kern_procctl.c revision 152214
1/*- 2 * Copyright (c) 1994, Sean Eric Fagan 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by Sean Eric Fagan. 16 * 4. The name of the author may not be used to endorse or promote products 17 * derived from this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32#include <sys/cdefs.h> 33__FBSDID("$FreeBSD: head/sys/kern/sys_process.c 152214 2005-11-08 23:28:12Z davidxu $"); 34 35#include "opt_compat.h" 36 37#include <sys/param.h> 38#include <sys/systm.h> 39#include <sys/lock.h> 40#include <sys/mutex.h> 41#include <sys/syscallsubr.h> 42#include <sys/sysproto.h> 43#include <sys/proc.h> 44#include <sys/vnode.h> 45#include <sys/ptrace.h> 46#include <sys/sx.h> 47#include <sys/malloc.h> 48#include <sys/signalvar.h> 49 50#include <machine/reg.h> 51 52#include <vm/vm.h> 53#include <vm/pmap.h> 54#include <vm/vm_extern.h> 55#include <vm/vm_map.h> 56#include <vm/vm_kern.h> 57#include <vm/vm_object.h> 58#include <vm/vm_page.h> 59 60#ifdef COMPAT_IA32 61#include <sys/procfs.h> 62#include <machine/fpu.h> 63#include <compat/ia32/ia32_reg.h> 64 65extern struct sysentvec ia32_freebsd_sysvec; 66 67struct ptrace_io_desc32 { 68 int piod_op; 69 u_int32_t piod_offs; 70 u_int32_t piod_addr; 71 u_int32_t piod_len; 72}; 73#endif 74 75/* 76 * Functions implemented using PROC_ACTION(): 77 * 78 * proc_read_regs(proc, regs) 79 * Get the current user-visible register set from the process 80 * and copy it into the regs structure (<machine/reg.h>). 81 * The process is stopped at the time read_regs is called. 82 * 83 * proc_write_regs(proc, regs) 84 * Update the current register set from the passed in regs 85 * structure. Take care to avoid clobbering special CPU 86 * registers or privileged bits in the PSL. 87 * Depending on the architecture this may have fix-up work to do, 88 * especially if the IAR or PCW are modified. 89 * The process is stopped at the time write_regs is called. 90 * 91 * proc_read_fpregs, proc_write_fpregs 92 * deal with the floating point register set, otherwise as above. 93 * 94 * proc_read_dbregs, proc_write_dbregs 95 * deal with the processor debug register set, otherwise as above. 96 * 97 * proc_sstep(proc) 98 * Arrange for the process to trap after executing a single instruction. 99 */ 100 101#define PROC_ACTION(action) do { \ 102 int error; \ 103 \ 104 PROC_LOCK_ASSERT(td->td_proc, MA_OWNED); \ 105 if ((td->td_proc->p_sflag & PS_INMEM) == 0) \ 106 error = EIO; \ 107 else \ 108 error = (action); \ 109 return (error); \ 110} while(0) 111 112int 113proc_read_regs(struct thread *td, struct reg *regs) 114{ 115 116 PROC_ACTION(fill_regs(td, regs)); 117} 118 119int 120proc_write_regs(struct thread *td, struct reg *regs) 121{ 122 123 PROC_ACTION(set_regs(td, regs)); 124} 125 126int 127proc_read_dbregs(struct thread *td, struct dbreg *dbregs) 128{ 129 130 PROC_ACTION(fill_dbregs(td, dbregs)); 131} 132 133int 134proc_write_dbregs(struct thread *td, struct dbreg *dbregs) 135{ 136 137 PROC_ACTION(set_dbregs(td, dbregs)); 138} 139 140/* 141 * Ptrace doesn't support fpregs at all, and there are no security holes 142 * or translations for fpregs, so we can just copy them. 143 */ 144int 145proc_read_fpregs(struct thread *td, struct fpreg *fpregs) 146{ 147 148 PROC_ACTION(fill_fpregs(td, fpregs)); 149} 150 151int 152proc_write_fpregs(struct thread *td, struct fpreg *fpregs) 153{ 154 155 PROC_ACTION(set_fpregs(td, fpregs)); 156} 157 158#ifdef COMPAT_IA32 159/* For 32 bit binaries, we need to expose the 32 bit regs layouts. */ 160int 161proc_read_regs32(struct thread *td, struct reg32 *regs32) 162{ 163 164 PROC_ACTION(fill_regs32(td, regs32)); 165} 166 167int 168proc_write_regs32(struct thread *td, struct reg32 *regs32) 169{ 170 171 PROC_ACTION(set_regs32(td, regs32)); 172} 173 174int 175proc_read_dbregs32(struct thread *td, struct dbreg32 *dbregs32) 176{ 177 178 PROC_ACTION(fill_dbregs32(td, dbregs32)); 179} 180 181int 182proc_write_dbregs32(struct thread *td, struct dbreg32 *dbregs32) 183{ 184 185 PROC_ACTION(set_dbregs32(td, dbregs32)); 186} 187 188int 189proc_read_fpregs32(struct thread *td, struct fpreg32 *fpregs32) 190{ 191 192 PROC_ACTION(fill_fpregs32(td, fpregs32)); 193} 194 195int 196proc_write_fpregs32(struct thread *td, struct fpreg32 *fpregs32) 197{ 198 199 PROC_ACTION(set_fpregs32(td, fpregs32)); 200} 201#endif 202 203int 204proc_sstep(struct thread *td) 205{ 206 207 PROC_ACTION(ptrace_single_step(td)); 208} 209 210int 211proc_rwmem(struct proc *p, struct uio *uio) 212{ 213 struct vmspace *vm; 214 vm_map_t map; 215 vm_object_t backing_object, object = NULL; 216 vm_offset_t pageno = 0; /* page number */ 217 vm_prot_t reqprot; 218 int error, refcnt, writing; 219 220 /* 221 * if the vmspace is in the midst of being deallocated or the 222 * process is exiting, don't try to grab anything. The page table 223 * usage in that process can be messed up. 224 */ 225 vm = p->p_vmspace; 226 if ((p->p_flag & P_WEXIT)) 227 return (EFAULT); 228 do { 229 if ((refcnt = vm->vm_refcnt) < 1) 230 return (EFAULT); 231 } while (!atomic_cmpset_int(&vm->vm_refcnt, refcnt, refcnt + 1)); 232 233 /* 234 * The map we want... 235 */ 236 map = &vm->vm_map; 237 238 writing = uio->uio_rw == UIO_WRITE; 239 reqprot = writing ? (VM_PROT_WRITE | VM_PROT_OVERRIDE_WRITE) : 240 VM_PROT_READ; 241 242 /* 243 * Only map in one page at a time. We don't have to, but it 244 * makes things easier. This way is trivial - right? 245 */ 246 do { 247 vm_map_t tmap; 248 vm_offset_t uva; 249 int page_offset; /* offset into page */ 250 vm_map_entry_t out_entry; 251 vm_prot_t out_prot; 252 boolean_t wired; 253 vm_pindex_t pindex; 254 u_int len; 255 vm_page_t m; 256 257 object = NULL; 258 259 uva = (vm_offset_t)uio->uio_offset; 260 261 /* 262 * Get the page number of this segment. 263 */ 264 pageno = trunc_page(uva); 265 page_offset = uva - pageno; 266 267 /* 268 * How many bytes to copy 269 */ 270 len = min(PAGE_SIZE - page_offset, uio->uio_resid); 271 272 /* 273 * Fault the page on behalf of the process 274 */ 275 error = vm_fault(map, pageno, reqprot, VM_FAULT_NORMAL); 276 if (error) { 277 error = EFAULT; 278 break; 279 } 280 281 /* 282 * Now we need to get the page. out_entry, out_prot, wired, 283 * and single_use aren't used. One would think the vm code 284 * would be a *bit* nicer... We use tmap because 285 * vm_map_lookup() can change the map argument. 286 */ 287 tmap = map; 288 error = vm_map_lookup(&tmap, pageno, reqprot, &out_entry, 289 &object, &pindex, &out_prot, &wired); 290 if (error) { 291 error = EFAULT; 292 break; 293 } 294 VM_OBJECT_LOCK(object); 295 while ((m = vm_page_lookup(object, pindex)) == NULL && 296 !writing && 297 (backing_object = object->backing_object) != NULL) { 298 /* 299 * Allow fallback to backing objects if we are reading. 300 */ 301 VM_OBJECT_LOCK(backing_object); 302 pindex += OFF_TO_IDX(object->backing_object_offset); 303 VM_OBJECT_UNLOCK(object); 304 object = backing_object; 305 } 306 VM_OBJECT_UNLOCK(object); 307 if (m == NULL) { 308 vm_map_lookup_done(tmap, out_entry); 309 error = EFAULT; 310 break; 311 } 312 313 /* 314 * Hold the page in memory. 315 */ 316 vm_page_lock_queues(); 317 vm_page_hold(m); 318 vm_page_unlock_queues(); 319 320 /* 321 * We're done with tmap now. 322 */ 323 vm_map_lookup_done(tmap, out_entry); 324 325 /* 326 * Now do the i/o move. 327 */ 328 error = uiomove_fromphys(&m, page_offset, len, uio); 329 330 /* 331 * Release the page. 332 */ 333 vm_page_lock_queues(); 334 vm_page_unhold(m); 335 vm_page_unlock_queues(); 336 337 } while (error == 0 && uio->uio_resid > 0); 338 339 vmspace_free(vm); 340 return (error); 341} 342 343/* 344 * Process debugging system call. 345 */ 346#ifndef _SYS_SYSPROTO_H_ 347struct ptrace_args { 348 int req; 349 pid_t pid; 350 caddr_t addr; 351 int data; 352}; 353#endif 354 355#ifdef COMPAT_IA32 356/* 357 * This CPP subterfuge is to try and reduce the number of ifdefs in 358 * the body of the code. 359 * COPYIN(uap->addr, &r.reg, sizeof r.reg); 360 * becomes either: 361 * copyin(uap->addr, &r.reg, sizeof r.reg); 362 * or 363 * copyin(uap->addr, &r.reg32, sizeof r.reg32); 364 * .. except this is done at runtime. 365 */ 366#define COPYIN(u, k, s) wrap32 ? \ 367 copyin(u, k ## 32, s ## 32) : \ 368 copyin(u, k, s) 369#define COPYOUT(k, u, s) wrap32 ? \ 370 copyout(k ## 32, u, s ## 32) : \ 371 copyout(k, u, s) 372#else 373#define COPYIN(u, k, s) copyin(u, k, s) 374#define COPYOUT(k, u, s) copyout(k, u, s) 375#endif 376/* 377 * MPSAFE 378 */ 379int 380ptrace(struct thread *td, struct ptrace_args *uap) 381{ 382 /* 383 * XXX this obfuscation is to reduce stack usage, but the register 384 * structs may be too large to put on the stack anyway. 385 */ 386 union { 387 struct ptrace_io_desc piod; 388 struct ptrace_lwpinfo pl; 389 struct dbreg dbreg; 390 struct fpreg fpreg; 391 struct reg reg; 392#ifdef COMPAT_IA32 393 struct dbreg32 dbreg32; 394 struct fpreg32 fpreg32; 395 struct reg32 reg32; 396 struct ptrace_io_desc32 piod32; 397#endif 398 } r; 399 void *addr; 400 int error = 0; 401#ifdef COMPAT_IA32 402 int wrap32 = 0; 403 404 if (td->td_proc->p_sysent == &ia32_freebsd_sysvec) 405 wrap32 = 1; 406#endif 407 addr = &r; 408 switch (uap->req) { 409 case PT_GETREGS: 410 case PT_GETFPREGS: 411 case PT_GETDBREGS: 412 case PT_LWPINFO: 413 break; 414 case PT_SETREGS: 415 error = COPYIN(uap->addr, &r.reg, sizeof r.reg); 416 break; 417 case PT_SETFPREGS: 418 error = COPYIN(uap->addr, &r.fpreg, sizeof r.fpreg); 419 break; 420 case PT_SETDBREGS: 421 error = COPYIN(uap->addr, &r.dbreg, sizeof r.dbreg); 422 break; 423 case PT_IO: 424 error = COPYIN(uap->addr, &r.piod, sizeof r.piod); 425 break; 426 default: 427 addr = uap->addr; 428 break; 429 } 430 if (error) 431 return (error); 432 433 error = kern_ptrace(td, uap->req, uap->pid, addr, uap->data); 434 if (error) 435 return (error); 436 437 switch (uap->req) { 438 case PT_IO: 439 error = COPYOUT(&r.piod, uap->addr, sizeof r.piod); 440 break; 441 case PT_GETREGS: 442 error = COPYOUT(&r.reg, uap->addr, sizeof r.reg); 443 break; 444 case PT_GETFPREGS: 445 error = COPYOUT(&r.fpreg, uap->addr, sizeof r.fpreg); 446 break; 447 case PT_GETDBREGS: 448 error = COPYOUT(&r.dbreg, uap->addr, sizeof r.dbreg); 449 break; 450 case PT_LWPINFO: 451 error = copyout(&r.pl, uap->addr, uap->data); 452 break; 453 } 454 455 return (error); 456} 457#undef COPYIN 458#undef COPYOUT 459 460#ifdef COMPAT_IA32 461/* 462 * PROC_READ(regs, td2, addr); 463 * becomes either: 464 * proc_read_regs(td2, addr); 465 * or 466 * proc_read_regs32(td2, addr); 467 * .. except this is done at runtime. There is an additional 468 * complication in that PROC_WRITE disallows 32 bit consumers 469 * from writing to 64 bit address space targets. 470 */ 471#define PROC_READ(w, t, a) wrap32 ? \ 472 proc_read_ ## w ## 32(t, a) : \ 473 proc_read_ ## w (t, a) 474#define PROC_WRITE(w, t, a) wrap32 ? \ 475 (safe ? proc_write_ ## w ## 32(t, a) : EINVAL ) : \ 476 proc_write_ ## w (t, a) 477#else 478#define PROC_READ(w, t, a) proc_read_ ## w (t, a) 479#define PROC_WRITE(w, t, a) proc_write_ ## w (t, a) 480#endif 481 482int 483kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data) 484{ 485 struct iovec iov; 486 struct uio uio; 487 struct proc *curp, *p, *pp; 488 struct thread *td2 = NULL; 489 struct ptrace_io_desc *piod = NULL; 490 struct ptrace_lwpinfo *pl; 491 int error, write, tmp, num; 492 int proctree_locked = 0; 493 lwpid_t tid = 0, *buf; 494 pid_t saved_pid = pid; 495#ifdef COMPAT_IA32 496 int wrap32 = 0, safe = 0; 497 struct ptrace_io_desc32 *piod32 = NULL; 498#endif 499 500 curp = td->td_proc; 501 502 /* Lock proctree before locking the process. */ 503 switch (req) { 504 case PT_TRACE_ME: 505 case PT_ATTACH: 506 case PT_STEP: 507 case PT_CONTINUE: 508 case PT_TO_SCE: 509 case PT_TO_SCX: 510 case PT_SYSCALL: 511 case PT_DETACH: 512 sx_xlock(&proctree_lock); 513 proctree_locked = 1; 514 break; 515 default: 516 break; 517 } 518 519 write = 0; 520 if (req == PT_TRACE_ME) { 521 p = td->td_proc; 522 PROC_LOCK(p); 523 } else { 524 if (pid <= PID_MAX) { 525 if ((p = pfind(pid)) == NULL) { 526 if (proctree_locked) 527 sx_xunlock(&proctree_lock); 528 return (ESRCH); 529 } 530 } else { 531 /* this is slow, should be optimized */ 532 sx_slock(&allproc_lock); 533 FOREACH_PROC_IN_SYSTEM(p) { 534 PROC_LOCK(p); 535 mtx_lock_spin(&sched_lock); 536 FOREACH_THREAD_IN_PROC(p, td2) { 537 if (td2->td_tid == pid) 538 break; 539 } 540 mtx_unlock_spin(&sched_lock); 541 if (td2 != NULL) 542 break; /* proc lock held */ 543 PROC_UNLOCK(p); 544 } 545 sx_sunlock(&allproc_lock); 546 if (p == NULL) { 547 if (proctree_locked) 548 sx_xunlock(&proctree_lock); 549 return (ESRCH); 550 } 551 tid = pid; 552 pid = p->p_pid; 553 } 554 } 555 if ((error = p_cansee(td, p)) != 0) 556 goto fail; 557 558 if ((error = p_candebug(td, p)) != 0) 559 goto fail; 560 561 /* 562 * System processes can't be debugged. 563 */ 564 if ((p->p_flag & P_SYSTEM) != 0) { 565 error = EINVAL; 566 goto fail; 567 } 568 569 if (tid == 0) { 570 td2 = FIRST_THREAD_IN_PROC(p); 571 tid = td2->td_tid; 572 } 573 574#ifdef COMPAT_IA32 575 /* 576 * Test if we're a 32 bit client and what the target is. 577 * Set the wrap controls accordingly. 578 */ 579 if (td->td_proc->p_sysent == &ia32_freebsd_sysvec) { 580 if (td2->td_proc->p_sysent == &ia32_freebsd_sysvec) 581 safe = 1; 582 wrap32 = 1; 583 } 584#endif 585 /* 586 * Permissions check 587 */ 588 switch (req) { 589 case PT_TRACE_ME: 590 /* Always legal. */ 591 break; 592 593 case PT_ATTACH: 594 /* Self */ 595 if (p->p_pid == td->td_proc->p_pid) { 596 error = EINVAL; 597 goto fail; 598 } 599 600 /* Already traced */ 601 if (p->p_flag & P_TRACED) { 602 error = EBUSY; 603 goto fail; 604 } 605 606 /* Can't trace an ancestor if you're being traced. */ 607 if (curp->p_flag & P_TRACED) { 608 for (pp = curp->p_pptr; pp != NULL; pp = pp->p_pptr) { 609 if (pp == p) { 610 error = EINVAL; 611 goto fail; 612 } 613 } 614 } 615 616 617 /* OK */ 618 break; 619 620 case PT_CLEARSTEP: 621 /* Allow thread to clear single step for itself */ 622 if (td->td_tid == tid) 623 break; 624 625 /* FALLTHROUGH */ 626 default: 627 /* not being traced... */ 628 if ((p->p_flag & P_TRACED) == 0) { 629 error = EPERM; 630 goto fail; 631 } 632 633 /* not being traced by YOU */ 634 if (p->p_pptr != td->td_proc) { 635 error = EBUSY; 636 goto fail; 637 } 638 639 /* not currently stopped */ 640 if (!P_SHOULDSTOP(p) || p->p_suspcount != p->p_numthreads || 641 (p->p_flag & P_WAITED) == 0) { 642 error = EBUSY; 643 goto fail; 644 } 645 646 /* OK */ 647 break; 648 } 649 650#ifdef FIX_SSTEP 651 /* 652 * Single step fixup ala procfs 653 */ 654 FIX_SSTEP(td2); /* XXXKSE */ 655#endif 656 657 /* 658 * Actually do the requests 659 */ 660 661 td->td_retval[0] = 0; 662 663 switch (req) { 664 case PT_TRACE_ME: 665 /* set my trace flag and "owner" so it can read/write me */ 666 p->p_flag |= P_TRACED; 667 p->p_oppid = p->p_pptr->p_pid; 668 PROC_UNLOCK(p); 669 sx_xunlock(&proctree_lock); 670 return (0); 671 672 case PT_ATTACH: 673 /* security check done above */ 674 p->p_flag |= P_TRACED; 675 p->p_oppid = p->p_pptr->p_pid; 676 if (p->p_pptr != td->td_proc) { 677 PROC_LOCK(p->p_pptr); 678 sigqueue_take(p->p_ksi); 679 PROC_UNLOCK(p->p_pptr); 680 proc_reparent(p, td->td_proc); 681 } 682 data = SIGSTOP; 683 goto sendsig; /* in PT_CONTINUE below */ 684 685 case PT_CLEARSTEP: 686 _PHOLD(p); 687 error = ptrace_clear_single_step(td2); 688 _PRELE(p); 689 if (error) 690 goto fail; 691 PROC_UNLOCK(p); 692 return (0); 693 694 case PT_SETSTEP: 695 _PHOLD(p); 696 error = ptrace_single_step(td2); 697 _PRELE(p); 698 if (error) 699 goto fail; 700 PROC_UNLOCK(p); 701 return (0); 702 703 case PT_SUSPEND: 704 _PHOLD(p); 705 mtx_lock_spin(&sched_lock); 706 td2->td_flags |= TDF_DBSUSPEND; 707 mtx_unlock_spin(&sched_lock); 708 _PRELE(p); 709 PROC_UNLOCK(p); 710 return (0); 711 712 case PT_RESUME: 713 _PHOLD(p); 714 mtx_lock_spin(&sched_lock); 715 td2->td_flags &= ~TDF_DBSUSPEND; 716 mtx_unlock_spin(&sched_lock); 717 _PRELE(p); 718 PROC_UNLOCK(p); 719 return (0); 720 721 case PT_STEP: 722 case PT_CONTINUE: 723 case PT_TO_SCE: 724 case PT_TO_SCX: 725 case PT_SYSCALL: 726 case PT_DETACH: 727 /* Zero means do not send any signal */ 728 if (data < 0 || data > _SIG_MAXSIG) { 729 error = EINVAL; 730 goto fail; 731 } 732 733 _PHOLD(p); 734 735 switch (req) { 736 case PT_STEP: 737 PROC_UNLOCK(p); 738 error = ptrace_single_step(td2); 739 if (error) { 740 PRELE(p); 741 goto fail_noproc; 742 } 743 PROC_LOCK(p); 744 break; 745 case PT_TO_SCE: 746 p->p_stops |= S_PT_SCE; 747 break; 748 case PT_TO_SCX: 749 p->p_stops |= S_PT_SCX; 750 break; 751 case PT_SYSCALL: 752 p->p_stops |= S_PT_SCE | S_PT_SCX; 753 break; 754 } 755 756 if (addr != (void *)1) { 757 PROC_UNLOCK(p); 758 error = ptrace_set_pc(td2, (u_long)(uintfptr_t)addr); 759 if (error) { 760 PRELE(p); 761 goto fail_noproc; 762 } 763 PROC_LOCK(p); 764 } 765 _PRELE(p); 766 767 if (req == PT_DETACH) { 768 /* reset process parent */ 769 if (p->p_oppid != p->p_pptr->p_pid) { 770 struct proc *pp; 771 772 PROC_LOCK(p->p_pptr); 773 sigqueue_take(p->p_ksi); 774 PROC_UNLOCK(p->p_pptr); 775 776 PROC_UNLOCK(p); 777 pp = pfind(p->p_oppid); 778 if (pp == NULL) 779 pp = initproc; 780 else 781 PROC_UNLOCK(pp); 782 PROC_LOCK(p); 783 proc_reparent(p, pp); 784 if (pp == initproc) 785 p->p_sigparent = SIGCHLD; 786 } 787 p->p_flag &= ~(P_TRACED | P_WAITED); 788 p->p_oppid = 0; 789 790 /* should we send SIGCHLD? */ 791 /* childproc_continued(p); */ 792 } 793 794 sendsig: 795 if (proctree_locked) 796 sx_xunlock(&proctree_lock); 797 /* deliver or queue signal */ 798 if (P_SHOULDSTOP(p)) { 799 p->p_xstat = data; 800 mtx_lock_spin(&sched_lock); 801 if (saved_pid <= PID_MAX) { 802 p->p_xthread->td_flags &= ~TDF_XSIG; 803 p->p_xthread->td_xsig = data; 804 } else { 805 td2->td_flags &= ~TDF_XSIG; 806 td2->td_xsig = data; 807 } 808 p->p_xthread = NULL; 809 if (req == PT_DETACH) { 810 struct thread *td3; 811 FOREACH_THREAD_IN_PROC(p, td3) 812 td3->td_flags &= ~TDF_DBSUSPEND; 813 } 814 /* 815 * unsuspend all threads, to not let a thread run, 816 * you should use PT_SUSPEND to suspend it before 817 * continuing process. 818 */ 819 mtx_unlock_spin(&sched_lock); 820 thread_continued(p); 821 p->p_flag &= ~(P_STOPPED_TRACE|P_STOPPED_SIG); 822 mtx_lock_spin(&sched_lock); 823 thread_unsuspend(p); 824 mtx_unlock_spin(&sched_lock); 825 } else if (data) { 826 psignal(p, data); 827 } 828 PROC_UNLOCK(p); 829 830 return (0); 831 832 case PT_WRITE_I: 833 case PT_WRITE_D: 834 write = 1; 835 /* FALLTHROUGH */ 836 case PT_READ_I: 837 case PT_READ_D: 838 PROC_UNLOCK(p); 839 tmp = 0; 840 /* write = 0 set above */ 841 iov.iov_base = write ? (caddr_t)&data : (caddr_t)&tmp; 842 iov.iov_len = sizeof(int); 843 uio.uio_iov = &iov; 844 uio.uio_iovcnt = 1; 845 uio.uio_offset = (off_t)(uintptr_t)addr; 846 uio.uio_resid = sizeof(int); 847 uio.uio_segflg = UIO_SYSSPACE; /* i.e.: the uap */ 848 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 849 uio.uio_td = td; 850 error = proc_rwmem(p, &uio); 851 if (uio.uio_resid != 0) { 852 /* 853 * XXX proc_rwmem() doesn't currently return ENOSPC, 854 * so I think write() can bogusly return 0. 855 * XXX what happens for short writes? We don't want 856 * to write partial data. 857 * XXX proc_rwmem() returns EPERM for other invalid 858 * addresses. Convert this to EINVAL. Does this 859 * clobber returns of EPERM for other reasons? 860 */ 861 if (error == 0 || error == ENOSPC || error == EPERM) 862 error = EINVAL; /* EOF */ 863 } 864 if (!write) 865 td->td_retval[0] = tmp; 866 return (error); 867 868 case PT_IO: 869 PROC_UNLOCK(p); 870#ifdef COMPAT_IA32 871 if (wrap32) { 872 piod32 = addr; 873 iov.iov_base = (void *)(uintptr_t)piod32->piod_addr; 874 iov.iov_len = piod32->piod_len; 875 uio.uio_offset = (off_t)(uintptr_t)piod32->piod_offs; 876 uio.uio_resid = piod32->piod_len; 877 } else 878#endif 879 { 880 piod = addr; 881 iov.iov_base = piod->piod_addr; 882 iov.iov_len = piod->piod_len; 883 uio.uio_offset = (off_t)(uintptr_t)piod->piod_offs; 884 uio.uio_resid = piod->piod_len; 885 } 886 uio.uio_iov = &iov; 887 uio.uio_iovcnt = 1; 888 uio.uio_segflg = UIO_USERSPACE; 889 uio.uio_td = td; 890#ifdef COMPAT_IA32 891 tmp = wrap32 ? piod32->piod_op : piod->piod_op; 892#else 893 tmp = piod->piod_op; 894#endif 895 switch (tmp) { 896 case PIOD_READ_D: 897 case PIOD_READ_I: 898 uio.uio_rw = UIO_READ; 899 break; 900 case PIOD_WRITE_D: 901 case PIOD_WRITE_I: 902 uio.uio_rw = UIO_WRITE; 903 break; 904 default: 905 return (EINVAL); 906 } 907 error = proc_rwmem(p, &uio); 908#ifdef COMPAT_IA32 909 if (wrap32) 910 piod32->piod_len -= uio.uio_resid; 911 else 912#endif 913 piod->piod_len -= uio.uio_resid; 914 return (error); 915 916 case PT_KILL: 917 data = SIGKILL; 918 goto sendsig; /* in PT_CONTINUE above */ 919 920 case PT_SETREGS: 921 _PHOLD(p); 922 error = PROC_WRITE(regs, td2, addr); 923 _PRELE(p); 924 PROC_UNLOCK(p); 925 return (error); 926 927 case PT_GETREGS: 928 _PHOLD(p); 929 error = PROC_READ(regs, td2, addr); 930 _PRELE(p); 931 PROC_UNLOCK(p); 932 return (error); 933 934 case PT_SETFPREGS: 935 _PHOLD(p); 936 error = PROC_WRITE(fpregs, td2, addr); 937 _PRELE(p); 938 PROC_UNLOCK(p); 939 return (error); 940 941 case PT_GETFPREGS: 942 _PHOLD(p); 943 error = PROC_READ(fpregs, td2, addr); 944 _PRELE(p); 945 PROC_UNLOCK(p); 946 return (error); 947 948 case PT_SETDBREGS: 949 _PHOLD(p); 950 error = PROC_WRITE(dbregs, td2, addr); 951 _PRELE(p); 952 PROC_UNLOCK(p); 953 return (error); 954 955 case PT_GETDBREGS: 956 _PHOLD(p); 957 error = PROC_READ(dbregs, td2, addr); 958 _PRELE(p); 959 PROC_UNLOCK(p); 960 return (error); 961 962 case PT_LWPINFO: 963 if (data == 0 || data > sizeof(*pl)) 964 return (EINVAL); 965 pl = addr; 966 _PHOLD(p); 967 if (saved_pid <= PID_MAX) { 968 pl->pl_lwpid = p->p_xthread->td_tid; 969 pl->pl_event = PL_EVENT_SIGNAL; 970 } else { 971 pl->pl_lwpid = td2->td_tid; 972 if (td2->td_flags & TDF_XSIG) 973 pl->pl_event = PL_EVENT_SIGNAL; 974 else 975 pl->pl_event = 0; 976 } 977 if (td2->td_pflags & TDP_SA) { 978 pl->pl_flags = PL_FLAG_SA; 979 if (td2->td_upcall && !TD_CAN_UNBIND(td2)) 980 pl->pl_flags |= PL_FLAG_BOUND; 981 } else { 982 pl->pl_flags = 0; 983 } 984 _PRELE(p); 985 PROC_UNLOCK(p); 986 return (0); 987 988 case PT_GETNUMLWPS: 989 td->td_retval[0] = p->p_numthreads; 990 PROC_UNLOCK(p); 991 return (0); 992 993 case PT_GETLWPLIST: 994 if (data <= 0) { 995 PROC_UNLOCK(p); 996 return (EINVAL); 997 } 998 num = imin(p->p_numthreads, data); 999 PROC_UNLOCK(p); 1000 buf = malloc(num * sizeof(lwpid_t), M_TEMP, M_WAITOK); 1001 tmp = 0; 1002 PROC_LOCK(p); 1003 mtx_lock_spin(&sched_lock); 1004 FOREACH_THREAD_IN_PROC(p, td2) { 1005 if (tmp >= num) 1006 break; 1007 buf[tmp++] = td2->td_tid; 1008 } 1009 mtx_unlock_spin(&sched_lock); 1010 PROC_UNLOCK(p); 1011 error = copyout(buf, addr, tmp * sizeof(lwpid_t)); 1012 free(buf, M_TEMP); 1013 if (!error) 1014 td->td_retval[0] = num; 1015 return (error); 1016 1017 default: 1018#ifdef __HAVE_PTRACE_MACHDEP 1019 if (req >= PT_FIRSTMACH) { 1020 _PHOLD(p); 1021 PROC_UNLOCK(p); 1022 error = cpu_ptrace(td2, req, addr, data); 1023 PRELE(p); 1024 return (error); 1025 } 1026#endif 1027 break; 1028 } 1029 1030 /* Unknown request. */ 1031 error = EINVAL; 1032 1033fail: 1034 PROC_UNLOCK(p); 1035fail_noproc: 1036 if (proctree_locked) 1037 sx_xunlock(&proctree_lock); 1038 return (error); 1039} 1040#undef PROC_READ 1041#undef PROC_WRITE 1042 1043/* 1044 * Stop a process because of a debugging event; 1045 * stay stopped until p->p_step is cleared 1046 * (cleared by PIOCCONT in procfs). 1047 */ 1048void 1049stopevent(struct proc *p, unsigned int event, unsigned int val) 1050{ 1051 1052 PROC_LOCK_ASSERT(p, MA_OWNED); 1053 p->p_step = 1; 1054 do { 1055 p->p_xstat = val; 1056 p->p_xthread = NULL; 1057 p->p_stype = event; /* Which event caused the stop? */ 1058 wakeup(&p->p_stype); /* Wake up any PIOCWAIT'ing procs */ 1059 msleep(&p->p_step, &p->p_mtx, PWAIT, "stopevent", 0); 1060 } while (p->p_step); 1061} 1062