 263 * 3. We need to make sure that our buffer is large enough to actually 264 * fit it all. 265 * 4. Only at that point can we actually perform the read. 266 */ 267 if (needed - prwc->prwc_curvalid > prwc->prwc_uiop->uio_resid) { 268 return (EINVAL); 269 } 270 271 if (prwc->prwc_locked) { 272 prunlock(prwc->prwc_pnp); 273 prwc->prwc_locked = B_FALSE; 274 } 275 276 if (needed > prwc->prwc_buflen) { 277 size_t new_len = P2ROUNDUP(needed, PROC_CTL_DEFSIZE); 278 prwc->prwc_buf = kmem_rezalloc(prwc->prwc_buf, 279 prwc->prwc_buflen, new_len, KM_SLEEP); 280 if (prwc->prwc_need32) { 281 prwc->prwc_buf32 = kmem_rezalloc(prwc->prwc_buf32, 282 prwc->prwc_buflen, new_len, KM_SLEEP); 283 } 284 prwc->prwc_buflen = new_len; 285 } 286 287 toread = MIN(prwc->prwc_buflen - prwc->prwc_curvalid, 288 prwc->prwc_uiop->uio_resid); 289 ASSERT3U(toread, >=, needed - prwc->prwc_curvalid); 290 start = (void *)((uintptr_t)prwc->prwc_buf + prwc->prwc_curvalid); 291 if ((ret = uiomove(start, toread, UIO_WRITE, prwc->prwc_uiop)) != 0) { 292 return (ret); 293 } 294 295 prwc->prwc_curvalid += toread; 296 return (0); 297 } 298 299 static const proc_control_info_t * 300 prwritectl_cmd_identify(const prwritectl_t *prwc, 301 const proc_control_info_t *info, size_t ninfo, size_t cmdsize) 302 { 303 long cmd; 304 305 ASSERT(cmdsize == sizeof (int32_t) || cmdsize == sizeof (long)); 306 if (cmdsize == 4) { 307 cmd = (long)*(int32_t *)prwc->prwc_buf; 308 } else { 309 cmd = *(long *)prwc->prwc_buf; 310 } 311 312 313 for (size_t i = 0; i < ninfo; i++) { 314 if (info[i].pcs_cmd == cmd) { 315 return (&info[i]); 316 } 317 } 318 319 return (NULL); 320 } 321 322 /* 323 * Control operations (lots). 324 * 325 * Users can submit one or more commands to us in the uio_t. They are required 326 * to always be complete messages. The first one that fails will cause all 327 * subsequent things to fail. Processing this can be a little tricky as the 328 * actual data size that may be required is variable, not all structures are 329 * fixed sizes and some vary based on the instructing set (e.g. x86 vs. 330 * something else). 331 * 332 * The way that we handle process locking deserves some consideration. Prior to 333 * the colonization of prwritectl and the support for dynamic sizing of data, 334 * the logic would try to read in a large chunk of data and keep a process 335 * locked throughout that period and then unlock it before reading more data. As 336 * such, we mimic that logically and basically lock it before executing the 337 * first (or any subsequent) command and then only unlock it either when we're 338 * done entirely or we need to allocate memory or read from the process. 339 * 340 * This function is a common implementation for both the ILP32 and LP64 entry 341 * points as they are mostly the same except for the sizing and control function 342 * we call. 343 */ 344 int 345 prwritectl_common(vnode_t *vp, uio_t *uiop, cred_t *cr, 346 const proc_control_info_t *proc_info, size_t ninfo, size_t cmdsize, 347 int (*pr_controlf)(long, void *, prnode_t *, cred_t *)) 348 { 349 int ret; 350 prwritectl_t prwc; 351 352 VERIFY(cmdsize == sizeof (int32_t) || cmdsize == sizeof (long)); 353 354 bzero(&prwc, sizeof (prwc)); 355 prwc.prwc_pnp = VTOP(vp); 356 prwc.prwc_uiop = uiop; 357 prwc.prwc_need32 = (cmdsize == sizeof (int32_t)); 358 359 /* 360 * We may have multiple commands to read and want to try to minimize the 361 * amount of reading that we do. Our callers expect us to have a 362 * contiguous buffer for a command's actual implementation. However, we 363 * must have at least a single long worth of data, otherwise it's not 364 * worth continuing. 365 */ 366 while (uiop->uio_resid > 0 || prwc.prwc_curvalid > 0) { 367 const proc_control_info_t *proc_cmd; 368 void *data; 369 370 /* 371 * Check if we have enough data to identify a command. If not, 372 * we read as much as we can in one gulp. 373 */ 374 if ((ret = prwritectl_readin(&prwc, cmdsize)) != 0) { 375 goto out; 376 } 377 378 /* 379 * Identify the command and figure out how how much data we 380 * should have read in the kernel. Some commands have a variable 381 * length and we need to make sure the minimum is met before 382 * asking how much there is in general. Most things know what 383 * the minimum length is and this pcs_minf() is not implemented. 384 * However things that are ISA-specific require us to ask that 385 * first. 386 * 387 * We also must be aware that there may not actually be enough 388 * data present in the uio_t. 389 */ 390 if ((proc_cmd = prwritectl_cmd_identify(&prwc, proc_info, 391 ninfo, cmdsize)) == NULL) { 392 ret = EINVAL; 393 goto out; 394 } 395 396 size_t needed_data = cmdsize + proc_cmd->pcs_size; 397 if (proc_cmd->pcs_minf != NULL) { 398 size_t min; 399 400 if (!proc_cmd->pcs_minf(&min)) { 401 ret = EINVAL; 402 goto out; 403 } 404 405 needed_data += min; 406 } 407 408 if (proc_cmd->pcs_sizef != NULL) { 409 size_t extra; 410 411 /* 412 * Make sure we have the minimum amount of data that 413 * they asked us to between the static and minf 414 * function. 415 */ 416 if ((ret = prwritectl_readin(&prwc, needed_data)) != 417 0) { 418 goto out; 419 } 420 421 VERIFY3U(prwc.prwc_curvalid, >, cmdsize); 422 data = (void *)((uintptr_t)prwc.prwc_buf + cmdsize); 423 if (!proc_cmd->pcs_sizef(data, &extra)) { 424 ret = EINVAL; 425 goto out; 426 } 427 428 needed_data += extra; 429 } 430 431 /* 432 * Now that we know how much data we're supposed to have, 433 * finally ensure we have the total amount we need. 434 */ 435 if ((ret = prwritectl_readin(&prwc, needed_data)) != 0) { 436 goto out; 437 } 438 439 /* 440 * /proc has traditionally assumed control writes come in 441 * multiples of a long. This is 4 bytes for ILP32 and 8 bytes 442 * for LP64. When calculating the required size for a structure, 443 * it would always round that up to the next long. However, the 444 * exact combination of circumstances changes with the 445 * introduction of the 64-bit kernel. For 64-bit processes we 446 * round up when the current command we're processing isn't the 447 * last one. 448 * 449 * Because of our tracking structures and caching we need to 450 * look beyond the uio_t to make this determination. In 451 * particular, the uio_t can have a zero resid, but we may still 452 * have additional data to read as indicated by prwc_curvalid 453 * exceeding the current command size. In the end, we must check 454 * both of these cases. 455 */ 456 if ((needed_data % cmdsize) != 0) { 457 if (cmdsize == sizeof (int32_t) || 458 prwc.prwc_curvalid > needed_data || 459 prwc.prwc_uiop->uio_resid > 0) { 460 needed_data = P2ROUNDUP(needed_data, 461 cmdsize); 462 if ((ret = prwritectl_readin(&prwc, 463 needed_data)) != 0) { 464 goto out; 465 } 466 } 467 } 468 469 if (!prwc.prwc_locked) { 470 ret = prlock(prwc.prwc_pnp, ZNO); 471 if (ret != 0) { 472 goto out; 473 } 474 prwc.prwc_locked = B_TRUE; 475 } 476 477 /* 478 * Run our actual command. When there is an error, then the 479 * underlying pr_control call will have unlocked the prnode_t 480 * on our behalf. pr_control can return -1, which is a special 481 * error indicating a timeout occurred. In such a case the node 482 * is unlocked; however, that we are supposed to continue 483 * processing commands regardless. 484 * 485 * Finally, we must deal with with one actual wrinkle. The LP64 486 * based logic always guarantees that we have data that is 487 * 8-byte aligned. However, the ILP32 logic is 4-byte aligned 488 * and the rest of the /proc code assumes it can always 489 * dereference it. If we're not aligned, we have to bcopy it to 490 * a temporary buffer. 491 */ 492 data = (void *)((uintptr_t)prwc.prwc_buf + cmdsize); 493 #ifdef DEBUG 494 if (cmdsize == sizeof (long)) { 495 ASSERT0((uintptr_t)data % alignof (long)); 496 } 497 #endif 498 if (prwc.prwc_need32 && ((uintptr_t)data % alignof (long)) != 499 0 && needed_data > cmdsize) { 500 bcopy(data, prwc.prwc_buf32, needed_data - cmdsize); 501 data = prwc.prwc_buf32; 502 } 503 ret = pr_controlf(proc_cmd->pcs_cmd, data, prwc.prwc_pnp, cr); 504 if (ret != 0) { 505 prwc.prwc_locked = B_FALSE; 506 if (ret > 0) { 507 goto out; 508 } 509 } 510 511 /* 512 * Finally, now that we have processed this command, we need to 513 * move on. To make our life simple, we basically shift all the 514 * data in our buffer over to indicate it's been consumed. While 515 * a little wasteful, this simplifies buffer management and 516 * guarantees that command processing uses a semi-sanitized 517 * state. Visually, this is the following transformation: 518 * 519 * 0 20 prwc.prwc_curvalid 520 * +------------------+----------------+ 521 * | needed_data | remaining_data | 522 * +------------------+----------------+ 523 * 524 * In the above example we are shifting all the data over by 20, 525 * so remaining data starts at 0. This leaves us needed_data 526 * bytes to clean up from what was valid. 527 */ 528 if (prwc.prwc_buf32 != NULL) { 529 bzero(prwc.prwc_buf32, needed_data - cmdsize); 530 } 531 532 if (prwc.prwc_curvalid > needed_data) { 533 size_t save_size = prwc.prwc_curvalid - needed_data; 534 void *first_save = (void *)((uintptr_t)prwc.prwc_buf + 535 needed_data); 536 memmove(prwc.prwc_buf, first_save, save_size); 537 void *first_zero = (void *)((uintptr_t)prwc.prwc_buf + 538 save_size); 539 bzero(first_zero, needed_data); 540 } else { 541 bzero(prwc.prwc_buf, prwc.prwc_curvalid); 542 } 543 prwc.prwc_curvalid -= needed_data; 544 } 545 546 /* 547 * We've managed to successfully process everything. We can actually say 548 * this was successful now. 549 */ 550 ret = 0; 551 552 out: 553 if (prwc.prwc_locked) { 554 prunlock(prwc.prwc_pnp); 555 prwc.prwc_locked = B_FALSE; 556 } 557 558 if (prwc.prwc_buf != NULL) { 559 kmem_free(prwc.prwc_buf, prwc.prwc_buflen); 560 } 561 562 if (prwc.prwc_buf32 != NULL) { 563 VERIFY(prwc.prwc_need32); 564 kmem_free(prwc.prwc_buf32, prwc.prwc_buflen); 565 } 566 567 return (ret); 568 } 569 570 static int 571 pr_control(long cmd, void *generic, prnode_t *pnp, cred_t *cr) 572 { 573 prcommon_t *pcp; 574 proc_t *p; 575 int unlocked; 576 int error = 0; 577 arg_t *argp = generic; 578 579 if (cmd == PCNULL) 580 return (0); 581 582 pcp = pnp->pr_common; 583 p = pcp->prc_proc; 584 ASSERT(p != NULL); 585 586 /* System processes defy control. */ 587 if (p->p_flag & SSYS) { 588 prunlock(pnp); 589 return (EBUSY); 590 } 591 592 switch (cmd) { 593 594 default: 595 error = EINVAL; 596 break; 597 598 case PCSTOP: /* direct process or lwp to stop and wait for stop */ 599 case PCDSTOP: /* direct process or lwp to stop, don't wait */ 600 case PCWSTOP: /* wait for process or lwp to stop */ 601 case PCTWSTOP: /* wait for process or lwp to stop, with timeout */ 602 { 603 time_t timeo; 604 605 /* 606 * Can't apply to a system process. 607 */ 608 if (p->p_as == &kas) { 609 error = EBUSY; 610 break; 611 } 612 613 if (cmd == PCSTOP || cmd == PCDSTOP) 614 pr_stop(pnp); 615 616 if (cmd == PCDSTOP) 617 break; 618 619 /* 620 * If an lwp is waiting for itself or its process, 621 * don't wait. The stopped lwp would never see the 622 * fact that it is stopped. 623 */ 624 if ((pcp->prc_flags & PRC_LWP)? 625 (pcp->prc_thread == curthread) : (p == curproc)) { 626 if (cmd == PCWSTOP || cmd == PCTWSTOP) 627 error = EBUSY; 628 break; 629 } 630 631 timeo = (cmd == PCTWSTOP)? (time_t)argp->timeo : 0; 632 if ((error = pr_wait_stop(pnp, timeo)) != 0) 633 return (error); 634 635 break; 636 } 637 638 case PCRUN: /* make lwp or process runnable */ 639 error = pr_setrun(pnp, argp->flags); 640 break; 641 642 case PCSTRACE: /* set signal trace mask */ 643 pr_settrace(p, &argp->sigset); 644 break; 645 646 case PCSSIG: /* set current signal */ 647 error = pr_setsig(pnp, &argp->siginfo); 648 if (argp->siginfo.si_signo == SIGKILL && error == 0) { 649 prunlock(pnp); 650 pr_wait_die(pnp); 651 return (-1); 652 } 653 break; 654 655 case PCKILL: /* send signal */ 656 error = pr_kill(pnp, (int)argp->sig, cr); 657 if (error == 0 && argp->sig == SIGKILL) { 658 prunlock(pnp); 659 pr_wait_die(pnp); 660 return (-1); 661 } 662 break; 663 664 case PCUNKILL: /* delete a pending signal */ 665 error = pr_unkill(pnp, (int)argp->sig); 666 break; 667 668 case PCNICE: /* set nice priority */ 669 error = pr_nice(p, (int)argp->nice, cr); 670 break; 671 672 case PCSENTRY: /* set syscall entry bit mask */ 673 case PCSEXIT: /* set syscall exit bit mask */ 674 pr_setentryexit(p, &argp->sysset, cmd == PCSENTRY); 675 break; 676 677 case PCSET: /* set process flags */ 678 error = pr_set(p, argp->flags); 679 break; 680 681 case PCUNSET: /* unset process flags */ 682 error = pr_unset(p, argp->flags); 683 break; 684 685 case PCSREG: /* set general registers */ 686 { 687 kthread_t *t = pr_thread(pnp); 688 689 if (!ISTOPPED(t) && !VSTOPPED(t) && !DSTOPPED(t)) { 690 thread_unlock(t); 691 error = EBUSY; 692 } else { 693 thread_unlock(t); 694 mutex_exit(&p->p_lock); 695 prsetprregs(ttolwp(t), argp->prgregset, 0); 696 mutex_enter(&p->p_lock); 697 } 698 break; 699 } 700 701 case PCSFPREG: /* set floating-point registers */ 702 error = pr_setfpregs(pnp, &argp->prfpregset); 703 break; 704 705 case PCSXREG: /* set extra registers */ 706 error = pr_setxregs(pnp, (prxregset_t *)argp); 707 break; 708 709 case PCSVADDR: /* set virtual address at which to resume */ 710 error = pr_setvaddr(pnp, argp->vaddr); 711 break; 712 713 case PCSHOLD: /* set signal-hold mask */ 714 pr_sethold(pnp, &argp->sigset); 715 break; 716 717 case PCSFAULT: /* set mask of traced faults */ 718 pr_setfault(p, &argp->fltset); 719 break; 720 721 case PCCSIG: /* clear current signal */ 722 error = pr_clearsig(pnp); 723 break; 724 725 case PCCFAULT: /* clear current fault */ 726 error = pr_clearflt(pnp); 727 break; 728 729 case PCWATCH: /* set or clear watched areas */ 730 error = pr_watch(pnp, &argp->prwatch, &unlocked); 731 if (error && unlocked) 732 return (error); 733 break; 734 735 case PCAGENT: /* create the /proc agent lwp in the target process */ 736 error = pr_agent(pnp, argp->prgregset, &unlocked); 737 if (error && unlocked) 738 return (error); 739 break; 740 741 case PCREAD: /* read from the address space */ 742 error = pr_rdwr(p, UIO_READ, &argp->priovec); 743 break; 744 745 case PCWRITE: /* write to the address space */ 746 error = pr_rdwr(p, UIO_WRITE, &argp->priovec); 747 break; 748 749 case PCSCRED: /* set the process credentials */ 750 case PCSCREDX: 751 error = pr_scred(p, &argp->prcred, cr, cmd == PCSCREDX); 752 break; 753 754 case PCSPRIV: /* set the process privileges */ 755 error = pr_spriv(p, &argp->prpriv, cr); 756 break; 757 case PCSZONE: /* set the process's zoneid credentials */ 758 error = pr_szoneid(p, (zoneid_t)argp->przoneid, cr); 759 break; 760 } 761 762 if (error) 763 prunlock(pnp); 764 return (error); 765 } 766 767 int 768 prwritectl(vnode_t *vp, uio_t *uiop, cred_t *cr) 769 { 770 return (prwritectl_common(vp, uiop, cr, proc_ctl_info, 771 ARRAY_SIZE(proc_ctl_info), sizeof (long), pr_control)); 772 } 773 774 #ifdef _SYSCALL32_IMPL 775 776 typedef union { 777 int32_t sig; /* PCKILL, PCUNKILL */ 778 int32_t nice; /* PCNICE */ 779 int32_t timeo; /* PCTWSTOP */ 780 uint32_t flags; /* PCRUN, PCSET, PCUNSET */ 781 caddr32_t vaddr; /* PCSVADDR */ 782 siginfo32_t siginfo; /* PCSSIG */ 783 sigset_t sigset; /* PCSTRACE, PCSHOLD */ 784 fltset_t fltset; /* PCSFAULT */ 785 sysset_t sysset; /* PCSENTRY, PCSEXIT */ 786 prgregset32_t prgregset; /* PCSREG, PCAGENT */ 787 prfpregset32_t prfpregset; /* PCSFPREG */ 788 prwatch32_t prwatch; /* PCWATCH */ 789 priovec32_t priovec; /* PCREAD, PCWRITE */ 790 prcred32_t prcred; /* PCSCRED */ 791 prpriv_t prpriv; /* PCSPRIV */ 792 int32_t przoneid; /* PCSZONE */ 793 } arg32_t; 794 795 static int pr_setfpregs32(prnode_t *, prfpregset32_t *); 796 797 static boolean_t 798 prwritectl_pcscredx32_sizef(const void *datap, size_t *sizep) 799 { 800 const prcred32_t *cred = datap; 801 802 if (cred->pr_ngroups < 0 || cred->pr_ngroups > ngroups_max) { 803 return (B_FALSE); 804 } 805 806 if (cred->pr_ngroups == 0) { 807 *sizep = 0; 808 } else { 809 *sizep = (cred->pr_ngroups - 1) * sizeof (gid32_t); 810 } 811 return (B_TRUE); 812 } 813 814 /* 815 * When dealing with ILP32 code, we are not at a point where we can assume 816 * 64-bit aligned data. Any functions that are operating here must be aware of 817 * that. 818 */ 819 static const proc_control_info_t proc_ctl_info32[] = { 820 { PCNULL, 0, NULL, NULL }, 821 { PCSTOP, 0, NULL, NULL }, 822 { PCDSTOP, 0, NULL, NULL }, 823 { PCWSTOP, 0, NULL, NULL }, 824 { PCCSIG, 0, NULL, NULL }, 825 { PCCFAULT, 0, NULL, NULL }, 826 { PCSSIG, sizeof (siginfo32_t), NULL, NULL }, 827 { PCTWSTOP, sizeof (int32_t), NULL, NULL }, 828 { PCKILL, sizeof (int32_t), NULL, NULL }, 829 { PCUNKILL, sizeof (int32_t), NULL, NULL }, 830 { PCNICE, sizeof (int32_t), NULL, NULL }, 831 { PCRUN, sizeof (uint32_t), NULL, NULL }, 832 { PCSET, sizeof (uint32_t), NULL, NULL }, 833 { PCUNSET, sizeof (uint32_t), NULL, NULL }, 834 { PCSVADDR, sizeof (caddr32_t), NULL, NULL }, 835 { PCSTRACE, sizeof (sigset_t), NULL, NULL }, 836 { PCSHOLD, sizeof (sigset_t), NULL, NULL }, 837 { PCSFAULT, sizeof (fltset_t), NULL, NULL }, 838 { PCSENTRY, sizeof (sysset_t), NULL, NULL }, 839 { PCSEXIT, sizeof (sysset_t), NULL, NULL }, 840 { PCSREG, sizeof (prgregset32_t), NULL, NULL }, 841 { PCAGENT, sizeof (prgregset32_t), NULL, NULL }, 842 { PCSFPREG, sizeof (prfpregset32_t), NULL, NULL }, 843 { PCSXREG, 0, prwriteminxreg, 844 prwritesizexreg }, 845 { PCWATCH, sizeof (prwatch32_t), NULL, NULL }, 846 { PCREAD, sizeof (priovec32_t), NULL, NULL }, 847 { PCWRITE, sizeof (priovec32_t), NULL, NULL }, 848 { PCSCRED, sizeof (prcred32_t), NULL, NULL }, 849 { PCSCREDX, sizeof (prcred32_t), NULL, 850 prwritectl_pcscredx32_sizef }, 851 { PCSPRIV, sizeof (prpriv_t), NULL, 852 prwritectl_pcspriv_sizef }, 853 { PCSZONE, sizeof (long), NULL, NULL }, 854 }; 855 856 static int 857 pr_control32(long cmd, void *generic, prnode_t *pnp, cred_t *cr) 858 { 859 prcommon_t *pcp; 860 proc_t *p; 861 int unlocked; 862 int error = 0; 863 arg32_t *argp = generic; 864 865 if (cmd == PCNULL) 866 return (0); 867 868 pcp = pnp->pr_common; 869 p = pcp->prc_proc; 870 ASSERT(p != NULL); 871 872 if (p->p_flag & SSYS) { 873 prunlock(pnp); 874 return (EBUSY); 875 } 876 877 switch (cmd) { 878 879 default: 880 error = EINVAL; 881 break; 882 883 case PCSTOP: /* direct process or lwp to stop and wait for stop */ 884 case PCDSTOP: /* direct process or lwp to stop, don't wait */ 885 case PCWSTOP: /* wait for process or lwp to stop */ 886 case PCTWSTOP: /* wait for process or lwp to stop, with timeout */ 887 { 888 time_t timeo; 889 890 /* 891 * Can't apply to a system process. 892 */ 893 if (p->p_as == &kas) { 894 error = EBUSY; 895 break; 896 } 897 898 if (cmd == PCSTOP || cmd == PCDSTOP) 899 pr_stop(pnp); 900 901 if (cmd == PCDSTOP) 902 break; 903 904 /* 905 * If an lwp is waiting for itself or its process, 906 * don't wait. The lwp will never see the fact that 907 * itself is stopped. 908 */ 909 if ((pcp->prc_flags & PRC_LWP)? 910 (pcp->prc_thread == curthread) : (p == curproc)) { 911 if (cmd == PCWSTOP || cmd == PCTWSTOP) 912 error = EBUSY; 913 break; 914 } 915 916 timeo = (cmd == PCTWSTOP)? (time_t)argp->timeo : 0; 917 if ((error = pr_wait_stop(pnp, timeo)) != 0) 918 return (error); 919 920 break; 921 } 922 923 case PCRUN: /* make lwp or process runnable */ 924 error = pr_setrun(pnp, (ulong_t)argp->flags); 925 break; 926 927 case PCSTRACE: /* set signal trace mask */ 928 pr_settrace(p, &argp->sigset); 929 break; 930 931 case PCSSIG: /* set current signal */ 932 if (PROCESS_NOT_32BIT(p)) 933 error = EOVERFLOW; 934 else { 935 int sig = (int)argp->siginfo.si_signo; 936 siginfo_t siginfo; 937 938 bzero(&siginfo, sizeof (siginfo)); 939 siginfo_32tok(&argp->siginfo, (k_siginfo_t *)&siginfo); 940 error = pr_setsig(pnp, &siginfo); 941 if (sig == SIGKILL && error == 0) { 942 prunlock(pnp); 943 pr_wait_die(pnp); 944 return (-1); 945 } 946 } 947 break; 948 949 case PCKILL: /* send signal */ 950 error = pr_kill(pnp, (int)argp->sig, cr); 951 if (error == 0 && argp->sig == SIGKILL) { 952 prunlock(pnp); 953 pr_wait_die(pnp); 954 return (-1); 955 } 956 break; 957 958 case PCUNKILL: /* delete a pending signal */ 959 error = pr_unkill(pnp, (int)argp->sig); 960 break; 961 962 case PCNICE: /* set nice priority */ 963 error = pr_nice(p, (int)argp->nice, cr); 964 break; 965 966 case PCSENTRY: /* set syscall entry bit mask */ 967 case PCSEXIT: /* set syscall exit bit mask */ 968 pr_setentryexit(p, &argp->sysset, cmd == PCSENTRY); 969 break; 970 971 case PCSET: /* set process flags */ 972 error = pr_set(p, (long)argp->flags); 973 break; 974 975 case PCUNSET: /* unset process flags */ 976 error = pr_unset(p, (long)argp->flags); 977 break; 978 979 case PCSREG: /* set general registers */ 980 if (PROCESS_NOT_32BIT(p)) 981 error = EOVERFLOW; 982 else { 983 kthread_t *t = pr_thread(pnp); 984 985 if (!ISTOPPED(t) && !VSTOPPED(t) && !DSTOPPED(t)) { 986 thread_unlock(t); 987 error = EBUSY; 988 } else { 989 prgregset_t prgregset; 990 klwp_t *lwp = ttolwp(t); 991 992 thread_unlock(t); 993 mutex_exit(&p->p_lock); 994 prgregset_32ton(lwp, argp->prgregset, 995 prgregset); 996 prsetprregs(lwp, prgregset, 0); 997 mutex_enter(&p->p_lock); 998 } 999 } 1000 break; 1001 1002 case PCSFPREG: /* set floating-point registers */ 1003 if (PROCESS_NOT_32BIT(p)) 1004 error = EOVERFLOW; 1005 else 1006 error = pr_setfpregs32(pnp, &argp->prfpregset); 1007 break; 1008 1009 case PCSXREG: /* set extra registers */ 1010 if (PROCESS_NOT_32BIT(p)) 1011 error = EOVERFLOW; 1012 else 1013 error = pr_setxregs(pnp, (prxregset_t *)argp); 1014 break; 1015 1016 case PCSVADDR: /* set virtual address at which to resume */ 1017 if (PROCESS_NOT_32BIT(p)) 1018 error = EOVERFLOW; 1019 else 1020 error = pr_setvaddr(pnp, 1021 (caddr_t)(uintptr_t)argp->vaddr); 1022 break; 1023 1024 case PCSHOLD: /* set signal-hold mask */ 1025 pr_sethold(pnp, &argp->sigset); 1026 break; 1027 1028 case PCSFAULT: /* set mask of traced faults */ 1029 pr_setfault(p, &argp->fltset); 1030 break; 1031 1032 case PCCSIG: /* clear current signal */ 1033 error = pr_clearsig(pnp); 1034 break; 1035 1036 case PCCFAULT: /* clear current fault */ 1037 error = pr_clearflt(pnp); 1038 break; 1039 1040 case PCWATCH: /* set or clear watched areas */ 1041 if (PROCESS_NOT_32BIT(p)) 1042 error = EOVERFLOW; 1043 else { 1044 prwatch_t prwatch; 1045 1046 prwatch.pr_vaddr = argp->prwatch.pr_vaddr; 1047 prwatch.pr_size = argp->prwatch.pr_size; 1048 prwatch.pr_wflags = argp->prwatch.pr_wflags; 1049 prwatch.pr_pad = argp->prwatch.pr_pad; 1050 error = pr_watch(pnp, &prwatch, &unlocked); 1051 if (error && unlocked) 1052 return (error); 1053 } 1054 break; 1055 1056 case PCAGENT: /* create the /proc agent lwp in the target process */ 1057 if (PROCESS_NOT_32BIT(p)) 1058 error = EOVERFLOW; 1059 else { 1060 prgregset_t prgregset; 1061 kthread_t *t = pr_thread(pnp); 1062 klwp_t *lwp = ttolwp(t); 1063 thread_unlock(t); 1064 mutex_exit(&p->p_lock); 1065 prgregset_32ton(lwp, argp->prgregset, prgregset); 1066 mutex_enter(&p->p_lock); 1067 error = pr_agent(pnp, prgregset, &unlocked); 1068 if (error && unlocked) 1069 return (error); 1070 } 1071 break; 1072 1073 case PCREAD: /* read from the address space */ 1074 case PCWRITE: /* write to the address space */ 1075 if (PROCESS_NOT_32BIT(p) || (pnp->pr_flags & PR_OFFMAX)) 1076 error = EOVERFLOW; 1077 else { 1078 enum uio_rw rw = (cmd == PCREAD)? UIO_READ : UIO_WRITE; 1079 priovec_t priovec; 1080 1081 priovec.pio_base = 1082 (void *)(uintptr_t)argp->priovec.pio_base; 1083 priovec.pio_len = (size_t)argp->priovec.pio_len; 1084 priovec.pio_offset = (off_t) 1085 (uint32_t)argp->priovec.pio_offset; 1086 error = pr_rdwr(p, rw, &priovec); 1087 } 1088 break; 1089 1090 case PCSCRED: /* set the process credentials */ 1091 case PCSCREDX: 1092 { 1093 /* 1094 * All the fields in these structures are exactly the 1095 * same and so the structures are compatible. In case 1096 * this ever changes, we catch this with the ASSERT 1097 * below. 1098 */ 1099 prcred_t *prcred = (prcred_t *)&argp->prcred; 1100 1101 #ifndef __lint 1102 ASSERT(sizeof (prcred_t) == sizeof (prcred32_t)); 1103 #endif 1104 1105 error = pr_scred(p, prcred, cr, cmd == PCSCREDX); 1106 break; 1107 } 1108 1109 case PCSPRIV: /* set the process privileges */ 1110 error = pr_spriv(p, &argp->prpriv, cr); 1111 break; 1112 1113 case PCSZONE: /* set the process's zoneid */ 1114 error = pr_szoneid(p, (zoneid_t)argp->przoneid, cr); 1115 break; 1116 } 1117 1118 if (error) 1119 prunlock(pnp); 1120 return (error); 1121 } 1122 1123 int 1124 prwritectl32(struct vnode *vp, struct uio *uiop, cred_t *cr) 1125 { 1126 return (prwritectl_common(vp, uiop, cr, proc_ctl_info32, 1127 ARRAY_SIZE(proc_ctl_info32), sizeof (int32_t), pr_control32)); 1128 } 1129 #endif /* _SYSCALL32_IMPL */ 1130 1131 /* 1132 * Return the specific or chosen thread/lwp for a control operation. 1133 * Returns with the thread locked via thread_lock(t). 1134 */ 1135 kthread_t * 1136 pr_thread(prnode_t *pnp) 1137 { 1138 prcommon_t *pcp = pnp->pr_common; 1139 kthread_t *t; 1140 1141 if (pcp->prc_flags & PRC_LWP) { 1142 t = pcp->prc_thread; 1143 ASSERT(t != NULL); 1144 thread_lock(t); 1145 } else { 1146 proc_t *p = pcp->prc_proc; 1147 t = prchoose(p); /* returns locked thread */ 1148 ASSERT(t != NULL); 1149 } 1150 1151 return (t); 1152 } 1153 1154 /* 1155 * Direct the process or lwp to stop. 1156 */ 1157 void 1158 pr_stop(prnode_t *pnp) 1159 { 1160 prcommon_t *pcp = pnp->pr_common; 1161 proc_t *p = pcp->prc_proc; 1162 kthread_t *t; 1163 vnode_t *vp; 1164 1165 /* 1166 * If already stopped, do nothing; otherwise flag 1167 * it to be stopped the next time it tries to run. 1168 * If sleeping at interruptible priority, set it 1169 * running so it will stop within cv_wait_sig(). 1170 * 1171 * Take care to cooperate with jobcontrol: if an lwp 1172 * is stopped due to the default action of a jobcontrol 1173 * stop signal, flag it to be stopped the next time it 1174 * starts due to a SIGCONT signal. 1175 */ 1176 if (pcp->prc_flags & PRC_LWP) 1177 t = pcp->prc_thread; 1178 else 1179 t = p->p_tlist; 1180 ASSERT(t != NULL); 1181 1182 do { 1183 int notify; 1184 1185 notify = 0; 1186 thread_lock(t); 1187 if (!ISTOPPED(t)) { 1188 t->t_proc_flag |= TP_PRSTOP; 1189 t->t_sig_check = 1; /* do ISSIG */ 1190 } 1191 1192 /* Move the thread from wait queue to run queue */ 1193 if (ISWAITING(t)) 1194 setrun_locked(t); 1195 1196 if (ISWAKEABLE(t)) { 1197 if (t->t_wchan0 == NULL) 1198 setrun_locked(t); 1199 else if (!VSTOPPED(t)) { 1200 /* 1201 * Mark it virtually stopped. 1202 */ 1203 t->t_proc_flag |= TP_PRVSTOP; 1204 notify = 1; 1205 } 1206 } 1207 /* 1208 * force the thread into the kernel 1209 * if it is not already there. 1210 */ 1211 prpokethread(t); 1212 thread_unlock(t); 1213 if (notify && 1214 (vp = p->p_lwpdir[t->t_dslot].ld_entry->le_trace) != NULL) 1215 prnotify(vp); 1216 if (pcp->prc_flags & PRC_LWP) 1217 break; 1218 } while ((t = t->t_forw) != p->p_tlist); 1219 1220 /* 1221 * We do this just in case the thread we asked 1222 * to stop is in holdlwps() (called from cfork()). 1223 */ 1224 cv_broadcast(&p->p_holdlwps); 1225 } 1226 1227 /* 1228 * Sleep until the lwp stops, but cooperate with 1229 * jobcontrol: Don't wake up if the lwp is stopped 1230 * due to the default action of a jobcontrol stop signal. 1231 * If this is the process file descriptor, sleep 1232 * until all of the process's lwps stop. 1233 */ 1234 int 1235 pr_wait_stop(prnode_t *pnp, time_t timeo) 1236 { 1237 prcommon_t *pcp = pnp->pr_common; 1238 proc_t *p = pcp->prc_proc; 1239 timestruc_t rqtime; 1240 timestruc_t *rqtp = NULL; 1241 int timecheck = 0; 1242 kthread_t *t; 1243 int error; 1244 1245 if (timeo > 0) { /* millisecond timeout */ 1246 /* 1247 * Determine the precise future time of the requested timeout. 1248 */ 1249 timestruc_t now; 1250 1251 timecheck = timechanged; 1252 gethrestime(&now); 1253 rqtp = &rqtime; 1254 rqtp->tv_sec = timeo / MILLISEC; 1255 rqtp->tv_nsec = (timeo % MILLISEC) * MICROSEC; 1256 timespecadd(rqtp, &now); 1257 } 1258 1259 if (pcp->prc_flags & PRC_LWP) { /* lwp file descriptor */ 1260 t = pcp->prc_thread; 1261 ASSERT(t != NULL); 1262 thread_lock(t); 1263 while (!ISTOPPED(t) && !VSTOPPED(t)) { 1264 thread_unlock(t); 1265 mutex_enter(&pcp->prc_mutex); 1266 prunlock(pnp); 1267 error = pr_wait(pcp, rqtp, timecheck); 1268 if (error) /* -1 is timeout */ 1269 return (error); 1270 if ((error = prlock(pnp, ZNO)) != 0) 1271 return (error); 1272 ASSERT(p == pcp->prc_proc); 1273 ASSERT(t == pcp->prc_thread); 1274 thread_lock(t); 1275 } 1276 thread_unlock(t); 1277 } else { /* process file descriptor */ 1278 t = prchoose(p); /* returns locked thread */ 1279 ASSERT(t != NULL); 1280 ASSERT(MUTEX_HELD(&p->p_lock)); 1281 while ((!ISTOPPED(t) && !VSTOPPED(t) && !SUSPENDED(t)) || 1282 (p->p_flag & SEXITLWPS)) { 1283 thread_unlock(t); 1284 mutex_enter(&pcp->prc_mutex); 1285 prunlock(pnp); 1286 error = pr_wait(pcp, rqtp, timecheck); 1287 if (error) /* -1 is timeout */ 1288 return (error); 1289 if ((error = prlock(pnp, ZNO)) != 0) 1290 return (error); 1291 ASSERT(p == pcp->prc_proc); 1292 t = prchoose(p); /* returns locked t */ 1293 ASSERT(t != NULL); 1294 } 1295 thread_unlock(t); 1296 } 1297 1298 ASSERT(!(pcp->prc_flags & PRC_DESTROY) && p->p_stat != SZOMB && 1299 t != NULL && t->t_state != TS_ZOMB); 1300 1301 return (0); 1302 } 1303 1304 int 1305 pr_setrun(prnode_t *pnp, ulong_t flags) 1306 { 1307 prcommon_t *pcp = pnp->pr_common; 1308 proc_t *p = pcp->prc_proc; 1309 kthread_t *t; 1310 klwp_t *lwp; 1311 1312 /* 1313 * Cannot set an lwp running if it is not stopped. 1314 * Also, no lwp other than the /proc agent lwp can 1315 * be set running so long as the /proc agent lwp exists. 1316 */ 1317 t = pr_thread(pnp); /* returns locked thread */ 1318 if ((!ISTOPPED(t) && !VSTOPPED(t) && 1319 !(t->t_proc_flag & TP_PRSTOP)) || 1320 (p->p_agenttp != NULL && 1321 (t != p->p_agenttp || !(pcp->prc_flags & PRC_LWP)))) { 1322 thread_unlock(t); 1323 return (EBUSY); 1324 } 1325 thread_unlock(t); 1326 if (flags & ~(PRCSIG|PRCFAULT|PRSTEP|PRSTOP|PRSABORT)) 1327 return (EINVAL); 1328 lwp = ttolwp(t); 1329 if ((flags & PRCSIG) && lwp->lwp_cursig != SIGKILL) { 1330 /* 1331 * Discard current siginfo_t, if any. 1332 */ 1333 lwp->lwp_cursig = 0; 1334 lwp->lwp_extsig = 0; 1335 if (lwp->lwp_curinfo) { 1336 siginfofree(lwp->lwp_curinfo); 1337 lwp->lwp_curinfo = NULL; 1338 } 1339 } 1340 if (flags & PRCFAULT) 1341 lwp->lwp_curflt = 0; 1342 /* 1343 * We can't hold p->p_lock when we touch the lwp's registers. 1344 * It may be swapped out and we will get a page fault. 1345 */ 1346 if (flags & PRSTEP) { 1347 mutex_exit(&p->p_lock); 1348 prstep(lwp, 0); 1349 mutex_enter(&p->p_lock); 1350 } 1351 if (flags & PRSTOP) { 1352 t->t_proc_flag |= TP_PRSTOP; 1353 t->t_sig_check = 1; /* do ISSIG */ 1354 } 1355 if (flags & PRSABORT) 1356 lwp->lwp_sysabort = 1; 1357 thread_lock(t); 1358 if ((pcp->prc_flags & PRC_LWP) || (flags & (PRSTEP|PRSTOP))) { 1359 /* 1360 * Here, we are dealing with a single lwp. 1361 */ 1362 if (ISTOPPED(t)) { 1363 t->t_schedflag |= TS_PSTART; 1364 t->t_dtrace_stop = 0; 1365 setrun_locked(t); 1366 } else if (flags & PRSABORT) { 1367 t->t_proc_flag &= 1368 ~(TP_PRSTOP|TP_PRVSTOP|TP_STOPPING); 1369 setrun_locked(t); 1370 } else if (!(flags & PRSTOP)) { 1371 t->t_proc_flag &= 1372 ~(TP_PRSTOP|TP_PRVSTOP|TP_STOPPING); 1373 } 1374 thread_unlock(t); 1375 } else { 1376 /* 1377 * Here, we are dealing with the whole process. 1378 */ 1379 if (ISTOPPED(t)) { 1380 /* 1381 * The representative lwp is stopped on an event 1382 * of interest. We demote it to PR_REQUESTED and 1383 * choose another representative lwp. If the new 1384 * representative lwp is not stopped on an event of 1385 * interest (other than PR_REQUESTED), we set the 1386 * whole process running, else we leave the process 1387 * stopped showing the next event of interest. 1388 */ 1389 kthread_t *tx = NULL; 1390 1391 if (!(flags & PRSABORT) && 1392 t->t_whystop == PR_SYSENTRY && 1393 t->t_whatstop == SYS_lwp_exit) 1394 tx = t; /* remember the exiting lwp */ 1395 t->t_whystop = PR_REQUESTED; 1396 t->t_whatstop = 0; 1397 thread_unlock(t); 1398 t = prchoose(p); /* returns locked t */ 1399 ASSERT(ISTOPPED(t) || VSTOPPED(t)); 1400 if (VSTOPPED(t) || 1401 t->t_whystop == PR_REQUESTED) { 1402 thread_unlock(t); 1403 allsetrun(p); 1404 } else { 1405 thread_unlock(t); 1406 /* 1407 * As a special case, if the old representative 1408 * lwp was stopped on entry to _lwp_exit() 1409 * (and we are not aborting the system call), 1410 * we set the old representative lwp running. 1411 * We do this so that the next process stop 1412 * will find the exiting lwp gone. 1413 */ 1414 if (tx != NULL) { 1415 thread_lock(tx); 1416 tx->t_schedflag |= TS_PSTART; 1417 t->t_dtrace_stop = 0; 1418 setrun_locked(tx); 1419 thread_unlock(tx); 1420 } 1421 } 1422 } else { 1423 /* 1424 * No event of interest; set all of the lwps running. 1425 */ 1426 if (flags & PRSABORT) { 1427 t->t_proc_flag &= 1428 ~(TP_PRSTOP|TP_PRVSTOP|TP_STOPPING); 1429 setrun_locked(t); 1430 } 1431 thread_unlock(t); 1432 allsetrun(p); 1433 } 1434 } 1435 return (0); 1436 } 1437 1438 /* 1439 * Wait until process/lwp stops or until timer expires. 1440 * Return EINTR for an interruption, -1 for timeout, else 0. 1441 */ 1442 int 1443 pr_wait(prcommon_t *pcp, /* prcommon referring to process/lwp */ 1444 timestruc_t *ts, /* absolute time of timeout, if any */ 1445 int timecheck) 1446 { 1447 int rval; 1448 1449 ASSERT(MUTEX_HELD(&pcp->prc_mutex)); 1450 rval = cv_waituntil_sig(&pcp->prc_wait, &pcp->prc_mutex, ts, timecheck); 1451 mutex_exit(&pcp->prc_mutex); 1452 switch (rval) { 1453 case 0: 1454 return (EINTR); 1455 case -1: 1456 return (-1); 1457 default: 1458 return (0); 1459 } 1460 } 1461 1462 /* 1463 * Make all threads in the process runnable. 1464 */ 1465 void 1466 allsetrun(proc_t *p) 1467 { 1468 kthread_t *t; 1469 1470 ASSERT(MUTEX_HELD(&p->p_lock)); 1471 1472 if ((t = p->p_tlist) != NULL) { 1473 do { 1474 thread_lock(t); 1475 ASSERT(!(t->t_proc_flag & TP_LWPEXIT)); 1476 t->t_proc_flag &= ~(TP_PRSTOP|TP_PRVSTOP|TP_STOPPING); 1477 if (ISTOPPED(t)) { 1478 t->t_schedflag |= TS_PSTART; 1479 t->t_dtrace_stop = 0; 1480 setrun_locked(t); 1481 } 1482 thread_unlock(t); 1483 } while ((t = t->t_forw) != p->p_tlist); 1484 } 1485 } 1486 1487 /* 1488 * Wait for the process to die. 1489 * We do this after sending SIGKILL because we know it will 1490 * die soon and we want subsequent operations to return ENOENT. 1491 */ 1492 void 1493 pr_wait_die(prnode_t *pnp) 1494 { 1495 proc_t *p; 1496 1497 mutex_enter(&pidlock); 1498 while ((p = pnp->pr_common->prc_proc) != NULL && p->p_stat != SZOMB) { 1499 if (!cv_wait_sig(&p->p_srwchan_cv, &pidlock)) 1500 break; 1501 } 1502 mutex_exit(&pidlock); 1503 } 1504 1505 static void 1506 pr_settrace(proc_t *p, sigset_t *sp) 1507 { 1508 prdelset(sp, SIGKILL); 1509 prassignset(&p->p_sigmask, sp); 1510 if (!sigisempty(&p->p_sigmask)) 1511 p->p_proc_flag |= P_PR_TRACE; 1512 else if (prisempty(&p->p_fltmask)) { 1513 user_t *up = PTOU(p); 1514 if (up->u_systrap == 0) 1515 p->p_proc_flag &= ~P_PR_TRACE; 1516 } 1517 } 1518 1519 int 1520 pr_setsig(prnode_t *pnp, siginfo_t *sip) 1521 { 1522 int nsig = PROC_IS_BRANDED(curproc)? BROP(curproc)->b_nsig : NSIG; 1523 int sig = sip->si_signo; 1524 prcommon_t *pcp = pnp->pr_common; 1525 proc_t *p = pcp->prc_proc; 1526 kthread_t *t; 1527 klwp_t *lwp; 1528 int error = 0; 1529 1530 t = pr_thread(pnp); /* returns locked thread */ 1531 thread_unlock(t); 1532 lwp = ttolwp(t); 1533 if (sig < 0 || sig >= nsig) 1534 /* Zero allowed here */ 1535 error = EINVAL; 1536 else if (lwp->lwp_cursig == SIGKILL) 1537 /* "can't happen", but just in case */ 1538 error = EBUSY; 1539 else if ((lwp->lwp_cursig = (uchar_t)sig) == 0) { 1540 lwp->lwp_extsig = 0; 1541 /* 1542 * Discard current siginfo_t, if any. 1543 */ 1544 if (lwp->lwp_curinfo) { 1545 siginfofree(lwp->lwp_curinfo); 1546 lwp->lwp_curinfo = NULL; 1547 } 1548 } else { 1549 kthread_t *tx; 1550 sigqueue_t *sqp; 1551 1552 /* drop p_lock to do kmem_alloc(KM_SLEEP) */ 1553 mutex_exit(&p->p_lock); 1554 sqp = kmem_zalloc(sizeof (sigqueue_t), KM_SLEEP); 1555 mutex_enter(&p->p_lock); 1556 1557 if (lwp->lwp_curinfo == NULL) 1558 lwp->lwp_curinfo = sqp; 1559 else 1560 kmem_free(sqp, sizeof (sigqueue_t)); 1561 /* 1562 * Copy contents of info to current siginfo_t. 1563 */ 1564 bcopy(sip, &lwp->lwp_curinfo->sq_info, 1565 sizeof (lwp->lwp_curinfo->sq_info)); 1566 /* 1567 * Prevent contents published by si_zoneid-unaware /proc 1568 * consumers from being incorrectly filtered. Because 1569 * an uninitialized si_zoneid is the same as 1570 * GLOBAL_ZONEID, this means that you can't pr_setsig a 1571 * process in a non-global zone with a siginfo which 1572 * appears to come from the global zone. 1573 */ 1574 if (SI_FROMUSER(sip) && sip->si_zoneid == 0) 1575 lwp->lwp_curinfo->sq_info.si_zoneid = 1576 p->p_zone->zone_id; 1577 /* 1578 * Side-effects for SIGKILL and jobcontrol signals. 1579 */ 1580 if (sig == SIGKILL) { 1581 p->p_flag |= SKILLED; 1582 p->p_flag &= ~SEXTKILLED; 1583 } else if (sig == SIGCONT) { 1584 p->p_flag |= SSCONT; 1585 sigdelq(p, NULL, SIGSTOP); 1586 sigdelq(p, NULL, SIGTSTP); 1587 sigdelq(p, NULL, SIGTTOU); 1588 sigdelq(p, NULL, SIGTTIN); 1589 sigdiffset(&p->p_sig, &stopdefault); 1590 sigdiffset(&p->p_extsig, &stopdefault); 1591 if ((tx = p->p_tlist) != NULL) { 1592 do { 1593 sigdelq(p, tx, SIGSTOP); 1594 sigdelq(p, tx, SIGTSTP); 1595 sigdelq(p, tx, SIGTTOU); 1596 sigdelq(p, tx, SIGTTIN); 1597 sigdiffset(&tx->t_sig, &stopdefault); 1598 sigdiffset(&tx->t_extsig, &stopdefault); 1599 } while ((tx = tx->t_forw) != p->p_tlist); 1600 } 1601 } else if (sigismember(&stopdefault, sig)) { 1602 if (PTOU(p)->u_signal[sig-1] == SIG_DFL && 1603 (sig == SIGSTOP || !p->p_pgidp->pid_pgorphaned)) 1604 p->p_flag &= ~SSCONT; 1605 sigdelq(p, NULL, SIGCONT); 1606 sigdelset(&p->p_sig, SIGCONT); 1607 sigdelset(&p->p_extsig, SIGCONT); 1608 if ((tx = p->p_tlist) != NULL) { 1609 do { 1610 sigdelq(p, tx, SIGCONT); 1611 sigdelset(&tx->t_sig, SIGCONT); 1612 sigdelset(&tx->t_extsig, SIGCONT); 1613 } while ((tx = tx->t_forw) != p->p_tlist); 1614 } 1615 } 1616 thread_lock(t); 1617 if (ISWAKEABLE(t) || ISWAITING(t)) { 1618 /* Set signaled sleeping/waiting lwp running */ 1619 setrun_locked(t); 1620 } else if (t->t_state == TS_STOPPED && sig == SIGKILL) { 1621 /* If SIGKILL, set stopped lwp running */ 1622 p->p_stopsig = 0; 1623 t->t_schedflag |= TS_XSTART | TS_PSTART; 1624 t->t_dtrace_stop = 0; 1625 setrun_locked(t); 1626 } 1627 t->t_sig_check = 1; /* so ISSIG will be done */ 1628 thread_unlock(t); 1629 /* 1630 * More jobcontrol side-effects. 1631 */ 1632 if (sig == SIGCONT && (tx = p->p_tlist) != NULL) { 1633 p->p_stopsig = 0; 1634 do { 1635 thread_lock(tx); 1636 if (tx->t_state == TS_STOPPED && 1637 tx->t_whystop == PR_JOBCONTROL) { 1638 tx->t_schedflag |= TS_XSTART; 1639 setrun_locked(tx); 1640 } 1641 thread_unlock(tx); 1642 } while ((tx = tx->t_forw) != p->p_tlist); 1643 } 1644 } 1645 return (error); 1646 } 1647 1648 int 1649 pr_kill(prnode_t *pnp, int sig, cred_t *cr) 1650 { 1651 int nsig = PROC_IS_BRANDED(curproc)? BROP(curproc)->b_nsig : NSIG; 1652 prcommon_t *pcp = pnp->pr_common; 1653 proc_t *p = pcp->prc_proc; 1654 k_siginfo_t info; 1655 1656 if (sig <= 0 || sig >= nsig) 1657 return (EINVAL); 1658 1659 bzero(&info, sizeof (info)); 1660 info.si_signo = sig; 1661 info.si_code = SI_USER; 1662 info.si_pid = curproc->p_pid; 1663 info.si_ctid = PRCTID(curproc); 1664 info.si_zoneid = getzoneid(); 1665 info.si_uid = crgetruid(cr); 1666 sigaddq(p, (pcp->prc_flags & PRC_LWP)? 1667 pcp->prc_thread : NULL, &info, KM_NOSLEEP); 1668 1669 return (0); 1670 } 1671 1672 int 1673 pr_unkill(prnode_t *pnp, int sig) 1674 { 1675 int nsig = PROC_IS_BRANDED(curproc)? BROP(curproc)->b_nsig : NSIG; 1676 prcommon_t *pcp = pnp->pr_common; 1677 proc_t *p = pcp->prc_proc; 1678 sigqueue_t *infop = NULL; 1679 1680 if (sig <= 0 || sig >= nsig || sig == SIGKILL) 1681 return (EINVAL); 1682 1683 if (pcp->prc_flags & PRC_LWP) 1684 sigdeq(p, pcp->prc_thread, sig, &infop); 1685 else 1686 sigdeq(p, NULL, sig, &infop); 1687 1688 if (infop) 1689 siginfofree(infop); 1690 1691 return (0); 1692 } 1693 1694 int 1695 pr_nice(proc_t *p, int nice, cred_t *cr) 1696 { 1697 kthread_t *t; 1698 int err; 1699 int error = 0; 1700 1701 t = p->p_tlist; 1702 do { 1703 ASSERT(!(t->t_proc_flag & TP_LWPEXIT)); 1704 err = CL_DONICE(t, cr, nice, (int *)NULL); 1705 schedctl_set_cidpri(t); 1706 if (error == 0) 1707 error = err; 1708 } while ((t = t->t_forw) != p->p_tlist); 1709 1710 return (error); 1711 } 1712 1713 void 1714 pr_setentryexit(proc_t *p, sysset_t *sysset, int entry) 1715 { 1716 user_t *up = PTOU(p); 1717 1718 if (entry) { 1719 prassignset(&up->u_entrymask, sysset); 1720 } else { 1721 prassignset(&up->u_exitmask, sysset); 1722 } 1723 if (!prisempty(&up->u_entrymask) || 1724 !prisempty(&up->u_exitmask)) { 1725 up->u_systrap = 1; 1726 p->p_proc_flag |= P_PR_TRACE; 1727 set_proc_sys(p); /* set pre and post-sys flags */ 1728 } else { 1729 up->u_systrap = 0; 1730 if (sigisempty(&p->p_sigmask) && 1731 prisempty(&p->p_fltmask)) 1732 p->p_proc_flag &= ~P_PR_TRACE; 1733 } 1734 } 1735 1736 #define ALLFLAGS \ 1737 (PR_FORK|PR_RLC|PR_KLC|PR_ASYNC|PR_BPTADJ|PR_MSACCT|PR_MSFORK|PR_PTRACE) 1738 1739 int 1740 pr_set(proc_t *p, long flags) 1741 { 1742 if ((p->p_flag & SSYS) || p->p_as == &kas) 1743 return (EBUSY); 1744 1745 if (flags & ~ALLFLAGS) 1746 return (EINVAL); 1747 1748 if (flags & PR_FORK) 1749 p->p_proc_flag |= P_PR_FORK; 1750 if (flags & PR_RLC) 1751 p->p_proc_flag |= P_PR_RUNLCL; 1752 if (flags & PR_KLC) 1753 p->p_proc_flag |= P_PR_KILLCL; 1754 if (flags & PR_ASYNC) 1755 p->p_proc_flag |= P_PR_ASYNC; 1756 if (flags & PR_BPTADJ) 1757 p->p_proc_flag |= P_PR_BPTADJ; 1758 if (flags & PR_MSACCT) 1759 if ((p->p_flag & SMSACCT) == 0) 1760 estimate_msacct(p->p_tlist, gethrtime()); 1761 if (flags & PR_MSFORK) 1762 p->p_flag |= SMSFORK; 1763 if (flags & PR_PTRACE) { 1764 p->p_proc_flag |= P_PR_PTRACE; 1765 /* ptraced process must die if parent dead */ 1766 if (p->p_ppid == 1) 1767 sigtoproc(p, NULL, SIGKILL); 1768 } 1769 1770 return (0); 1771 } 1772 1773 int 1774 pr_unset(proc_t *p, long flags) 1775 { 1776 if ((p->p_flag & SSYS) || p->p_as == &kas) 1777 return (EBUSY); 1778 1779 if (flags & ~ALLFLAGS) 1780 return (EINVAL); 1781 1782 if (flags & PR_FORK) 1783 p->p_proc_flag &= ~P_PR_FORK; 1784 if (flags & PR_RLC) 1785 p->p_proc_flag &= ~P_PR_RUNLCL; 1786 if (flags & PR_KLC) 1787 p->p_proc_flag &= ~P_PR_KILLCL; 1788 if (flags & PR_ASYNC) 1789 p->p_proc_flag &= ~P_PR_ASYNC; 1790 if (flags & PR_BPTADJ) 1791 p->p_proc_flag &= ~P_PR_BPTADJ; 1792 if (flags & PR_MSACCT) 1793 disable_msacct(p); 1794 if (flags & PR_MSFORK) 1795 p->p_flag &= ~SMSFORK; 1796 if (flags & PR_PTRACE) 1797 p->p_proc_flag &= ~P_PR_PTRACE; 1798 1799 return (0); 1800 } 1801 1802 static int 1803 pr_setfpregs(prnode_t *pnp, prfpregset_t *prfpregset) 1804 { 1805 proc_t *p = pnp->pr_common->prc_proc; 1806 kthread_t *t = pr_thread(pnp); /* returns locked thread */ 1807 1808 if (!ISTOPPED(t) && !VSTOPPED(t) && !DSTOPPED(t)) { 1809 thread_unlock(t); 1810 return (EBUSY); 1811 } 1812 if (!prhasfp()) { 1813 thread_unlock(t); 1814 return (EINVAL); /* No FP support */ 1815 } 1816 1817 /* drop p_lock while touching the lwp's stack */ 1818 thread_unlock(t); 1819 mutex_exit(&p->p_lock); 1820 prsetprfpregs(ttolwp(t), prfpregset); 1821 mutex_enter(&p->p_lock); 1822 1823 return (0); 1824 } 1825 1826 #ifdef _SYSCALL32_IMPL 1827 static int 1828 pr_setfpregs32(prnode_t *pnp, prfpregset32_t *prfpregset) 1829 { 1830 proc_t *p = pnp->pr_common->prc_proc; 1831 kthread_t *t = pr_thread(pnp); /* returns locked thread */ 1832 1833 if (!ISTOPPED(t) && !VSTOPPED(t) && !DSTOPPED(t)) { 1834 thread_unlock(t); 1835 return (EBUSY); 1836 } 1837 if (!prhasfp()) { 1838 thread_unlock(t); 1839 return (EINVAL); /* No FP support */ 1840 } 1841 1842 /* drop p_lock while touching the lwp's stack */ 1843 thread_unlock(t); 1844 mutex_exit(&p->p_lock); 1845 prsetprfpregs32(ttolwp(t), prfpregset); 1846 mutex_enter(&p->p_lock); 1847 1848 return (0); 1849 } 1850 #endif /* _SYSCALL32_IMPL */ 1851 1852 /* ARGSUSED */ 1853 static int 1854 pr_setxregs(prnode_t *pnp, prxregset_t *prxregset) 1855 { 1856 int error; 1857 proc_t *p = pnp->pr_common->prc_proc; 1858 kthread_t *t = pr_thread(pnp); /* returns locked thread */ 1859 1860 if (!ISTOPPED(t) && !VSTOPPED(t) && !DSTOPPED(t)) { 1861 thread_unlock(t); 1862 return (EBUSY); 1863 } 1864 thread_unlock(t); 1865 1866 if (!prhasx(p)) 1867 return (EINVAL); /* No extra register support */ 1868 1869 /* drop p_lock while touching the lwp's stack */ 1870 mutex_exit(&p->p_lock); 1871 error = prsetprxregs(ttolwp(t), prxregset); 1872 mutex_enter(&p->p_lock); 1873 1874 return (error); 1875 } 1876 1877 static int 1878 pr_setvaddr(prnode_t *pnp, caddr_t vaddr) 1879 { 1880 proc_t *p = pnp->pr_common->prc_proc; 1881 kthread_t *t = pr_thread(pnp); /* returns locked thread */ 1882 1883 if (!ISTOPPED(t) && !VSTOPPED(t) && !DSTOPPED(t)) { 1884 thread_unlock(t); 1885 return (EBUSY); 1886 } 1887 1888 /* drop p_lock while touching the lwp's stack */ 1889 thread_unlock(t); 1890 mutex_exit(&p->p_lock); 1891 prsvaddr(ttolwp(t), vaddr); 1892 mutex_enter(&p->p_lock); 1893 1894 return (0); 1895 } 1896 1897 void 1898 pr_sethold(prnode_t *pnp, sigset_t *sp) 1899 { 1900 proc_t *p = pnp->pr_common->prc_proc; 1901 kthread_t *t = pr_thread(pnp); /* returns locked thread */ 1902 1903 schedctl_finish_sigblock(t); 1904 sigutok(sp, &t->t_hold); 1905 if (ISWAKEABLE(t) && 1906 (fsig(&p->p_sig, t) || fsig(&t->t_sig, t))) 1907 setrun_locked(t); 1908 t->t_sig_check = 1; /* so thread will see new holdmask */ 1909 thread_unlock(t); 1910 } 1911 1912 void 1913 pr_setfault(proc_t *p, fltset_t *fltp) 1914 { 1915 prassignset(&p->p_fltmask, fltp); 1916 if (!prisempty(&p->p_fltmask)) 1917 p->p_proc_flag |= P_PR_TRACE; 1918 else if (sigisempty(&p->p_sigmask)) { 1919 user_t *up = PTOU(p); 1920 if (up->u_systrap == 0) 1921 p->p_proc_flag &= ~P_PR_TRACE; 1922 } 1923 } 1924 1925 static int 1926 pr_clearsig(prnode_t *pnp) 1927 { 1928 kthread_t *t = pr_thread(pnp); /* returns locked thread */ 1929 klwp_t *lwp = ttolwp(t); 1930 1931 thread_unlock(t); 1932 if (lwp->lwp_cursig == SIGKILL) 1933 return (EBUSY); 1934 1935 /* 1936 * Discard current siginfo_t, if any. 1937 */ 1938 lwp->lwp_cursig = 0; 1939 lwp->lwp_extsig = 0; 1940 if (lwp->lwp_curinfo) { 1941 siginfofree(lwp->lwp_curinfo); 1942 lwp->lwp_curinfo = NULL; 1943 } 1944 1945 return (0); 1946 } 1947 1948 static int 1949 pr_clearflt(prnode_t *pnp) 1950 { 1951 kthread_t *t = pr_thread(pnp); /* returns locked thread */ 1952 1953 thread_unlock(t); 1954 ttolwp(t)->lwp_curflt = 0; 1955 1956 return (0); 1957 } 1958 1959 static int 1960 pr_watch(prnode_t *pnp, prwatch_t *pwp, int *unlocked) 1961 { 1962 proc_t *p = pnp->pr_common->prc_proc; 1963 struct as *as = p->p_as; 1964 uintptr_t vaddr = pwp->pr_vaddr; 1965 size_t size = pwp->pr_size; 1966 int wflags = pwp->pr_wflags; 1967 ulong_t newpage = 0; 1968 struct watched_area *pwa; 1969 int error; 1970 1971 *unlocked = 0; 1972 1973 /* 1974 * Can't apply to a system process. 1975 */ 1976 if ((p->p_flag & SSYS) || p->p_as == &kas) 1977 return (EBUSY); 1978 1979 /* 1980 * Verify that the address range does not wrap 1981 * and that only the proper flags were specified. 1982 */ 1983 if ((wflags & ~WA_TRAPAFTER) == 0) 1984 size = 0; 1985 if (vaddr + size < vaddr || 1986 (wflags & ~(WA_READ|WA_WRITE|WA_EXEC|WA_TRAPAFTER)) != 0 || 1987 ((wflags & ~WA_TRAPAFTER) != 0 && size == 0)) 1988 return (EINVAL); 1989 1990 /* 1991 * Don't let the address range go above as->a_userlimit. 1992 * There is no error here, just a limitation. 1993 */ 1994 if (vaddr >= (uintptr_t)as->a_userlimit) 1995 return (0); 1996 if (vaddr + size > (uintptr_t)as->a_userlimit) 1997 size = (uintptr_t)as->a_userlimit - vaddr; 1998 1999 /* 2000 * Compute maximum number of pages this will add. 2001 */ 2002 if ((wflags & ~WA_TRAPAFTER) != 0) { 2003 ulong_t pagespan = (vaddr + size) - (vaddr & PAGEMASK); 2004 newpage = btopr(pagespan); 2005 if (newpage > 2 * prnwatch) 2006 return (E2BIG); 2007 } 2008 2009 /* 2010 * Force the process to be fully stopped. 2011 */ 2012 if (p == curproc) { 2013 prunlock(pnp); 2014 while (holdwatch() != 0) 2015 continue; 2016 if ((error = prlock(pnp, ZNO)) != 0) { 2017 continuelwps(p); 2018 *unlocked = 1; 2019 return (error); 2020 } 2021 } else { 2022 pauselwps(p); 2023 while (pr_allstopped(p, 0) > 0) { 2024 /* 2025 * This cv/mutex pair is persistent even 2026 * if the process disappears after we 2027 * unmark it and drop p->p_lock. 2028 */ 2029 kcondvar_t *cv = &pr_pid_cv[p->p_slot]; 2030 kmutex_t *mp = &p->p_lock; 2031 2032 prunmark(p); 2033 (void) cv_wait(cv, mp); 2034 mutex_exit(mp); 2035 if ((error = prlock(pnp, ZNO)) != 0) { 2036 /* 2037 * Unpause the process if it exists. 2038 */ 2039 p = pr_p_lock(pnp); 2040 mutex_exit(&pr_pidlock); 2041 if (p != NULL) { 2042 unpauselwps(p); 2043 prunlock(pnp); 2044 } 2045 *unlocked = 1; 2046 return (error); 2047 } 2048 } 2049 } 2050 2051 /* 2052 * Drop p->p_lock in order to perform the rest of this. 2053 * The process is still locked with the P_PR_LOCK flag. 2054 */ 2055 mutex_exit(&p->p_lock); 2056 2057 pwa = kmem_alloc(sizeof (struct watched_area), KM_SLEEP); 2058 pwa->wa_vaddr = (caddr_t)vaddr; 2059 pwa->wa_eaddr = (caddr_t)vaddr + size; 2060 pwa->wa_flags = (ulong_t)wflags; 2061 2062 error = ((pwa->wa_flags & ~WA_TRAPAFTER) == 0)? 2063 clear_watched_area(p, pwa) : set_watched_area(p, pwa); 2064 2065 if (p == curproc) { 2066 setallwatch(); 2067 mutex_enter(&p->p_lock); 2068 continuelwps(p); 2069 } else { 2070 mutex_enter(&p->p_lock); 2071 unpauselwps(p); 2072 } 2073 2074 return (error); 2075 } 2076 2077 /* jobcontrol stopped, but with a /proc directed stop in effect */ 2078 #define JDSTOPPED(t) \ 2079 ((t)->t_state == TS_STOPPED && \ 2080 (t)->t_whystop == PR_JOBCONTROL && \ 2081 ((t)->t_proc_flag & TP_PRSTOP)) 2082 2083 /* 2084 * pr_agent() creates the agent lwp. If the process is exiting while 2085 * we are creating an agent lwp, then exitlwps() waits until the 2086 * agent has been created using prbarrier(). 2087 */ 2088 static int 2089 pr_agent(prnode_t *pnp, prgregset_t prgregset, int *unlocked) 2090 { 2091 proc_t *p = pnp->pr_common->prc_proc; 2092 prcommon_t *pcp; 2093 kthread_t *t; 2094 kthread_t *ct; 2095 klwp_t *clwp; 2096 k_sigset_t smask; 2097 int cid; 2098 void *bufp = NULL; 2099 int error; 2100 2101 *unlocked = 0; 2102 2103 /* 2104 * Cannot create the /proc agent lwp if :- 2105 * - the process is not fully stopped or directed to stop. 2106 * - there is an agent lwp already. 2107 * - the process has been killed. 2108 * - the process is exiting. 2109 * - it's a vfork(2) parent. 2110 */ 2111 t = prchoose(p); /* returns locked thread */ 2112 ASSERT(t != NULL); 2113 2114 if ((!ISTOPPED(t) && !VSTOPPED(t) && !SUSPENDED(t) && !JDSTOPPED(t)) || 2115 p->p_agenttp != NULL || 2116 (p->p_flag & (SKILLED | SEXITING | SVFWAIT))) { 2117 thread_unlock(t); 2118 return (EBUSY); 2119 } 2120 2121 thread_unlock(t); 2122 mutex_exit(&p->p_lock); 2123 2124 sigfillset(&smask); 2125 sigdiffset(&smask, &cantmask); 2126 clwp = lwp_create(lwp_rtt, NULL, 0, p, TS_STOPPED, 2127 t->t_pri, &smask, NOCLASS, 0); 2128 if (clwp == NULL) { 2129 mutex_enter(&p->p_lock); 2130 return (ENOMEM); 2131 } 2132 prsetprregs(clwp, prgregset, 1); 2133 2134 /* 2135 * Because abandoning the agent inside the target process leads to 2136 * a state that is essentially undebuggable, we record the psinfo of 2137 * the process creating the agent and hang that off of the lwp. 2138 */ 2139 clwp->lwp_spymaster = kmem_zalloc(sizeof (psinfo_t), KM_SLEEP); 2140 mutex_enter(&curproc->p_lock); 2141 prgetpsinfo(curproc, clwp->lwp_spymaster); 2142 mutex_exit(&curproc->p_lock); 2143 2144 /* 2145 * We overload pr_time in the spymaster to denote the time at which the 2146 * agent was created. 2147 */ 2148 gethrestime(&clwp->lwp_spymaster->pr_time); 2149 2150 retry: 2151 cid = t->t_cid; 2152 (void) CL_ALLOC(&bufp, cid, KM_SLEEP); 2153 mutex_enter(&p->p_lock); 2154 if (cid != t->t_cid) { 2155 /* 2156 * Someone just changed this thread's scheduling class, 2157 * so try pre-allocating the buffer again. Hopefully we 2158 * don't hit this often. 2159 */ 2160 mutex_exit(&p->p_lock); 2161 CL_FREE(cid, bufp); 2162 goto retry; 2163 } 2164 2165 clwp->lwp_ap = clwp->lwp_arg; 2166 clwp->lwp_eosys = NORMALRETURN; 2167 ct = lwptot(clwp); 2168 ct->t_clfuncs = t->t_clfuncs; 2169 CL_FORK(t, ct, bufp); 2170 ct->t_cid = t->t_cid; 2171 ct->t_proc_flag |= TP_PRSTOP; 2172 /* 2173 * Setting t_sysnum to zero causes post_syscall() 2174 * to bypass all syscall checks and go directly to 2175 * if (issig()) psig(); 2176 * so that the agent lwp will stop in issig_forreal() 2177 * showing PR_REQUESTED. 2178 */ 2179 ct->t_sysnum = 0; 2180 ct->t_post_sys = 1; 2181 ct->t_sig_check = 1; 2182 p->p_agenttp = ct; 2183 ct->t_proc_flag &= ~TP_HOLDLWP; 2184 2185 pcp = pnp->pr_pcommon; 2186 mutex_enter(&pcp->prc_mutex); 2187 2188 lwp_create_done(ct); 2189 2190 /* 2191 * Don't return until the agent is stopped on PR_REQUESTED. 2192 */ 2193 2194 for (;;) { 2195 prunlock(pnp); 2196 *unlocked = 1; 2197 2198 /* 2199 * Wait for the agent to stop and notify us. 2200 * If we've been interrupted, return that information. 2201 */ 2202 error = pr_wait(pcp, NULL, 0); 2203 if (error == EINTR) { 2204 error = 0; 2205 break; 2206 } 2207 2208 /* 2209 * Confirm that the agent LWP has stopped. 2210 */ 2211 2212 if ((error = prlock(pnp, ZNO)) != 0) 2213 break; 2214 *unlocked = 0; 2215 2216 /* 2217 * Since we dropped the lock on the process, the agent 2218 * may have disappeared or changed. Grab the current 2219 * agent and check fail if it has disappeared. 2220 */ 2221 if ((ct = p->p_agenttp) == NULL) { 2222 error = ENOENT; 2223 break; 2224 } 2225 2226 mutex_enter(&pcp->prc_mutex); 2227 thread_lock(ct); 2228 2229 if (ISTOPPED(ct)) { 2230 thread_unlock(ct); 2231 mutex_exit(&pcp->prc_mutex); 2232 break; 2233 } 2234 2235 thread_unlock(ct); 2236 } 2237 2238 return (error ? error : -1); 2239 } 2240 2241 static int 2242 pr_rdwr(proc_t *p, enum uio_rw rw, priovec_t *pio) 2243 { 2244 caddr_t base = (caddr_t)pio->pio_base; 2245 size_t cnt = pio->pio_len; 2246 uintptr_t offset = (uintptr_t)pio->pio_offset; 2247 struct uio auio; 2248 struct iovec aiov; 2249 int error = 0; 2250 2251 if ((p->p_flag & SSYS) || p->p_as == &kas) 2252 error = EIO; 2253 else if ((base + cnt) < base || (offset + cnt) < offset) 2254 error = EINVAL; 2255 else if (cnt != 0) { 2256 aiov.iov_base = base; 2257 aiov.iov_len = cnt; 2258 2259 auio.uio_loffset = offset; 2260 auio.uio_iov = &aiov; 2261 auio.uio_iovcnt = 1; 2262 auio.uio_resid = cnt; 2263 auio.uio_segflg = UIO_USERSPACE; 2264 auio.uio_llimit = (longlong_t)MAXOFFSET_T; 2265 auio.uio_fmode = FREAD|FWRITE; 2266 auio.uio_extflg = UIO_COPY_DEFAULT; 2267 2268 mutex_exit(&p->p_lock); 2269 error = prusrio(p, rw, &auio, 0); 2270 mutex_enter(&p->p_lock); 2271 2272 /* 2273 * We have no way to return the i/o count, 2274 * like read() or write() would do, so we 2275 * return an error if the i/o was truncated. 2276 */ 2277 if (auio.uio_resid != 0 && error == 0) 2278 error = EIO; 2279 } 2280 2281 return (error); 2282 } 2283 2284 static int 2285 pr_scred(proc_t *p, prcred_t *prcred, cred_t *cr, boolean_t dogrps) 2286 { 2287 kthread_t *t; 2288 cred_t *oldcred; 2289 cred_t *newcred; 2290 uid_t oldruid; 2291 int error; 2292 zone_t *zone = crgetzone(cr); 2293 2294 if (!VALID_UID(prcred->pr_euid, zone) || 2295 !VALID_UID(prcred->pr_ruid, zone) || 2296 !VALID_UID(prcred->pr_suid, zone) || 2297 !VALID_GID(prcred->pr_egid, zone) || 2298 !VALID_GID(prcred->pr_rgid, zone) || 2299 !VALID_GID(prcred->pr_sgid, zone)) 2300 return (EINVAL); 2301 2302 if (dogrps) { 2303 int ngrp = prcred->pr_ngroups; 2304 int i; 2305 2306 if (ngrp < 0 || ngrp > ngroups_max) 2307 return (EINVAL); 2308 2309 for (i = 0; i < ngrp; i++) { 2310 if (!VALID_GID(prcred->pr_groups[i], zone)) 2311 return (EINVAL); 2312 } 2313 } 2314 2315 error = secpolicy_allow_setid(cr, prcred->pr_euid, B_FALSE); 2316 2317 if (error == 0 && prcred->pr_ruid != prcred->pr_euid) 2318 error = secpolicy_allow_setid(cr, prcred->pr_ruid, B_FALSE); 2319 2320 if (error == 0 && prcred->pr_suid != prcred->pr_euid && 2321 prcred->pr_suid != prcred->pr_ruid) 2322 error = secpolicy_allow_setid(cr, prcred->pr_suid, B_FALSE); 2323 2324 if (error) 2325 return (error); 2326 2327 mutex_exit(&p->p_lock); 2328 2329 /* hold old cred so it doesn't disappear while we dup it */ 2330 mutex_enter(&p->p_crlock); 2331 crhold(oldcred = p->p_cred); 2332 mutex_exit(&p->p_crlock); 2333 newcred = crdup(oldcred); 2334 oldruid = crgetruid(oldcred); 2335 crfree(oldcred); 2336 2337 /* Error checking done above */ 2338 (void) crsetresuid(newcred, prcred->pr_ruid, prcred->pr_euid, 2339 prcred->pr_suid); 2340 (void) crsetresgid(newcred, prcred->pr_rgid, prcred->pr_egid, 2341 prcred->pr_sgid); 2342 2343 if (dogrps) { 2344 (void) crsetgroups(newcred, prcred->pr_ngroups, 2345 prcred->pr_groups); 2346 2347 } 2348 2349 mutex_enter(&p->p_crlock); 2350 oldcred = p->p_cred; 2351 p->p_cred = newcred; 2352 mutex_exit(&p->p_crlock); 2353 crfree(oldcred); 2354 2355 /* 2356 * Keep count of processes per uid consistent. 2357 */ 2358 if (oldruid != prcred->pr_ruid) { 2359 zoneid_t zoneid = crgetzoneid(newcred); 2360 2361 mutex_enter(&pidlock); 2362 upcount_dec(oldruid, zoneid); 2363 upcount_inc(prcred->pr_ruid, zoneid); 2364 mutex_exit(&pidlock); 2365 } 2366 2367 /* 2368 * Broadcast the cred change to the threads. 2369 */ 2370 mutex_enter(&p->p_lock); 2371 t = p->p_tlist; 2372 do { 2373 t->t_pre_sys = 1; /* so syscall will get new cred */ 2374 } while ((t = t->t_forw) != p->p_tlist); 2375 2376 return (0); 2377 } 2378 2379 /* 2380 * Change process credentials to specified zone. Used to temporarily 2381 * set a process to run in the global zone; only transitions between 2382 * the process's actual zone and the global zone are allowed. 2383 */ 2384 static int 2385 pr_szoneid(proc_t *p, zoneid_t zoneid, cred_t *cr) 2386 { 2387 kthread_t *t; 2388 cred_t *oldcred; 2389 cred_t *newcred; 2390 zone_t *zptr; 2391 zoneid_t oldzoneid; 2392 2393 if (secpolicy_zone_config(cr) != 0) 2394 return (EPERM); 2395 if (zoneid != GLOBAL_ZONEID && zoneid != p->p_zone->zone_id) 2396 return (EINVAL); 2397 if ((zptr = zone_find_by_id(zoneid)) == NULL) 2398 return (EINVAL); 2399 mutex_exit(&p->p_lock); 2400 mutex_enter(&p->p_crlock); 2401 oldcred = p->p_cred; 2402 crhold(oldcred); 2403 mutex_exit(&p->p_crlock); 2404 newcred = crdup(oldcred); 2405 oldzoneid = crgetzoneid(oldcred); 2406 crfree(oldcred); 2407 2408 crsetzone(newcred, zptr); 2409 zone_rele(zptr); 2410 2411 mutex_enter(&p->p_crlock); 2412 oldcred = p->p_cred; 2413 p->p_cred = newcred; 2414 mutex_exit(&p->p_crlock); 2415 crfree(oldcred); 2416 2417 /* 2418 * The target process is changing zones (according to its cred), so 2419 * update the per-zone upcounts, which are based on process creds. 2420 */ 2421 if (oldzoneid != zoneid) { 2422 uid_t ruid = crgetruid(newcred); 2423 2424 mutex_enter(&pidlock); 2425 upcount_dec(ruid, oldzoneid); 2426 upcount_inc(ruid, zoneid); 2427 mutex_exit(&pidlock); 2428 } 2429 /* 2430 * Broadcast the cred change to the threads. 2431 */ 2432 mutex_enter(&p->p_lock); 2433 t = p->p_tlist; 2434 do { 2435 t->t_pre_sys = 1; /* so syscall will get new cred */ 2436 } while ((t = t->t_forw) != p->p_tlist); 2437 2438 return (0); 2439 } 2440 2441 static int 2442 pr_spriv(proc_t *p, prpriv_t *prpriv, cred_t *cr) 2443 { 2444 kthread_t *t; 2445 int err; 2446 2447 ASSERT(MUTEX_HELD(&p->p_lock)); 2448 2449 if ((err = priv_pr_spriv(p, prpriv, cr)) == 0) { 2450 /* 2451 * Broadcast the cred change to the threads. 2452 */ 2453 t = p->p_tlist; 2454 do { 2455 t->t_pre_sys = 1; /* so syscall will get new cred */ 2456 } while ((t = t->t_forw) != p->p_tlist); 2457 } 2458 2459 return (err); 2460 } 2461 2462 /* 2463 * Return -1 if the process is the parent of a vfork(1) whose child has yet to 2464 * terminate or perform an exec(2). 2465 * 2466 * Returns 0 if the process is fully stopped except for the current thread (if 2467 * we are operating on our own process), 1 otherwise. 2468 * 2469 * If the watchstop flag is set, then we ignore threads with TP_WATCHSTOP set. 2470 * See holdwatch() for details. 2471 */ 2472 int 2473 pr_allstopped(proc_t *p, int watchstop) 2474 { 2475 kthread_t *t; 2476 int rv = 0; 2477 2478 ASSERT(MUTEX_HELD(&p->p_lock)); 2479 2480 if (p->p_flag & SVFWAIT) /* waiting for vfork'd child to exec */ 2481 return (-1); 2482 2483 if ((t = p->p_tlist) != NULL) { 2484 do { 2485 if (t == curthread || VSTOPPED(t) || 2486 (watchstop && (t->t_proc_flag & TP_WATCHSTOP))) 2487 continue; 2488 thread_lock(t); 2489 switch (t->t_state) { 2490 case TS_ZOMB: 2491 case TS_STOPPED: 2492 break; 2493 case TS_SLEEP: 2494 if (!(t->t_flag & T_WAKEABLE) || 2495 t->t_wchan0 == NULL) 2496 rv = 1; 2497 break; 2498 default: 2499 rv = 1; 2500 break; 2501 } 2502 thread_unlock(t); 2503 } while (rv == 0 && (t = t->t_forw) != p->p_tlist); 2504 } 2505 2506 return (rv); 2507 } 2508 2509 /* 2510 * Cause all lwps in the process to pause (for watchpoint operations). 2511 */ 2512 static void 2513 pauselwps(proc_t *p) 2514 { 2515 kthread_t *t; 2516 2517 ASSERT(MUTEX_HELD(&p->p_lock)); 2518 ASSERT(p != curproc); 2519 2520 if ((t = p->p_tlist) != NULL) { 2521 do { 2522 thread_lock(t); 2523 t->t_proc_flag |= TP_PAUSE; 2524 aston(t); 2525 if ((ISWAKEABLE(t) && (t->t_wchan0 == NULL)) || 2526 ISWAITING(t)) { 2527 setrun_locked(t); 2528 } 2529 prpokethread(t); 2530 thread_unlock(t); 2531 } while ((t = t->t_forw) != p->p_tlist); 2532 } 2533 } 2534 2535 /* 2536 * undo the effects of pauselwps() 2537 */ 2538 static void 2539 unpauselwps(proc_t *p) 2540 { 2541 kthread_t *t; 2542 2543 ASSERT(MUTEX_HELD(&p->p_lock)); 2544 ASSERT(p != curproc); 2545 2546 if ((t = p->p_tlist) != NULL) { 2547 do { 2548 thread_lock(t); 2549 t->t_proc_flag &= ~TP_PAUSE; 2550 if (t->t_state == TS_STOPPED) { 2551 t->t_schedflag |= TS_UNPAUSE; 2552 t->t_dtrace_stop = 0; 2553 setrun_locked(t); 2554 } 2555 thread_unlock(t); 2556 } while ((t = t->t_forw) != p->p_tlist); 2557 } 2558 } 2559 2560 /* 2561 * Cancel all watched areas. Called from prclose(). 2562 */ 2563 proc_t * 2564 pr_cancel_watch(prnode_t *pnp) 2565 { 2566 proc_t *p = pnp->pr_pcommon->prc_proc; 2567 struct as *as; 2568 kthread_t *t; 2569 2570 ASSERT(MUTEX_HELD(&p->p_lock) && (p->p_proc_flag & P_PR_LOCK)); 2571 2572 if (!pr_watch_active(p)) 2573 return (p); 2574 2575 /* 2576 * Pause the process before dealing with the watchpoints. 2577 */ 2578 if (p == curproc) { 2579 prunlock(pnp); 2580 while (holdwatch() != 0) 2581 continue; 2582 p = pr_p_lock(pnp); 2583 mutex_exit(&pr_pidlock); 2584 ASSERT(p == curproc); 2585 } else { 2586 pauselwps(p); 2587 while (p != NULL && pr_allstopped(p, 0) > 0) { 2588 /* 2589 * This cv/mutex pair is persistent even 2590 * if the process disappears after we 2591 * unmark it and drop p->p_lock. 2592 */ 2593 kcondvar_t *cv = &pr_pid_cv[p->p_slot]; 2594 kmutex_t *mp = &p->p_lock; 2595 2596 prunmark(p); 2597 (void) cv_wait(cv, mp); 2598 mutex_exit(mp); 2599 p = pr_p_lock(pnp); /* NULL if process disappeared */ 2600 mutex_exit(&pr_pidlock); 2601 } 2602 } 2603 2604 if (p == NULL) /* the process disappeared */ 2605 return (NULL); 2606 2607 ASSERT(p == pnp->pr_pcommon->prc_proc); 2608 ASSERT(MUTEX_HELD(&p->p_lock) && (p->p_proc_flag & P_PR_LOCK)); 2609 2610 if (pr_watch_active(p)) { 2611 pr_free_watchpoints(p); 2612 if ((t = p->p_tlist) != NULL) { 2613 do { 2614 watch_disable(t); 2615 2616 } while ((t = t->t_forw) != p->p_tlist); 2617 } 2618 } 2619 2620 if ((as = p->p_as) != NULL) { 2621 avl_tree_t *tree; 2622 struct watched_page *pwp; 2623 2624 /* 2625 * If this is the parent of a vfork, the watched page 2626 * list has been moved temporarily to p->p_wpage. 2627 */ 2628 if (avl_numnodes(&p->p_wpage) != 0) 2629 tree = &p->p_wpage; 2630 else 2631 tree = &as->a_wpage; 2632 2633 mutex_exit(&p->p_lock); 2634 AS_LOCK_ENTER(as, RW_WRITER); 2635 2636 for (pwp = avl_first(tree); pwp != NULL; 2637 pwp = AVL_NEXT(tree, pwp)) { 2638 pwp->wp_read = 0; 2639 pwp->wp_write = 0; 2640 pwp->wp_exec = 0; 2641 if ((pwp->wp_flags & WP_SETPROT) == 0) { 2642 pwp->wp_flags |= WP_SETPROT; 2643 pwp->wp_prot = pwp->wp_oprot; 2644 pwp->wp_list = p->p_wprot; 2645 p->p_wprot = pwp; 2646 } 2647 } 2648 2649 AS_LOCK_EXIT(as); 2650 mutex_enter(&p->p_lock); 2651 } 2652 2653 /* 2654 * Unpause the process now. 2655 */ 2656 if (p == curproc) 2657 continuelwps(p); 2658 else 2659 unpauselwps(p); 2660 2661 return (p); 2662 } 2663