2005-01-06 23:35:40 +00:00
|
|
|
/*-
|
2017-11-27 15:20:12 +00:00
|
|
|
* SPDX-License-Identifier: BSD-4-Clause
|
|
|
|
|
*
|
1994-08-08 13:00:27 +00:00
|
|
|
* Copyright (c) 1994, Sean Eric Fagan
|
|
|
|
|
* All rights reserved.
|
1994-05-24 10:09:53 +00:00
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
|
|
|
* must display the following acknowledgement:
|
1994-08-08 13:00:27 +00:00
|
|
|
* This product includes software developed by Sean Eric Fagan.
|
|
|
|
|
* 4. The name of the author may not be used to endorse or promote products
|
|
|
|
|
* derived from this software without specific prior written permission.
|
1994-05-24 10:09:53 +00:00
|
|
|
*
|
1994-08-08 13:00:27 +00:00
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
1994-05-24 10:09:53 +00:00
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
1994-08-08 13:00:27 +00:00
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
1994-05-24 10:09:53 +00:00
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <sys/param.h>
|
1994-08-18 22:36:09 +00:00
|
|
|
#include <sys/systm.h>
|
2019-05-21 20:38:48 +00:00
|
|
|
#include <sys/ktr.h>
|
2019-07-29 20:26:01 +00:00
|
|
|
#include <sys/limits.h>
|
2001-05-01 08:13:21 +00:00
|
|
|
#include <sys/lock.h>
|
|
|
|
|
#include <sys/mutex.h>
|
2021-08-27 09:38:40 +00:00
|
|
|
#include <sys/reg.h>
|
2002-09-05 01:02:50 +00:00
|
|
|
#include <sys/syscallsubr.h>
|
2009-03-02 18:43:50 +00:00
|
|
|
#include <sys/sysent.h>
|
1995-11-12 06:43:28 +00:00
|
|
|
#include <sys/sysproto.h>
|
2013-09-19 18:53:42 +00:00
|
|
|
#include <sys/priv.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
#include <sys/proc.h>
|
1994-08-08 13:00:27 +00:00
|
|
|
#include <sys/vnode.h>
|
|
|
|
|
#include <sys/ptrace.h>
|
2013-03-09 02:32:23 +00:00
|
|
|
#include <sys/rwlock.h>
|
2001-03-28 11:52:56 +00:00
|
|
|
#include <sys/sx.h>
|
2004-07-13 07:25:24 +00:00
|
|
|
#include <sys/malloc.h>
|
2004-11-27 06:51:39 +00:00
|
|
|
#include <sys/signalvar.h>
|
2021-04-23 13:26:01 +00:00
|
|
|
#include <sys/caprights.h>
|
|
|
|
|
#include <sys/filedesc.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2006-02-14 01:18:31 +00:00
|
|
|
#include <security/audit/audit.h>
|
|
|
|
|
|
1994-08-08 13:00:27 +00:00
|
|
|
#include <vm/vm.h>
|
1995-12-07 12:48:31 +00:00
|
|
|
#include <vm/pmap.h>
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
#include <vm/vm_extern.h>
|
1995-12-07 12:48:31 +00:00
|
|
|
#include <vm/vm_map.h>
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
#include <vm/vm_kern.h>
|
|
|
|
|
#include <vm/vm_object.h>
|
1994-08-08 13:00:27 +00:00
|
|
|
#include <vm/vm_page.h>
|
Implement global and per-uid accounting of the anonymous memory. Add
rlimit RLIMIT_SWAP that limits the amount of swap that may be reserved
for the uid.
The accounting information (charge) is associated with either map entry,
or vm object backing the entry, assuming the object is the first one
in the shadow chain and entry does not require COW. Charge is moved
from entry to object on allocation of the object, e.g. during the mmap,
assuming the object is allocated, or on the first page fault on the
entry. It moves back to the entry on forks due to COW setup.
The per-entry granularity of accounting makes the charge process fair
for processes that change uid during lifetime, and decrements charge
for proper uid when region is unmapped.
The interface of vm_pager_allocate(9) is extended by adding struct ucred *,
that is used to charge appropriate uid when allocation if performed by
kernel, e.g. md(4).
Several syscalls, among them is fork(2), may now return ENOMEM when
global or per-uid limits are enforced.
In collaboration with: pho
Reviewed by: alc
Approved by: re (kensmith)
2009-06-23 20:45:22 +00:00
|
|
|
#include <vm/vm_param.h>
|
1994-08-08 13:00:27 +00:00
|
|
|
|
2010-03-11 14:49:06 +00:00
|
|
|
#ifdef COMPAT_FREEBSD32
|
2005-06-30 07:49:22 +00:00
|
|
|
#include <sys/procfs.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2022-01-24 11:24:17 +00:00
|
|
|
/* Assert it's safe to unlock a process, e.g. to allocate working memory */
|
|
|
|
|
#define PROC_ASSERT_TRACEREQ(p) MPASS(((p)->p_flag2 & P2_PTRACEREQ) != 0)
|
|
|
|
|
|
2002-02-21 04:37:55 +00:00
|
|
|
/*
|
|
|
|
|
* Functions implemented using PROC_ACTION():
|
|
|
|
|
*
|
|
|
|
|
* proc_read_regs(proc, regs)
|
|
|
|
|
* Get the current user-visible register set from the process
|
|
|
|
|
* and copy it into the regs structure (<machine/reg.h>).
|
|
|
|
|
* The process is stopped at the time read_regs is called.
|
|
|
|
|
*
|
|
|
|
|
* proc_write_regs(proc, regs)
|
|
|
|
|
* Update the current register set from the passed in regs
|
|
|
|
|
* structure. Take care to avoid clobbering special CPU
|
|
|
|
|
* registers or privileged bits in the PSL.
|
|
|
|
|
* Depending on the architecture this may have fix-up work to do,
|
|
|
|
|
* especially if the IAR or PCW are modified.
|
|
|
|
|
* The process is stopped at the time write_regs is called.
|
|
|
|
|
*
|
|
|
|
|
* proc_read_fpregs, proc_write_fpregs
|
|
|
|
|
* deal with the floating point register set, otherwise as above.
|
|
|
|
|
*
|
|
|
|
|
* proc_read_dbregs, proc_write_dbregs
|
|
|
|
|
* deal with the processor debug register set, otherwise as above.
|
|
|
|
|
*
|
|
|
|
|
* proc_sstep(proc)
|
|
|
|
|
* Arrange for the process to trap after executing a single instruction.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#define PROC_ACTION(action) do { \
|
2001-10-21 23:57:24 +00:00
|
|
|
int error; \
|
|
|
|
|
\
|
2003-04-22 20:01:56 +00:00
|
|
|
PROC_LOCK_ASSERT(td->td_proc, MA_OWNED); \
|
2007-09-17 05:31:39 +00:00
|
|
|
if ((td->td_proc->p_flag & P_INMEM) == 0) \
|
2002-02-21 04:37:55 +00:00
|
|
|
error = EIO; \
|
|
|
|
|
else \
|
|
|
|
|
error = (action); \
|
2001-10-21 23:57:24 +00:00
|
|
|
return (error); \
|
2021-04-18 17:10:59 +00:00
|
|
|
} while (0)
|
2003-03-19 00:33:38 +00:00
|
|
|
|
2002-02-21 04:37:55 +00:00
|
|
|
int
|
|
|
|
|
proc_read_regs(struct thread *td, struct reg *regs)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
PROC_ACTION(fill_regs(td, regs));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
proc_write_regs(struct thread *td, struct reg *regs)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
PROC_ACTION(set_regs(td, regs));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
proc_read_dbregs(struct thread *td, struct dbreg *dbregs)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
PROC_ACTION(fill_dbregs(td, dbregs));
|
2001-10-21 23:57:24 +00:00
|
|
|
}
|
|
|
|
|
|
2002-02-21 04:37:55 +00:00
|
|
|
int
|
|
|
|
|
proc_write_dbregs(struct thread *td, struct dbreg *dbregs)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
PROC_ACTION(set_dbregs(td, dbregs));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ptrace doesn't support fpregs at all, and there are no security holes
|
|
|
|
|
* or translations for fpregs, so we can just copy them.
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
proc_read_fpregs(struct thread *td, struct fpreg *fpregs)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
PROC_ACTION(fill_fpregs(td, fpregs));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
proc_write_fpregs(struct thread *td, struct fpreg *fpregs)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
PROC_ACTION(set_fpregs(td, fpregs));
|
|
|
|
|
}
|
2001-10-21 23:57:24 +00:00
|
|
|
|
2022-01-24 11:24:17 +00:00
|
|
|
static struct regset *
|
|
|
|
|
proc_find_regset(struct thread *td, int note)
|
|
|
|
|
{
|
|
|
|
|
struct regset **regsetp, **regset_end, *regset;
|
|
|
|
|
struct sysentvec *sv;
|
|
|
|
|
|
|
|
|
|
sv = td->td_proc->p_sysent;
|
|
|
|
|
regsetp = sv->sv_regset_begin;
|
|
|
|
|
if (regsetp == NULL)
|
|
|
|
|
return (NULL);
|
|
|
|
|
regset_end = sv->sv_regset_end;
|
|
|
|
|
MPASS(regset_end != NULL);
|
|
|
|
|
for (; regsetp < regset_end; regsetp++) {
|
|
|
|
|
regset = *regsetp;
|
|
|
|
|
if (regset->note != note)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
return (regset);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
proc_read_regset(struct thread *td, int note, struct iovec *iov)
|
|
|
|
|
{
|
|
|
|
|
struct regset *regset;
|
|
|
|
|
struct proc *p;
|
|
|
|
|
void *buf;
|
|
|
|
|
size_t size;
|
|
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
regset = proc_find_regset(td, note);
|
|
|
|
|
if (regset == NULL)
|
|
|
|
|
return (EINVAL);
|
|
|
|
|
|
2023-08-23 14:32:56 +00:00
|
|
|
if (regset->get == NULL)
|
|
|
|
|
return (EINVAL);
|
|
|
|
|
|
|
|
|
|
size = regset->size;
|
|
|
|
|
/*
|
|
|
|
|
* The regset is dynamically sized, e.g. the size could change
|
|
|
|
|
* depending on the hardware, or may have a per-thread size.
|
|
|
|
|
*/
|
|
|
|
|
if (size == 0) {
|
|
|
|
|
if (!regset->get(regset, td, NULL, &size))
|
|
|
|
|
return (EINVAL);
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-24 11:24:17 +00:00
|
|
|
if (iov->iov_base == NULL) {
|
2023-08-23 14:32:56 +00:00
|
|
|
iov->iov_len = size;
|
2022-01-24 11:24:17 +00:00
|
|
|
if (iov->iov_len == 0)
|
|
|
|
|
return (EINVAL);
|
|
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* The length is wrong, return an error */
|
2023-08-23 14:32:56 +00:00
|
|
|
if (iov->iov_len != size)
|
2022-01-24 11:24:17 +00:00
|
|
|
return (EINVAL);
|
|
|
|
|
|
|
|
|
|
error = 0;
|
|
|
|
|
p = td->td_proc;
|
|
|
|
|
|
|
|
|
|
/* Drop the proc lock while allocating the temp buffer */
|
|
|
|
|
PROC_ASSERT_TRACEREQ(p);
|
|
|
|
|
PROC_UNLOCK(p);
|
|
|
|
|
buf = malloc(size, M_TEMP, M_WAITOK);
|
|
|
|
|
PROC_LOCK(p);
|
|
|
|
|
|
|
|
|
|
if (!regset->get(regset, td, buf, &size)) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
} else {
|
2023-08-23 14:32:56 +00:00
|
|
|
KASSERT(size == regset->size || regset->size == 0,
|
2022-01-24 11:24:17 +00:00
|
|
|
("%s: Getter function changed the size", __func__));
|
|
|
|
|
|
|
|
|
|
iov->iov_len = size;
|
|
|
|
|
PROC_UNLOCK(p);
|
|
|
|
|
error = copyout(buf, iov->iov_base, size);
|
|
|
|
|
PROC_LOCK(p);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
free(buf, M_TEMP);
|
|
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
proc_write_regset(struct thread *td, int note, struct iovec *iov)
|
|
|
|
|
{
|
|
|
|
|
struct regset *regset;
|
|
|
|
|
struct proc *p;
|
|
|
|
|
void *buf;
|
|
|
|
|
size_t size;
|
|
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
regset = proc_find_regset(td, note);
|
|
|
|
|
if (regset == NULL)
|
|
|
|
|
return (EINVAL);
|
|
|
|
|
|
2023-08-23 14:32:56 +00:00
|
|
|
size = regset->size;
|
|
|
|
|
/*
|
|
|
|
|
* The regset is dynamically sized, e.g. the size could change
|
|
|
|
|
* depending on the hardware, or may have a per-thread size.
|
|
|
|
|
*/
|
|
|
|
|
if (size == 0) {
|
|
|
|
|
if (!regset->get(regset, td, NULL, &size))
|
|
|
|
|
return (EINVAL);
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-24 11:24:17 +00:00
|
|
|
/* The length is wrong, return an error */
|
2023-08-23 14:32:56 +00:00
|
|
|
if (iov->iov_len != size)
|
2022-01-24 11:24:17 +00:00
|
|
|
return (EINVAL);
|
|
|
|
|
|
|
|
|
|
if (regset->set == NULL)
|
|
|
|
|
return (EINVAL);
|
|
|
|
|
|
|
|
|
|
p = td->td_proc;
|
|
|
|
|
|
|
|
|
|
/* Drop the proc lock while allocating the temp buffer */
|
|
|
|
|
PROC_ASSERT_TRACEREQ(p);
|
|
|
|
|
PROC_UNLOCK(p);
|
|
|
|
|
buf = malloc(size, M_TEMP, M_WAITOK);
|
|
|
|
|
error = copyin(iov->iov_base, buf, size);
|
|
|
|
|
PROC_LOCK(p);
|
|
|
|
|
|
|
|
|
|
if (error == 0) {
|
|
|
|
|
if (!regset->set(regset, td, buf, size)) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
free(buf, M_TEMP);
|
|
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
2010-03-11 14:49:06 +00:00
|
|
|
#ifdef COMPAT_FREEBSD32
|
2005-06-30 07:49:22 +00:00
|
|
|
/* For 32 bit binaries, we need to expose the 32 bit regs layouts. */
|
|
|
|
|
int
|
|
|
|
|
proc_read_regs32(struct thread *td, struct reg32 *regs32)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
PROC_ACTION(fill_regs32(td, regs32));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
proc_write_regs32(struct thread *td, struct reg32 *regs32)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
PROC_ACTION(set_regs32(td, regs32));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
proc_read_dbregs32(struct thread *td, struct dbreg32 *dbregs32)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
PROC_ACTION(fill_dbregs32(td, dbregs32));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
proc_write_dbregs32(struct thread *td, struct dbreg32 *dbregs32)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
PROC_ACTION(set_dbregs32(td, dbregs32));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
proc_read_fpregs32(struct thread *td, struct fpreg32 *fpregs32)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
PROC_ACTION(fill_fpregs32(td, fpregs32));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
proc_write_fpregs32(struct thread *td, struct fpreg32 *fpregs32)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
PROC_ACTION(set_fpregs32(td, fpregs32));
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2001-10-21 23:57:24 +00:00
|
|
|
int
|
|
|
|
|
proc_sstep(struct thread *td)
|
|
|
|
|
{
|
|
|
|
|
|
2002-02-21 04:37:55 +00:00
|
|
|
PROC_ACTION(ptrace_single_step(td));
|
2001-10-21 23:57:24 +00:00
|
|
|
}
|
|
|
|
|
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
int
|
|
|
|
|
proc_rwmem(struct proc *p, struct uio *uio)
|
2001-10-04 16:35:44 +00:00
|
|
|
{
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
vm_map_t map;
|
2009-11-26 05:16:07 +00:00
|
|
|
vm_offset_t pageno; /* page number */
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
vm_prot_t reqprot;
|
2010-12-20 22:49:31 +00:00
|
|
|
int error, fault_flags, page_offset, writing;
|
1994-08-08 13:00:27 +00:00
|
|
|
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
/*
|
2022-03-01 16:48:39 +00:00
|
|
|
* Make sure that the process' vmspace remains live.
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
*/
|
2022-03-01 16:48:39 +00:00
|
|
|
if (p != curproc)
|
|
|
|
|
PROC_ASSERT_HELD(p);
|
2015-12-07 21:33:15 +00:00
|
|
|
PROC_LOCK_ASSERT(p, MA_NOTOWNED);
|
2004-07-27 03:53:41 +00:00
|
|
|
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
/*
|
|
|
|
|
* The map we want...
|
|
|
|
|
*/
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
map = &p->p_vmspace->vm_map;
|
1994-08-08 13:00:27 +00:00
|
|
|
|
2010-12-20 22:49:31 +00:00
|
|
|
/*
|
|
|
|
|
* If we are writing, then we request vm_fault() to create a private
|
|
|
|
|
* copy of each page. Since these copies will not be writeable by the
|
|
|
|
|
* process, we must explicity request that they be dirtied.
|
|
|
|
|
*/
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
writing = uio->uio_rw == UIO_WRITE;
|
2009-11-26 05:16:07 +00:00
|
|
|
reqprot = writing ? VM_PROT_COPY | VM_PROT_READ : VM_PROT_READ;
|
2010-12-20 22:49:31 +00:00
|
|
|
fault_flags = writing ? VM_FAULT_DIRTY : VM_FAULT_NORMAL;
|
1995-05-30 08:16:23 +00:00
|
|
|
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
/*
|
|
|
|
|
* Only map in one page at a time. We don't have to, but it
|
|
|
|
|
* makes things easier. This way is trivial - right?
|
|
|
|
|
*/
|
|
|
|
|
do {
|
|
|
|
|
vm_offset_t uva;
|
|
|
|
|
u_int len;
|
|
|
|
|
vm_page_t m;
|
1995-05-30 08:16:23 +00:00
|
|
|
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
uva = (vm_offset_t)uio->uio_offset;
|
1994-08-08 13:00:27 +00:00
|
|
|
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
/*
|
|
|
|
|
* Get the page number of this segment.
|
|
|
|
|
*/
|
|
|
|
|
pageno = trunc_page(uva);
|
|
|
|
|
page_offset = uva - pageno;
|
1994-08-08 13:00:27 +00:00
|
|
|
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
/*
|
|
|
|
|
* How many bytes to copy
|
|
|
|
|
*/
|
|
|
|
|
len = min(PAGE_SIZE - page_offset, uio->uio_resid);
|
|
|
|
|
|
|
|
|
|
/*
|
2013-08-05 08:55:35 +00:00
|
|
|
* Fault and hold the page on behalf of the process.
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
*/
|
2019-09-27 18:43:36 +00:00
|
|
|
error = vm_fault(map, pageno, reqprot, fault_flags, &m);
|
2010-12-20 22:49:31 +00:00
|
|
|
if (error != KERN_SUCCESS) {
|
Implement global and per-uid accounting of the anonymous memory. Add
rlimit RLIMIT_SWAP that limits the amount of swap that may be reserved
for the uid.
The accounting information (charge) is associated with either map entry,
or vm object backing the entry, assuming the object is the first one
in the shadow chain and entry does not require COW. Charge is moved
from entry to object on allocation of the object, e.g. during the mmap,
assuming the object is allocated, or on the first page fault on the
entry. It moves back to the entry on forks due to COW setup.
The per-entry granularity of accounting makes the charge process fair
for processes that change uid during lifetime, and decrements charge
for proper uid when region is unmapped.
The interface of vm_pager_allocate(9) is extended by adding struct ucred *,
that is used to charge appropriate uid when allocation if performed by
kernel, e.g. md(4).
Several syscalls, among them is fork(2), may now return ENOMEM when
global or per-uid limits are enforced.
In collaboration with: pho
Reviewed by: alc
Approved by: re (kensmith)
2009-06-23 20:45:22 +00:00
|
|
|
if (error == KERN_RESOURCE_SHORTAGE)
|
|
|
|
|
error = ENOMEM;
|
|
|
|
|
else
|
|
|
|
|
error = EFAULT;
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
break;
|
1994-08-08 13:00:27 +00:00
|
|
|
}
|
|
|
|
|
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
/*
|
|
|
|
|
* Now do the i/o move.
|
|
|
|
|
*/
|
2004-03-24 23:35:04 +00:00
|
|
|
error = uiomove_fromphys(&m, page_offset, len, uio);
|
1995-05-30 08:16:23 +00:00
|
|
|
|
2009-10-21 18:38:02 +00:00
|
|
|
/* Make the I-cache coherent for breakpoints. */
|
2010-12-20 22:49:31 +00:00
|
|
|
if (writing && error == 0) {
|
|
|
|
|
vm_map_lock_read(map);
|
|
|
|
|
if (vm_map_check_protection(map, pageno, pageno +
|
|
|
|
|
PAGE_SIZE, VM_PROT_EXECUTE))
|
|
|
|
|
vm_sync_icache(map, uva, len);
|
|
|
|
|
vm_map_unlock_read(map);
|
|
|
|
|
}
|
2009-10-21 18:38:02 +00:00
|
|
|
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
/*
|
2003-08-09 18:01:19 +00:00
|
|
|
* Release the page.
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
*/
|
Change synchonization rules for vm_page reference counting.
There are several mechanisms by which a vm_page reference is held,
preventing the page from being freed back to the page allocator. In
particular, holding the page's object lock is sufficient to prevent the
page from being freed; holding the busy lock or a wiring is sufficent as
well. These references are protected by the page lock, which must
therefore be acquired for many per-page operations. This results in
false sharing since the page locks are external to the vm_page
structures themselves and each lock protects multiple structures.
Transition to using an atomically updated per-page reference counter.
The object's reference is counted using a flag bit in the counter. A
second flag bit is used to atomically block new references via
pmap_extract_and_hold() while removing managed mappings of a page.
Thus, the reference count of a page is guaranteed not to increase if the
page is unbusied, unmapped, and the object's write lock is held. As
a consequence of this, the page lock no longer protects a page's
identity; operations which move pages between objects are now
synchronized solely by the objects' locks.
The vm_page_wire() and vm_page_unwire() KPIs are changed. The former
requires that either the object lock or the busy lock is held. The
latter no longer has a return value and may free the page if it releases
the last reference to that page. vm_page_unwire_noq() behaves the same
as before; the caller is responsible for checking its return value and
freeing or enqueuing the page as appropriate. vm_page_wire_mapped() is
introduced for use in pmap_extract_and_hold(). It fails if the page is
concurrently being unmapped, typically triggering a fallback to the
fault handler. vm_page_wire() no longer requires the page lock and
vm_page_unwire() now internally acquires the page lock when releasing
the last wiring of a page (since the page lock still protects a page's
queue state). In particular, synchronization details are no longer
leaked into the caller.
The change excises the page lock from several frequently executed code
paths. In particular, vm_object_terminate() no longer bounces between
page locks as it releases an object's pages, and direct I/O and
sendfile(SF_NOCACHE) completions no longer require the page lock. In
these latter cases we now get linear scalability in the common scenario
where different threads are operating on different files.
__FreeBSD_version is bumped. The DRM ports have been updated to
accomodate the KPI changes.
Reviewed by: jeff (earlier version)
Tested by: gallatin (earlier version), pho
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D20486
2019-09-09 21:32:42 +00:00
|
|
|
vm_page_unwire(m, PQ_ACTIVE);
|
1994-08-08 13:00:27 +00:00
|
|
|
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
} while (error == 0 && uio->uio_resid > 0);
|
1994-08-08 13:00:27 +00:00
|
|
|
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
return (error);
|
1994-08-08 13:00:27 +00:00
|
|
|
}
|
|
|
|
|
|
2015-12-07 21:33:15 +00:00
|
|
|
static ssize_t
|
|
|
|
|
proc_iop(struct thread *td, struct proc *p, vm_offset_t va, void *buf,
|
|
|
|
|
size_t len, enum uio_rw rw)
|
|
|
|
|
{
|
|
|
|
|
struct iovec iov;
|
|
|
|
|
struct uio uio;
|
|
|
|
|
ssize_t slen;
|
|
|
|
|
|
|
|
|
|
MPASS(len < SSIZE_MAX);
|
|
|
|
|
slen = (ssize_t)len;
|
|
|
|
|
|
|
|
|
|
iov.iov_base = (caddr_t)buf;
|
|
|
|
|
iov.iov_len = len;
|
|
|
|
|
uio.uio_iov = &iov;
|
|
|
|
|
uio.uio_iovcnt = 1;
|
|
|
|
|
uio.uio_offset = va;
|
|
|
|
|
uio.uio_resid = slen;
|
|
|
|
|
uio.uio_segflg = UIO_SYSSPACE;
|
|
|
|
|
uio.uio_rw = rw;
|
|
|
|
|
uio.uio_td = td;
|
2018-05-19 03:48:35 +00:00
|
|
|
proc_rwmem(p, &uio);
|
2015-12-07 21:33:15 +00:00
|
|
|
if (uio.uio_resid == slen)
|
|
|
|
|
return (-1);
|
|
|
|
|
return (slen - uio.uio_resid);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ssize_t
|
|
|
|
|
proc_readmem(struct thread *td, struct proc *p, vm_offset_t va, void *buf,
|
|
|
|
|
size_t len)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
return (proc_iop(td, p, va, buf, len, UIO_READ));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ssize_t
|
|
|
|
|
proc_writemem(struct thread *td, struct proc *p, vm_offset_t va, void *buf,
|
|
|
|
|
size_t len)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
return (proc_iop(td, p, va, buf, len, UIO_WRITE));
|
|
|
|
|
}
|
|
|
|
|
|
2010-02-09 05:52:35 +00:00
|
|
|
static int
|
|
|
|
|
ptrace_vm_entry(struct thread *td, struct proc *p, struct ptrace_vm_entry *pve)
|
|
|
|
|
{
|
2010-02-11 18:00:53 +00:00
|
|
|
struct vattr vattr;
|
2010-02-09 05:52:35 +00:00
|
|
|
vm_map_t map;
|
|
|
|
|
vm_map_entry_t entry;
|
|
|
|
|
vm_object_t obj, tobj, lobj;
|
2010-02-11 18:00:53 +00:00
|
|
|
struct vmspace *vm;
|
2010-02-09 05:52:35 +00:00
|
|
|
struct vnode *vp;
|
|
|
|
|
char *freepath, *fullpath;
|
|
|
|
|
u_int pathlen;
|
2012-10-22 17:50:54 +00:00
|
|
|
int error, index;
|
2010-02-09 05:52:35 +00:00
|
|
|
|
2010-02-11 18:00:53 +00:00
|
|
|
error = 0;
|
|
|
|
|
obj = NULL;
|
|
|
|
|
|
|
|
|
|
vm = vmspace_acquire_ref(p);
|
|
|
|
|
map = &vm->vm_map;
|
|
|
|
|
vm_map_lock_read(map);
|
|
|
|
|
|
|
|
|
|
do {
|
2019-10-08 07:14:21 +00:00
|
|
|
KASSERT((map->header.eflags & MAP_ENTRY_IS_SUB_MAP) == 0,
|
|
|
|
|
("Submap in map header"));
|
2010-02-11 18:00:53 +00:00
|
|
|
index = 0;
|
2019-10-08 07:14:21 +00:00
|
|
|
VM_MAP_ENTRY_FOREACH(entry, map) {
|
|
|
|
|
if (index >= pve->pve_entry &&
|
|
|
|
|
(entry->eflags & MAP_ENTRY_IS_SUB_MAP) == 0)
|
|
|
|
|
break;
|
2010-02-11 18:00:53 +00:00
|
|
|
index++;
|
|
|
|
|
}
|
2019-10-08 07:14:21 +00:00
|
|
|
if (index < pve->pve_entry) {
|
2010-02-11 18:00:53 +00:00
|
|
|
error = EINVAL;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (entry == &map->header) {
|
|
|
|
|
error = ENOENT;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* We got an entry. */
|
|
|
|
|
pve->pve_entry = index + 1;
|
|
|
|
|
pve->pve_timestamp = map->timestamp;
|
|
|
|
|
pve->pve_start = entry->start;
|
|
|
|
|
pve->pve_end = entry->end - 1;
|
|
|
|
|
pve->pve_offset = entry->offset;
|
|
|
|
|
pve->pve_prot = entry->protection;
|
|
|
|
|
|
|
|
|
|
/* Backing object's path needed? */
|
|
|
|
|
if (pve->pve_pathlen == 0)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
pathlen = pve->pve_pathlen;
|
|
|
|
|
pve->pve_pathlen = 0;
|
|
|
|
|
|
|
|
|
|
obj = entry->object.vm_object;
|
|
|
|
|
if (obj != NULL)
|
2013-04-08 19:58:32 +00:00
|
|
|
VM_OBJECT_RLOCK(obj);
|
2010-02-11 18:00:53 +00:00
|
|
|
} while (0);
|
|
|
|
|
|
|
|
|
|
vm_map_unlock_read(map);
|
|
|
|
|
|
2010-02-11 21:10:56 +00:00
|
|
|
pve->pve_fsid = VNOVAL;
|
|
|
|
|
pve->pve_fileid = VNOVAL;
|
|
|
|
|
|
2010-02-11 18:00:53 +00:00
|
|
|
if (error == 0 && obj != NULL) {
|
|
|
|
|
lobj = obj;
|
|
|
|
|
for (tobj = obj; tobj != NULL; tobj = tobj->backing_object) {
|
|
|
|
|
if (tobj != obj)
|
2013-04-08 19:58:32 +00:00
|
|
|
VM_OBJECT_RLOCK(tobj);
|
2010-02-11 18:00:53 +00:00
|
|
|
if (lobj != obj)
|
2013-04-08 19:58:32 +00:00
|
|
|
VM_OBJECT_RUNLOCK(lobj);
|
2010-02-11 18:00:53 +00:00
|
|
|
lobj = tobj;
|
|
|
|
|
pve->pve_offset += tobj->backing_object_offset;
|
|
|
|
|
}
|
2015-06-02 18:37:04 +00:00
|
|
|
vp = vm_object_vnode(lobj);
|
2010-02-09 05:52:35 +00:00
|
|
|
if (vp != NULL)
|
|
|
|
|
vref(vp);
|
|
|
|
|
if (lobj != obj)
|
2013-04-08 19:58:32 +00:00
|
|
|
VM_OBJECT_RUNLOCK(lobj);
|
|
|
|
|
VM_OBJECT_RUNLOCK(obj);
|
2010-02-09 05:52:35 +00:00
|
|
|
|
2010-02-11 18:00:53 +00:00
|
|
|
if (vp != NULL) {
|
|
|
|
|
freepath = NULL;
|
|
|
|
|
fullpath = NULL;
|
2020-08-24 08:57:02 +00:00
|
|
|
vn_fullpath(vp, &fullpath, &freepath);
|
2010-02-11 18:00:53 +00:00
|
|
|
vn_lock(vp, LK_SHARED | LK_RETRY);
|
|
|
|
|
if (VOP_GETATTR(vp, &vattr, td->td_ucred) == 0) {
|
|
|
|
|
pve->pve_fileid = vattr.va_fileid;
|
|
|
|
|
pve->pve_fsid = vattr.va_fsid;
|
|
|
|
|
}
|
|
|
|
|
vput(vp);
|
|
|
|
|
|
|
|
|
|
if (fullpath != NULL) {
|
|
|
|
|
pve->pve_pathlen = strlen(fullpath) + 1;
|
|
|
|
|
if (pve->pve_pathlen <= pathlen) {
|
|
|
|
|
error = copyout(fullpath, pve->pve_path,
|
|
|
|
|
pve->pve_pathlen);
|
|
|
|
|
} else
|
|
|
|
|
error = ENAMETOOLONG;
|
|
|
|
|
}
|
|
|
|
|
if (freepath != NULL)
|
|
|
|
|
free(freepath, M_TEMP);
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-07-15 23:26:33 +00:00
|
|
|
vmspace_free(vm);
|
2015-05-25 22:13:22 +00:00
|
|
|
if (error == 0)
|
|
|
|
|
CTR3(KTR_PTRACE, "PT_VM_ENTRY: pid %d, entry %d, start %p",
|
|
|
|
|
p->p_pid, pve->pve_entry, pve->pve_start);
|
2010-02-09 05:52:35 +00:00
|
|
|
|
2010-02-11 18:00:53 +00:00
|
|
|
return (error);
|
|
|
|
|
}
|
2010-02-09 05:52:35 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
|
* Process debugging system call.
|
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 10:09:53 +00:00
|
|
|
struct ptrace_args {
|
|
|
|
|
int req;
|
|
|
|
|
pid_t pid;
|
|
|
|
|
caddr_t addr;
|
|
|
|
|
int data;
|
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-08-08 13:00:27 +00:00
|
|
|
|
1994-05-25 09:21:21 +00:00
|
|
|
int
|
2011-09-16 13:58:51 +00:00
|
|
|
sys_ptrace(struct thread *td, struct ptrace_args *uap)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2002-02-21 04:47:38 +00:00
|
|
|
/*
|
|
|
|
|
* XXX this obfuscation is to reduce stack usage, but the register
|
|
|
|
|
* structs may be too large to put on the stack anyway.
|
|
|
|
|
*/
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
union {
|
2002-03-16 02:40:02 +00:00
|
|
|
struct ptrace_io_desc piod;
|
2004-07-12 05:07:50 +00:00
|
|
|
struct ptrace_lwpinfo pl;
|
2010-02-09 05:52:35 +00:00
|
|
|
struct ptrace_vm_entry pve;
|
2021-04-23 13:26:01 +00:00
|
|
|
struct ptrace_coredump pc;
|
2022-11-30 08:45:52 +00:00
|
|
|
struct ptrace_sc_remote sr;
|
2002-02-21 04:47:38 +00:00
|
|
|
struct dbreg dbreg;
|
|
|
|
|
struct fpreg fpreg;
|
|
|
|
|
struct reg reg;
|
2022-01-24 11:24:17 +00:00
|
|
|
struct iovec vec;
|
2022-03-28 18:43:03 +00:00
|
|
|
syscallarg_t args[nitems(td->td_sa.args)];
|
2019-07-15 21:48:02 +00:00
|
|
|
struct ptrace_sc_ret psr;
|
2016-07-15 15:32:09 +00:00
|
|
|
int ptevents;
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
} r;
|
2022-11-30 08:45:52 +00:00
|
|
|
syscallarg_t pscr_args[nitems(td->td_sa.args)];
|
2002-09-05 01:02:50 +00:00
|
|
|
void *addr;
|
2022-01-21 21:52:35 +00:00
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
if (!allow_ptrace)
|
|
|
|
|
return (ENOSYS);
|
|
|
|
|
error = 0;
|
2002-09-05 01:02:50 +00:00
|
|
|
|
2009-06-27 13:58:44 +00:00
|
|
|
AUDIT_ARG_PID(uap->pid);
|
|
|
|
|
AUDIT_ARG_CMD(uap->req);
|
|
|
|
|
AUDIT_ARG_VALUE(uap->data);
|
2002-09-05 01:02:50 +00:00
|
|
|
addr = &r;
|
|
|
|
|
switch (uap->req) {
|
2016-07-15 15:32:09 +00:00
|
|
|
case PT_GET_EVENT_MASK:
|
2018-12-03 20:54:17 +00:00
|
|
|
case PT_LWPINFO:
|
|
|
|
|
case PT_GET_SC_ARGS:
|
2019-07-15 21:48:02 +00:00
|
|
|
case PT_GET_SC_RET:
|
2018-12-03 20:54:17 +00:00
|
|
|
break;
|
2002-09-05 01:02:50 +00:00
|
|
|
case PT_GETREGS:
|
2020-06-09 16:43:23 +00:00
|
|
|
bzero(&r.reg, sizeof(r.reg));
|
2018-12-03 20:54:17 +00:00
|
|
|
break;
|
2002-09-05 01:02:50 +00:00
|
|
|
case PT_GETFPREGS:
|
2020-06-09 16:43:23 +00:00
|
|
|
bzero(&r.fpreg, sizeof(r.fpreg));
|
2018-12-03 20:54:17 +00:00
|
|
|
break;
|
2002-09-05 01:02:50 +00:00
|
|
|
case PT_GETDBREGS:
|
2020-06-09 16:43:23 +00:00
|
|
|
bzero(&r.dbreg, sizeof(r.dbreg));
|
2002-09-05 01:02:50 +00:00
|
|
|
break;
|
2022-01-24 11:24:17 +00:00
|
|
|
case PT_GETREGSET:
|
2022-02-07 19:49:29 +00:00
|
|
|
case PT_SETREGSET:
|
2022-01-24 11:24:17 +00:00
|
|
|
error = copyin(uap->addr, &r.vec, sizeof(r.vec));
|
|
|
|
|
break;
|
2002-09-05 01:02:50 +00:00
|
|
|
case PT_SETREGS:
|
2020-06-09 16:43:23 +00:00
|
|
|
error = copyin(uap->addr, &r.reg, sizeof(r.reg));
|
2002-09-05 01:02:50 +00:00
|
|
|
break;
|
|
|
|
|
case PT_SETFPREGS:
|
2020-06-09 16:43:23 +00:00
|
|
|
error = copyin(uap->addr, &r.fpreg, sizeof(r.fpreg));
|
2002-09-05 01:02:50 +00:00
|
|
|
break;
|
|
|
|
|
case PT_SETDBREGS:
|
2020-06-09 16:43:23 +00:00
|
|
|
error = copyin(uap->addr, &r.dbreg, sizeof(r.dbreg));
|
2002-09-05 01:02:50 +00:00
|
|
|
break;
|
2016-07-15 15:32:09 +00:00
|
|
|
case PT_SET_EVENT_MASK:
|
|
|
|
|
if (uap->data != sizeof(r.ptevents))
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
else
|
|
|
|
|
error = copyin(uap->addr, &r.ptevents, uap->data);
|
|
|
|
|
break;
|
2002-09-05 01:02:50 +00:00
|
|
|
case PT_IO:
|
2020-06-09 16:43:23 +00:00
|
|
|
error = copyin(uap->addr, &r.piod, sizeof(r.piod));
|
2002-09-05 01:02:50 +00:00
|
|
|
break;
|
2010-02-09 05:52:35 +00:00
|
|
|
case PT_VM_ENTRY:
|
2020-06-09 16:43:23 +00:00
|
|
|
error = copyin(uap->addr, &r.pve, sizeof(r.pve));
|
2010-02-09 05:52:35 +00:00
|
|
|
break;
|
2021-04-23 13:26:01 +00:00
|
|
|
case PT_COREDUMP:
|
|
|
|
|
if (uap->data != sizeof(r.pc))
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
else
|
|
|
|
|
error = copyin(uap->addr, &r.pc, uap->data);
|
|
|
|
|
break;
|
2022-11-30 08:45:52 +00:00
|
|
|
case PT_SC_REMOTE:
|
|
|
|
|
if (uap->data != sizeof(r.sr)) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
error = copyin(uap->addr, &r.sr, uap->data);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
break;
|
|
|
|
|
if (r.sr.pscr_nargs > nitems(td->td_sa.args)) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
error = copyin(r.sr.pscr_args, pscr_args,
|
|
|
|
|
sizeof(u_long) * r.sr.pscr_nargs);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
break;
|
|
|
|
|
r.sr.pscr_args = pscr_args;
|
|
|
|
|
break;
|
2002-09-05 01:02:50 +00:00
|
|
|
default:
|
|
|
|
|
addr = uap->addr;
|
2003-08-15 05:25:06 +00:00
|
|
|
break;
|
2002-09-05 01:02:50 +00:00
|
|
|
}
|
|
|
|
|
if (error)
|
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
|
|
error = kern_ptrace(td, uap->req, uap->pid, addr, uap->data);
|
|
|
|
|
if (error)
|
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
|
|
switch (uap->req) {
|
2010-02-09 05:52:35 +00:00
|
|
|
case PT_VM_ENTRY:
|
2020-06-09 16:43:23 +00:00
|
|
|
error = copyout(&r.pve, uap->addr, sizeof(r.pve));
|
2010-02-09 05:52:35 +00:00
|
|
|
break;
|
2002-09-05 01:02:50 +00:00
|
|
|
case PT_IO:
|
2020-06-09 16:43:23 +00:00
|
|
|
error = copyout(&r.piod, uap->addr, sizeof(r.piod));
|
2002-09-05 01:02:50 +00:00
|
|
|
break;
|
|
|
|
|
case PT_GETREGS:
|
2020-06-09 16:43:23 +00:00
|
|
|
error = copyout(&r.reg, uap->addr, sizeof(r.reg));
|
2002-09-05 01:02:50 +00:00
|
|
|
break;
|
|
|
|
|
case PT_GETFPREGS:
|
2020-06-09 16:43:23 +00:00
|
|
|
error = copyout(&r.fpreg, uap->addr, sizeof(r.fpreg));
|
2002-09-05 01:02:50 +00:00
|
|
|
break;
|
|
|
|
|
case PT_GETDBREGS:
|
2020-06-09 16:43:23 +00:00
|
|
|
error = copyout(&r.dbreg, uap->addr, sizeof(r.dbreg));
|
2002-09-05 01:02:50 +00:00
|
|
|
break;
|
2022-01-24 11:24:17 +00:00
|
|
|
case PT_GETREGSET:
|
|
|
|
|
error = copyout(&r.vec, uap->addr, sizeof(r.vec));
|
|
|
|
|
break;
|
2016-07-15 15:32:09 +00:00
|
|
|
case PT_GET_EVENT_MASK:
|
|
|
|
|
/* NB: The size in uap->data is validated in kern_ptrace(). */
|
|
|
|
|
error = copyout(&r.ptevents, uap->addr, uap->data);
|
|
|
|
|
break;
|
2004-07-12 05:07:50 +00:00
|
|
|
case PT_LWPINFO:
|
2016-07-15 15:32:09 +00:00
|
|
|
/* NB: The size in uap->data is validated in kern_ptrace(). */
|
2004-07-12 05:07:50 +00:00
|
|
|
error = copyout(&r.pl, uap->addr, uap->data);
|
|
|
|
|
break;
|
2017-06-12 21:15:43 +00:00
|
|
|
case PT_GET_SC_ARGS:
|
|
|
|
|
error = copyout(r.args, uap->addr, MIN(uap->data,
|
|
|
|
|
sizeof(r.args)));
|
|
|
|
|
break;
|
2019-07-15 21:48:02 +00:00
|
|
|
case PT_GET_SC_RET:
|
|
|
|
|
error = copyout(&r.psr, uap->addr, MIN(uap->data,
|
|
|
|
|
sizeof(r.psr)));
|
|
|
|
|
break;
|
2022-11-30 08:45:52 +00:00
|
|
|
case PT_SC_REMOTE:
|
|
|
|
|
error = copyout(&r.sr.pscr_ret, uap->addr +
|
|
|
|
|
offsetof(struct ptrace_sc_remote, pscr_ret),
|
|
|
|
|
sizeof(r.sr.pscr_ret));
|
|
|
|
|
break;
|
2002-09-05 01:02:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
2005-06-30 07:49:22 +00:00
|
|
|
|
2010-03-11 14:49:06 +00:00
|
|
|
#ifdef COMPAT_FREEBSD32
|
2005-06-30 07:49:22 +00:00
|
|
|
/*
|
|
|
|
|
* PROC_READ(regs, td2, addr);
|
|
|
|
|
* becomes either:
|
|
|
|
|
* proc_read_regs(td2, addr);
|
|
|
|
|
* or
|
|
|
|
|
* proc_read_regs32(td2, addr);
|
|
|
|
|
* .. except this is done at runtime. There is an additional
|
|
|
|
|
* complication in that PROC_WRITE disallows 32 bit consumers
|
|
|
|
|
* from writing to 64 bit address space targets.
|
|
|
|
|
*/
|
|
|
|
|
#define PROC_READ(w, t, a) wrap32 ? \
|
|
|
|
|
proc_read_ ## w ## 32(t, a) : \
|
|
|
|
|
proc_read_ ## w (t, a)
|
|
|
|
|
#define PROC_WRITE(w, t, a) wrap32 ? \
|
|
|
|
|
(safe ? proc_write_ ## w ## 32(t, a) : EINVAL ) : \
|
|
|
|
|
proc_write_ ## w (t, a)
|
|
|
|
|
#else
|
|
|
|
|
#define PROC_READ(w, t, a) proc_read_ ## w (t, a)
|
|
|
|
|
#define PROC_WRITE(w, t, a) proc_write_ ## w (t, a)
|
|
|
|
|
#endif
|
2002-09-05 01:02:50 +00:00
|
|
|
|
When a debugger attaches to the process, SIGSTOP is sent to the
target. Due to a way issignal() selects the next signal to deliver
and report, if the simultaneous or already pending another signal
exists, that signal might be reported by the next waitpid(2) call.
This causes minor annoyance for debuggers, which must be prepared to
take any signal as the first event, then filter SIGSTOP later.
More importantly, for tools like gcore(1), which attach and then
detach without processing events, SIGSTOP might leak to be delivered
after PT_DETACH. This results in the process being unintentionally
stopped after detach, which is fatal for automatic tools.
The solution is to force SIGSTOP to be the first signal reported after
the attach. Attach code is modified to set P2_PTRACE_FSTP to indicate
that the attaching ritual was not yet finished, and issignal() prefers
SIGSTOP in that condition. Also, the thread which handles
P2_PTRACE_FSTP is made to guarantee to own p_xthread during the first
waitpid(2). All that ensures that SIGSTOP is consumed first.
Additionally, if P2_PTRACE_FSTP is still set on detach, which means
that waitpid(2) was not called at all, SIGSTOP is removed from the
queue, ensuring that the process is resumed on detach.
In issignal(), when acting on STOPing signals, remove the signal from
queue before suspending. Otherwise parallel attach could result in
ptracestop() acting on that STOP as if it was the STOP signal from the
attach. Then SIGSTOP from attach leaks again.
As a minor refactoring, some bits of the common attach code is moved
to new helper proc_set_traced().
Reported by: markj
Reviewed by: jhb, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D7256
2016-07-28 08:41:13 +00:00
|
|
|
void
|
2016-08-19 17:57:14 +00:00
|
|
|
proc_set_traced(struct proc *p, bool stop)
|
When a debugger attaches to the process, SIGSTOP is sent to the
target. Due to a way issignal() selects the next signal to deliver
and report, if the simultaneous or already pending another signal
exists, that signal might be reported by the next waitpid(2) call.
This causes minor annoyance for debuggers, which must be prepared to
take any signal as the first event, then filter SIGSTOP later.
More importantly, for tools like gcore(1), which attach and then
detach without processing events, SIGSTOP might leak to be delivered
after PT_DETACH. This results in the process being unintentionally
stopped after detach, which is fatal for automatic tools.
The solution is to force SIGSTOP to be the first signal reported after
the attach. Attach code is modified to set P2_PTRACE_FSTP to indicate
that the attaching ritual was not yet finished, and issignal() prefers
SIGSTOP in that condition. Also, the thread which handles
P2_PTRACE_FSTP is made to guarantee to own p_xthread during the first
waitpid(2). All that ensures that SIGSTOP is consumed first.
Additionally, if P2_PTRACE_FSTP is still set on detach, which means
that waitpid(2) was not called at all, SIGSTOP is removed from the
queue, ensuring that the process is resumed on detach.
In issignal(), when acting on STOPing signals, remove the signal from
queue before suspending. Otherwise parallel attach could result in
ptracestop() acting on that STOP as if it was the STOP signal from the
attach. Then SIGSTOP from attach leaks again.
As a minor refactoring, some bits of the common attach code is moved
to new helper proc_set_traced().
Reported by: markj
Reviewed by: jhb, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D7256
2016-07-28 08:41:13 +00:00
|
|
|
{
|
|
|
|
|
|
2018-06-21 21:07:25 +00:00
|
|
|
sx_assert(&proctree_lock, SX_XLOCKED);
|
When a debugger attaches to the process, SIGSTOP is sent to the
target. Due to a way issignal() selects the next signal to deliver
and report, if the simultaneous or already pending another signal
exists, that signal might be reported by the next waitpid(2) call.
This causes minor annoyance for debuggers, which must be prepared to
take any signal as the first event, then filter SIGSTOP later.
More importantly, for tools like gcore(1), which attach and then
detach without processing events, SIGSTOP might leak to be delivered
after PT_DETACH. This results in the process being unintentionally
stopped after detach, which is fatal for automatic tools.
The solution is to force SIGSTOP to be the first signal reported after
the attach. Attach code is modified to set P2_PTRACE_FSTP to indicate
that the attaching ritual was not yet finished, and issignal() prefers
SIGSTOP in that condition. Also, the thread which handles
P2_PTRACE_FSTP is made to guarantee to own p_xthread during the first
waitpid(2). All that ensures that SIGSTOP is consumed first.
Additionally, if P2_PTRACE_FSTP is still set on detach, which means
that waitpid(2) was not called at all, SIGSTOP is removed from the
queue, ensuring that the process is resumed on detach.
In issignal(), when acting on STOPing signals, remove the signal from
queue before suspending. Otherwise parallel attach could result in
ptracestop() acting on that STOP as if it was the STOP signal from the
attach. Then SIGSTOP from attach leaks again.
As a minor refactoring, some bits of the common attach code is moved
to new helper proc_set_traced().
Reported by: markj
Reviewed by: jhb, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D7256
2016-07-28 08:41:13 +00:00
|
|
|
PROC_LOCK_ASSERT(p, MA_OWNED);
|
|
|
|
|
p->p_flag |= P_TRACED;
|
2016-08-19 17:57:14 +00:00
|
|
|
if (stop)
|
|
|
|
|
p->p_flag2 |= P2_PTRACE_FSTP;
|
When a debugger attaches to the process, SIGSTOP is sent to the
target. Due to a way issignal() selects the next signal to deliver
and report, if the simultaneous or already pending another signal
exists, that signal might be reported by the next waitpid(2) call.
This causes minor annoyance for debuggers, which must be prepared to
take any signal as the first event, then filter SIGSTOP later.
More importantly, for tools like gcore(1), which attach and then
detach without processing events, SIGSTOP might leak to be delivered
after PT_DETACH. This results in the process being unintentionally
stopped after detach, which is fatal for automatic tools.
The solution is to force SIGSTOP to be the first signal reported after
the attach. Attach code is modified to set P2_PTRACE_FSTP to indicate
that the attaching ritual was not yet finished, and issignal() prefers
SIGSTOP in that condition. Also, the thread which handles
P2_PTRACE_FSTP is made to guarantee to own p_xthread during the first
waitpid(2). All that ensures that SIGSTOP is consumed first.
Additionally, if P2_PTRACE_FSTP is still set on detach, which means
that waitpid(2) was not called at all, SIGSTOP is removed from the
queue, ensuring that the process is resumed on detach.
In issignal(), when acting on STOPing signals, remove the signal from
queue before suspending. Otherwise parallel attach could result in
ptracestop() acting on that STOP as if it was the STOP signal from the
attach. Then SIGSTOP from attach leaks again.
As a minor refactoring, some bits of the common attach code is moved
to new helper proc_set_traced().
Reported by: markj
Reviewed by: jhb, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D7256
2016-07-28 08:41:13 +00:00
|
|
|
p->p_ptevents = PTRACE_DEFAULT;
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-18 16:25:50 +00:00
|
|
|
void
|
|
|
|
|
ptrace_unsuspend(struct proc *p)
|
|
|
|
|
{
|
|
|
|
|
PROC_LOCK_ASSERT(p, MA_OWNED);
|
|
|
|
|
|
|
|
|
|
PROC_SLOCK(p);
|
|
|
|
|
p->p_flag &= ~(P_STOPPED_TRACE | P_STOPPED_SIG | P_WAITED);
|
|
|
|
|
thread_unsuspend(p);
|
|
|
|
|
PROC_SUNLOCK(p);
|
|
|
|
|
itimer_proc_continue(p);
|
|
|
|
|
kqtimer_proc_continue(p);
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-24 11:52:11 +00:00
|
|
|
static int
|
|
|
|
|
proc_can_ptrace(struct thread *td, struct proc *p)
|
|
|
|
|
{
|
2021-04-24 11:57:40 +00:00
|
|
|
int error;
|
|
|
|
|
|
2021-04-24 11:52:11 +00:00
|
|
|
PROC_LOCK_ASSERT(p, MA_OWNED);
|
|
|
|
|
|
|
|
|
|
if ((p->p_flag & P_WEXIT) != 0)
|
|
|
|
|
return (ESRCH);
|
|
|
|
|
|
2021-04-24 11:57:40 +00:00
|
|
|
if ((error = p_cansee(td, p)) != 0)
|
|
|
|
|
return (error);
|
|
|
|
|
if ((error = p_candebug(td, p)) != 0)
|
|
|
|
|
return (error);
|
|
|
|
|
|
2021-04-24 11:52:11 +00:00
|
|
|
/* not being traced... */
|
|
|
|
|
if ((p->p_flag & P_TRACED) == 0)
|
|
|
|
|
return (EPERM);
|
|
|
|
|
|
|
|
|
|
/* not being traced by YOU */
|
|
|
|
|
if (p->p_pptr != td->td_proc)
|
|
|
|
|
return (EBUSY);
|
|
|
|
|
|
|
|
|
|
/* not currently stopped */
|
|
|
|
|
if ((p->p_flag & P_STOPPED_TRACE) == 0 ||
|
|
|
|
|
p->p_suspcount != p->p_numthreads ||
|
|
|
|
|
(p->p_flag & P_WAITED) == 0)
|
|
|
|
|
return (EBUSY);
|
|
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
2021-04-23 13:26:01 +00:00
|
|
|
|
|
|
|
|
static struct thread *
|
|
|
|
|
ptrace_sel_coredump_thread(struct proc *p)
|
|
|
|
|
{
|
|
|
|
|
struct thread *td2;
|
|
|
|
|
|
|
|
|
|
PROC_LOCK_ASSERT(p, MA_OWNED);
|
|
|
|
|
MPASS((p->p_flag & P_STOPPED_TRACE) != 0);
|
|
|
|
|
|
|
|
|
|
FOREACH_THREAD_IN_PROC(p, td2) {
|
|
|
|
|
if ((td2->td_dbgflags & TDB_SSWITCH) != 0)
|
|
|
|
|
return (td2);
|
|
|
|
|
}
|
|
|
|
|
return (NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2002-09-05 01:02:50 +00:00
|
|
|
int
|
|
|
|
|
kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
|
|
|
|
|
{
|
|
|
|
|
struct iovec iov;
|
|
|
|
|
struct uio uio;
|
2002-04-14 17:12:55 +00:00
|
|
|
struct proc *curp, *p, *pp;
|
2012-07-09 09:24:46 +00:00
|
|
|
struct thread *td2 = NULL, *td3;
|
2005-06-30 07:49:22 +00:00
|
|
|
struct ptrace_io_desc *piod = NULL;
|
2004-07-12 05:07:50 +00:00
|
|
|
struct ptrace_lwpinfo *pl;
|
2019-07-15 21:48:02 +00:00
|
|
|
struct ptrace_sc_ret *psr;
|
2022-11-30 08:45:52 +00:00
|
|
|
struct ptrace_sc_remote *pscr;
|
2021-04-23 13:26:01 +00:00
|
|
|
struct file *fp;
|
|
|
|
|
struct ptrace_coredump *pc;
|
|
|
|
|
struct thr_coredump_req *tcq;
|
2022-11-30 08:45:52 +00:00
|
|
|
struct thr_syscall_req *tsr;
|
2015-12-07 21:33:15 +00:00
|
|
|
int error, num, tmp;
|
2004-07-13 07:25:24 +00:00
|
|
|
lwpid_t tid = 0, *buf;
|
2010-03-11 14:49:06 +00:00
|
|
|
#ifdef COMPAT_FREEBSD32
|
2005-06-30 07:49:22 +00:00
|
|
|
int wrap32 = 0, safe = 0;
|
|
|
|
|
#endif
|
2021-04-24 11:57:40 +00:00
|
|
|
bool proctree_locked, p2_req_set;
|
1994-08-08 13:00:27 +00:00
|
|
|
|
2002-04-14 17:12:55 +00:00
|
|
|
curp = td->td_proc;
|
2021-04-30 21:14:26 +00:00
|
|
|
proctree_locked = false;
|
2021-04-24 11:57:40 +00:00
|
|
|
p2_req_set = false;
|
2002-04-14 17:12:55 +00:00
|
|
|
|
2002-09-05 01:02:50 +00:00
|
|
|
/* Lock proctree before locking the process. */
|
|
|
|
|
switch (req) {
|
2002-04-12 21:17:37 +00:00
|
|
|
case PT_TRACE_ME:
|
|
|
|
|
case PT_ATTACH:
|
|
|
|
|
case PT_STEP:
|
|
|
|
|
case PT_CONTINUE:
|
2003-10-09 10:17:16 +00:00
|
|
|
case PT_TO_SCE:
|
|
|
|
|
case PT_TO_SCX:
|
2005-03-18 21:22:28 +00:00
|
|
|
case PT_SYSCALL:
|
2011-01-25 10:59:21 +00:00
|
|
|
case PT_FOLLOW_FORK:
|
2015-12-29 23:25:26 +00:00
|
|
|
case PT_LWP_EVENTS:
|
2016-07-15 15:32:09 +00:00
|
|
|
case PT_GET_EVENT_MASK:
|
|
|
|
|
case PT_SET_EVENT_MASK:
|
2002-04-12 21:17:37 +00:00
|
|
|
case PT_DETACH:
|
2017-06-12 21:15:43 +00:00
|
|
|
case PT_GET_SC_ARGS:
|
2002-04-12 21:17:37 +00:00
|
|
|
sx_xlock(&proctree_lock);
|
2021-04-30 21:14:26 +00:00
|
|
|
proctree_locked = true;
|
2002-04-12 21:17:37 +00:00
|
|
|
break;
|
|
|
|
|
default:
|
2002-04-20 21:56:42 +00:00
|
|
|
break;
|
2002-04-12 21:17:37 +00:00
|
|
|
}
|
2003-03-19 00:33:38 +00:00
|
|
|
|
2002-09-05 01:02:50 +00:00
|
|
|
if (req == PT_TRACE_ME) {
|
2002-04-12 21:17:37 +00:00
|
|
|
p = td->td_proc;
|
2001-04-24 00:51:53 +00:00
|
|
|
PROC_LOCK(p);
|
|
|
|
|
} else {
|
2004-07-02 09:19:22 +00:00
|
|
|
if (pid <= PID_MAX) {
|
|
|
|
|
if ((p = pfind(pid)) == NULL) {
|
|
|
|
|
if (proctree_locked)
|
|
|
|
|
sx_xunlock(&proctree_lock);
|
|
|
|
|
return (ESRCH);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2010-10-09 02:50:23 +00:00
|
|
|
td2 = tdfind(pid, -1);
|
|
|
|
|
if (td2 == NULL) {
|
2004-07-02 09:19:22 +00:00
|
|
|
if (proctree_locked)
|
|
|
|
|
sx_xunlock(&proctree_lock);
|
|
|
|
|
return (ESRCH);
|
|
|
|
|
}
|
2010-10-09 02:50:23 +00:00
|
|
|
p = td2->td_proc;
|
2004-07-02 09:19:22 +00:00
|
|
|
tid = pid;
|
|
|
|
|
pid = p->p_pid;
|
2002-04-12 21:17:37 +00:00
|
|
|
}
|
1994-08-08 13:00:27 +00:00
|
|
|
}
|
2009-06-27 13:58:44 +00:00
|
|
|
AUDIT_ARG_PROCESS(p);
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
|
|
|
|
|
if ((p->p_flag & P_WEXIT) != 0) {
|
|
|
|
|
error = ESRCH;
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
2002-07-20 22:44:39 +00:00
|
|
|
if ((error = p_cansee(td, p)) != 0)
|
2002-04-12 21:17:37 +00:00
|
|
|
goto fail;
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
|
2002-05-19 00:14:50 +00:00
|
|
|
if ((error = p_candebug(td, p)) != 0)
|
2002-04-12 21:17:37 +00:00
|
|
|
goto fail;
|
|
|
|
|
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
/*
|
2002-02-21 04:47:38 +00:00
|
|
|
* System processes can't be debugged.
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
*/
|
|
|
|
|
if ((p->p_flag & P_SYSTEM) != 0) {
|
2002-04-12 21:17:37 +00:00
|
|
|
error = EINVAL;
|
|
|
|
|
goto fail;
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
}
|
2003-03-19 00:33:38 +00:00
|
|
|
|
2004-07-02 09:19:22 +00:00
|
|
|
if (tid == 0) {
|
2005-12-24 02:59:29 +00:00
|
|
|
if ((p->p_flag & P_STOPPED_TRACE) != 0) {
|
|
|
|
|
KASSERT(p->p_xthread != NULL, ("NULL p_xthread"));
|
|
|
|
|
td2 = p->p_xthread;
|
|
|
|
|
} else {
|
|
|
|
|
td2 = FIRST_THREAD_IN_PROC(p);
|
|
|
|
|
}
|
2004-07-02 09:19:22 +00:00
|
|
|
tid = td2->td_tid;
|
|
|
|
|
}
|
|
|
|
|
|
2010-03-11 14:49:06 +00:00
|
|
|
#ifdef COMPAT_FREEBSD32
|
2005-06-30 07:49:22 +00:00
|
|
|
/*
|
|
|
|
|
* Test if we're a 32 bit client and what the target is.
|
|
|
|
|
* Set the wrap controls accordingly.
|
|
|
|
|
*/
|
2009-03-02 18:43:50 +00:00
|
|
|
if (SV_CURPROC_FLAG(SV_ILP32)) {
|
2011-01-26 20:03:58 +00:00
|
|
|
if (SV_PROC_FLAG(td2->td_proc, SV_ILP32))
|
2005-06-30 07:49:22 +00:00
|
|
|
safe = 1;
|
|
|
|
|
wrap32 = 1;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
1996-01-24 18:29:00 +00:00
|
|
|
/*
|
|
|
|
|
* Permissions check
|
|
|
|
|
*/
|
2002-09-05 01:02:50 +00:00
|
|
|
switch (req) {
|
1996-01-24 18:29:00 +00:00
|
|
|
case PT_TRACE_ME:
|
2015-10-20 20:22:57 +00:00
|
|
|
/*
|
|
|
|
|
* Always legal, when there is a parent process which
|
|
|
|
|
* could trace us. Otherwise, reject.
|
|
|
|
|
*/
|
|
|
|
|
if ((p->p_flag & P_TRACED) != 0) {
|
|
|
|
|
error = EBUSY;
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
if (p->p_pptr == initproc) {
|
|
|
|
|
error = EPERM;
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
1996-01-24 18:29:00 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case PT_ATTACH:
|
|
|
|
|
/* Self */
|
2015-10-20 20:12:42 +00:00
|
|
|
if (p == td->td_proc) {
|
2002-04-12 21:17:37 +00:00
|
|
|
error = EINVAL;
|
|
|
|
|
goto fail;
|
2001-04-24 00:51:53 +00:00
|
|
|
}
|
1996-01-24 18:29:00 +00:00
|
|
|
|
|
|
|
|
/* Already traced */
|
2001-03-07 03:06:18 +00:00
|
|
|
if (p->p_flag & P_TRACED) {
|
2002-04-12 21:17:37 +00:00
|
|
|
error = EBUSY;
|
|
|
|
|
goto fail;
|
2001-03-07 03:06:18 +00:00
|
|
|
}
|
1996-01-24 18:29:00 +00:00
|
|
|
|
2002-04-14 17:12:55 +00:00
|
|
|
/* Can't trace an ancestor if you're being traced. */
|
|
|
|
|
if (curp->p_flag & P_TRACED) {
|
|
|
|
|
for (pp = curp->p_pptr; pp != NULL; pp = pp->p_pptr) {
|
|
|
|
|
if (pp == p) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
1996-01-24 18:29:00 +00:00
|
|
|
/* OK */
|
|
|
|
|
break;
|
1994-08-08 13:00:27 +00:00
|
|
|
|
2004-07-13 07:25:24 +00:00
|
|
|
case PT_CLEARSTEP:
|
|
|
|
|
/* Allow thread to clear single step for itself */
|
|
|
|
|
if (td->td_tid == tid)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
/* FALLTHROUGH */
|
2003-08-15 05:25:06 +00:00
|
|
|
default:
|
2021-04-24 11:57:40 +00:00
|
|
|
/*
|
|
|
|
|
* Check for ptrace eligibility before waiting for
|
|
|
|
|
* holds to drain.
|
|
|
|
|
*/
|
2021-04-24 11:52:11 +00:00
|
|
|
error = proc_can_ptrace(td, p);
|
|
|
|
|
if (error != 0)
|
2002-04-12 21:17:37 +00:00
|
|
|
goto fail;
|
1996-01-24 18:29:00 +00:00
|
|
|
|
2021-04-24 11:57:40 +00:00
|
|
|
/*
|
|
|
|
|
* Block parallel ptrace requests. Most important, do
|
|
|
|
|
* not allow other thread in debugger to continue the
|
|
|
|
|
* debuggee until coredump finished.
|
|
|
|
|
*/
|
|
|
|
|
while ((p->p_flag2 & P2_PTRACEREQ) != 0) {
|
|
|
|
|
if (proctree_locked)
|
|
|
|
|
sx_xunlock(&proctree_lock);
|
|
|
|
|
error = msleep(&p->p_flag2, &p->p_mtx, PPAUSE | PCATCH |
|
|
|
|
|
(proctree_locked ? PDROP : 0), "pptrace", 0);
|
|
|
|
|
if (proctree_locked) {
|
|
|
|
|
sx_xlock(&proctree_lock);
|
|
|
|
|
PROC_LOCK(p);
|
|
|
|
|
}
|
|
|
|
|
if (error == 0 && td2->td_proc != p)
|
|
|
|
|
error = ESRCH;
|
|
|
|
|
if (error == 0)
|
|
|
|
|
error = proc_can_ptrace(td, p);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-24 11:52:11 +00:00
|
|
|
/* Ok */
|
1996-01-24 18:29:00 +00:00
|
|
|
break;
|
1994-08-08 13:00:27 +00:00
|
|
|
}
|
1996-01-24 18:29:00 +00:00
|
|
|
|
2021-04-24 11:57:40 +00:00
|
|
|
/*
|
|
|
|
|
* Keep this process around and request parallel ptrace()
|
|
|
|
|
* request to wait until we finish this request.
|
|
|
|
|
*/
|
|
|
|
|
MPASS((p->p_flag2 & P2_PTRACEREQ) == 0);
|
|
|
|
|
p->p_flag2 |= P2_PTRACEREQ;
|
|
|
|
|
p2_req_set = true;
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
_PHOLD(p);
|
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
1996-01-24 18:29:00 +00:00
|
|
|
* Actually do the requests
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
1994-08-08 13:00:27 +00:00
|
|
|
|
2001-09-12 08:38:13 +00:00
|
|
|
td->td_retval[0] = 0;
|
1994-08-08 13:00:27 +00:00
|
|
|
|
2002-09-05 01:02:50 +00:00
|
|
|
switch (req) {
|
1996-01-24 18:29:00 +00:00
|
|
|
case PT_TRACE_ME:
|
|
|
|
|
/* set my trace flag and "owner" so it can read/write me */
|
2016-08-19 17:57:14 +00:00
|
|
|
proc_set_traced(p, false);
|
2013-02-07 15:34:22 +00:00
|
|
|
if (p->p_flag & P_PPWAIT)
|
|
|
|
|
p->p_flag |= P_PPTRACE;
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR1(KTR_PTRACE, "PT_TRACE_ME: pid %d", p->p_pid);
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
break;
|
1994-08-08 13:00:27 +00:00
|
|
|
|
1996-01-24 18:29:00 +00:00
|
|
|
case PT_ATTACH:
|
|
|
|
|
/* security check done above */
|
2011-06-17 21:44:13 +00:00
|
|
|
/*
|
|
|
|
|
* It would be nice if the tracing relationship was separate
|
|
|
|
|
* from the parent relationship but that would require
|
|
|
|
|
* another set of links in the proc struct or for "wait"
|
|
|
|
|
* to scan the entire proc table. To make life easier,
|
|
|
|
|
* we just re-parent the process we're trying to trace.
|
|
|
|
|
* The old parent is remembered so we can put things back
|
|
|
|
|
* on a "detach".
|
|
|
|
|
*/
|
2016-08-19 17:57:14 +00:00
|
|
|
proc_set_traced(p, true);
|
2019-08-05 20:26:01 +00:00
|
|
|
proc_reparent(p, td->td_proc, false);
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR2(KTR_PTRACE, "PT_ATTACH: pid %d, oppid %d", p->p_pid,
|
|
|
|
|
p->p_oppid);
|
2017-11-13 21:09:08 +00:00
|
|
|
|
|
|
|
|
sx_xunlock(&proctree_lock);
|
2021-04-30 21:14:26 +00:00
|
|
|
proctree_locked = false;
|
2017-11-13 21:09:08 +00:00
|
|
|
MPASS(p->p_xthread == NULL);
|
|
|
|
|
MPASS((p->p_flag & P_STOPPED_TRACE) == 0);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If already stopped due to a stop signal, clear the
|
|
|
|
|
* existing stop before triggering a traced SIGSTOP.
|
|
|
|
|
*/
|
|
|
|
|
if ((p->p_flag & P_STOPPED_SIG) != 0) {
|
|
|
|
|
PROC_SLOCK(p);
|
|
|
|
|
p->p_flag &= ~(P_STOPPED_SIG | P_WAITED);
|
|
|
|
|
thread_unsuspend(p);
|
|
|
|
|
PROC_SUNLOCK(p);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
kern_psignal(p, SIGSTOP);
|
|
|
|
|
break;
|
1996-01-24 18:29:00 +00:00
|
|
|
|
2004-07-13 07:25:24 +00:00
|
|
|
case PT_CLEARSTEP:
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR2(KTR_PTRACE, "PT_CLEARSTEP: tid %d (pid %d)", td2->td_tid,
|
|
|
|
|
p->p_pid);
|
2004-07-13 07:25:24 +00:00
|
|
|
error = ptrace_clear_single_step(td2);
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
break;
|
2004-07-13 07:25:24 +00:00
|
|
|
|
|
|
|
|
case PT_SETSTEP:
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR2(KTR_PTRACE, "PT_SETSTEP: tid %d (pid %d)", td2->td_tid,
|
|
|
|
|
p->p_pid);
|
2004-07-13 07:25:24 +00:00
|
|
|
error = ptrace_single_step(td2);
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
break;
|
2004-07-13 07:25:24 +00:00
|
|
|
|
|
|
|
|
case PT_SUSPEND:
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR2(KTR_PTRACE, "PT_SUSPEND: tid %d (pid %d)", td2->td_tid,
|
|
|
|
|
p->p_pid);
|
2008-10-15 06:31:37 +00:00
|
|
|
td2->td_dbgflags |= TDB_SUSPEND;
|
2022-07-18 16:39:17 +00:00
|
|
|
ast_sched(td2, TDA_SUSPEND);
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
break;
|
2004-07-13 07:25:24 +00:00
|
|
|
|
|
|
|
|
case PT_RESUME:
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR2(KTR_PTRACE, "PT_RESUME: tid %d (pid %d)", td2->td_tid,
|
|
|
|
|
p->p_pid);
|
2008-10-15 06:31:37 +00:00
|
|
|
td2->td_dbgflags &= ~TDB_SUSPEND;
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
break;
|
2004-07-13 07:25:24 +00:00
|
|
|
|
2011-01-25 10:59:21 +00:00
|
|
|
case PT_FOLLOW_FORK:
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR3(KTR_PTRACE, "PT_FOLLOW_FORK: pid %d %s -> %s", p->p_pid,
|
2016-07-15 15:32:09 +00:00
|
|
|
p->p_ptevents & PTRACE_FORK ? "enabled" : "disabled",
|
2015-05-25 22:13:22 +00:00
|
|
|
data ? "enabled" : "disabled");
|
2011-01-25 10:59:21 +00:00
|
|
|
if (data)
|
2016-07-15 15:32:09 +00:00
|
|
|
p->p_ptevents |= PTRACE_FORK;
|
2011-01-25 10:59:21 +00:00
|
|
|
else
|
2016-07-15 15:32:09 +00:00
|
|
|
p->p_ptevents &= ~PTRACE_FORK;
|
2011-01-25 10:59:21 +00:00
|
|
|
break;
|
|
|
|
|
|
2015-12-29 23:25:26 +00:00
|
|
|
case PT_LWP_EVENTS:
|
|
|
|
|
CTR3(KTR_PTRACE, "PT_LWP_EVENTS: pid %d %s -> %s", p->p_pid,
|
2016-07-15 15:32:09 +00:00
|
|
|
p->p_ptevents & PTRACE_LWP ? "enabled" : "disabled",
|
2015-12-29 23:25:26 +00:00
|
|
|
data ? "enabled" : "disabled");
|
|
|
|
|
if (data)
|
2016-07-15 15:32:09 +00:00
|
|
|
p->p_ptevents |= PTRACE_LWP;
|
2015-12-29 23:25:26 +00:00
|
|
|
else
|
2016-07-15 15:32:09 +00:00
|
|
|
p->p_ptevents &= ~PTRACE_LWP;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case PT_GET_EVENT_MASK:
|
|
|
|
|
if (data != sizeof(p->p_ptevents)) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
CTR2(KTR_PTRACE, "PT_GET_EVENT_MASK: pid %d mask %#x", p->p_pid,
|
|
|
|
|
p->p_ptevents);
|
|
|
|
|
*(int *)addr = p->p_ptevents;
|
2015-12-29 23:25:26 +00:00
|
|
|
break;
|
|
|
|
|
|
2016-07-15 15:32:09 +00:00
|
|
|
case PT_SET_EVENT_MASK:
|
|
|
|
|
if (data != sizeof(p->p_ptevents)) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
tmp = *(int *)addr;
|
|
|
|
|
if ((tmp & ~(PTRACE_EXEC | PTRACE_SCE | PTRACE_SCX |
|
2016-07-18 14:53:55 +00:00
|
|
|
PTRACE_FORK | PTRACE_LWP | PTRACE_VFORK)) != 0) {
|
2016-07-15 15:32:09 +00:00
|
|
|
error = EINVAL;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
CTR3(KTR_PTRACE, "PT_SET_EVENT_MASK: pid %d mask %#x -> %#x",
|
|
|
|
|
p->p_pid, p->p_ptevents, tmp);
|
|
|
|
|
p->p_ptevents = tmp;
|
|
|
|
|
break;
|
2017-06-12 21:15:43 +00:00
|
|
|
|
|
|
|
|
case PT_GET_SC_ARGS:
|
|
|
|
|
CTR1(KTR_PTRACE, "PT_GET_SC_ARGS: pid %d", p->p_pid);
|
|
|
|
|
if ((td2->td_dbgflags & (TDB_SCE | TDB_SCX)) == 0
|
|
|
|
|
#ifdef COMPAT_FREEBSD32
|
|
|
|
|
|| (wrap32 && !safe)
|
|
|
|
|
#endif
|
|
|
|
|
) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
bzero(addr, sizeof(td2->td_sa.args));
|
2021-09-15 13:24:09 +00:00
|
|
|
/* See the explanation in linux_ptrace_get_syscall_info(). */
|
|
|
|
|
bcopy(td2->td_sa.args, addr, SV_PROC_ABI(td->td_proc) ==
|
|
|
|
|
SV_ABI_LINUX ? sizeof(td2->td_sa.args) :
|
2022-03-28 18:43:03 +00:00
|
|
|
td2->td_sa.callp->sy_narg * sizeof(syscallarg_t));
|
2021-09-12 11:31:10 +00:00
|
|
|
break;
|
|
|
|
|
|
2019-07-15 21:48:02 +00:00
|
|
|
case PT_GET_SC_RET:
|
|
|
|
|
if ((td2->td_dbgflags & (TDB_SCX)) == 0
|
|
|
|
|
#ifdef COMPAT_FREEBSD32
|
|
|
|
|
|| (wrap32 && !safe)
|
|
|
|
|
#endif
|
|
|
|
|
) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
psr = addr;
|
|
|
|
|
bzero(psr, sizeof(*psr));
|
|
|
|
|
psr->sr_error = td2->td_errno;
|
|
|
|
|
if (psr->sr_error == 0) {
|
|
|
|
|
psr->sr_retval[0] = td2->td_retval[0];
|
|
|
|
|
psr->sr_retval[1] = td2->td_retval[1];
|
|
|
|
|
}
|
|
|
|
|
CTR4(KTR_PTRACE,
|
|
|
|
|
"PT_GET_SC_RET: pid %d error %d retval %#lx,%#lx",
|
|
|
|
|
p->p_pid, psr->sr_error, psr->sr_retval[0],
|
|
|
|
|
psr->sr_retval[1]);
|
|
|
|
|
break;
|
2019-08-05 20:26:01 +00:00
|
|
|
|
1996-01-24 18:29:00 +00:00
|
|
|
case PT_STEP:
|
|
|
|
|
case PT_CONTINUE:
|
2003-10-09 10:17:16 +00:00
|
|
|
case PT_TO_SCE:
|
|
|
|
|
case PT_TO_SCX:
|
2005-03-18 21:22:28 +00:00
|
|
|
case PT_SYSCALL:
|
1994-08-08 13:00:27 +00:00
|
|
|
case PT_DETACH:
|
2003-08-10 23:04:55 +00:00
|
|
|
/* Zero means do not send any signal */
|
|
|
|
|
if (data < 0 || data > _SIG_MAXSIG) {
|
2002-04-12 21:17:37 +00:00
|
|
|
error = EINVAL;
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
break;
|
2002-04-12 21:17:37 +00:00
|
|
|
}
|
1996-01-24 18:29:00 +00:00
|
|
|
|
2003-10-09 10:17:16 +00:00
|
|
|
switch (req) {
|
|
|
|
|
case PT_STEP:
|
2017-09-25 20:38:55 +00:00
|
|
|
CTR3(KTR_PTRACE, "PT_STEP: tid %d (pid %d), sig = %d",
|
|
|
|
|
td2->td_tid, p->p_pid, data);
|
2002-02-08 08:56:01 +00:00
|
|
|
error = ptrace_single_step(td2);
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
if (error)
|
|
|
|
|
goto out;
|
2003-10-09 10:17:16 +00:00
|
|
|
break;
|
2010-05-25 21:32:37 +00:00
|
|
|
case PT_CONTINUE:
|
2003-10-09 10:17:16 +00:00
|
|
|
case PT_TO_SCE:
|
|
|
|
|
case PT_TO_SCX:
|
|
|
|
|
case PT_SYSCALL:
|
2010-05-25 21:32:37 +00:00
|
|
|
if (addr != (void *)1) {
|
|
|
|
|
error = ptrace_set_pc(td2,
|
|
|
|
|
(u_long)(uintfptr_t)addr);
|
|
|
|
|
if (error)
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
switch (req) {
|
|
|
|
|
case PT_TO_SCE:
|
2016-07-15 15:32:09 +00:00
|
|
|
p->p_ptevents |= PTRACE_SCE;
|
2015-10-05 21:36:53 +00:00
|
|
|
CTR4(KTR_PTRACE,
|
2016-07-15 15:32:09 +00:00
|
|
|
"PT_TO_SCE: pid %d, events = %#x, PC = %#lx, sig = %d",
|
|
|
|
|
p->p_pid, p->p_ptevents,
|
2015-10-05 21:36:53 +00:00
|
|
|
(u_long)(uintfptr_t)addr, data);
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
break;
|
2010-05-25 21:32:37 +00:00
|
|
|
case PT_TO_SCX:
|
2016-07-15 15:32:09 +00:00
|
|
|
p->p_ptevents |= PTRACE_SCX;
|
2015-10-05 21:36:53 +00:00
|
|
|
CTR4(KTR_PTRACE,
|
2016-07-15 15:32:09 +00:00
|
|
|
"PT_TO_SCX: pid %d, events = %#x, PC = %#lx, sig = %d",
|
|
|
|
|
p->p_pid, p->p_ptevents,
|
2015-10-05 21:36:53 +00:00
|
|
|
(u_long)(uintfptr_t)addr, data);
|
2010-05-25 21:32:37 +00:00
|
|
|
break;
|
|
|
|
|
case PT_SYSCALL:
|
2016-07-15 15:32:09 +00:00
|
|
|
p->p_ptevents |= PTRACE_SYSCALL;
|
2015-10-05 21:36:53 +00:00
|
|
|
CTR4(KTR_PTRACE,
|
2016-07-15 15:32:09 +00:00
|
|
|
"PT_SYSCALL: pid %d, events = %#x, PC = %#lx, sig = %d",
|
|
|
|
|
p->p_pid, p->p_ptevents,
|
2015-10-05 21:36:53 +00:00
|
|
|
(u_long)(uintfptr_t)addr, data);
|
2015-05-25 22:13:22 +00:00
|
|
|
break;
|
|
|
|
|
case PT_CONTINUE:
|
2015-10-05 21:36:53 +00:00
|
|
|
CTR3(KTR_PTRACE,
|
|
|
|
|
"PT_CONTINUE: pid %d, PC = %#lx, sig = %d",
|
|
|
|
|
p->p_pid, (u_long)(uintfptr_t)addr, data);
|
2010-05-25 21:32:37 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case PT_DETACH:
|
2015-08-01 16:27:52 +00:00
|
|
|
/*
|
2021-04-11 09:06:21 +00:00
|
|
|
* Clear P_TRACED before reparenting
|
2015-08-01 16:27:52 +00:00
|
|
|
* a detached process back to its original
|
|
|
|
|
* parent. Otherwise the debugee will be set
|
|
|
|
|
* as an orphan of the debugger.
|
|
|
|
|
*/
|
2016-07-15 15:32:09 +00:00
|
|
|
p->p_flag &= ~(P_TRACED | P_WAITED);
|
2021-04-11 09:06:21 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Reset the process parent.
|
|
|
|
|
*/
|
1996-01-24 18:29:00 +00:00
|
|
|
if (p->p_oppid != p->p_pptr->p_pid) {
|
2005-11-08 23:28:12 +00:00
|
|
|
PROC_LOCK(p->p_pptr);
|
|
|
|
|
sigqueue_take(p->p_ksi);
|
|
|
|
|
PROC_UNLOCK(p->p_pptr);
|
|
|
|
|
|
2014-08-07 05:47:53 +00:00
|
|
|
pp = proc_realparent(p);
|
2018-11-16 17:07:54 +00:00
|
|
|
proc_reparent(p, pp, false);
|
2004-02-19 10:39:42 +00:00
|
|
|
if (pp == initproc)
|
|
|
|
|
p->p_sigparent = SIGCHLD;
|
2015-10-05 21:36:53 +00:00
|
|
|
CTR3(KTR_PTRACE,
|
|
|
|
|
"PT_DETACH: pid %d reparented to pid %d, sig %d",
|
|
|
|
|
p->p_pid, pp->p_pid, data);
|
2021-04-11 09:06:21 +00:00
|
|
|
} else {
|
2015-10-05 21:36:53 +00:00
|
|
|
CTR2(KTR_PTRACE, "PT_DETACH: pid %d, sig %d",
|
|
|
|
|
p->p_pid, data);
|
2021-04-11 09:06:21 +00:00
|
|
|
}
|
|
|
|
|
|
2016-07-15 15:32:09 +00:00
|
|
|
p->p_ptevents = 0;
|
When a debugger attaches to the process, SIGSTOP is sent to the
target. Due to a way issignal() selects the next signal to deliver
and report, if the simultaneous or already pending another signal
exists, that signal might be reported by the next waitpid(2) call.
This causes minor annoyance for debuggers, which must be prepared to
take any signal as the first event, then filter SIGSTOP later.
More importantly, for tools like gcore(1), which attach and then
detach without processing events, SIGSTOP might leak to be delivered
after PT_DETACH. This results in the process being unintentionally
stopped after detach, which is fatal for automatic tools.
The solution is to force SIGSTOP to be the first signal reported after
the attach. Attach code is modified to set P2_PTRACE_FSTP to indicate
that the attaching ritual was not yet finished, and issignal() prefers
SIGSTOP in that condition. Also, the thread which handles
P2_PTRACE_FSTP is made to guarantee to own p_xthread during the first
waitpid(2). All that ensures that SIGSTOP is consumed first.
Additionally, if P2_PTRACE_FSTP is still set on detach, which means
that waitpid(2) was not called at all, SIGSTOP is removed from the
queue, ensuring that the process is resumed on detach.
In issignal(), when acting on STOPing signals, remove the signal from
queue before suspending. Otherwise parallel attach could result in
ptracestop() acting on that STOP as if it was the STOP signal from the
attach. Then SIGSTOP from attach leaks again.
As a minor refactoring, some bits of the common attach code is moved
to new helper proc_set_traced().
Reported by: markj
Reviewed by: jhb, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D7256
2016-07-28 08:41:13 +00:00
|
|
|
FOREACH_THREAD_IN_PROC(p, td3) {
|
|
|
|
|
if ((td3->td_dbgflags & TDB_FSTP) != 0) {
|
|
|
|
|
sigqueue_delete(&td3->td_sigqueue,
|
|
|
|
|
SIGSTOP);
|
|
|
|
|
}
|
2017-11-13 21:22:33 +00:00
|
|
|
td3->td_dbgflags &= ~(TDB_XSIG | TDB_FSTP |
|
2023-06-07 19:26:57 +00:00
|
|
|
TDB_SUSPEND | TDB_BORN);
|
When a debugger attaches to the process, SIGSTOP is sent to the
target. Due to a way issignal() selects the next signal to deliver
and report, if the simultaneous or already pending another signal
exists, that signal might be reported by the next waitpid(2) call.
This causes minor annoyance for debuggers, which must be prepared to
take any signal as the first event, then filter SIGSTOP later.
More importantly, for tools like gcore(1), which attach and then
detach without processing events, SIGSTOP might leak to be delivered
after PT_DETACH. This results in the process being unintentionally
stopped after detach, which is fatal for automatic tools.
The solution is to force SIGSTOP to be the first signal reported after
the attach. Attach code is modified to set P2_PTRACE_FSTP to indicate
that the attaching ritual was not yet finished, and issignal() prefers
SIGSTOP in that condition. Also, the thread which handles
P2_PTRACE_FSTP is made to guarantee to own p_xthread during the first
waitpid(2). All that ensures that SIGSTOP is consumed first.
Additionally, if P2_PTRACE_FSTP is still set on detach, which means
that waitpid(2) was not called at all, SIGSTOP is removed from the
queue, ensuring that the process is resumed on detach.
In issignal(), when acting on STOPing signals, remove the signal from
queue before suspending. Otherwise parallel attach could result in
ptracestop() acting on that STOP as if it was the STOP signal from the
attach. Then SIGSTOP from attach leaks again.
As a minor refactoring, some bits of the common attach code is moved
to new helper proc_set_traced().
Reported by: markj
Reviewed by: jhb, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D7256
2016-07-28 08:41:13 +00:00
|
|
|
}
|
2017-11-13 21:22:33 +00:00
|
|
|
|
When a debugger attaches to the process, SIGSTOP is sent to the
target. Due to a way issignal() selects the next signal to deliver
and report, if the simultaneous or already pending another signal
exists, that signal might be reported by the next waitpid(2) call.
This causes minor annoyance for debuggers, which must be prepared to
take any signal as the first event, then filter SIGSTOP later.
More importantly, for tools like gcore(1), which attach and then
detach without processing events, SIGSTOP might leak to be delivered
after PT_DETACH. This results in the process being unintentionally
stopped after detach, which is fatal for automatic tools.
The solution is to force SIGSTOP to be the first signal reported after
the attach. Attach code is modified to set P2_PTRACE_FSTP to indicate
that the attaching ritual was not yet finished, and issignal() prefers
SIGSTOP in that condition. Also, the thread which handles
P2_PTRACE_FSTP is made to guarantee to own p_xthread during the first
waitpid(2). All that ensures that SIGSTOP is consumed first.
Additionally, if P2_PTRACE_FSTP is still set on detach, which means
that waitpid(2) was not called at all, SIGSTOP is removed from the
queue, ensuring that the process is resumed on detach.
In issignal(), when acting on STOPing signals, remove the signal from
queue before suspending. Otherwise parallel attach could result in
ptracestop() acting on that STOP as if it was the STOP signal from the
attach. Then SIGSTOP from attach leaks again.
As a minor refactoring, some bits of the common attach code is moved
to new helper proc_set_traced().
Reported by: markj
Reviewed by: jhb, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D7256
2016-07-28 08:41:13 +00:00
|
|
|
if ((p->p_flag2 & P2_PTRACE_FSTP) != 0) {
|
|
|
|
|
sigqueue_delete(&p->p_sigqueue, SIGSTOP);
|
|
|
|
|
p->p_flag2 &= ~P2_PTRACE_FSTP;
|
|
|
|
|
}
|
2001-03-07 03:06:18 +00:00
|
|
|
|
1996-01-24 18:29:00 +00:00
|
|
|
/* should we send SIGCHLD? */
|
2005-11-08 23:28:12 +00:00
|
|
|
/* childproc_continued(p); */
|
2010-05-25 21:32:37 +00:00
|
|
|
break;
|
1996-01-24 18:29:00 +00:00
|
|
|
}
|
|
|
|
|
|
2017-11-13 21:09:08 +00:00
|
|
|
sx_xunlock(&proctree_lock);
|
2021-04-30 21:14:26 +00:00
|
|
|
proctree_locked = false;
|
2017-11-13 21:09:08 +00:00
|
|
|
|
1996-01-24 18:29:00 +00:00
|
|
|
sendsig:
|
2021-04-30 21:14:26 +00:00
|
|
|
MPASS(!proctree_locked);
|
2019-08-05 20:26:01 +00:00
|
|
|
|
|
|
|
|
/*
|
2017-10-27 03:16:19 +00:00
|
|
|
* Clear the pending event for the thread that just
|
|
|
|
|
* reported its event (p_xthread). This may not be
|
|
|
|
|
* the thread passed to PT_CONTINUE, PT_STEP, etc. if
|
|
|
|
|
* the debugger is resuming a different thread.
|
2017-11-13 19:58:58 +00:00
|
|
|
*
|
|
|
|
|
* Deliver any pending signal via the reporting thread.
|
2017-10-27 03:16:19 +00:00
|
|
|
*/
|
2017-11-13 21:09:08 +00:00
|
|
|
MPASS(p->p_xthread != NULL);
|
|
|
|
|
p->p_xthread->td_dbgflags &= ~TDB_XSIG;
|
|
|
|
|
p->p_xthread->td_xsig = data;
|
|
|
|
|
p->p_xthread = NULL;
|
|
|
|
|
p->p_xsig = data;
|
2007-10-09 00:03:39 +00:00
|
|
|
|
2017-11-13 21:09:08 +00:00
|
|
|
/*
|
|
|
|
|
* P_WKILLED is insurance that a PT_KILL/SIGKILL
|
|
|
|
|
* always works immediately, even if another thread is
|
|
|
|
|
* unsuspended first and attempts to handle a
|
|
|
|
|
* different signal or if the POSIX.1b style signal
|
|
|
|
|
* queue cannot accommodate any new signals.
|
|
|
|
|
*/
|
|
|
|
|
if (data == SIGKILL)
|
2018-08-04 20:45:43 +00:00
|
|
|
proc_wkilled(p);
|
2017-11-13 19:58:58 +00:00
|
|
|
|
|
|
|
|
/*
|
2017-11-13 21:09:08 +00:00
|
|
|
* Unsuspend all threads. To leave a thread
|
|
|
|
|
* suspended, use PT_SUSPEND to suspend it before
|
|
|
|
|
* continuing the process.
|
2017-11-13 19:58:58 +00:00
|
|
|
*/
|
2021-05-18 16:25:50 +00:00
|
|
|
ptrace_unsuspend(p);
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
break;
|
1994-08-08 13:00:27 +00:00
|
|
|
|
|
|
|
|
case PT_WRITE_I:
|
|
|
|
|
case PT_WRITE_D:
|
2010-01-23 11:45:35 +00:00
|
|
|
td2->td_dbgflags |= TDB_USERWR;
|
2015-12-07 21:33:15 +00:00
|
|
|
PROC_UNLOCK(p);
|
|
|
|
|
error = 0;
|
|
|
|
|
if (proc_writemem(td, p, (off_t)(uintptr_t)addr, &data,
|
|
|
|
|
sizeof(int)) != sizeof(int))
|
|
|
|
|
error = ENOMEM;
|
|
|
|
|
else
|
|
|
|
|
CTR3(KTR_PTRACE, "PT_WRITE: pid %d: %p <= %#x",
|
|
|
|
|
p->p_pid, addr, data);
|
|
|
|
|
PROC_LOCK(p);
|
|
|
|
|
break;
|
|
|
|
|
|
1996-01-24 18:29:00 +00:00
|
|
|
case PT_READ_I:
|
|
|
|
|
case PT_READ_D:
|
2002-04-12 21:17:37 +00:00
|
|
|
PROC_UNLOCK(p);
|
2015-12-07 21:33:15 +00:00
|
|
|
error = tmp = 0;
|
|
|
|
|
if (proc_readmem(td, p, (off_t)(uintptr_t)addr, &tmp,
|
|
|
|
|
sizeof(int)) != sizeof(int))
|
|
|
|
|
error = ENOMEM;
|
|
|
|
|
else
|
|
|
|
|
CTR3(KTR_PTRACE, "PT_READ: pid %d: %p >= %#x",
|
|
|
|
|
p->p_pid, addr, tmp);
|
|
|
|
|
td->td_retval[0] = tmp;
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
PROC_LOCK(p);
|
|
|
|
|
break;
|
1994-08-08 13:00:27 +00:00
|
|
|
|
2002-03-16 02:40:02 +00:00
|
|
|
case PT_IO:
|
2020-06-09 16:43:23 +00:00
|
|
|
piod = addr;
|
|
|
|
|
iov.iov_base = piod->piod_addr;
|
|
|
|
|
iov.iov_len = piod->piod_len;
|
|
|
|
|
uio.uio_offset = (off_t)(uintptr_t)piod->piod_offs;
|
|
|
|
|
uio.uio_resid = piod->piod_len;
|
2002-03-16 02:40:02 +00:00
|
|
|
uio.uio_iov = &iov;
|
|
|
|
|
uio.uio_iovcnt = 1;
|
|
|
|
|
uio.uio_segflg = UIO_USERSPACE;
|
|
|
|
|
uio.uio_td = td;
|
2020-06-09 16:43:23 +00:00
|
|
|
switch (piod->piod_op) {
|
2002-03-16 02:40:02 +00:00
|
|
|
case PIOD_READ_D:
|
|
|
|
|
case PIOD_READ_I:
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR3(KTR_PTRACE, "PT_IO: pid %d: READ (%p, %#x)",
|
|
|
|
|
p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid);
|
2002-03-16 02:40:02 +00:00
|
|
|
uio.uio_rw = UIO_READ;
|
|
|
|
|
break;
|
|
|
|
|
case PIOD_WRITE_D:
|
|
|
|
|
case PIOD_WRITE_I:
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR3(KTR_PTRACE, "PT_IO: pid %d: WRITE (%p, %#x)",
|
|
|
|
|
p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid);
|
2010-01-23 11:45:35 +00:00
|
|
|
td2->td_dbgflags |= TDB_USERWR;
|
2002-03-16 02:40:02 +00:00
|
|
|
uio.uio_rw = UIO_WRITE;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
error = EINVAL;
|
|
|
|
|
goto out;
|
2002-03-16 02:40:02 +00:00
|
|
|
}
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
PROC_UNLOCK(p);
|
2002-03-16 02:40:02 +00:00
|
|
|
error = proc_rwmem(p, &uio);
|
2020-06-09 16:43:23 +00:00
|
|
|
piod->piod_len -= uio.uio_resid;
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
PROC_LOCK(p);
|
|
|
|
|
break;
|
2002-03-16 02:40:02 +00:00
|
|
|
|
1994-08-08 13:00:27 +00:00
|
|
|
case PT_KILL:
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR1(KTR_PTRACE, "PT_KILL: pid %d", p->p_pid);
|
2002-09-05 01:02:50 +00:00
|
|
|
data = SIGKILL;
|
1996-01-24 18:29:00 +00:00
|
|
|
goto sendsig; /* in PT_CONTINUE above */
|
|
|
|
|
|
|
|
|
|
case PT_SETREGS:
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR2(KTR_PTRACE, "PT_SETREGS: tid %d (pid %d)", td2->td_tid,
|
|
|
|
|
p->p_pid);
|
2010-01-23 11:45:35 +00:00
|
|
|
td2->td_dbgflags |= TDB_USERWR;
|
2005-06-30 07:49:22 +00:00
|
|
|
error = PROC_WRITE(regs, td2, addr);
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
break;
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
|
1994-08-08 13:00:27 +00:00
|
|
|
case PT_GETREGS:
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR2(KTR_PTRACE, "PT_GETREGS: tid %d (pid %d)", td2->td_tid,
|
|
|
|
|
p->p_pid);
|
2005-06-30 07:49:22 +00:00
|
|
|
error = PROC_READ(regs, td2, addr);
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
break;
|
1996-01-24 18:29:00 +00:00
|
|
|
|
|
|
|
|
case PT_SETFPREGS:
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR2(KTR_PTRACE, "PT_SETFPREGS: tid %d (pid %d)", td2->td_tid,
|
|
|
|
|
p->p_pid);
|
2010-01-23 11:45:35 +00:00
|
|
|
td2->td_dbgflags |= TDB_USERWR;
|
2005-06-30 07:49:22 +00:00
|
|
|
error = PROC_WRITE(fpregs, td2, addr);
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
break;
|
Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested. Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.
This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().
It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
|
|
|
|
1996-01-24 18:29:00 +00:00
|
|
|
case PT_GETFPREGS:
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR2(KTR_PTRACE, "PT_GETFPREGS: tid %d (pid %d)", td2->td_tid,
|
|
|
|
|
p->p_pid);
|
2005-06-30 07:49:22 +00:00
|
|
|
error = PROC_READ(fpregs, td2, addr);
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
break;
|
1996-01-24 18:29:00 +00:00
|
|
|
|
1999-07-09 04:16:00 +00:00
|
|
|
case PT_SETDBREGS:
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR2(KTR_PTRACE, "PT_SETDBREGS: tid %d (pid %d)", td2->td_tid,
|
|
|
|
|
p->p_pid);
|
2010-01-23 11:45:35 +00:00
|
|
|
td2->td_dbgflags |= TDB_USERWR;
|
2005-06-30 07:49:22 +00:00
|
|
|
error = PROC_WRITE(dbregs, td2, addr);
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
break;
|
2002-03-15 20:17:12 +00:00
|
|
|
|
1999-07-09 04:16:00 +00:00
|
|
|
case PT_GETDBREGS:
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR2(KTR_PTRACE, "PT_GETDBREGS: tid %d (pid %d)", td2->td_tid,
|
|
|
|
|
p->p_pid);
|
2005-06-30 07:49:22 +00:00
|
|
|
error = PROC_READ(dbregs, td2, addr);
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
break;
|
1999-07-09 04:16:00 +00:00
|
|
|
|
2022-01-24 11:24:17 +00:00
|
|
|
case PT_SETREGSET:
|
|
|
|
|
CTR2(KTR_PTRACE, "PT_SETREGSET: tid %d (pid %d)", td2->td_tid,
|
|
|
|
|
p->p_pid);
|
|
|
|
|
error = proc_write_regset(td2, data, addr);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case PT_GETREGSET:
|
|
|
|
|
CTR2(KTR_PTRACE, "PT_GETREGSET: tid %d (pid %d)", td2->td_tid,
|
|
|
|
|
p->p_pid);
|
|
|
|
|
error = proc_read_regset(td2, data, addr);
|
|
|
|
|
break;
|
|
|
|
|
|
2004-07-12 05:07:50 +00:00
|
|
|
case PT_LWPINFO:
|
2020-06-09 16:43:23 +00:00
|
|
|
if (data <= 0 || data > sizeof(*pl)) {
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
error = EINVAL;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2004-07-12 05:07:50 +00:00
|
|
|
pl = addr;
|
2017-11-08 23:32:56 +00:00
|
|
|
bzero(pl, sizeof(*pl));
|
2005-12-24 02:59:29 +00:00
|
|
|
pl->pl_lwpid = td2->td_tid;
|
2012-08-08 00:20:30 +00:00
|
|
|
pl->pl_event = PL_EVENT_NONE;
|
2006-10-26 21:42:22 +00:00
|
|
|
pl->pl_flags = 0;
|
2010-07-04 11:48:30 +00:00
|
|
|
if (td2->td_dbgflags & TDB_XSIG) {
|
|
|
|
|
pl->pl_event = PL_EVENT_SIGNAL;
|
2017-03-30 18:21:36 +00:00
|
|
|
if (td2->td_si.si_signo != 0 &&
|
2010-07-04 11:48:30 +00:00
|
|
|
data >= offsetof(struct ptrace_lwpinfo, pl_siginfo)
|
2020-06-09 16:43:23 +00:00
|
|
|
+ sizeof(pl->pl_siginfo)){
|
2010-07-04 11:48:30 +00:00
|
|
|
pl->pl_flags |= PL_FLAG_SI;
|
2017-03-30 18:21:36 +00:00
|
|
|
pl->pl_siginfo = td2->td_si;
|
2010-07-04 11:48:30 +00:00
|
|
|
}
|
|
|
|
|
}
|
Reorganize syscall entry and leave handling.
Extend struct sysvec with three new elements:
sv_fetch_syscall_args - the method to fetch syscall arguments from
usermode into struct syscall_args. The structure is machine-depended
(this might be reconsidered after all architectures are converted).
sv_set_syscall_retval - the method to set a return value for usermode
from the syscall. It is a generalization of
cpu_set_syscall_retval(9) to allow ABIs to override the way to set a
return value.
sv_syscallnames - the table of syscall names.
Use sv_set_syscall_retval in kern_sigsuspend() instead of hardcoding
the call to cpu_set_syscall_retval().
The new functions syscallenter(9) and syscallret(9) are provided that
use sv_*syscall* pointers and contain the common repeated code from
the syscall() implementations for the architecture-specific syscall
trap handlers.
Syscallenter() fetches arguments, calls syscall implementation from
ABI sysent table, and set up return frame. The end of syscall
bookkeeping is done by syscallret().
Take advantage of single place for MI syscall handling code and
implement ptrace_lwpinfo pl_flags PL_FLAG_SCE, PL_FLAG_SCX and
PL_FLAG_EXEC. The SCE and SCX flags notify the debugger that the
thread is stopped at syscall entry or return point respectively. The
EXEC flag augments SCX and notifies debugger that the process address
space was changed by one of exec(2)-family syscalls.
The i386, amd64, sparc64, sun4v, powerpc and ia64 syscall()s are
changed to use syscallenter()/syscallret(). MIPS and arm are not
converted and use the mostly unchanged syscall() implementation.
Reviewed by: jhb, marcel, marius, nwhitehorn, stas
Tested by: marcel (ia64), marius (sparc64), nwhitehorn (powerpc),
stas (mips)
MFC after: 1 month
2010-05-23 18:32:02 +00:00
|
|
|
if (td2->td_dbgflags & TDB_SCE)
|
|
|
|
|
pl->pl_flags |= PL_FLAG_SCE;
|
|
|
|
|
else if (td2->td_dbgflags & TDB_SCX)
|
|
|
|
|
pl->pl_flags |= PL_FLAG_SCX;
|
|
|
|
|
if (td2->td_dbgflags & TDB_EXEC)
|
|
|
|
|
pl->pl_flags |= PL_FLAG_EXEC;
|
2011-01-25 10:59:21 +00:00
|
|
|
if (td2->td_dbgflags & TDB_FORK) {
|
|
|
|
|
pl->pl_flags |= PL_FLAG_FORKED;
|
|
|
|
|
pl->pl_child_pid = td2->td_dbg_forked;
|
2016-07-18 14:53:55 +00:00
|
|
|
if (td2->td_dbgflags & TDB_VFORK)
|
|
|
|
|
pl->pl_flags |= PL_FLAG_VFORKED;
|
|
|
|
|
} else if ((td2->td_dbgflags & (TDB_SCX | TDB_VFORK)) ==
|
|
|
|
|
TDB_VFORK)
|
|
|
|
|
pl->pl_flags |= PL_FLAG_VFORK_DONE;
|
2012-02-10 00:02:13 +00:00
|
|
|
if (td2->td_dbgflags & TDB_CHILD)
|
|
|
|
|
pl->pl_flags |= PL_FLAG_CHILD;
|
2015-12-29 23:25:26 +00:00
|
|
|
if (td2->td_dbgflags & TDB_BORN)
|
|
|
|
|
pl->pl_flags |= PL_FLAG_BORN;
|
|
|
|
|
if (td2->td_dbgflags & TDB_EXIT)
|
|
|
|
|
pl->pl_flags |= PL_FLAG_EXITED;
|
2006-02-06 09:41:56 +00:00
|
|
|
pl->pl_sigmask = td2->td_sigmask;
|
|
|
|
|
pl->pl_siglist = td2->td_siglist;
|
Add the ability for GDB to printout the thread name along with other
thread specific informations.
In order to do that, and in order to avoid KBI breakage with existing
infrastructure the following semantic is implemented:
- For live programs, a new member to the PT_LWPINFO is added (pl_tdname)
- For cores, a new ELF note is added (NT_THRMISC) that can be used for
storing thread specific, miscellaneous, informations. Right now it is
just popluated with a thread name.
GDB, then, retrieves the correct informations from the corefile via the
BFD interface, as it groks the ELF notes and create appropriate
pseudo-sections.
Sponsored by: Sandvine Incorporated
Tested by: gianni
Discussed with: dim, kan, kib
MFC after: 2 weeks
2010-11-22 14:42:13 +00:00
|
|
|
strcpy(pl->pl_tdname, td2->td_name);
|
2015-09-01 22:24:54 +00:00
|
|
|
if ((td2->td_dbgflags & (TDB_SCE | TDB_SCX)) != 0) {
|
2017-06-12 21:03:23 +00:00
|
|
|
pl->pl_syscall_code = td2->td_sa.code;
|
2020-09-27 18:47:06 +00:00
|
|
|
pl->pl_syscall_narg = td2->td_sa.callp->sy_narg;
|
2015-09-01 22:24:54 +00:00
|
|
|
} else {
|
|
|
|
|
pl->pl_syscall_code = 0;
|
|
|
|
|
pl->pl_syscall_narg = 0;
|
|
|
|
|
}
|
2015-10-05 21:36:53 +00:00
|
|
|
CTR6(KTR_PTRACE,
|
|
|
|
|
"PT_LWPINFO: tid %d (pid %d) event %d flags %#x child pid %d syscall %d",
|
2015-05-25 22:13:22 +00:00
|
|
|
td2->td_tid, p->p_pid, pl->pl_event, pl->pl_flags,
|
2015-10-05 21:36:53 +00:00
|
|
|
pl->pl_child_pid, pl->pl_syscall_code);
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
break;
|
2004-07-12 05:07:50 +00:00
|
|
|
|
2004-07-13 07:25:24 +00:00
|
|
|
case PT_GETNUMLWPS:
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR2(KTR_PTRACE, "PT_GETNUMLWPS: pid %d: %d threads", p->p_pid,
|
|
|
|
|
p->p_numthreads);
|
2004-07-13 07:25:24 +00:00
|
|
|
td->td_retval[0] = p->p_numthreads;
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
break;
|
2004-07-13 07:25:24 +00:00
|
|
|
|
|
|
|
|
case PT_GETLWPLIST:
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR3(KTR_PTRACE, "PT_GETLWPLIST: pid %d: data %d, actual %d",
|
|
|
|
|
p->p_pid, data, p->p_numthreads);
|
2004-07-13 07:25:24 +00:00
|
|
|
if (data <= 0) {
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
error = EINVAL;
|
|
|
|
|
break;
|
2004-07-13 07:25:24 +00:00
|
|
|
}
|
|
|
|
|
num = imin(p->p_numthreads, data);
|
|
|
|
|
PROC_UNLOCK(p);
|
|
|
|
|
buf = malloc(num * sizeof(lwpid_t), M_TEMP, M_WAITOK);
|
|
|
|
|
tmp = 0;
|
|
|
|
|
PROC_LOCK(p);
|
|
|
|
|
FOREACH_THREAD_IN_PROC(p, td2) {
|
|
|
|
|
if (tmp >= num)
|
|
|
|
|
break;
|
|
|
|
|
buf[tmp++] = td2->td_tid;
|
|
|
|
|
}
|
|
|
|
|
PROC_UNLOCK(p);
|
|
|
|
|
error = copyout(buf, addr, tmp * sizeof(lwpid_t));
|
|
|
|
|
free(buf, M_TEMP);
|
|
|
|
|
if (!error)
|
2006-10-14 10:30:14 +00:00
|
|
|
td->td_retval[0] = tmp;
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
PROC_LOCK(p);
|
|
|
|
|
break;
|
2004-07-13 07:25:24 +00:00
|
|
|
|
2010-02-09 05:52:35 +00:00
|
|
|
case PT_VM_TIMESTAMP:
|
2015-05-25 22:13:22 +00:00
|
|
|
CTR2(KTR_PTRACE, "PT_VM_TIMESTAMP: pid %d: timestamp %d",
|
|
|
|
|
p->p_pid, p->p_vmspace->vm_map.timestamp);
|
2010-02-09 05:52:35 +00:00
|
|
|
td->td_retval[0] = p->p_vmspace->vm_map.timestamp;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case PT_VM_ENTRY:
|
2010-02-11 18:00:53 +00:00
|
|
|
PROC_UNLOCK(p);
|
2010-02-09 05:52:35 +00:00
|
|
|
error = ptrace_vm_entry(td, p, addr);
|
|
|
|
|
PROC_LOCK(p);
|
|
|
|
|
break;
|
|
|
|
|
|
2021-04-23 13:26:01 +00:00
|
|
|
case PT_COREDUMP:
|
|
|
|
|
pc = addr;
|
|
|
|
|
CTR2(KTR_PTRACE, "PT_COREDUMP: pid %d, fd %d",
|
|
|
|
|
p->p_pid, pc->pc_fd);
|
|
|
|
|
|
|
|
|
|
if ((pc->pc_flags & ~(PC_COMPRESS | PC_ALL)) != 0) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
PROC_UNLOCK(p);
|
|
|
|
|
|
|
|
|
|
tcq = malloc(sizeof(*tcq), M_TEMP, M_WAITOK | M_ZERO);
|
|
|
|
|
fp = NULL;
|
|
|
|
|
error = fget_write(td, pc->pc_fd, &cap_write_rights, &fp);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto coredump_cleanup_nofp;
|
|
|
|
|
if (fp->f_type != DTYPE_VNODE || fp->f_vnode->v_type != VREG) {
|
|
|
|
|
error = EPIPE;
|
|
|
|
|
goto coredump_cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
PROC_LOCK(p);
|
|
|
|
|
error = proc_can_ptrace(td, p);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto coredump_cleanup_locked;
|
|
|
|
|
|
|
|
|
|
td2 = ptrace_sel_coredump_thread(p);
|
|
|
|
|
if (td2 == NULL) {
|
|
|
|
|
error = EBUSY;
|
|
|
|
|
goto coredump_cleanup_locked;
|
|
|
|
|
}
|
2022-11-30 08:45:52 +00:00
|
|
|
KASSERT((td2->td_dbgflags & (TDB_COREDUMPREQ |
|
|
|
|
|
TDB_SCREMOTEREQ)) == 0,
|
2021-04-23 13:26:01 +00:00
|
|
|
("proc %d tid %d req coredump", p->p_pid, td2->td_tid));
|
|
|
|
|
|
|
|
|
|
tcq->tc_vp = fp->f_vnode;
|
|
|
|
|
tcq->tc_limit = pc->pc_limit == 0 ? OFF_MAX : pc->pc_limit;
|
|
|
|
|
tcq->tc_flags = SVC_PT_COREDUMP;
|
|
|
|
|
if ((pc->pc_flags & PC_COMPRESS) == 0)
|
|
|
|
|
tcq->tc_flags |= SVC_NOCOMPRESS;
|
|
|
|
|
if ((pc->pc_flags & PC_ALL) != 0)
|
|
|
|
|
tcq->tc_flags |= SVC_ALL;
|
2022-11-30 08:48:24 +00:00
|
|
|
td2->td_remotereq = tcq;
|
|
|
|
|
td2->td_dbgflags |= TDB_COREDUMPREQ;
|
2021-04-23 13:26:01 +00:00
|
|
|
thread_run_flash(td2);
|
2022-11-30 08:48:24 +00:00
|
|
|
while ((td2->td_dbgflags & TDB_COREDUMPREQ) != 0)
|
2021-04-23 13:26:01 +00:00
|
|
|
msleep(p, &p->p_mtx, PPAUSE, "crdmp", 0);
|
|
|
|
|
error = tcq->tc_error;
|
|
|
|
|
coredump_cleanup_locked:
|
|
|
|
|
PROC_UNLOCK(p);
|
|
|
|
|
coredump_cleanup:
|
|
|
|
|
fdrop(fp, td);
|
|
|
|
|
coredump_cleanup_nofp:
|
|
|
|
|
free(tcq, M_TEMP);
|
|
|
|
|
PROC_LOCK(p);
|
|
|
|
|
break;
|
|
|
|
|
|
2022-11-30 08:45:52 +00:00
|
|
|
case PT_SC_REMOTE:
|
|
|
|
|
pscr = addr;
|
|
|
|
|
CTR2(KTR_PTRACE, "PT_SC_REMOTE: pid %d, syscall %d",
|
|
|
|
|
p->p_pid, pscr->pscr_syscall);
|
|
|
|
|
if ((td2->td_dbgflags & TDB_BOUNDARY) == 0) {
|
|
|
|
|
error = EBUSY;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
PROC_UNLOCK(p);
|
|
|
|
|
MPASS(pscr->pscr_nargs <= nitems(td->td_sa.args));
|
|
|
|
|
|
|
|
|
|
tsr = malloc(sizeof(struct thr_syscall_req), M_TEMP,
|
|
|
|
|
M_WAITOK | M_ZERO);
|
|
|
|
|
|
|
|
|
|
tsr->ts_sa.code = pscr->pscr_syscall;
|
|
|
|
|
tsr->ts_nargs = pscr->pscr_nargs;
|
|
|
|
|
memcpy(&tsr->ts_sa.args, pscr->pscr_args,
|
|
|
|
|
sizeof(syscallarg_t) * tsr->ts_nargs);
|
|
|
|
|
|
|
|
|
|
PROC_LOCK(p);
|
|
|
|
|
error = proc_can_ptrace(td, p);
|
|
|
|
|
if (error != 0) {
|
|
|
|
|
free(tsr, M_TEMP);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (td2->td_proc != p) {
|
|
|
|
|
free(tsr, M_TEMP);
|
|
|
|
|
error = ESRCH;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
KASSERT((td2->td_dbgflags & (TDB_COREDUMPREQ |
|
|
|
|
|
TDB_SCREMOTEREQ)) == 0,
|
|
|
|
|
("proc %d tid %d req coredump", p->p_pid, td2->td_tid));
|
|
|
|
|
|
|
|
|
|
td2->td_remotereq = tsr;
|
|
|
|
|
td2->td_dbgflags |= TDB_SCREMOTEREQ;
|
|
|
|
|
thread_run_flash(td2);
|
|
|
|
|
while ((td2->td_dbgflags & TDB_SCREMOTEREQ) != 0)
|
|
|
|
|
msleep(p, &p->p_mtx, PPAUSE, "pscrx", 0);
|
|
|
|
|
error = 0;
|
|
|
|
|
memcpy(&pscr->pscr_ret, &tsr->ts_ret, sizeof(tsr->ts_ret));
|
|
|
|
|
free(tsr, M_TEMP);
|
|
|
|
|
break;
|
|
|
|
|
|
1994-08-08 13:00:27 +00:00
|
|
|
default:
|
2003-08-15 05:25:06 +00:00
|
|
|
#ifdef __HAVE_PTRACE_MACHDEP
|
|
|
|
|
if (req >= PT_FIRSTMACH) {
|
|
|
|
|
PROC_UNLOCK(p);
|
2004-03-15 18:48:28 +00:00
|
|
|
error = cpu_ptrace(td2, req, addr, data);
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
PROC_LOCK(p);
|
|
|
|
|
} else
|
2003-08-15 05:25:06 +00:00
|
|
|
#endif
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
/* Unknown request. */
|
|
|
|
|
error = EINVAL;
|
1994-08-08 13:00:27 +00:00
|
|
|
break;
|
|
|
|
|
}
|
Close some races between procfs/ptrace and exit(2):
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
2006-02-22 18:57:50 +00:00
|
|
|
out:
|
|
|
|
|
/* Drop our hold on this process now that the request has completed. */
|
|
|
|
|
_PRELE(p);
|
2002-04-12 21:17:37 +00:00
|
|
|
fail:
|
2021-04-24 11:57:40 +00:00
|
|
|
if (p2_req_set) {
|
|
|
|
|
if ((p->p_flag2 & P2_PTRACEREQ) != 0)
|
|
|
|
|
wakeup(&p->p_flag2);
|
|
|
|
|
p->p_flag2 &= ~P2_PTRACEREQ;
|
|
|
|
|
}
|
2002-04-12 21:17:37 +00:00
|
|
|
PROC_UNLOCK(p);
|
|
|
|
|
if (proctree_locked)
|
|
|
|
|
sx_xunlock(&proctree_lock);
|
|
|
|
|
return (error);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2005-06-30 07:49:22 +00:00
|
|
|
#undef PROC_READ
|
|
|
|
|
#undef PROC_WRITE
|