2 * Copyright (c) 1994, Sean Eric Fagan
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by Sean Eric Fagan.
16 * 4. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include <sys/param.h>
35 #include <sys/systm.h>
37 #include <sys/mutex.h>
38 #include <sys/sysproto.h>
40 #include <sys/vnode.h>
41 #include <sys/ptrace.h>
45 #include <machine/reg.h>
49 #include <vm/vm_extern.h>
50 #include <vm/vm_map.h>
51 #include <vm/vm_kern.h>
52 #include <vm/vm_object.h>
53 #include <vm/vm_page.h>
56 * Functions implemented using PROC_ACTION():
58 * proc_read_regs(proc, regs)
59 * Get the current user-visible register set from the process
60 * and copy it into the regs structure (<machine/reg.h>).
61 * The process is stopped at the time read_regs is called.
63 * proc_write_regs(proc, regs)
64 * Update the current register set from the passed in regs
65 * structure. Take care to avoid clobbering special CPU
66 * registers or privileged bits in the PSL.
67 * Depending on the architecture this may have fix-up work to do,
68 * especially if the IAR or PCW are modified.
69 * The process is stopped at the time write_regs is called.
71 * proc_read_fpregs, proc_write_fpregs
72 * deal with the floating point register set, otherwise as above.
74 * proc_read_dbregs, proc_write_dbregs
75 * deal with the processor debug register set, otherwise as above.
78 * Arrange for the process to trap after executing a single instruction.
81 #define PROC_ACTION(action) do { \
84 mtx_lock_spin(&sched_lock); \
85 if ((td->td_proc->p_sflag & PS_INMEM) == 0) \
89 mtx_unlock_spin(&sched_lock); \
94 proc_read_regs(struct thread *td, struct reg *regs)
97 PROC_ACTION(fill_regs(td, regs));
101 proc_write_regs(struct thread *td, struct reg *regs)
104 PROC_ACTION(set_regs(td, regs));
108 proc_read_dbregs(struct thread *td, struct dbreg *dbregs)
111 PROC_ACTION(fill_dbregs(td, dbregs));
115 proc_write_dbregs(struct thread *td, struct dbreg *dbregs)
118 PROC_ACTION(set_dbregs(td, dbregs));
122 * Ptrace doesn't support fpregs at all, and there are no security holes
123 * or translations for fpregs, so we can just copy them.
126 proc_read_fpregs(struct thread *td, struct fpreg *fpregs)
129 PROC_ACTION(fill_fpregs(td, fpregs));
133 proc_write_fpregs(struct thread *td, struct fpreg *fpregs)
136 PROC_ACTION(set_fpregs(td, fpregs));
140 proc_sstep(struct thread *td)
143 PROC_ACTION(ptrace_single_step(td));
147 proc_rwmem(struct proc *p, struct uio *uio)
151 vm_object_t object = NULL;
152 vm_offset_t pageno = 0; /* page number */
160 * if the vmspace is in the midst of being deallocated or the
161 * process is exiting, don't try to grab anything. The page table
162 * usage in that process can be messed up.
165 if ((p->p_flag & P_WEXIT))
167 if (vm->vm_refcnt < 1)
175 writing = uio->uio_rw == UIO_WRITE;
176 reqprot = writing ? (VM_PROT_WRITE | VM_PROT_OVERRIDE_WRITE) :
179 kva = kmem_alloc_pageable(kernel_map, PAGE_SIZE);
182 * Only map in one page at a time. We don't have to, but it
183 * makes things easier. This way is trivial - right?
188 int page_offset; /* offset into page */
189 vm_map_entry_t out_entry;
198 uva = (vm_offset_t)uio->uio_offset;
201 * Get the page number of this segment.
203 pageno = trunc_page(uva);
204 page_offset = uva - pageno;
207 * How many bytes to copy
209 len = min(PAGE_SIZE - page_offset, uio->uio_resid);
212 * Fault the page on behalf of the process
214 error = vm_fault(map, pageno, reqprot, VM_FAULT_NORMAL);
221 * Now we need to get the page. out_entry, out_prot, wired,
222 * and single_use aren't used. One would think the vm code
223 * would be a *bit* nicer... We use tmap because
224 * vm_map_lookup() can change the map argument.
227 error = vm_map_lookup(&tmap, pageno, reqprot, &out_entry,
228 &object, &pindex, &out_prot, &wired);
234 * Make sure that there is no residue in 'object' from
235 * an error return on vm_map_lookup.
242 m = vm_page_lookup(object, pindex);
244 /* Allow fallback to backing objects if we are reading */
246 while (m == NULL && !writing && object->backing_object) {
248 pindex += OFF_TO_IDX(object->backing_object_offset);
249 object = object->backing_object;
251 m = vm_page_lookup(object, pindex);
258 * Make sure that there is no residue in 'object' from
259 * an error return on vm_map_lookup.
263 vm_map_lookup_done(tmap, out_entry);
269 * Wire the page into memory
274 * We're done with tmap now.
275 * But reference the object first, so that we won't loose
278 vm_object_reference(object);
279 vm_map_lookup_done(tmap, out_entry);
281 pmap_qenter(kva, &m, 1);
284 * Now do the i/o move.
286 error = uiomove((caddr_t)(kva + page_offset), len, uio);
288 pmap_qremove(kva, 1);
291 * release the page and the object
293 vm_page_unwire(m, 1);
294 vm_object_deallocate(object);
298 } while (error == 0 && uio->uio_resid > 0);
301 vm_object_deallocate(object);
303 kmem_free(kernel_map, kva, PAGE_SIZE);
309 * Process debugging system call.
311 #ifndef _SYS_SYSPROTO_H_
321 ptrace(struct thread *td, struct ptrace_args *uap)
326 * XXX this obfuscation is to reduce stack usage, but the register
327 * structs may be too large to put on the stack anyway.
330 struct ptrace_io_desc piod;
335 struct proc *curp, *p, *pp;
338 int proctree_locked = 0;
343 * Do copyin() early before getting locks and lock proctree before
344 * locking the process.
352 sx_xlock(&proctree_lock);
357 error = copyin(uap->addr, &r.reg, sizeof r.reg);
361 #endif /* PT_SETREGS */
364 error = copyin(uap->addr, &r.fpreg, sizeof r.fpreg);
368 #endif /* PT_SETFPREGS */
371 error = copyin(uap->addr, &r.dbreg, sizeof r.dbreg);
375 #endif /* PT_SETDBREGS */
381 if (uap->req == PT_TRACE_ME) {
385 if ((p = pfind(uap->pid)) == NULL) {
387 sx_xunlock(&proctree_lock);
391 if (p_cansee(td->td_proc, p)) {
396 if ((error = p_candebug(td->td_proc, p)) != 0)
400 * System processes can't be debugged.
402 if ((p->p_flag & P_SYSTEM) != 0) {
417 if (p->p_pid == td->td_proc->p_pid) {
423 if (p->p_flag & P_TRACED) {
428 /* Can't trace an ancestor if you're being traced. */
429 if (curp->p_flag & P_TRACED) {
430 for (pp = curp->p_pptr; pp != NULL; pp = pp->p_pptr) {
457 /* not being traced... */
458 if ((p->p_flag & P_TRACED) == 0) {
463 /* not being traced by YOU */
464 if (p->p_pptr != td->td_proc) {
469 /* not currently stopped */
470 if (p->p_stat != SSTOP || (p->p_flag & P_WAITED) == 0) {
483 td2 = FIRST_THREAD_IN_PROC(p);
486 * Single step fixup ala procfs
488 FIX_SSTEP(td2); /* XXXKSE */
492 * Actually do the requests
495 td->td_retval[0] = 0;
499 /* set my trace flag and "owner" so it can read/write me */
500 p->p_flag |= P_TRACED;
501 p->p_oppid = p->p_pptr->p_pid;
503 sx_xunlock(&proctree_lock);
507 /* security check done above */
508 p->p_flag |= P_TRACED;
509 p->p_oppid = p->p_pptr->p_pid;
510 if (p->p_pptr != td->td_proc)
511 proc_reparent(p, td->td_proc);
513 goto sendsig; /* in PT_CONTINUE below */
518 /* XXX uap->data is used even in the PT_STEP case. */
519 if ((uap->req != PT_STEP) && ((unsigned)uap->data >= NSIG)) {
526 if (uap->req == PT_STEP) {
527 error = ptrace_single_step(td2);
534 if (uap->addr != (caddr_t)1) {
535 fill_kinfo_proc(p, &p->p_uarea->u_kproc);
536 error = ptrace_set_pc(td2,
537 (u_long)(uintfptr_t)uap->addr);
545 if (uap->req == PT_DETACH) {
546 /* reset process parent */
547 if (p->p_oppid != p->p_pptr->p_pid) {
551 pp = pfind(p->p_oppid);
557 proc_reparent(p, pp);
559 p->p_flag &= ~(P_TRACED | P_WAITED);
562 /* should we send SIGCHLD? */
567 sx_xunlock(&proctree_lock);
568 /* deliver or queue signal */
569 if (p->p_stat == SSTOP) {
570 p->p_xstat = uap->data;
571 mtx_lock_spin(&sched_lock);
572 setrunnable(td2); /* XXXKSE */
573 mtx_unlock_spin(&sched_lock);
574 } else if (uap->data)
575 psignal(p, uap->data);
587 /* write = 0 set above */
588 iov.iov_base = write ? (caddr_t)&uap->data :
589 (caddr_t)td->td_retval;
590 iov.iov_len = sizeof(int);
593 uio.uio_offset = (off_t)(uintptr_t)uap->addr;
594 uio.uio_resid = sizeof(int);
595 uio.uio_segflg = UIO_SYSSPACE; /* i.e.: the uap */
596 uio.uio_rw = write ? UIO_WRITE : UIO_READ;
598 error = proc_rwmem(p, &uio);
599 if (uio.uio_resid != 0) {
601 * XXX proc_rwmem() doesn't currently return ENOSPC,
602 * so I think write() can bogusly return 0.
603 * XXX what happens for short writes? We don't want
604 * to write partial data.
605 * XXX proc_rwmem() returns EPERM for other invalid
606 * addresses. Convert this to EINVAL. Does this
607 * clobber returns of EPERM for other reasons?
609 if (error == 0 || error == ENOSPC || error == EPERM)
610 error = EINVAL; /* EOF */
615 error = copyin(uap->addr, &r.piod, sizeof r.piod);
618 iov.iov_base = r.piod.piod_addr;
619 iov.iov_len = r.piod.piod_len;
622 uio.uio_offset = (off_t)(uintptr_t)r.piod.piod_offs;
623 uio.uio_resid = r.piod.piod_len;
624 uio.uio_segflg = UIO_USERSPACE;
626 switch (r.piod.piod_op) {
629 uio.uio_rw = UIO_READ;
633 uio.uio_rw = UIO_WRITE;
638 error = proc_rwmem(p, &uio);
639 r.piod.piod_len -= uio.uio_resid;
640 (void)copyout(&r.piod, uap->addr, sizeof r.piod);
645 goto sendsig; /* in PT_CONTINUE above */
649 error = proc_write_regs(td2, &r.reg);
656 error = proc_read_regs(td2, &r.reg);
660 error = copyout(&r.reg, uap->addr, sizeof r.reg);
665 error = proc_write_fpregs(td2, &r.fpreg);
672 error = proc_read_fpregs(td2, &r.fpreg);
676 error = copyout(&r.fpreg, uap->addr, sizeof r.fpreg);
681 error = proc_write_dbregs(td2, &r.dbreg);
688 error = proc_read_dbregs(td2, &r.dbreg);
692 error = copyout(&r.dbreg, uap->addr, sizeof r.dbreg);
696 KASSERT(0, ("unreachable code\n"));
700 KASSERT(0, ("unreachable code\n"));
706 sx_xunlock(&proctree_lock);
711 * Stop a process because of a debugging event;
712 * stay stopped until p->p_step is cleared
713 * (cleared by PIOCCONT in procfs).
716 stopevent(struct proc *p, unsigned int event, unsigned int val)
719 PROC_LOCK_ASSERT(p, MA_OWNED | MA_NOTRECURSED);
724 p->p_stype = event; /* Which event caused the stop? */
725 wakeup(&p->p_stype); /* Wake up any PIOCWAIT'ing procs */
726 msleep(&p->p_step, &p->p_mtx, PWAIT, "stopevent", 0);