Cross Reference: /freebsd-11.0-release/sys/kern/sys

Deleted Added

sdiff udiff text old ( 91007 ) new ( 91140 )

full compact

sys_process.c (91007)	sys_process.c (91140)
1/* 2 * Copyright (c) 1994, Sean Eric Fagan 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by Sean Eric Fagan. 16 * 4. The name of the author may not be used to endorse or promote products 17 * derived from this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 *	1/* 2 * Copyright (c) 1994, Sean Eric Fagan 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by Sean Eric Fagan. 16 * 4. The name of the author may not be used to endorse or promote products 17 * derived from this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 *
31 * $FreeBSD: head/sys/kern/sys_process.c 91007 2002-02-21 04:47:38Z bde $	31 * $FreeBSD: head/sys/kern/sys_process.c 91140 2002-02-23 11:12:57Z tanimura $
32 / 33 34#include <sys/param.h> 35#include <sys/systm.h> 36#include <sys/lock.h> 37#include <sys/mutex.h> 38#include <sys/sysproto.h> 39#include <sys/proc.h> 40#include <sys/vnode.h> 41#include <sys/ptrace.h> 42#include <sys/sx.h> 43#include <sys/user.h> 44 45#include <machine/reg.h> 46 47#include <vm/vm.h> 48#include <vm/pmap.h> 49#include <vm/vm_extern.h> 50#include <vm/vm_map.h> 51#include <vm/vm_kern.h> 52#include <vm/vm_object.h> 53#include <vm/vm_page.h> 54 55/ 56 * Functions implemented using PROC_ACTION(): 57 * 58 * proc_read_regs(proc, regs) 59 * Get the current user-visible register set from the process 60 * and copy it into the regs structure (<machine/reg.h>). 61 * The process is stopped at the time read_regs is called. 62 * 63 * proc_write_regs(proc, regs) 64 * Update the current register set from the passed in regs 65 * structure. Take care to avoid clobbering special CPU 66 * registers or privileged bits in the PSL. 67 * Depending on the architecture this may have fix-up work to do, 68 * especially if the IAR or PCW are modified. 69 * The process is stopped at the time write_regs is called. 70 * 71 * proc_read_fpregs, proc_write_fpregs 72 * deal with the floating point register set, otherwise as above. 73 * 74 * proc_read_dbregs, proc_write_dbregs 75 * deal with the processor debug register set, otherwise as above. 76 * 77 * proc_sstep(proc) 78 * Arrange for the process to trap after executing a single instruction. 79 / 80 81#define PROC_ACTION(action) do { \ 82 int error; \ 83 \ 84 mtx_lock_spin(&sched_lock); \ 85 if ((td->td_proc->p_sflag & PS_INMEM) == 0) \ 86 error = EIO; \ 87 else \ 88 error = (action); \ 89 mtx_unlock_spin(&sched_lock); \ 90 return (error); \ 91} while(0) 92 93int 94proc_read_regs(struct thread td, struct reg regs) 95{ 96 97 PROC_ACTION(fill_regs(td, regs)); 98} 99 100int 101proc_write_regs(struct thread td, struct reg regs) 102{ 103* 104 PROC_ACTION(set_regs(td, regs)); 105} 106 107int 108proc_read_dbregs(struct thread td, struct dbreg dbregs) 109{ 110 111 PROC_ACTION(fill_dbregs(td, dbregs)); 112} 113 114int 115proc_write_dbregs(struct thread td, struct dbreg dbregs) 116{ 117 118 PROC_ACTION(set_dbregs(td, dbregs)); 119} 120 121/* 122 * Ptrace doesn't support fpregs at all, and there are no security holes 123 * or translations for fpregs, so we can just copy them. 124 / 125int 126proc_read_fpregs(struct thread td, struct fpreg fpregs) 127{ 128* 129 PROC_ACTION(fill_fpregs(td, fpregs)); 130} 131 132int 133proc_write_fpregs(struct thread td, struct fpreg fpregs) 134{ 135 136 PROC_ACTION(set_fpregs(td, fpregs)); 137} 138 139int 140proc_sstep(struct thread td) 141{ 142* 143 PROC_ACTION(ptrace_single_step(td)); 144} 145 146int 147proc_rwmem(struct proc p, struct uio uio) 148{ 149 struct vmspace vm; 150* vm_map_t map; 151 vm_object_t object = NULL; 152 vm_offset_t pageno = 0; /* page number / 153* vm_prot_t reqprot; 154 vm_offset_t kva; 155 int error, writing; 156 157 GIANT_REQUIRED; 158 159 /* 160 * if the vmspace is in the midst of being deallocated or the 161 * process is exiting, don't try to grab anything. The page table 162 * usage in that process can be messed up. 163 / 164* vm = p->p_vmspace; 165 if ((p->p_flag & P_WEXIT)) 166 return (EFAULT); 167 if (vm->vm_refcnt < 1) 168 return (EFAULT); 169 ++vm->vm_refcnt; 170 /* 171 * The map we want... 172 / 173* map = &vm->vm_map; 174 175 writing = uio->uio_rw == UIO_WRITE; 176 reqprot = writing ? (VM_PROT_WRITE \| VM_PROT_OVERRIDE_WRITE) : 177 VM_PROT_READ; 178 179 kva = kmem_alloc_pageable(kernel_map, PAGE_SIZE); 180 181 /* 182 * Only map in one page at a time. We don't have to, but it 183 * makes things easier. This way is trivial - right? 184 / 185* do { 186 vm_map_t tmap; 187 vm_offset_t uva; 188 int page_offset; /* offset into page / 189* vm_map_entry_t out_entry; 190 vm_prot_t out_prot; 191 boolean_t wired; 192 vm_pindex_t pindex; 193 u_int len; 194 vm_page_t m; 195 196 object = NULL; 197 198 uva = (vm_offset_t)uio->uio_offset; 199 200 /* 201 * Get the page number of this segment. 202 / 203* pageno = trunc_page(uva); 204 page_offset = uva - pageno; 205 206 /* 207 * How many bytes to copy 208 / 209* len = min(PAGE_SIZE - page_offset, uio->uio_resid); 210 211 /* 212 * Fault the page on behalf of the process 213 / 214* error = vm_fault(map, pageno, reqprot, VM_FAULT_NORMAL); 215 if (error) { 216 error = EFAULT; 217 break; 218 } 219 220 /* 221 * Now we need to get the page. out_entry, out_prot, wired, 222 * and single_use aren't used. One would think the vm code 223 * would be a bit nicer... We use tmap because 224 * vm_map_lookup() can change the map argument. 225 / 226* tmap = map; 227 error = vm_map_lookup(&tmap, pageno, reqprot, &out_entry, 228 &object, &pindex, &out_prot, &wired); 229 230 if (error) { 231 error = EFAULT; 232 233 /* 234 * Make sure that there is no residue in 'object' from 235 * an error return on vm_map_lookup. 236 / 237* object = NULL; 238 239 break; 240 } 241 242 m = vm_page_lookup(object, pindex); 243 244 /* Allow fallback to backing objects if we are reading / 245* 246 while (m == NULL && !writing && object->backing_object) { 247 248 pindex += OFF_TO_IDX(object->backing_object_offset); 249 object = object->backing_object; 250 251 m = vm_page_lookup(object, pindex); 252 } 253 254 if (m == NULL) { 255 error = EFAULT; 256 257 /* 258 * Make sure that there is no residue in 'object' from 259 * an error return on vm_map_lookup. 260 / 261* object = NULL; 262 263 vm_map_lookup_done(tmap, out_entry); 264 265 break; 266 } 267 268 /* 269 * Wire the page into memory 270 / 271* vm_page_wire(m); 272 273 /* 274 * We're done with tmap now. 275 * But reference the object first, so that we won't loose 276 * it. 277 / 278* vm_object_reference(object); 279 vm_map_lookup_done(tmap, out_entry); 280 281 pmap_kenter(kva, VM_PAGE_TO_PHYS(m)); 282 283 /* 284 * Now do the i/o move. 285 / 286* error = uiomove((caddr_t)(kva + page_offset), len, uio); 287 288 pmap_kremove(kva); 289 290 /* 291 * release the page and the object 292 / 293* vm_page_unwire(m, 1); 294 vm_object_deallocate(object); 295 296 object = NULL; 297 298 } while (error == 0 && uio->uio_resid > 0); 299 300 if (object) 301 vm_object_deallocate(object); 302 303 kmem_free(kernel_map, kva, PAGE_SIZE); 304 vmspace_free(vm); 305 return (error); 306} 307 308/* 309 * Process debugging system call. 310 / 311#ifndef _SYS_SYSPROTO_H_ 312struct ptrace_args { 313* int req; 314 pid_t pid; 315 caddr_t addr; 316 int data; 317}; 318#endif 319 320int 321ptrace(struct thread td, struct ptrace_args uap) 322{ 323 struct iovec iov; 324 struct uio uio; 325 /* 326 * XXX this obfuscation is to reduce stack usage, but the register 327 * structs may be too large to put on the stack anyway. 328 / 329* union { 330 struct dbreg dbreg; 331 struct fpreg fpreg; 332 struct reg reg; 333 } r; 334 struct proc curp, p; 335 struct thread td2; 336* int error, write; 337 338 curp = td->td_proc; 339 error = 0; 340 write = 0; 341 if (uap->req == PT_TRACE_ME) { 342 p = curp; 343 PROC_LOCK(p); 344 } else { 345 if ((p = pfind(uap->pid)) == NULL) 346 return (ESRCH); 347 } 348 if (p_cansee(curp, p)) { 349 PROC_UNLOCK(p); 350 return (ESRCH); 351 } 352 if ((error = p_candebug(curp, p)) != 0) { 353 PROC_UNLOCK(p); 354 return (error); 355 } 356 357 /* 358 * System processes can't be debugged. 359 / 360* if ((p->p_flag & P_SYSTEM) != 0) { 361 PROC_UNLOCK(p); 362 return (EINVAL); 363 } 364 365 /* 366 * Permissions check 367 / 368* switch (uap->req) { 369 case PT_TRACE_ME: 370 /* Always legal. / 371* break; 372 373 case PT_ATTACH: 374 /* Self / 375* if (p->p_pid == curp->p_pid) { 376 PROC_UNLOCK(p); 377 return (EINVAL); 378 } 379 380 /* Already traced / 381* if (p->p_flag & P_TRACED) { 382 PROC_UNLOCK(p); 383 return (EBUSY); 384 } 385 386 /* OK / 387* break; 388 389 case PT_READ_I: 390 case PT_READ_D: 391 case PT_WRITE_I: 392 case PT_WRITE_D: 393 case PT_CONTINUE: 394 case PT_KILL: 395 case PT_STEP: 396 case PT_DETACH: 397#ifdef PT_GETREGS 398 case PT_GETREGS: 399#endif 400#ifdef PT_SETREGS 401 case PT_SETREGS: 402#endif 403#ifdef PT_GETFPREGS 404 case PT_GETFPREGS: 405#endif 406#ifdef PT_SETFPREGS 407 case PT_SETFPREGS: 408#endif 409#ifdef PT_GETDBREGS 410 case PT_GETDBREGS: 411#endif 412#ifdef PT_SETDBREGS 413 case PT_SETDBREGS: 414#endif 415 /* not being traced... / 416* if ((p->p_flag & P_TRACED) == 0) { 417 PROC_UNLOCK(p); 418 return (EPERM); 419 } 420 421 /* not being traced by YOU / 422* if (p->p_pptr != curp) { 423 PROC_UNLOCK(p); 424 return (EBUSY); 425 } 426 427 /* not currently stopped / 428* mtx_lock_spin(&sched_lock); 429 if (p->p_stat != SSTOP \|\| (p->p_flag & P_WAITED) == 0) { 430 mtx_unlock_spin(&sched_lock); 431 PROC_UNLOCK(p); 432 return (EBUSY); 433 } 434 mtx_unlock_spin(&sched_lock); 435 436 /* OK / 437* break; 438 439 default: 440 PROC_UNLOCK(p); 441 return (EINVAL); 442 } 443 444 td2 = FIRST_THREAD_IN_PROC(p); 445 PROC_UNLOCK(p); 446#ifdef FIX_SSTEP 447 /* 448 * Single step fixup ala procfs 449 / 450* FIX_SSTEP(td2); /* XXXKSE / 451#endif 452* 453 /* 454 * Actually do the requests 455 / 456* 457 td->td_retval[0] = 0; 458 459 switch (uap->req) { 460 case PT_TRACE_ME: 461 /* set my trace flag and "owner" so it can read/write me / 462* sx_xlock(&proctree_lock); 463 PROC_LOCK(p); 464 p->p_flag \|= P_TRACED; 465 p->p_oppid = p->p_pptr->p_pid; 466 PROC_UNLOCK(p); 467 sx_xunlock(&proctree_lock); 468 return (0); 469 470 case PT_ATTACH: 471 /* security check done above / 472* sx_xlock(&proctree_lock); 473 PROC_LOCK(p); 474 p->p_flag \|= P_TRACED; 475 p->p_oppid = p->p_pptr->p_pid; 476 if (p->p_pptr != curp) 477 proc_reparent(p, curp); 478 PROC_UNLOCK(p); 479 sx_xunlock(&proctree_lock); 480 uap->data = SIGSTOP; 481 goto sendsig; /* in PT_CONTINUE below / 482* 483 case PT_STEP: 484 case PT_CONTINUE: 485 case PT_DETACH: 486 /* XXX uap->data is used even in the PT_STEP case. / 487* if (uap->req != PT_STEP && (unsigned)uap->data >= NSIG) 488 return (EINVAL); 489 490 PHOLD(p); 491 492 if (uap->req == PT_STEP) { 493 error = ptrace_single_step(td2); 494 if (error) { 495 PRELE(p); 496 return (error); 497 } 498 } 499 500 if (uap->addr != (caddr_t)1) { 501 fill_kinfo_proc(p, &p->p_uarea->u_kproc); 502 error = ptrace_set_pc(td2, 503 (u_long)(uintfptr_t)uap->addr); 504 if (error) { 505 PRELE(p); 506 return (error); 507 } 508 } 509 PRELE(p); 510 511 if (uap->req == PT_DETACH) { 512 /* reset process parent / 513* sx_xlock(&proctree_lock); 514 if (p->p_oppid != p->p_pptr->p_pid) { 515 struct proc pp; 516* 517 pp = pfind(p->p_oppid);	32 / 33 34#include <sys/param.h> 35#include <sys/systm.h> 36#include <sys/lock.h> 37#include <sys/mutex.h> 38#include <sys/sysproto.h> 39#include <sys/proc.h> 40#include <sys/vnode.h> 41#include <sys/ptrace.h> 42#include <sys/sx.h> 43#include <sys/user.h> 44 45#include <machine/reg.h> 46 47#include <vm/vm.h> 48#include <vm/pmap.h> 49#include <vm/vm_extern.h> 50#include <vm/vm_map.h> 51#include <vm/vm_kern.h> 52#include <vm/vm_object.h> 53#include <vm/vm_page.h> 54 55/ 56 * Functions implemented using PROC_ACTION(): 57 * 58 * proc_read_regs(proc, regs) 59 * Get the current user-visible register set from the process 60 * and copy it into the regs structure (<machine/reg.h>). 61 * The process is stopped at the time read_regs is called. 62 * 63 * proc_write_regs(proc, regs) 64 * Update the current register set from the passed in regs 65 * structure. Take care to avoid clobbering special CPU 66 * registers or privileged bits in the PSL. 67 * Depending on the architecture this may have fix-up work to do, 68 * especially if the IAR or PCW are modified. 69 * The process is stopped at the time write_regs is called. 70 * 71 * proc_read_fpregs, proc_write_fpregs 72 * deal with the floating point register set, otherwise as above. 73 * 74 * proc_read_dbregs, proc_write_dbregs 75 * deal with the processor debug register set, otherwise as above. 76 * 77 * proc_sstep(proc) 78 * Arrange for the process to trap after executing a single instruction. 79 / 80 81#define PROC_ACTION(action) do { \ 82 int error; \ 83 \ 84 mtx_lock_spin(&sched_lock); \ 85 if ((td->td_proc->p_sflag & PS_INMEM) == 0) \ 86 error = EIO; \ 87 else \ 88 error = (action); \ 89 mtx_unlock_spin(&sched_lock); \ 90 return (error); \ 91} while(0) 92 93int 94proc_read_regs(struct thread td, struct reg regs) 95{ 96 97 PROC_ACTION(fill_regs(td, regs)); 98} 99 100int 101proc_write_regs(struct thread td, struct reg regs) 102{ 103* 104 PROC_ACTION(set_regs(td, regs)); 105} 106 107int 108proc_read_dbregs(struct thread td, struct dbreg dbregs) 109{ 110 111 PROC_ACTION(fill_dbregs(td, dbregs)); 112} 113 114int 115proc_write_dbregs(struct thread td, struct dbreg dbregs) 116{ 117 118 PROC_ACTION(set_dbregs(td, dbregs)); 119} 120 121/* 122 * Ptrace doesn't support fpregs at all, and there are no security holes 123 * or translations for fpregs, so we can just copy them. 124 / 125int 126proc_read_fpregs(struct thread td, struct fpreg fpregs) 127{ 128* 129 PROC_ACTION(fill_fpregs(td, fpregs)); 130} 131 132int 133proc_write_fpregs(struct thread td, struct fpreg fpregs) 134{ 135 136 PROC_ACTION(set_fpregs(td, fpregs)); 137} 138 139int 140proc_sstep(struct thread td) 141{ 142* 143 PROC_ACTION(ptrace_single_step(td)); 144} 145 146int 147proc_rwmem(struct proc p, struct uio uio) 148{ 149 struct vmspace vm; 150* vm_map_t map; 151 vm_object_t object = NULL; 152 vm_offset_t pageno = 0; /* page number / 153* vm_prot_t reqprot; 154 vm_offset_t kva; 155 int error, writing; 156 157 GIANT_REQUIRED; 158 159 /* 160 * if the vmspace is in the midst of being deallocated or the 161 * process is exiting, don't try to grab anything. The page table 162 * usage in that process can be messed up. 163 / 164* vm = p->p_vmspace; 165 if ((p->p_flag & P_WEXIT)) 166 return (EFAULT); 167 if (vm->vm_refcnt < 1) 168 return (EFAULT); 169 ++vm->vm_refcnt; 170 /* 171 * The map we want... 172 / 173* map = &vm->vm_map; 174 175 writing = uio->uio_rw == UIO_WRITE; 176 reqprot = writing ? (VM_PROT_WRITE \| VM_PROT_OVERRIDE_WRITE) : 177 VM_PROT_READ; 178 179 kva = kmem_alloc_pageable(kernel_map, PAGE_SIZE); 180 181 /* 182 * Only map in one page at a time. We don't have to, but it 183 * makes things easier. This way is trivial - right? 184 / 185* do { 186 vm_map_t tmap; 187 vm_offset_t uva; 188 int page_offset; /* offset into page / 189* vm_map_entry_t out_entry; 190 vm_prot_t out_prot; 191 boolean_t wired; 192 vm_pindex_t pindex; 193 u_int len; 194 vm_page_t m; 195 196 object = NULL; 197 198 uva = (vm_offset_t)uio->uio_offset; 199 200 /* 201 * Get the page number of this segment. 202 / 203* pageno = trunc_page(uva); 204 page_offset = uva - pageno; 205 206 /* 207 * How many bytes to copy 208 / 209* len = min(PAGE_SIZE - page_offset, uio->uio_resid); 210 211 /* 212 * Fault the page on behalf of the process 213 / 214* error = vm_fault(map, pageno, reqprot, VM_FAULT_NORMAL); 215 if (error) { 216 error = EFAULT; 217 break; 218 } 219 220 /* 221 * Now we need to get the page. out_entry, out_prot, wired, 222 * and single_use aren't used. One would think the vm code 223 * would be a bit nicer... We use tmap because 224 * vm_map_lookup() can change the map argument. 225 / 226* tmap = map; 227 error = vm_map_lookup(&tmap, pageno, reqprot, &out_entry, 228 &object, &pindex, &out_prot, &wired); 229 230 if (error) { 231 error = EFAULT; 232 233 /* 234 * Make sure that there is no residue in 'object' from 235 * an error return on vm_map_lookup. 236 / 237* object = NULL; 238 239 break; 240 } 241 242 m = vm_page_lookup(object, pindex); 243 244 /* Allow fallback to backing objects if we are reading / 245* 246 while (m == NULL && !writing && object->backing_object) { 247 248 pindex += OFF_TO_IDX(object->backing_object_offset); 249 object = object->backing_object; 250 251 m = vm_page_lookup(object, pindex); 252 } 253 254 if (m == NULL) { 255 error = EFAULT; 256 257 /* 258 * Make sure that there is no residue in 'object' from 259 * an error return on vm_map_lookup. 260 / 261* object = NULL; 262 263 vm_map_lookup_done(tmap, out_entry); 264 265 break; 266 } 267 268 /* 269 * Wire the page into memory 270 / 271* vm_page_wire(m); 272 273 /* 274 * We're done with tmap now. 275 * But reference the object first, so that we won't loose 276 * it. 277 / 278* vm_object_reference(object); 279 vm_map_lookup_done(tmap, out_entry); 280 281 pmap_kenter(kva, VM_PAGE_TO_PHYS(m)); 282 283 /* 284 * Now do the i/o move. 285 / 286* error = uiomove((caddr_t)(kva + page_offset), len, uio); 287 288 pmap_kremove(kva); 289 290 /* 291 * release the page and the object 292 / 293* vm_page_unwire(m, 1); 294 vm_object_deallocate(object); 295 296 object = NULL; 297 298 } while (error == 0 && uio->uio_resid > 0); 299 300 if (object) 301 vm_object_deallocate(object); 302 303 kmem_free(kernel_map, kva, PAGE_SIZE); 304 vmspace_free(vm); 305 return (error); 306} 307 308/* 309 * Process debugging system call. 310 / 311#ifndef _SYS_SYSPROTO_H_ 312struct ptrace_args { 313* int req; 314 pid_t pid; 315 caddr_t addr; 316 int data; 317}; 318#endif 319 320int 321ptrace(struct thread td, struct ptrace_args uap) 322{ 323 struct iovec iov; 324 struct uio uio; 325 /* 326 * XXX this obfuscation is to reduce stack usage, but the register 327 * structs may be too large to put on the stack anyway. 328 / 329* union { 330 struct dbreg dbreg; 331 struct fpreg fpreg; 332 struct reg reg; 333 } r; 334 struct proc curp, p; 335 struct thread td2; 336* int error, write; 337 338 curp = td->td_proc; 339 error = 0; 340 write = 0; 341 if (uap->req == PT_TRACE_ME) { 342 p = curp; 343 PROC_LOCK(p); 344 } else { 345 if ((p = pfind(uap->pid)) == NULL) 346 return (ESRCH); 347 } 348 if (p_cansee(curp, p)) { 349 PROC_UNLOCK(p); 350 return (ESRCH); 351 } 352 if ((error = p_candebug(curp, p)) != 0) { 353 PROC_UNLOCK(p); 354 return (error); 355 } 356 357 /* 358 * System processes can't be debugged. 359 / 360* if ((p->p_flag & P_SYSTEM) != 0) { 361 PROC_UNLOCK(p); 362 return (EINVAL); 363 } 364 365 /* 366 * Permissions check 367 / 368* switch (uap->req) { 369 case PT_TRACE_ME: 370 /* Always legal. / 371* break; 372 373 case PT_ATTACH: 374 /* Self / 375* if (p->p_pid == curp->p_pid) { 376 PROC_UNLOCK(p); 377 return (EINVAL); 378 } 379 380 /* Already traced / 381* if (p->p_flag & P_TRACED) { 382 PROC_UNLOCK(p); 383 return (EBUSY); 384 } 385 386 /* OK / 387* break; 388 389 case PT_READ_I: 390 case PT_READ_D: 391 case PT_WRITE_I: 392 case PT_WRITE_D: 393 case PT_CONTINUE: 394 case PT_KILL: 395 case PT_STEP: 396 case PT_DETACH: 397#ifdef PT_GETREGS 398 case PT_GETREGS: 399#endif 400#ifdef PT_SETREGS 401 case PT_SETREGS: 402#endif 403#ifdef PT_GETFPREGS 404 case PT_GETFPREGS: 405#endif 406#ifdef PT_SETFPREGS 407 case PT_SETFPREGS: 408#endif 409#ifdef PT_GETDBREGS 410 case PT_GETDBREGS: 411#endif 412#ifdef PT_SETDBREGS 413 case PT_SETDBREGS: 414#endif 415 /* not being traced... / 416* if ((p->p_flag & P_TRACED) == 0) { 417 PROC_UNLOCK(p); 418 return (EPERM); 419 } 420 421 /* not being traced by YOU / 422* if (p->p_pptr != curp) { 423 PROC_UNLOCK(p); 424 return (EBUSY); 425 } 426 427 /* not currently stopped / 428* mtx_lock_spin(&sched_lock); 429 if (p->p_stat != SSTOP \|\| (p->p_flag & P_WAITED) == 0) { 430 mtx_unlock_spin(&sched_lock); 431 PROC_UNLOCK(p); 432 return (EBUSY); 433 } 434 mtx_unlock_spin(&sched_lock); 435 436 /* OK / 437* break; 438 439 default: 440 PROC_UNLOCK(p); 441 return (EINVAL); 442 } 443 444 td2 = FIRST_THREAD_IN_PROC(p); 445 PROC_UNLOCK(p); 446#ifdef FIX_SSTEP 447 /* 448 * Single step fixup ala procfs 449 / 450* FIX_SSTEP(td2); /* XXXKSE / 451#endif 452* 453 /* 454 * Actually do the requests 455 / 456* 457 td->td_retval[0] = 0; 458 459 switch (uap->req) { 460 case PT_TRACE_ME: 461 /* set my trace flag and "owner" so it can read/write me / 462* sx_xlock(&proctree_lock); 463 PROC_LOCK(p); 464 p->p_flag \|= P_TRACED; 465 p->p_oppid = p->p_pptr->p_pid; 466 PROC_UNLOCK(p); 467 sx_xunlock(&proctree_lock); 468 return (0); 469 470 case PT_ATTACH: 471 /* security check done above / 472* sx_xlock(&proctree_lock); 473 PROC_LOCK(p); 474 p->p_flag \|= P_TRACED; 475 p->p_oppid = p->p_pptr->p_pid; 476 if (p->p_pptr != curp) 477 proc_reparent(p, curp); 478 PROC_UNLOCK(p); 479 sx_xunlock(&proctree_lock); 480 uap->data = SIGSTOP; 481 goto sendsig; /* in PT_CONTINUE below / 482* 483 case PT_STEP: 484 case PT_CONTINUE: 485 case PT_DETACH: 486 /* XXX uap->data is used even in the PT_STEP case. / 487* if (uap->req != PT_STEP && (unsigned)uap->data >= NSIG) 488 return (EINVAL); 489 490 PHOLD(p); 491 492 if (uap->req == PT_STEP) { 493 error = ptrace_single_step(td2); 494 if (error) { 495 PRELE(p); 496 return (error); 497 } 498 } 499 500 if (uap->addr != (caddr_t)1) { 501 fill_kinfo_proc(p, &p->p_uarea->u_kproc); 502 error = ptrace_set_pc(td2, 503 (u_long)(uintfptr_t)uap->addr); 504 if (error) { 505 PRELE(p); 506 return (error); 507 } 508 } 509 PRELE(p); 510 511 if (uap->req == PT_DETACH) { 512 /* reset process parent / 513* sx_xlock(&proctree_lock); 514 if (p->p_oppid != p->p_pptr->p_pid) { 515 struct proc pp; 516* 517 pp = pfind(p->p_oppid);
518 if (pp != NULL) 519 PROC_UNLOCK(pp); 520 else	518 if (pp == NULL)
521 pp = initproc;	519 pp = initproc;
	520 else 521 PROC_UNLOCK(pp);
522 PROC_LOCK(p); 523 proc_reparent(p, pp); 524 } else 525 PROC_LOCK(p); 526 p->p_flag &= ~(P_TRACED \| P_WAITED); 527 p->p_oppid = 0; 528 PROC_UNLOCK(p); 529 sx_xunlock(&proctree_lock); 530 531 /* should we send SIGCHLD? / 532* } 533 534 sendsig: 535 /* deliver or queue signal / 536* PROC_LOCK(p); 537 mtx_lock_spin(&sched_lock); 538 if (p->p_stat == SSTOP) { 539 p->p_xstat = uap->data; 540 setrunnable(td2); /* XXXKSE / 541* mtx_unlock_spin(&sched_lock); 542 } else { 543 mtx_unlock_spin(&sched_lock); 544 if (uap->data) 545 psignal(p, uap->data); 546 } 547 PROC_UNLOCK(p); 548 return (0); 549 550 case PT_WRITE_I: 551 case PT_WRITE_D: 552 write = 1; 553 /* fallthrough / 554* case PT_READ_I: 555 case PT_READ_D: 556 /* write = 0 set above / 557* iov.iov_base = write ? (caddr_t)&uap->data : 558 (caddr_t)td->td_retval; 559 iov.iov_len = sizeof(int); 560 uio.uio_iov = &iov; 561 uio.uio_iovcnt = 1; 562 uio.uio_offset = (off_t)(uintptr_t)uap->addr; 563 uio.uio_resid = sizeof(int); 564 uio.uio_segflg = UIO_SYSSPACE; /* i.e.: the uap / 565* uio.uio_rw = write ? UIO_WRITE : UIO_READ; 566 uio.uio_td = td; 567 error = proc_rwmem(p, &uio); 568 if (uio.uio_resid != 0) { 569 /* 570 * XXX proc_rwmem() doesn't currently return ENOSPC, 571 * so I think write() can bogusly return 0. 572 * XXX what happens for short writes? We don't want 573 * to write partial data. 574 * XXX proc_rwmem() returns EPERM for other invalid 575 * addresses. Convert this to EINVAL. Does this 576 * clobber returns of EPERM for other reasons? 577 / 578* if (error == 0 \|\| error == ENOSPC \|\| error == EPERM) 579 error = EINVAL; /* EOF / 580* } 581 return (error); 582 583 case PT_KILL: 584 uap->data = SIGKILL; 585 goto sendsig; /* in PT_CONTINUE above / 586* 587#ifdef PT_SETREGS 588 case PT_SETREGS: 589 error = copyin(uap->addr, &r.reg, sizeof r.reg); 590 if (error == 0) { 591 PHOLD(p); 592 error = proc_write_regs(td2, &r.reg); 593 PRELE(p); 594 } 595 return (error); 596#endif /* PT_SETREGS / 597* 598#ifdef PT_GETREGS 599 case PT_GETREGS: 600 PHOLD(p); 601 error = proc_read_regs(td2, &r.reg); 602 PRELE(p); 603 if (error == 0) 604 error = copyout(&r.reg, uap->addr, sizeof r.reg); 605 return (error); 606#endif /* PT_SETREGS / 607* 608#ifdef PT_SETFPREGS 609 case PT_SETFPREGS: 610 error = copyin(uap->addr, &r.fpreg, sizeof r.fpreg); 611 if (error == 0) { 612 PHOLD(p); 613 error = proc_write_fpregs(td2, &r.fpreg); 614 PRELE(p); 615 } 616 return (error); 617#endif /* PT_SETFPREGS / 618* 619#ifdef PT_GETFPREGS 620 case PT_GETFPREGS: 621 PHOLD(p); 622 error = proc_read_fpregs(td2, &r.fpreg); 623 PRELE(p); 624 if (error == 0) 625 error = copyout(&r.fpreg, uap->addr, sizeof r.fpreg); 626 return (error); 627#endif /* PT_SETFPREGS / 628* 629#ifdef PT_SETDBREGS 630 case PT_SETDBREGS: 631 error = copyin(uap->addr, &r.dbreg, sizeof r.dbreg); 632 if (error == 0) { 633 PHOLD(p); 634 error = proc_write_dbregs(td2, &r.dbreg); 635 PRELE(p); 636 } 637 return (error); 638#endif /* PT_SETDBREGS / 639* 640#ifdef PT_GETDBREGS 641 case PT_GETDBREGS: 642 PHOLD(p); 643 error = proc_read_dbregs(td2, &r.dbreg); 644 PRELE(p); 645 if (error == 0) 646 error = copyout(&r.dbreg, uap->addr, sizeof r.dbreg); 647 return (error); 648#endif /* PT_SETDBREGS / 649* 650 default: 651 KASSERT(0, ("unreachable code\n")); 652 break; 653 } 654 655 KASSERT(0, ("unreachable code\n")); 656 return (0); 657} 658 659int 660trace_req(struct proc p) 661{ 662* 663 return (1); 664} 665 666/* 667 * Stop a process because of a debugging event; 668 * stay stopped until p->p_step is cleared 669 * (cleared by PIOCCONT in procfs). 670 / 671void 672stopevent(struct proc p, unsigned int event, unsigned int val) 673{ 674 675 PROC_LOCK_ASSERT(p, MA_OWNED \| MA_NOTRECURSED); 676 p->p_step = 1; 677 678 do { 679 p->p_xstat = val; 680 p->p_stype = event; /* Which event caused the stop? / 681* wakeup(&p->p_stype); /* Wake up any PIOCWAIT'ing procs / 682* msleep(&p->p_step, &p->p_mtx, PWAIT, "stopevent", 0); 683 } while (p->p_step); 684}	522 PROC_LOCK(p); 523 proc_reparent(p, pp); 524 } else 525 PROC_LOCK(p); 526 p->p_flag &= ~(P_TRACED \| P_WAITED); 527 p->p_oppid = 0; 528 PROC_UNLOCK(p); 529 sx_xunlock(&proctree_lock); 530 531 /* should we send SIGCHLD? / 532* } 533 534 sendsig: 535 /* deliver or queue signal / 536* PROC_LOCK(p); 537 mtx_lock_spin(&sched_lock); 538 if (p->p_stat == SSTOP) { 539 p->p_xstat = uap->data; 540 setrunnable(td2); /* XXXKSE / 541* mtx_unlock_spin(&sched_lock); 542 } else { 543 mtx_unlock_spin(&sched_lock); 544 if (uap->data) 545 psignal(p, uap->data); 546 } 547 PROC_UNLOCK(p); 548 return (0); 549 550 case PT_WRITE_I: 551 case PT_WRITE_D: 552 write = 1; 553 /* fallthrough / 554* case PT_READ_I: 555 case PT_READ_D: 556 /* write = 0 set above / 557* iov.iov_base = write ? (caddr_t)&uap->data : 558 (caddr_t)td->td_retval; 559 iov.iov_len = sizeof(int); 560 uio.uio_iov = &iov; 561 uio.uio_iovcnt = 1; 562 uio.uio_offset = (off_t)(uintptr_t)uap->addr; 563 uio.uio_resid = sizeof(int); 564 uio.uio_segflg = UIO_SYSSPACE; /* i.e.: the uap / 565* uio.uio_rw = write ? UIO_WRITE : UIO_READ; 566 uio.uio_td = td; 567 error = proc_rwmem(p, &uio); 568 if (uio.uio_resid != 0) { 569 /* 570 * XXX proc_rwmem() doesn't currently return ENOSPC, 571 * so I think write() can bogusly return 0. 572 * XXX what happens for short writes? We don't want 573 * to write partial data. 574 * XXX proc_rwmem() returns EPERM for other invalid 575 * addresses. Convert this to EINVAL. Does this 576 * clobber returns of EPERM for other reasons? 577 / 578* if (error == 0 \|\| error == ENOSPC \|\| error == EPERM) 579 error = EINVAL; /* EOF / 580* } 581 return (error); 582 583 case PT_KILL: 584 uap->data = SIGKILL; 585 goto sendsig; /* in PT_CONTINUE above / 586* 587#ifdef PT_SETREGS 588 case PT_SETREGS: 589 error = copyin(uap->addr, &r.reg, sizeof r.reg); 590 if (error == 0) { 591 PHOLD(p); 592 error = proc_write_regs(td2, &r.reg); 593 PRELE(p); 594 } 595 return (error); 596#endif /* PT_SETREGS / 597* 598#ifdef PT_GETREGS 599 case PT_GETREGS: 600 PHOLD(p); 601 error = proc_read_regs(td2, &r.reg); 602 PRELE(p); 603 if (error == 0) 604 error = copyout(&r.reg, uap->addr, sizeof r.reg); 605 return (error); 606#endif /* PT_SETREGS / 607* 608#ifdef PT_SETFPREGS 609 case PT_SETFPREGS: 610 error = copyin(uap->addr, &r.fpreg, sizeof r.fpreg); 611 if (error == 0) { 612 PHOLD(p); 613 error = proc_write_fpregs(td2, &r.fpreg); 614 PRELE(p); 615 } 616 return (error); 617#endif /* PT_SETFPREGS / 618* 619#ifdef PT_GETFPREGS 620 case PT_GETFPREGS: 621 PHOLD(p); 622 error = proc_read_fpregs(td2, &r.fpreg); 623 PRELE(p); 624 if (error == 0) 625 error = copyout(&r.fpreg, uap->addr, sizeof r.fpreg); 626 return (error); 627#endif /* PT_SETFPREGS / 628* 629#ifdef PT_SETDBREGS 630 case PT_SETDBREGS: 631 error = copyin(uap->addr, &r.dbreg, sizeof r.dbreg); 632 if (error == 0) { 633 PHOLD(p); 634 error = proc_write_dbregs(td2, &r.dbreg); 635 PRELE(p); 636 } 637 return (error); 638#endif /* PT_SETDBREGS / 639* 640#ifdef PT_GETDBREGS 641 case PT_GETDBREGS: 642 PHOLD(p); 643 error = proc_read_dbregs(td2, &r.dbreg); 644 PRELE(p); 645 if (error == 0) 646 error = copyout(&r.dbreg, uap->addr, sizeof r.dbreg); 647 return (error); 648#endif /* PT_SETDBREGS / 649* 650 default: 651 KASSERT(0, ("unreachable code\n")); 652 break; 653 } 654 655 KASSERT(0, ("unreachable code\n")); 656 return (0); 657} 658 659int 660trace_req(struct proc p) 661{ 662* 663 return (1); 664} 665 666/* 667 * Stop a process because of a debugging event; 668 * stay stopped until p->p_step is cleared 669 * (cleared by PIOCCONT in procfs). 670 / 671void 672stopevent(struct proc p, unsigned int event, unsigned int val) 673{ 674 675 PROC_LOCK_ASSERT(p, MA_OWNED \| MA_NOTRECURSED); 676 p->p_step = 1; 677 678 do { 679 p->p_xstat = val; 680 p->p_stype = event; /* Which event caused the stop? / 681* wakeup(&p->p_stype); /* Wake up any PIOCWAIT'ing procs / 682* msleep(&p->p_step, &p->p_mtx, PWAIT, "stopevent", 0); 683 } while (p->p_step); 684}