2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2017 Edward Tomasz Napierala <trasz@FreeBSD.org>
7 * This software was developed by SRI International and the University of
8 * Cambridge Computer Laboratory under DARPA/AFRL contract (FA8750-10-C-0237)
9 * ("CTSRD"), as part of the DARPA CRASH research programme.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #include <sys/param.h>
39 #include <sys/ptrace.h>
41 #include <sys/syscallsubr.h>
43 #include <machine/pcb.h>
44 #include <machine/reg.h>
46 #include <amd64/linux/linux.h>
47 #include <amd64/linux/linux_proto.h>
48 #include <compat/linux/linux_emul.h>
49 #include <compat/linux/linux_misc.h>
50 #include <compat/linux/linux_signal.h>
51 #include <compat/linux/linux_util.h>
53 #define LINUX_PTRACE_TRACEME 0
54 #define LINUX_PTRACE_PEEKTEXT 1
55 #define LINUX_PTRACE_PEEKDATA 2
56 #define LINUX_PTRACE_PEEKUSER 3
57 #define LINUX_PTRACE_POKETEXT 4
58 #define LINUX_PTRACE_POKEDATA 5
59 #define LINUX_PTRACE_POKEUSER 6
60 #define LINUX_PTRACE_CONT 7
61 #define LINUX_PTRACE_KILL 8
62 #define LINUX_PTRACE_SINGLESTEP 9
63 #define LINUX_PTRACE_GETREGS 12
64 #define LINUX_PTRACE_SETREGS 13
65 #define LINUX_PTRACE_GETFPREGS 14
66 #define LINUX_PTRACE_SETFPREGS 15
67 #define LINUX_PTRACE_ATTACH 16
68 #define LINUX_PTRACE_DETACH 17
69 #define LINUX_PTRACE_SYSCALL 24
70 #define LINUX_PTRACE_SETOPTIONS 0x4200
71 #define LINUX_PTRACE_GETSIGINFO 0x4202
72 #define LINUX_PTRACE_GETREGSET 0x4204
73 #define LINUX_PTRACE_SEIZE 0x4206
75 #define LINUX_PTRACE_EVENT_EXIT 6
77 #define LINUX_PTRACE_O_TRACESYSGOOD 1
78 #define LINUX_PTRACE_O_TRACEFORK 2
79 #define LINUX_PTRACE_O_TRACEVFORK 4
80 #define LINUX_PTRACE_O_TRACECLONE 8
81 #define LINUX_PTRACE_O_TRACEEXEC 16
82 #define LINUX_PTRACE_O_TRACEVFORKDONE 32
83 #define LINUX_PTRACE_O_TRACEEXIT 64
84 #define LINUX_PTRACE_O_TRACESECCOMP 128
85 #define LINUX_PTRACE_O_EXITKILL 1048576
86 #define LINUX_PTRACE_O_SUSPEND_SECCOMP 2097152
88 #define LINUX_NT_PRSTATUS 1
90 #define LINUX_PTRACE_O_MASK (LINUX_PTRACE_O_TRACESYSGOOD | \
91 LINUX_PTRACE_O_TRACEFORK | LINUX_PTRACE_O_TRACEVFORK | \
92 LINUX_PTRACE_O_TRACECLONE | LINUX_PTRACE_O_TRACEEXEC | \
93 LINUX_PTRACE_O_TRACEVFORKDONE | LINUX_PTRACE_O_TRACEEXIT | \
94 LINUX_PTRACE_O_TRACESECCOMP | LINUX_PTRACE_O_EXITKILL | \
95 LINUX_PTRACE_O_SUSPEND_SECCOMP)
98 map_signum(int lsig, int *bsigp)
107 if (lsig < 0 || lsig > LINUX_SIGRTMAX)
110 bsig = linux_to_bsd_signal(lsig);
119 linux_ptrace_status(struct thread *td, pid_t pid, int status)
121 struct ptrace_lwpinfo lwpinfo;
122 struct linux_pemuldata *pem;
123 register_t saved_retval;
126 saved_retval = td->td_retval[0];
127 error = kern_ptrace(td, PT_LWPINFO, pid, &lwpinfo, sizeof(lwpinfo));
128 td->td_retval[0] = saved_retval;
130 linux_msg(td, "PT_LWPINFO failed with error %d", error);
134 pem = pem_find(td->td_proc);
135 KASSERT(pem != NULL, ("%s: proc emuldata not found.\n", __func__));
137 LINUX_PEM_SLOCK(pem);
138 if ((pem->ptrace_flags & LINUX_PTRACE_O_TRACESYSGOOD) &&
139 lwpinfo.pl_flags & PL_FLAG_SCE)
140 status |= (LINUX_SIGTRAP | 0x80) << 8;
141 if ((pem->ptrace_flags & LINUX_PTRACE_O_TRACESYSGOOD) &&
142 lwpinfo.pl_flags & PL_FLAG_SCX)
143 status |= (LINUX_SIGTRAP | 0x80) << 8;
144 if ((pem->ptrace_flags & LINUX_PTRACE_O_TRACEEXIT) &&
145 lwpinfo.pl_flags & PL_FLAG_EXITED)
146 status |= (LINUX_SIGTRAP | LINUX_PTRACE_EVENT_EXIT << 8) << 8;
147 LINUX_PEM_SUNLOCK(pem);
152 struct linux_pt_reg {
176 struct linux_pt_regset {
207 * Translate amd64 ptrace registers between Linux and FreeBSD formats.
208 * The translation is pretty straighforward, for all registers but
209 * orig_rax on Linux side and r_trapno and r_err in FreeBSD.
212 map_regs_to_linux(struct reg *b_reg, struct linux_pt_reg *l_reg)
215 l_reg->r15 = b_reg->r_r15;
216 l_reg->r14 = b_reg->r_r14;
217 l_reg->r13 = b_reg->r_r13;
218 l_reg->r12 = b_reg->r_r12;
219 l_reg->rbp = b_reg->r_rbp;
220 l_reg->rbx = b_reg->r_rbx;
221 l_reg->r11 = b_reg->r_r11;
222 l_reg->r10 = b_reg->r_r10;
223 l_reg->r9 = b_reg->r_r9;
224 l_reg->r8 = b_reg->r_r8;
225 l_reg->rax = b_reg->r_rax;
226 l_reg->rcx = b_reg->r_rcx;
227 l_reg->rdx = b_reg->r_rdx;
228 l_reg->rsi = b_reg->r_rsi;
229 l_reg->rdi = b_reg->r_rdi;
230 l_reg->orig_rax = b_reg->r_rax;
231 l_reg->rip = b_reg->r_rip;
232 l_reg->cs = b_reg->r_cs;
233 l_reg->eflags = b_reg->r_rflags;
234 l_reg->rsp = b_reg->r_rsp;
235 l_reg->ss = b_reg->r_ss;
239 map_regs_to_linux_regset(struct reg *b_reg, unsigned long fs_base,
240 unsigned long gs_base, struct linux_pt_regset *l_regset)
243 l_regset->r15 = b_reg->r_r15;
244 l_regset->r14 = b_reg->r_r14;
245 l_regset->r13 = b_reg->r_r13;
246 l_regset->r12 = b_reg->r_r12;
247 l_regset->rbp = b_reg->r_rbp;
248 l_regset->rbx = b_reg->r_rbx;
249 l_regset->r11 = b_reg->r_r11;
250 l_regset->r10 = b_reg->r_r10;
251 l_regset->r9 = b_reg->r_r9;
252 l_regset->r8 = b_reg->r_r8;
253 l_regset->rax = b_reg->r_rax;
254 l_regset->rcx = b_reg->r_rcx;
255 l_regset->rdx = b_reg->r_rdx;
256 l_regset->rsi = b_reg->r_rsi;
257 l_regset->rdi = b_reg->r_rdi;
258 l_regset->orig_rax = b_reg->r_rax;
259 l_regset->rip = b_reg->r_rip;
260 l_regset->cs = b_reg->r_cs;
261 l_regset->eflags = b_reg->r_rflags;
262 l_regset->rsp = b_reg->r_rsp;
263 l_regset->ss = b_reg->r_ss;
264 l_regset->fs_base = fs_base;
265 l_regset->gs_base = gs_base;
266 l_regset->ds = b_reg->r_ds;
267 l_regset->es = b_reg->r_es;
268 l_regset->fs = b_reg->r_fs;
269 l_regset->gs = b_reg->r_gs;
273 map_regs_from_linux(struct reg *b_reg, struct linux_pt_reg *l_reg)
275 b_reg->r_r15 = l_reg->r15;
276 b_reg->r_r14 = l_reg->r14;
277 b_reg->r_r13 = l_reg->r13;
278 b_reg->r_r12 = l_reg->r12;
279 b_reg->r_r11 = l_reg->r11;
280 b_reg->r_r10 = l_reg->r10;
281 b_reg->r_r9 = l_reg->r9;
282 b_reg->r_r8 = l_reg->r8;
283 b_reg->r_rdi = l_reg->rdi;
284 b_reg->r_rsi = l_reg->rsi;
285 b_reg->r_rbp = l_reg->rbp;
286 b_reg->r_rbx = l_reg->rbx;
287 b_reg->r_rdx = l_reg->rdx;
288 b_reg->r_rcx = l_reg->rcx;
289 b_reg->r_rax = l_reg->rax;
292 * XXX: Are zeroes the right thing to put here?
301 b_reg->r_rip = l_reg->rip;
302 b_reg->r_cs = l_reg->cs;
303 b_reg->r_rflags = l_reg->eflags;
304 b_reg->r_rsp = l_reg->rsp;
305 b_reg->r_ss = l_reg->ss;
309 linux_ptrace_peek(struct thread *td, pid_t pid, void *addr, void *data)
313 error = kern_ptrace(td, PT_READ_I, pid, addr, 0);
315 error = copyout(td->td_retval, data, sizeof(l_int));
316 td->td_retval[0] = error;
322 linux_ptrace_setoptions(struct thread *td, pid_t pid, l_ulong data)
324 struct linux_pemuldata *pem;
329 if (data & ~LINUX_PTRACE_O_MASK) {
330 linux_msg(td, "unknown ptrace option %lx set; "
332 data & ~LINUX_PTRACE_O_MASK);
336 pem = pem_find(td->td_proc);
337 KASSERT(pem != NULL, ("%s: proc emuldata not found.\n", __func__));
340 * PTRACE_O_EXITKILL is ignored, we do that by default.
343 LINUX_PEM_XLOCK(pem);
344 if (data & LINUX_PTRACE_O_TRACESYSGOOD) {
345 pem->ptrace_flags |= LINUX_PTRACE_O_TRACESYSGOOD;
347 pem->ptrace_flags &= ~LINUX_PTRACE_O_TRACESYSGOOD;
349 LINUX_PEM_XUNLOCK(pem);
351 if (data & LINUX_PTRACE_O_TRACEFORK)
354 if (data & LINUX_PTRACE_O_TRACEVFORK)
355 mask |= PTRACE_VFORK;
357 if (data & LINUX_PTRACE_O_TRACECLONE)
358 mask |= PTRACE_VFORK;
360 if (data & LINUX_PTRACE_O_TRACEEXEC)
363 if (data & LINUX_PTRACE_O_TRACEVFORKDONE)
364 mask |= PTRACE_VFORK; /* XXX: Close enough? */
366 if (data & LINUX_PTRACE_O_TRACEEXIT) {
367 pem->ptrace_flags |= LINUX_PTRACE_O_TRACEEXIT;
369 pem->ptrace_flags &= ~LINUX_PTRACE_O_TRACEEXIT;
372 return (kern_ptrace(td, PT_SET_EVENT_MASK, pid, &mask, sizeof(mask)));
376 linux_ptrace_getsiginfo(struct thread *td, pid_t pid, l_ulong data)
378 struct ptrace_lwpinfo lwpinfo;
379 l_siginfo_t l_siginfo;
382 error = kern_ptrace(td, PT_LWPINFO, pid, &lwpinfo, sizeof(lwpinfo));
384 linux_msg(td, "PT_LWPINFO failed with error %d", error);
388 if ((lwpinfo.pl_flags & PL_FLAG_SI) == 0) {
390 linux_msg(td, "no PL_FLAG_SI, returning %d", error);
394 sig = bsd_to_linux_signal(lwpinfo.pl_siginfo.si_signo);
395 siginfo_to_lsiginfo(&lwpinfo.pl_siginfo, &l_siginfo, sig);
396 error = copyout(&l_siginfo, (void *)data, sizeof(l_siginfo));
401 linux_ptrace_getregs(struct thread *td, pid_t pid, void *data)
403 struct ptrace_lwpinfo lwpinfo;
405 struct linux_pt_reg l_reg;
408 error = kern_ptrace(td, PT_GETREGS, pid, &b_reg, 0);
412 map_regs_to_linux(&b_reg, &l_reg);
414 error = kern_ptrace(td, PT_LWPINFO, pid, &lwpinfo, sizeof(lwpinfo));
416 linux_msg(td, "PT_LWPINFO failed with error %d", error);
419 if (lwpinfo.pl_flags & PL_FLAG_SCE) {
421 * The strace(1) utility depends on RAX being set to -ENOSYS
422 * on syscall entry; otherwise it loops printing those:
424 * [ Process PID=928 runs in 64 bit mode. ]
425 * [ Process PID=928 runs in x32 mode. ]
427 l_reg.rax = -38; /* -ENOSYS */
430 * Undo the mangling done in exception.S:fast_syscall_common().
432 l_reg.r10 = l_reg.rcx;
435 error = copyout(&l_reg, (void *)data, sizeof(l_reg));
440 linux_ptrace_setregs(struct thread *td, pid_t pid, void *data)
443 struct linux_pt_reg l_reg;
446 error = copyin(data, &l_reg, sizeof(l_reg));
449 map_regs_from_linux(&b_reg, &l_reg);
450 error = kern_ptrace(td, PT_SETREGS, pid, &b_reg, 0);
455 linux_ptrace_getregset_prstatus(struct thread *td, pid_t pid, l_ulong data)
457 struct ptrace_lwpinfo lwpinfo;
459 struct linux_pt_regset l_regset;
462 unsigned long fsbase, gsbase;
466 error = copyin((const void *)data, &iov, sizeof(iov));
468 linux_msg(td, "copyin error %d", error);
472 error = kern_ptrace(td, PT_GETREGS, pid, &b_reg, 0);
478 update_pcb_bases(pcb);
479 fsbase = pcb->pcb_fsbase;
480 gsbase = pcb->pcb_gsbase;
482 map_regs_to_linux_regset(&b_reg, fsbase, gsbase, &l_regset);
484 error = kern_ptrace(td, PT_LWPINFO, pid, &lwpinfo, sizeof(lwpinfo));
486 linux_msg(td, "PT_LWPINFO failed with error %d", error);
489 if (lwpinfo.pl_flags & PL_FLAG_SCE) {
491 * The strace(1) utility depends on RAX being set to -ENOSYS
492 * on syscall entry; otherwise it loops printing those:
494 * [ Process PID=928 runs in 64 bit mode. ]
495 * [ Process PID=928 runs in x32 mode. ]
497 l_regset.rax = -38; /* -ENOSYS */
500 * Undo the mangling done in exception.S:fast_syscall_common().
502 l_regset.r10 = l_regset.rcx;
505 len = MIN(iov.iov_len, sizeof(l_regset));
506 error = copyout(&l_regset, (void *)iov.iov_base, len);
508 linux_msg(td, "copyout error %d", error);
513 error = copyout(&iov, (void *)data, sizeof(iov));
515 linux_msg(td, "iov copyout error %d", error);
523 linux_ptrace_getregset(struct thread *td, pid_t pid, l_ulong addr, l_ulong data)
527 case LINUX_NT_PRSTATUS:
528 return (linux_ptrace_getregset_prstatus(td, pid, data));
530 linux_msg(td, "PTRACE_GETREGSET request %ld not implemented; "
531 "returning EINVAL", addr);
537 linux_ptrace_seize(struct thread *td, pid_t pid, l_ulong addr, l_ulong data)
540 linux_msg(td, "PTRACE_SEIZE not implemented; returning EINVAL");
545 linux_ptrace(struct thread *td, struct linux_ptrace_args *uap)
551 pid = (pid_t)uap->pid;
552 addr = (void *)uap->addr;
555 case LINUX_PTRACE_TRACEME:
556 error = kern_ptrace(td, PT_TRACE_ME, 0, 0, 0);
558 case LINUX_PTRACE_PEEKTEXT:
559 case LINUX_PTRACE_PEEKDATA:
560 error = linux_ptrace_peek(td, pid, addr, (void *)uap->data);
564 * Linux expects this syscall to read 64 bits, not 32.
566 error = linux_ptrace_peek(td, pid,
567 (void *)(uap->addr + 4), (void *)(uap->data + 4));
569 case LINUX_PTRACE_POKETEXT:
570 error = kern_ptrace(td, PT_WRITE_I, pid, addr, uap->data);
572 case LINUX_PTRACE_POKEDATA:
573 error = kern_ptrace(td, PT_WRITE_D, pid, addr, uap->data);
575 case LINUX_PTRACE_CONT:
576 error = map_signum(uap->data, &sig);
579 error = kern_ptrace(td, PT_CONTINUE, pid, (void *)1, sig);
581 case LINUX_PTRACE_KILL:
582 error = kern_ptrace(td, PT_KILL, pid, addr, uap->data);
584 case LINUX_PTRACE_SINGLESTEP:
585 error = map_signum(uap->data, &sig);
588 error = kern_ptrace(td, PT_STEP, pid, (void *)1, sig);
590 case LINUX_PTRACE_GETREGS:
591 error = linux_ptrace_getregs(td, pid, (void *)uap->data);
593 case LINUX_PTRACE_SETREGS:
594 error = linux_ptrace_setregs(td, pid, (void *)uap->data);
596 case LINUX_PTRACE_ATTACH:
597 error = kern_ptrace(td, PT_ATTACH, pid, addr, uap->data);
599 case LINUX_PTRACE_DETACH:
600 error = map_signum(uap->data, &sig);
603 error = kern_ptrace(td, PT_DETACH, pid, (void *)1, sig);
605 case LINUX_PTRACE_SYSCALL:
606 error = map_signum(uap->data, &sig);
609 error = kern_ptrace(td, PT_SYSCALL, pid, (void *)1, sig);
611 case LINUX_PTRACE_SETOPTIONS:
612 error = linux_ptrace_setoptions(td, pid, uap->data);
614 case LINUX_PTRACE_GETSIGINFO:
615 error = linux_ptrace_getsiginfo(td, pid, uap->data);
617 case LINUX_PTRACE_GETREGSET:
618 error = linux_ptrace_getregset(td, pid, uap->addr, uap->data);
620 case LINUX_PTRACE_SEIZE:
621 error = linux_ptrace_seize(td, pid, uap->addr, uap->data);
624 linux_msg(td, "ptrace(%ld, ...) not implemented; "
625 "returning EINVAL", uap->req);