2 * Copyright (c) 1989, 1992, 1993
3 * The Regents of the University of California. All rights reserved.
5 * This code is derived from software developed by the Computer Systems
6 * Engineering group at Lawrence Berkeley Laboratory under DARPA contract
7 * BG 91-66 and contributed to Berkeley.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by the University of
20 * California, Berkeley and its contributors.
21 * 4. Neither the name of the University nor the names of its contributors
22 * may be used to endorse or promote products derived from this software
23 * without specific prior written permission.
25 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 #if defined(LIBC_SCCS) && !defined(lint)
41 static char sccsid[] = "@(#)kvm_proc.c 8.3 (Berkeley) 9/23/93";
42 #endif /* LIBC_SCCS and not lint */
45 * Proc traversal interface for kvm. ps and w are (probably) the exclusive
46 * users of this code, so we've factored it out into a separate module.
47 * Thus, we keep this grunge out of the other kvm applications (i.e.,
48 * most other applications are interested only in open/close/read/nlist).
51 #include <sys/param.h>
53 #include <sys/mutex.h>
58 #include <sys/ioctl.h>
68 #include <vm/vm_param.h>
69 #include <vm/swap_pager.h>
71 #include <sys/sysctl.h>
77 #include "kvm_private.h"
81 kvm_readswap(kd, p, va, cnt)
88 /* XXX Stubbed out, our vm system is differnet */
89 _kvm_err(kd, kd->program, "kvm_readswap not implemented");
91 #endif /* __FreeBSD__ */
95 #define KREAD(kd, addr, obj) \
96 (kvm_read(kd, addr, (char *)(obj), sizeof(*obj)) != sizeof(*obj))
99 * Read proc's from memory file into buffer bp, which has space to hold
100 * at most maxcnt procs.
103 kvm_proclist(kd, what, arg, p, bp, maxcnt)
107 struct kinfo_proc *bp;
110 register int cnt = 0;
111 struct kinfo_proc kinfo_proc, *kp;
115 struct vmspace vmspace;
116 struct procsig procsig;
117 struct pstats pstats;
123 kp->ki_structsize = sizeof(kinfo_proc);
124 for (; cnt < maxcnt && p != NULL; p = LIST_NEXT(&proc, p_list)) {
125 if (KREAD(kd, (u_long)p, &proc)) {
126 _kvm_err(kd, kd->program, "can't read proc at %x", p);
129 if (KREAD(kd, (u_long)proc.p_ucred, &ucred) == 0) {
130 kp->ki_ruid = ucred.cr_ruid;
131 kp->ki_svuid = ucred.cr_svuid;
132 kp->ki_rgid = ucred.cr_rgid;
133 kp->ki_svgid = ucred.cr_svgid;
134 kp->ki_ngroups = ucred.cr_ngroups;
135 bcopy(ucred.cr_groups, kp->ki_groups,
136 NGROUPS * sizeof(gid_t));
137 kp->ki_uid = ucred.cr_uid;
143 if (proc.p_pid != (pid_t)arg)
148 if (kp->ki_uid != (uid_t)arg)
153 if (kp->ki_ruid != (uid_t)arg)
158 * We're going to add another proc to the set. If this
159 * will overflow the buffer, assume the reason is because
160 * nprocs (or the proc list) is corrupt and declare an error.
163 _kvm_err(kd, kd->program, "nprocs corrupt");
170 kp->ki_addr = proc.p_addr;
171 kp->ki_args = proc.p_args;
172 kp->ki_tracep = proc.p_tracep;
173 kp->ki_textvp = proc.p_textvp;
174 kp->ki_fd = proc.p_fd;
175 kp->ki_vmspace = proc.p_vmspace;
176 if (proc.p_procsig != NULL) {
177 if (KREAD(kd, (u_long)proc.p_procsig, &procsig)) {
178 _kvm_err(kd, kd->program,
179 "can't read procsig at %x", proc.p_procsig);
182 kp->ki_sigignore = procsig.ps_sigignore;
183 kp->ki_sigcatch = procsig.ps_sigcatch;
185 if ((proc.p_sflag & PS_INMEM) && proc.p_stats != NULL) {
186 if (KREAD(kd, (u_long)proc.p_stats, &pstats)) {
187 _kvm_err(kd, kd->program,
188 "can't read stats at %x", proc.p_stats);
191 kp->ki_start = pstats.p_start;
192 kp->ki_rusage = pstats.p_ru;
193 kp->ki_childtime.tv_sec = pstats.p_cru.ru_utime.tv_sec +
194 pstats.p_cru.ru_stime.tv_sec;
195 kp->ki_childtime.tv_usec =
196 pstats.p_cru.ru_utime.tv_usec +
197 pstats.p_cru.ru_stime.tv_usec;
199 if (KREAD(kd, (u_long)proc.p_pgrp, &pgrp)) {
200 _kvm_err(kd, kd->program, "can't read pgrp at %x",
205 kp->ki_ppid = proc.p_oppid;
206 else if (proc.p_pptr) {
207 if (KREAD(kd, (u_long)proc.p_pptr, &pproc)) {
208 _kvm_err(kd, kd->program,
209 "can't read pproc at %x", proc.p_pptr);
212 kp->ki_ppid = pproc.p_pid;
215 kp->ki_pgid = pgrp.pg_id;
216 kp->ki_jobc = pgrp.pg_jobc;
217 if (KREAD(kd, (u_long)pgrp.pg_session, &sess)) {
218 _kvm_err(kd, kd->program, "can't read session at %x",
222 kp->ki_sid = sess.s_sid;
223 (void)memcpy(kp->ki_login, sess.s_login,
224 sizeof(kp->ki_login));
225 kp->ki_kiflag = sess.s_ttyvp ? KI_CTTY : 0;
226 if (sess.s_leader == p)
227 kp->ki_kiflag |= KI_SLEADER;
228 if ((proc.p_flag & P_CONTROLT) && sess.s_ttyp != NULL) {
229 if (KREAD(kd, (u_long)sess.s_ttyp, &tty)) {
230 _kvm_err(kd, kd->program,
231 "can't read tty at %x", sess.s_ttyp);
234 kp->ki_tdev = tty.t_dev;
235 if (tty.t_pgrp != NULL) {
236 if (KREAD(kd, (u_long)tty.t_pgrp, &pgrp)) {
237 _kvm_err(kd, kd->program,
238 "can't read tpgrp at &x",
242 kp->ki_tpgid = pgrp.pg_id;
245 if (tty.t_session != NULL) {
246 if (KREAD(kd, (u_long)tty.t_session, &sess)) {
247 _kvm_err(kd, kd->program,
248 "can't read session at %x",
252 kp->ki_tsid = sess.s_sid;
257 (void)kvm_read(kd, (u_long)proc.p_wmesg,
258 kp->ki_wmesg, WMESGLEN);
261 (void)kvm_read(kd, (u_long)&proc.p_vmspace->vm_rssize,
262 (char *)&kp->ki_rssize,
263 sizeof(kp->ki_rssize));
264 (void)kvm_read(kd, (u_long)&proc.p_vmspace->vm_tsize,
265 (char *)&kp->ki_tsize,
266 3 * sizeof(kp->ki_rssize)); /* XXX */
268 (void)kvm_read(kd, (u_long)proc.p_vmspace,
269 (char *)&vmspace, sizeof(vmspace));
270 kp->ki_size = vmspace.vm_map.size;
271 kp->ki_rssize = vmspace.vm_swrss; /* XXX */
272 kp->ki_swrss = vmspace.vm_swrss;
273 kp->ki_tsize = vmspace.vm_tsize;
274 kp->ki_dsize = vmspace.vm_dsize;
275 kp->ki_ssize = vmspace.vm_ssize;
281 if (kp->ki_pgid != (pid_t)arg)
286 if ((proc.p_flag & P_CONTROLT) == 0 ||
287 kp->ki_tdev != (dev_t)arg)
291 if (proc.p_comm[0] != 0) {
292 strncpy(kp->ki_comm, proc.p_comm, MAXCOMLEN);
293 kp->ki_comm[MAXCOMLEN] = 0;
295 if (proc.p_blocked != 0) {
296 kp->ki_kiflag |= KI_MTXBLOCK;
298 (void)kvm_read(kd, (u_long)proc.p_mtxname,
299 kp->ki_mtxname, MTXNAMELEN);
300 kp->ki_mtxname[MTXNAMELEN] = 0;
302 kp->ki_runtime = proc.p_runtime;
303 kp->ki_pid = proc.p_pid;
304 kp->ki_siglist = proc.p_siglist;
305 kp->ki_sigmask = proc.p_sigmask;
306 kp->ki_xstat = proc.p_xstat;
307 kp->ki_acflag = proc.p_acflag;
308 kp->ki_pctcpu = proc.p_pctcpu;
309 kp->ki_estcpu = proc.p_estcpu;
310 kp->ki_slptime = proc.p_slptime;
311 kp->ki_swtime = proc.p_swtime;
312 kp->ki_flag = proc.p_flag;
313 kp->ki_sflag = proc.p_sflag;
314 kp->ki_wchan = proc.p_wchan;
315 kp->ki_traceflag = proc.p_traceflag;
316 kp->ki_stat = proc.p_stat;
317 kp->ki_pri = proc.p_pri;
318 kp->ki_nice = proc.p_nice;
319 kp->ki_lock = proc.p_lock;
320 kp->ki_rqindex = proc.p_rqindex;
321 kp->ki_oncpu = proc.p_oncpu;
322 kp->ki_lastcpu = proc.p_lastcpu;
323 bcopy(&kinfo_proc, bp, sizeof(kinfo_proc));
331 * Build proc info array by reading in proc list from a crash dump.
332 * Return number of procs read. maxcnt is the max we will read.
335 kvm_deadprocs(kd, what, arg, a_allproc, a_zombproc, maxcnt)
342 register struct kinfo_proc *bp = kd->procbase;
343 register int acnt, zcnt;
346 if (KREAD(kd, a_allproc, &p)) {
347 _kvm_err(kd, kd->program, "cannot read allproc");
350 acnt = kvm_proclist(kd, what, arg, p, bp, maxcnt);
354 if (KREAD(kd, a_zombproc, &p)) {
355 _kvm_err(kd, kd->program, "cannot read zombproc");
358 zcnt = kvm_proclist(kd, what, arg, p, bp + acnt, maxcnt - acnt);
362 return (acnt + zcnt);
366 kvm_getprocs(kd, op, arg, cnt)
371 int mib[4], st, nprocs;
374 if (kd->procbase != 0) {
375 free((void *)kd->procbase);
377 * Clear this pointer in case this call fails. Otherwise,
378 * kvm_close() will free it again.
388 st = sysctl(mib, op == KERN_PROC_ALL ? 3 : 4, NULL, &size, NULL, 0);
390 _kvm_syserr(kd, kd->program, "kvm_getprocs");
395 kd->procbase = (struct kinfo_proc *)
396 _kvm_realloc(kd, kd->procbase, size);
397 if (kd->procbase == 0)
399 st = sysctl(mib, op == KERN_PROC_ALL ? 3 : 4,
400 kd->procbase, &size, NULL, 0);
401 } while (st == -1 && errno == ENOMEM);
403 _kvm_syserr(kd, kd->program, "kvm_getprocs");
407 kd->procbase->ki_structsize != sizeof(struct kinfo_proc)) {
408 _kvm_err(kd, kd->program,
409 "kinfo_proc size mismatch (expected %d, got %d)",
410 sizeof(struct kinfo_proc),
411 kd->procbase->ki_structsize);
414 nprocs = size == 0 ? 0 : size / kd->procbase->ki_structsize;
416 struct nlist nl[4], *p;
418 nl[0].n_name = "_nprocs";
419 nl[1].n_name = "_allproc";
420 nl[2].n_name = "_zombproc";
423 if (kvm_nlist(kd, nl) != 0) {
424 for (p = nl; p->n_type != 0; ++p)
426 _kvm_err(kd, kd->program,
427 "%s: no such symbol", p->n_name);
430 if (KREAD(kd, nl[0].n_value, &nprocs)) {
431 _kvm_err(kd, kd->program, "can't read nprocs");
434 size = nprocs * sizeof(struct kinfo_proc);
435 kd->procbase = (struct kinfo_proc *)_kvm_malloc(kd, size);
436 if (kd->procbase == 0)
439 nprocs = kvm_deadprocs(kd, op, arg, nl[1].n_value,
440 nl[2].n_value, nprocs);
442 size = nprocs * sizeof(struct kinfo_proc);
443 (void)realloc(kd->procbase, size);
447 return (kd->procbase);
461 _kvm_realloc(kd, p, n)
466 void *np = (void *)realloc(p, n);
470 _kvm_err(kd, kd->program, "out of memory");
476 #define MAX(a, b) ((a) > (b) ? (a) : (b))
480 * Read in an argument vector from the user address space of process kp.
481 * addr if the user-space base address of narg null-terminated contiguous
482 * strings. This is used to read in both the command arguments and
483 * environment strings. Read at most maxcnt characters of strings.
486 kvm_argv(kd, kp, addr, narg, maxcnt)
488 struct kinfo_proc *kp;
489 register u_long addr;
493 register char *np, *cp, *ep, *ap;
494 register u_long oaddr = -1;
495 register int len, cc;
496 register char **argv;
499 * Check that there aren't an unreasonable number of agruments,
500 * and that the address is in user space.
502 if (narg > 512 || addr < VM_MIN_ADDRESS || addr >= VM_MAXUSER_ADDRESS)
506 * kd->argv : work space for fetching the strings from the target
507 * process's space, and is converted for returning to caller
511 * Try to avoid reallocs.
513 kd->argc = MAX(narg + 1, 32);
514 kd->argv = (char **)_kvm_malloc(kd, kd->argc *
518 } else if (narg + 1 > kd->argc) {
519 kd->argc = MAX(2 * kd->argc, narg + 1);
520 kd->argv = (char **)_kvm_realloc(kd, kd->argv, kd->argc *
526 * kd->argspc : returned to user, this is where the kd->argv
527 * arrays are left pointing to the collected strings.
529 if (kd->argspc == 0) {
530 kd->argspc = (char *)_kvm_malloc(kd, PAGE_SIZE);
533 kd->arglen = PAGE_SIZE;
536 * kd->argbuf : used to pull in pages from the target process.
537 * the strings are copied out of here.
539 if (kd->argbuf == 0) {
540 kd->argbuf = (char *)_kvm_malloc(kd, PAGE_SIZE);
545 /* Pull in the target process'es argv vector */
546 cc = sizeof(char *) * narg;
547 if (kvm_uread(kd, kp, addr, (char *)kd->argv, cc) != cc)
550 * ap : saved start address of string we're working on in kd->argspc
551 * np : pointer to next place to write in kd->argspc
552 * len: length of data in kd->argspc
553 * argv: pointer to the argv vector that we are hunting around the
554 * target process space for, and converting to addresses in
555 * our address space (kd->argspc).
557 ap = np = kd->argspc;
561 * Loop over pages, filling in the argument vector.
562 * Note that the argv strings could be pointing *anywhere* in
563 * the user address space and are no longer contiguous.
564 * Note that *argv is modified when we are going to fetch a string
565 * that crosses a page boundary. We copy the next part of the string
566 * into to "np" and eventually convert the pointer.
568 while (argv < kd->argv + narg && *argv != 0) {
570 /* get the address that the current argv string is on */
571 addr = (u_long)*argv & ~(PAGE_SIZE - 1);
573 /* is it the same page as the last one? */
575 if (kvm_uread(kd, kp, addr, kd->argbuf, PAGE_SIZE) !=
581 /* offset within the page... kd->argbuf */
582 addr = (u_long)*argv & (PAGE_SIZE - 1);
584 /* cp = start of string, cc = count of chars in this chunk */
585 cp = kd->argbuf + addr;
586 cc = PAGE_SIZE - addr;
588 /* dont get more than asked for by user process */
589 if (maxcnt > 0 && cc > maxcnt - len)
592 /* pointer to end of string if we found it in this page */
593 ep = memchr(cp, '\0', cc);
597 * at this point, cc is the count of the chars that we are
598 * going to retrieve this time. we may or may not have found
599 * the end of it. (ep points to the null if the end is known)
602 /* will we exceed the malloc/realloced buffer? */
603 if (len + cc > kd->arglen) {
606 register char *op = kd->argspc;
609 kd->argspc = (char *)_kvm_realloc(kd, kd->argspc,
614 * Adjust argv pointers in case realloc moved
617 off = kd->argspc - op;
618 for (pp = kd->argv; pp < argv; pp++)
623 /* np = where to put the next part of the string in kd->argspc*/
624 /* np is kinda redundant.. could use "kd->argspc + len" */
626 np += cc; /* inc counters */
630 * if end of string found, set the *argv pointer to the
631 * saved beginning of string, and advance. argv points to
632 * somewhere in kd->argv.. This is initially relative
633 * to the target process, but when we close it off, we set
634 * it to point in our address space.
640 /* update the address relative to the target process */
644 if (maxcnt > 0 && len >= maxcnt) {
646 * We're stopping prematurely. Terminate the
656 /* Make sure argv is terminated. */
663 struct ps_strings *p;
667 *addr = (u_long)p->ps_argvstr;
673 struct ps_strings *p;
677 *addr = (u_long)p->ps_envstr;
682 * Determine if the proc indicated by p is still active.
683 * This test is not 100% foolproof in theory, but chances of
684 * being wrong are very low.
688 struct kinfo_proc *curkp;
690 struct kinfo_proc newkp;
696 mib[2] = KERN_PROC_PID;
697 mib[3] = curkp->ki_pid;
699 if (sysctl(mib, 4, &newkp, &len, NULL, 0) == -1)
701 return (curkp->ki_pid == newkp.ki_pid &&
702 (newkp.ki_stat != SZOMB || curkp->ki_stat == SZOMB));
706 kvm_doargv(kd, kp, nchr, info)
708 struct kinfo_proc *kp;
710 void (*info)(struct ps_strings *, u_long *, int *);
715 static struct ps_strings arginfo;
716 static u_long ps_strings;
719 if (ps_strings == NULL) {
720 len = sizeof(ps_strings);
721 if (sysctlbyname("kern.ps_strings", &ps_strings, &len, NULL,
723 ps_strings = PS_STRINGS;
727 * Pointers are stored at the top of the user stack.
729 if (kp->ki_stat == SZOMB ||
730 kvm_uread(kd, kp, ps_strings, (char *)&arginfo,
731 sizeof(arginfo)) != sizeof(arginfo))
734 (*info)(&arginfo, &addr, &cnt);
737 ap = kvm_argv(kd, kp, addr, cnt, nchr);
739 * For live kernels, make sure this process didn't go away.
741 if (ap != 0 && ISALIVE(kd) && !proc_verify(kp))
747 * Get the command args. This code is now machine independent.
750 kvm_getargv(kd, kp, nchr)
752 const struct kinfo_proc *kp;
759 static char *buf, *p;
764 _kvm_err(kd, kd->program,
765 "cannot read user space from dead kernel");
770 bufsz = sizeof(buflen);
771 i = sysctlbyname("kern.ps_arg_cache_limit",
772 &buflen, &bufsz, NULL, 0);
776 buf = malloc(buflen);
780 bufp = malloc(sizeof(char *) * argc);
786 oid[2] = KERN_PROC_ARGS;
789 i = sysctl(oid, 4, buf, &bufsz, 0, 0);
790 if (i == 0 && bufsz > 0) {
799 sizeof(char *) * argc);
801 } while (p < buf + bufsz);
806 if (kp->ki_flag & P_SYSTEM)
808 return (kvm_doargv(kd, kp, nchr, ps_str_a));
812 kvm_getenvv(kd, kp, nchr)
814 const struct kinfo_proc *kp;
817 return (kvm_doargv(kd, kp, nchr, ps_str_e));
821 * Read from user space. The user context is given by p.
824 kvm_uread(kd, kp, uva, buf, len)
826 struct kinfo_proc *kp;
832 char procfile[MAXPATHLEN];
837 _kvm_err(kd, kd->program,
838 "cannot read user space from dead kernel");
842 sprintf(procfile, "/proc/%d/mem", kp->ki_pid);
843 fd = open(procfile, O_RDONLY, 0);
845 _kvm_err(kd, kd->program, "cannot open %s", procfile);
853 if (lseek(fd, (off_t)uva, 0) == -1 && errno != 0) {
854 _kvm_err(kd, kd->program, "invalid address (%x) in %s",
858 amount = read(fd, cp, len);
860 _kvm_syserr(kd, kd->program, "error reading %s",
865 _kvm_err(kd, kd->program, "EOF reading %s", procfile);
874 return ((ssize_t)(cp - buf));