1 /* 2 * linux/kernel/ptrace.c 3 * 4 * (C) Copyright 1999 Linus Torvalds 5 * 6 * Common interfaces for "ptrace()" which we do not want 7 * to continually duplicate across every architecture. 8 */ 9 10 #include <linux/capability.h> 11 #include <linux/module.h> 12 #include <linux/sched.h> 13 #include <linux/errno.h> 14 #include <linux/mm.h> 15 #include <linux/highmem.h> 16 #include <linux/pagemap.h> 17 #include <linux/smp_lock.h> 18 #include <linux/ptrace.h> 19 #include <linux/security.h> 20 #include <linux/signal.h> 21 22 #include <asm/pgtable.h> 23 #include <asm/uaccess.h> 24 25 /* 26 * ptrace a task: make the debugger its new parent and 27 * move it to the ptrace list. 28 * 29 * Must be called with the tasklist lock write-held. 30 */ 31 void __ptrace_link(task_t *child, task_t *new_parent) 32 { 33 BUG_ON(!list_empty(&child->ptrace_list)); 34 if (child->parent == new_parent) 35 return; 36 list_add(&child->ptrace_list, &child->parent->ptrace_children); 37 remove_parent(child); 38 child->parent = new_parent; 39 add_parent(child); 40 } 41 42 /* 43 * Turn a tracing stop into a normal stop now, since with no tracer there 44 * would be no way to wake it up with SIGCONT or SIGKILL. If there was a 45 * signal sent that would resume the child, but didn't because it was in 46 * TASK_TRACED, resume it now. 47 * Requires that irqs be disabled. 48 */ 49 void ptrace_untrace(task_t *child) 50 { 51 spin_lock(&child->sighand->siglock); 52 if (child->state == TASK_TRACED) { 53 if (child->signal->flags & SIGNAL_STOP_STOPPED) { 54 child->state = TASK_STOPPED; 55 } else { 56 signal_wake_up(child, 1); 57 } 58 } 59 spin_unlock(&child->sighand->siglock); 60 } 61 62 /* 63 * unptrace a task: move it back to its original parent and 64 * remove it from the ptrace list. 65 * 66 * Must be called with the tasklist lock write-held. 67 */ 68 void __ptrace_unlink(task_t *child) 69 { 70 BUG_ON(!child->ptrace); 71 72 child->ptrace = 0; 73 if (!list_empty(&child->ptrace_list)) { 74 list_del_init(&child->ptrace_list); 75 remove_parent(child); 76 child->parent = child->real_parent; 77 add_parent(child); 78 } 79 80 if (child->state == TASK_TRACED) 81 ptrace_untrace(child); 82 } 83 84 /* 85 * Check that we have indeed attached to the thing.. 86 */ 87 int ptrace_check_attach(struct task_struct *child, int kill) 88 { 89 int ret = -ESRCH; 90 91 /* 92 * We take the read lock around doing both checks to close a 93 * possible race where someone else was tracing our child and 94 * detached between these two checks. After this locked check, 95 * we are sure that this is our traced child and that can only 96 * be changed by us so it's not changing right after this. 97 */ 98 read_lock(&tasklist_lock); 99 if ((child->ptrace & PT_PTRACED) && child->parent == current && 100 (!(child->ptrace & PT_ATTACHED) || child->real_parent != current) 101 && child->signal != NULL) { 102 ret = 0; 103 spin_lock_irq(&child->sighand->siglock); 104 if (child->state == TASK_STOPPED) { 105 child->state = TASK_TRACED; 106 } else if (child->state != TASK_TRACED && !kill) { 107 ret = -ESRCH; 108 } 109 spin_unlock_irq(&child->sighand->siglock); 110 } 111 read_unlock(&tasklist_lock); 112 113 if (!ret && !kill) { 114 wait_task_inactive(child); 115 } 116 117 /* All systems go.. */ 118 return ret; 119 } 120 121 static int may_attach(struct task_struct *task) 122 { 123 if (!task->mm) 124 return -EPERM; 125 if (((current->uid != task->euid) || 126 (current->uid != task->suid) || 127 (current->uid != task->uid) || 128 (current->gid != task->egid) || 129 (current->gid != task->sgid) || 130 (current->gid != task->gid)) && !capable(CAP_SYS_PTRACE)) 131 return -EPERM; 132 smp_rmb(); 133 if (!task->mm->dumpable && !capable(CAP_SYS_PTRACE)) 134 return -EPERM; 135 136 return security_ptrace(current, task); 137 } 138 139 int ptrace_may_attach(struct task_struct *task) 140 { 141 int err; 142 task_lock(task); 143 err = may_attach(task); 144 task_unlock(task); 145 return !err; 146 } 147 148 int ptrace_attach(struct task_struct *task) 149 { 150 int retval; 151 task_lock(task); 152 retval = -EPERM; 153 if (task->pid <= 1) 154 goto bad; 155 if (task->tgid == current->tgid) 156 goto bad; 157 /* the same process cannot be attached many times */ 158 if (task->ptrace & PT_PTRACED) 159 goto bad; 160 retval = may_attach(task); 161 if (retval) 162 goto bad; 163 164 /* Go */ 165 task->ptrace |= PT_PTRACED | ((task->real_parent != current) 166 ? PT_ATTACHED : 0); 167 if (capable(CAP_SYS_PTRACE)) 168 task->ptrace |= PT_PTRACE_CAP; 169 task_unlock(task); 170 171 write_lock_irq(&tasklist_lock); 172 __ptrace_link(task, current); 173 write_unlock_irq(&tasklist_lock); 174 175 force_sig_specific(SIGSTOP, task); 176 return 0; 177 178 bad: 179 task_unlock(task); 180 return retval; 181 } 182 183 void __ptrace_detach(struct task_struct *child, unsigned int data) 184 { 185 child->exit_code = data; 186 /* .. re-parent .. */ 187 __ptrace_unlink(child); 188 /* .. and wake it up. */ 189 if (child->exit_state != EXIT_ZOMBIE) 190 wake_up_process(child); 191 } 192 193 int ptrace_detach(struct task_struct *child, unsigned int data) 194 { 195 if (!valid_signal(data)) 196 return -EIO; 197 198 /* Architecture-specific hardware disable .. */ 199 ptrace_disable(child); 200 201 write_lock_irq(&tasklist_lock); 202 if (child->ptrace) 203 __ptrace_detach(child, data); 204 write_unlock_irq(&tasklist_lock); 205 206 return 0; 207 } 208 209 /* 210 * Access another process' address space. 211 * Source/target buffer must be kernel space, 212 * Do not walk the page table directly, use get_user_pages 213 */ 214 215 int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write) 216 { 217 struct mm_struct *mm; 218 struct vm_area_struct *vma; 219 struct page *page; 220 void *old_buf = buf; 221 222 mm = get_task_mm(tsk); 223 if (!mm) 224 return 0; 225 226 down_read(&mm->mmap_sem); 227 /* ignore errors, just check how much was sucessfully transfered */ 228 while (len) { 229 int bytes, ret, offset; 230 void *maddr; 231 232 ret = get_user_pages(tsk, mm, addr, 1, 233 write, 1, &page, &vma); 234 if (ret <= 0) 235 break; 236 237 bytes = len; 238 offset = addr & (PAGE_SIZE-1); 239 if (bytes > PAGE_SIZE-offset) 240 bytes = PAGE_SIZE-offset; 241 242 maddr = kmap(page); 243 if (write) { 244 copy_to_user_page(vma, page, addr, 245 maddr + offset, buf, bytes); 246 set_page_dirty_lock(page); 247 } else { 248 copy_from_user_page(vma, page, addr, 249 buf, maddr + offset, bytes); 250 } 251 kunmap(page); 252 page_cache_release(page); 253 len -= bytes; 254 buf += bytes; 255 addr += bytes; 256 } 257 up_read(&mm->mmap_sem); 258 mmput(mm); 259 260 return buf - old_buf; 261 } 262 263 int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst, int len) 264 { 265 int copied = 0; 266 267 while (len > 0) { 268 char buf[128]; 269 int this_len, retval; 270 271 this_len = (len > sizeof(buf)) ? sizeof(buf) : len; 272 retval = access_process_vm(tsk, src, buf, this_len, 0); 273 if (!retval) { 274 if (copied) 275 break; 276 return -EIO; 277 } 278 if (copy_to_user(dst, buf, retval)) 279 return -EFAULT; 280 copied += retval; 281 src += retval; 282 dst += retval; 283 len -= retval; 284 } 285 return copied; 286 } 287 288 int ptrace_writedata(struct task_struct *tsk, char __user *src, unsigned long dst, int len) 289 { 290 int copied = 0; 291 292 while (len > 0) { 293 char buf[128]; 294 int this_len, retval; 295 296 this_len = (len > sizeof(buf)) ? sizeof(buf) : len; 297 if (copy_from_user(buf, src, this_len)) 298 return -EFAULT; 299 retval = access_process_vm(tsk, dst, buf, this_len, 1); 300 if (!retval) { 301 if (copied) 302 break; 303 return -EIO; 304 } 305 copied += retval; 306 src += retval; 307 dst += retval; 308 len -= retval; 309 } 310 return copied; 311 } 312 313 static int ptrace_setoptions(struct task_struct *child, long data) 314 { 315 child->ptrace &= ~PT_TRACE_MASK; 316 317 if (data & PTRACE_O_TRACESYSGOOD) 318 child->ptrace |= PT_TRACESYSGOOD; 319 320 if (data & PTRACE_O_TRACEFORK) 321 child->ptrace |= PT_TRACE_FORK; 322 323 if (data & PTRACE_O_TRACEVFORK) 324 child->ptrace |= PT_TRACE_VFORK; 325 326 if (data & PTRACE_O_TRACECLONE) 327 child->ptrace |= PT_TRACE_CLONE; 328 329 if (data & PTRACE_O_TRACEEXEC) 330 child->ptrace |= PT_TRACE_EXEC; 331 332 if (data & PTRACE_O_TRACEVFORKDONE) 333 child->ptrace |= PT_TRACE_VFORK_DONE; 334 335 if (data & PTRACE_O_TRACEEXIT) 336 child->ptrace |= PT_TRACE_EXIT; 337 338 return (data & ~PTRACE_O_MASK) ? -EINVAL : 0; 339 } 340 341 static int ptrace_getsiginfo(struct task_struct *child, siginfo_t __user * data) 342 { 343 siginfo_t lastinfo; 344 int error = -ESRCH; 345 346 read_lock(&tasklist_lock); 347 if (likely(child->sighand != NULL)) { 348 error = -EINVAL; 349 spin_lock_irq(&child->sighand->siglock); 350 if (likely(child->last_siginfo != NULL)) { 351 lastinfo = *child->last_siginfo; 352 error = 0; 353 } 354 spin_unlock_irq(&child->sighand->siglock); 355 } 356 read_unlock(&tasklist_lock); 357 if (!error) 358 return copy_siginfo_to_user(data, &lastinfo); 359 return error; 360 } 361 362 static int ptrace_setsiginfo(struct task_struct *child, siginfo_t __user * data) 363 { 364 siginfo_t newinfo; 365 int error = -ESRCH; 366 367 if (copy_from_user(&newinfo, data, sizeof (siginfo_t))) 368 return -EFAULT; 369 370 read_lock(&tasklist_lock); 371 if (likely(child->sighand != NULL)) { 372 error = -EINVAL; 373 spin_lock_irq(&child->sighand->siglock); 374 if (likely(child->last_siginfo != NULL)) { 375 *child->last_siginfo = newinfo; 376 error = 0; 377 } 378 spin_unlock_irq(&child->sighand->siglock); 379 } 380 read_unlock(&tasklist_lock); 381 return error; 382 } 383 384 int ptrace_request(struct task_struct *child, long request, 385 long addr, long data) 386 { 387 int ret = -EIO; 388 389 switch (request) { 390 #ifdef PTRACE_OLDSETOPTIONS 391 case PTRACE_OLDSETOPTIONS: 392 #endif 393 case PTRACE_SETOPTIONS: 394 ret = ptrace_setoptions(child, data); 395 break; 396 case PTRACE_GETEVENTMSG: 397 ret = put_user(child->ptrace_message, (unsigned long __user *) data); 398 break; 399 case PTRACE_GETSIGINFO: 400 ret = ptrace_getsiginfo(child, (siginfo_t __user *) data); 401 break; 402 case PTRACE_SETSIGINFO: 403 ret = ptrace_setsiginfo(child, (siginfo_t __user *) data); 404 break; 405 default: 406 break; 407 } 408 409 return ret; 410 } 411 412 /** 413 * ptrace_traceme -- helper for PTRACE_TRACEME 414 * 415 * Performs checks and sets PT_PTRACED. 416 * Should be used by all ptrace implementations for PTRACE_TRACEME. 417 */ 418 int ptrace_traceme(void) 419 { 420 int ret; 421 422 /* 423 * Are we already being traced? 424 */ 425 if (current->ptrace & PT_PTRACED) 426 return -EPERM; 427 ret = security_ptrace(current->parent, current); 428 if (ret) 429 return -EPERM; 430 /* 431 * Set the ptrace bit in the process ptrace flags. 432 */ 433 current->ptrace |= PT_PTRACED; 434 return 0; 435 } 436 437 /** 438 * ptrace_get_task_struct -- grab a task struct reference for ptrace 439 * @pid: process id to grab a task_struct reference of 440 * 441 * This function is a helper for ptrace implementations. It checks 442 * permissions and then grabs a task struct for use of the actual 443 * ptrace implementation. 444 * 445 * Returns the task_struct for @pid or an ERR_PTR() on failure. 446 */ 447 struct task_struct *ptrace_get_task_struct(pid_t pid) 448 { 449 struct task_struct *child; 450 451 /* 452 * Tracing init is not allowed. 453 */ 454 if (pid == 1) 455 return ERR_PTR(-EPERM); 456 457 read_lock(&tasklist_lock); 458 child = find_task_by_pid(pid); 459 if (child) 460 get_task_struct(child); 461 read_unlock(&tasklist_lock); 462 if (!child) 463 return ERR_PTR(-ESRCH); 464 return child; 465 } 466 467 #ifndef __ARCH_SYS_PTRACE 468 asmlinkage long sys_ptrace(long request, long pid, long addr, long data) 469 { 470 struct task_struct *child; 471 long ret; 472 473 /* 474 * This lock_kernel fixes a subtle race with suid exec 475 */ 476 lock_kernel(); 477 if (request == PTRACE_TRACEME) { 478 ret = ptrace_traceme(); 479 goto out; 480 } 481 482 child = ptrace_get_task_struct(pid); 483 if (IS_ERR(child)) { 484 ret = PTR_ERR(child); 485 goto out; 486 } 487 488 if (request == PTRACE_ATTACH) { 489 ret = ptrace_attach(child); 490 goto out_put_task_struct; 491 } 492 493 ret = ptrace_check_attach(child, request == PTRACE_KILL); 494 if (ret < 0) 495 goto out_put_task_struct; 496 497 ret = arch_ptrace(child, request, addr, data); 498 if (ret < 0) 499 goto out_put_task_struct; 500 501 out_put_task_struct: 502 put_task_struct(child); 503 out: 504 unlock_kernel(); 505 return ret; 506 } 507 #endif /* __ARCH_SYS_PTRACE */ 508