sys_process.c revision 1.18 
1/*	$OpenBSD: sys_process.c,v 1.18 2002/03/11 14:20:35 art Exp $	*/
2/*	$NetBSD: sys_process.c,v 1.55 1996/05/15 06:17:47 tls Exp $	*/
3
4/*-
5 * Copyright (c) 1994 Christopher G. Demetriou.  All rights reserved.
6 * Copyright (c) 1982, 1986, 1989, 1993
7 *	The Regents of the University of California.  All rights reserved.
8 * (c) UNIX System Laboratories, Inc.
9 * All or some portions of this file are derived from material licensed
10 * to the University of California by American Telephone and Telegraph
11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
12 * the permission of UNIX System Laboratories, Inc.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
16 * are met:
17 * 1. Redistributions of source code must retain the above copyright
18 *    notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 *    notice, this list of conditions and the following disclaimer in the
21 *    documentation and/or other materials provided with the distribution.
22 * 3. All advertising materials mentioning features or use of this software
23 *    must display the following acknowledgement:
24 *	This product includes software developed by the University of
25 *	California, Berkeley and its contributors.
26 * 4. Neither the name of the University nor the names of its contributors
27 *    may be used to endorse or promote products derived from this software
28 *    without specific prior written permission.
29 *
30 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
31 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
32 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
33 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
34 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
35 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
36 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
37 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
38 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
39 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 * SUCH DAMAGE.
41 *
42 *	from: @(#)sys_process.c	8.1 (Berkeley) 6/10/93
43 */
44
45/*
46 * References:
47 *	(1) Bach's "The Design of the UNIX Operating System",
48 *	(2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution,
49 *	(3) the "4.4BSD Programmer's Reference Manual" published
50 *		by USENIX and O'Reilly & Associates.
51 * The 4.4BSD PRM does a reasonably good job of documenting what the various
52 * ptrace() requests should actually do, and its text is quoted several times
53 * in this file.
54 */
55
56#include <sys/param.h>
57#include <sys/systm.h>
58#include <sys/proc.h>
59#include <sys/signalvar.h>
60#include <sys/errno.h>
61#include <sys/ptrace.h>
62#include <sys/uio.h>
63#include <sys/user.h>
64
65#include <sys/mount.h>
66#include <sys/syscallargs.h>
67
68#include <uvm/uvm_extern.h>
69
70#include <machine/reg.h>
71
72#include <miscfs/procfs/procfs.h>
73
74/*
75 * Process debugging system call.
76 */
77int
78sys_ptrace(p, v, retval)
79	struct proc *p;
80	void *v;
81	register_t *retval;
82{
83	struct sys_ptrace_args /* {
84		syscallarg(int) req;
85		syscallarg(pid_t) pid;
86		syscallarg(caddr_t) addr;
87		syscallarg(int) data;
88	} */ *uap = v;
89	struct proc *t;				/* target process */
90	struct uio uio;
91	struct iovec iov;
92	int error, write;
93	int temp;
94	struct ptrace_io_desc piod;
95
96	/* "A foolish consistency..." XXX */
97	if (SCARG(uap, req) == PT_TRACE_ME)
98		t = p;
99	else {
100
101		/* Find the process we're supposed to be operating on. */
102		if ((t = pfind(SCARG(uap, pid))) == NULL)
103			return (ESRCH);
104	}
105
106	if ((t->p_flag & P_INEXEC) != 0)
107		return (EAGAIN);
108
109	/* Make sure we can operate on it. */
110	switch (SCARG(uap, req)) {
111	case  PT_TRACE_ME:
112		/* Saying that you're being traced is always legal. */
113		break;
114
115	case  PT_ATTACH:
116		/*
117		 * You can't attach to a process if:
118		 *	(1) it's the process that's doing the attaching,
119		 */
120		if (t->p_pid == p->p_pid)
121			return (EINVAL);
122
123		/*
124		 *	(2) it's already being traced, or
125		 */
126		if (ISSET(t->p_flag, P_TRACED))
127			return (EBUSY);
128
129		/*
130		 *	(3) it's not owned by you, or the last exec
131		 *	    gave us setuid/setgid privs (unless
132		 *	    you're root), or...
133		 *
134		 *      [Note: once P_SUGID gets set in execve(), it stays
135		 *	set until the process does another execve(). Hence
136		 *	this prevents a setuid process which revokes it's
137		 *	special privilidges using setuid() from being
138		 *	traced. This is good security.]
139		 */
140		if ((t->p_cred->p_ruid != p->p_cred->p_ruid ||
141			ISSET(t->p_flag, P_SUGID)) &&
142		    (error = suser(p->p_ucred, &p->p_acflag)) != 0)
143			return (error);
144
145		/*
146		 *	(4) ...it's init, which controls the security level
147		 *	    of the entire system, and the system was not
148		 *          compiled with permanently insecure mode turned
149		 *	    on.
150		 */
151		if ((t->p_pid == 1) && (securelevel > -1))
152			return (EPERM);
153		break;
154
155	case  PT_READ_I:
156	case  PT_READ_D:
157	case  PT_WRITE_I:
158	case  PT_WRITE_D:
159	case  PT_IO:
160	case  PT_CONTINUE:
161	case  PT_KILL:
162	case  PT_DETACH:
163#ifdef PT_STEP
164	case  PT_STEP:
165#endif
166#ifdef PT_GETREGS
167	case  PT_GETREGS:
168#endif
169#ifdef PT_SETREGS
170	case  PT_SETREGS:
171#endif
172#ifdef PT_GETFPREGS
173	case  PT_GETFPREGS:
174#endif
175#ifdef PT_SETFPREGS
176	case  PT_SETFPREGS:
177#endif
178		/*
179		 * You can't do what you want to the process if:
180		 *	(1) It's not being traced at all,
181		 */
182		if (!ISSET(t->p_flag, P_TRACED))
183			return (EPERM);
184
185		/*
186		 *	(2) it's not being traced by _you_, or
187		 */
188		if (t->p_pptr != p)
189			return (EBUSY);
190
191		/*
192		 *	(3) it's not currently stopped.
193		 */
194		if (t->p_stat != SSTOP || !ISSET(t->p_flag, P_WAITED))
195			return (EBUSY);
196		break;
197
198	default:			/* It was not a legal request. */
199		return (EINVAL);
200	}
201
202	/* Do single-step fixup if needed. */
203	FIX_SSTEP(t);
204
205	/* Now do the operation. */
206	write = 0;
207	*retval = 0;
208
209	switch (SCARG(uap, req)) {
210	case  PT_TRACE_ME:
211		/* Just set the trace flag. */
212		SET(t->p_flag, P_TRACED);
213		t->p_oppid = t->p_pptr->p_pid;
214		return (0);
215
216	case  PT_WRITE_I:		/* XXX no separate I and D spaces */
217	case  PT_WRITE_D:
218		write = 1;
219		temp = SCARG(uap, data);
220	case  PT_READ_I:		/* XXX no separate I and D spaces */
221	case  PT_READ_D:
222		/* write = 0 done above. */
223		iov.iov_base = (caddr_t)&temp;
224		iov.iov_len = sizeof(int);
225		uio.uio_iov = &iov;
226		uio.uio_iovcnt = 1;
227		uio.uio_offset = (off_t)(long)SCARG(uap, addr);
228		uio.uio_resid = sizeof(int);
229		uio.uio_segflg = UIO_SYSSPACE;
230		uio.uio_rw = write ? UIO_WRITE : UIO_READ;
231		uio.uio_procp = p;
232		error = procfs_domem(p, t, NULL, &uio);
233		if (write == 0)
234			*retval = temp;
235		return (error);
236	case  PT_IO:
237		error = copyin(SCARG(uap, addr), &piod, sizeof(piod));
238		if (error)
239			return (error);
240		iov.iov_base = piod.piod_addr;
241		iov.iov_len = piod.piod_len;
242		uio.uio_iov = &iov;
243		uio.uio_iovcnt = 1;
244		uio.uio_offset = (off_t)(long)piod.piod_offs;
245		uio.uio_resid = piod.piod_len;
246		uio.uio_segflg = UIO_USERSPACE;
247		uio.uio_procp = p;
248		switch (piod.piod_op) {
249		case PIOD_OP_READ_DATA:
250		case PIOD_OP_READ_TEXT:
251			uio.uio_rw = UIO_READ;
252			break;
253		case PIOD_OP_WRITE_DATA:
254		case PIOD_OP_WRITE_TEXT:
255			uio.uio_rw = UIO_WRITE;
256			break;
257		default:
258			return (EINVAL);
259		}
260		error = procfs_domem(p, t, NULL, &uio);
261		*retval = piod.piod_len - uio.uio_resid;
262		return (error);
263#ifdef PT_STEP
264	case  PT_STEP:
265		/*
266		 * From the 4.4BSD PRM:
267		 * "Execution continues as in request PT_CONTINUE; however
268		 * as soon as possible after execution of at least one
269		 * instruction, execution stops again. [ ... ]"
270		 */
271#endif
272	case  PT_CONTINUE:
273		/*
274		 * From the 4.4BSD PRM:
275		 * "The data argument is taken as a signal number and the
276		 * child's execution continues at location addr as if it
277		 * incurred that signal.  Normally the signal number will
278		 * be either 0 to indicate that the signal that caused the
279		 * stop should be ignored, or that value fetched out of
280		 * the process's image indicating which signal caused
281		 * the stop.  If addr is (int *)1 then execution continues
282		 * from where it stopped."
283		 */
284
285		/* Check that the data is a valid signal number or zero. */
286		if (SCARG(uap, data) < 0 || SCARG(uap, data) >= NSIG)
287			return (EINVAL);
288
289		PHOLD(t);
290#ifdef PT_STEP
291		/*
292		 * Arrange for a single-step, if that's requested and possible.
293		 */
294		error = process_sstep(t, SCARG(uap, req) == PT_STEP);
295		if (error)
296			goto relebad;
297#endif
298
299		/* If the address paramter is not (int *)1, set the pc. */
300		if ((int *)SCARG(uap, addr) != (int *)1)
301			if ((error = process_set_pc(t, SCARG(uap, addr))) != 0)
302				goto relebad;
303		PRELE(t);
304		goto sendsig;
305
306	case  PT_DETACH:
307		/*
308		 * From the 4.4BSD PRM:
309		 * "The data argument is taken as a signal number and the
310		 * child's execution continues at location addr as if it
311		 * incurred that signal.  Normally the signal number will
312		 * be either 0 to indicate that the signal that caused the
313		 * stop should be ignored, or that value fetched out of
314		 * the process's image indicating which signal caused
315		 * the stop.  If addr is (int *)1 then execution continues
316		 * from where it stopped."
317		 */
318
319		/* Check that the data is a valid signal number or zero. */
320		if (SCARG(uap, data) < 0 || SCARG(uap, data) >= NSIG)
321			return (EINVAL);
322
323		PHOLD(t);
324#ifdef PT_STEP
325		/*
326		 * Arrange for a single-step, if that's requested and possible.
327		 */
328		error = process_sstep(t, SCARG(uap, req) == PT_STEP);
329		if (error)
330			goto relebad;
331#endif
332		PRELE(t);
333
334		/* give process back to original parent or init */
335		if (t->p_oppid != t->p_pptr->p_pid) {
336			struct proc *pp;
337
338			pp = pfind(t->p_oppid);
339			proc_reparent(t, pp ? pp : initproc);
340		}
341
342		/* not being traced any more */
343		t->p_oppid = 0;
344		CLR(t->p_flag, P_TRACED|P_WAITED);
345
346	sendsig:
347		/* Finally, deliver the requested signal (or none). */
348		if (t->p_stat == SSTOP) {
349			t->p_xstat = SCARG(uap, data);
350			setrunnable(t);
351		} else {
352			if (SCARG(uap, data) != 0)
353				psignal(t, SCARG(uap, data));
354		}
355		return (0);
356
357	relebad:
358		PRELE(t);
359		return (error);
360
361	case  PT_KILL:
362		/* just send the process a KILL signal. */
363		SCARG(uap, data) = SIGKILL;
364		goto sendsig;	/* in PT_CONTINUE, above. */
365
366	case  PT_ATTACH:
367		/*
368		 * As done in procfs:
369		 * Go ahead and set the trace flag.
370		 * Save the old parent (it's reset in
371		 *   _DETACH, and also in kern_exit.c:wait4()
372		 * Reparent the process so that the tracing
373		 *   proc gets to see all the action.
374		 * Stop the target.
375		 */
376		SET(t->p_flag, P_TRACED);
377		t->p_oppid = t->p_pptr->p_pid;
378		if (t->p_pptr != p)
379			proc_reparent(t, p);
380		SCARG(uap, data) = SIGSTOP;
381		goto sendsig;
382
383#ifdef PT_SETREGS
384	case  PT_SETREGS:
385		write = 1;
386#endif
387#ifdef PT_GETREGS
388	case  PT_GETREGS:
389		/* write = 0 done above. */
390#endif
391#if defined(PT_SETREGS) || defined(PT_GETREGS)
392		if (!procfs_validregs(t, NULL))
393			return (EINVAL);
394		else {
395			iov.iov_base = SCARG(uap, addr);
396			iov.iov_len = sizeof(struct reg);
397			uio.uio_iov = &iov;
398			uio.uio_iovcnt = 1;
399			uio.uio_offset = 0;
400			uio.uio_resid = sizeof(struct reg);
401			uio.uio_segflg = UIO_USERSPACE;
402			uio.uio_rw = write ? UIO_WRITE : UIO_READ;
403			uio.uio_procp = p;
404			return (procfs_doregs(p, t, NULL, &uio));
405		}
406#endif
407
408#ifdef PT_SETFPREGS
409	case  PT_SETFPREGS:
410		write = 1;
411#endif
412#ifdef PT_GETFPREGS
413	case  PT_GETFPREGS:
414		/* write = 0 done above. */
415#endif
416#if defined(PT_SETFPREGS) || defined(PT_GETFPREGS)
417		if (!procfs_validfpregs(t, NULL))
418			return (EINVAL);
419		else {
420			iov.iov_base = SCARG(uap, addr);
421			iov.iov_len = sizeof(struct fpreg);
422			uio.uio_iov = &iov;
423			uio.uio_iovcnt = 1;
424			uio.uio_offset = 0;
425			uio.uio_resid = sizeof(struct fpreg);
426			uio.uio_segflg = UIO_USERSPACE;
427			uio.uio_rw = write ? UIO_WRITE : UIO_READ;
428			uio.uio_procp = p;
429			return (procfs_dofpregs(p, t, NULL, &uio));
430		}
431#endif
432	}
433
434#ifdef DIAGNOSTIC
435	panic("ptrace: impossible");
436#endif
437	return 0;
438}
439