2 * SPDX-License-Identifier: BSD-4-Clause
4 * Copyright (c) 1994, Sean Eric Fagan
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software
16 * must display the following acknowledgement:
17 * This product includes software developed by Sean Eric Fagan.
18 * 4. The name of the author may not be used to endorse or promote products
19 * derived from this software without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
37 #include <sys/param.h>
38 #include <sys/systm.h>
40 #include <sys/limits.h>
42 #include <sys/mutex.h>
43 #include <sys/syscallsubr.h>
44 #include <sys/sysent.h>
45 #include <sys/sysproto.h>
48 #include <sys/vnode.h>
49 #include <sys/ptrace.h>
50 #include <sys/rwlock.h>
52 #include <sys/malloc.h>
53 #include <sys/signalvar.h>
55 #include <machine/reg.h>
57 #include <security/audit/audit.h>
61 #include <vm/vm_extern.h>
62 #include <vm/vm_map.h>
63 #include <vm/vm_kern.h>
64 #include <vm/vm_object.h>
65 #include <vm/vm_page.h>
66 #include <vm/vm_param.h>
68 #ifdef COMPAT_FREEBSD32
69 #include <sys/procfs.h>
73 * Functions implemented using PROC_ACTION():
75 * proc_read_regs(proc, regs)
76 * Get the current user-visible register set from the process
77 * and copy it into the regs structure (<machine/reg.h>).
78 * The process is stopped at the time read_regs is called.
80 * proc_write_regs(proc, regs)
81 * Update the current register set from the passed in regs
82 * structure. Take care to avoid clobbering special CPU
83 * registers or privileged bits in the PSL.
84 * Depending on the architecture this may have fix-up work to do,
85 * especially if the IAR or PCW are modified.
86 * The process is stopped at the time write_regs is called.
88 * proc_read_fpregs, proc_write_fpregs
89 * deal with the floating point register set, otherwise as above.
91 * proc_read_dbregs, proc_write_dbregs
92 * deal with the processor debug register set, otherwise as above.
95 * Arrange for the process to trap after executing a single instruction.
98 #define PROC_ACTION(action) do { \
101 PROC_LOCK_ASSERT(td->td_proc, MA_OWNED); \
102 if ((td->td_proc->p_flag & P_INMEM) == 0) \
110 proc_read_regs(struct thread *td, struct reg *regs)
113 PROC_ACTION(fill_regs(td, regs));
117 proc_write_regs(struct thread *td, struct reg *regs)
120 PROC_ACTION(set_regs(td, regs));
124 proc_read_dbregs(struct thread *td, struct dbreg *dbregs)
127 PROC_ACTION(fill_dbregs(td, dbregs));
131 proc_write_dbregs(struct thread *td, struct dbreg *dbregs)
134 PROC_ACTION(set_dbregs(td, dbregs));
138 * Ptrace doesn't support fpregs at all, and there are no security holes
139 * or translations for fpregs, so we can just copy them.
142 proc_read_fpregs(struct thread *td, struct fpreg *fpregs)
145 PROC_ACTION(fill_fpregs(td, fpregs));
149 proc_write_fpregs(struct thread *td, struct fpreg *fpregs)
152 PROC_ACTION(set_fpregs(td, fpregs));
155 #ifdef COMPAT_FREEBSD32
156 /* For 32 bit binaries, we need to expose the 32 bit regs layouts. */
158 proc_read_regs32(struct thread *td, struct reg32 *regs32)
161 PROC_ACTION(fill_regs32(td, regs32));
165 proc_write_regs32(struct thread *td, struct reg32 *regs32)
168 PROC_ACTION(set_regs32(td, regs32));
172 proc_read_dbregs32(struct thread *td, struct dbreg32 *dbregs32)
175 PROC_ACTION(fill_dbregs32(td, dbregs32));
179 proc_write_dbregs32(struct thread *td, struct dbreg32 *dbregs32)
182 PROC_ACTION(set_dbregs32(td, dbregs32));
186 proc_read_fpregs32(struct thread *td, struct fpreg32 *fpregs32)
189 PROC_ACTION(fill_fpregs32(td, fpregs32));
193 proc_write_fpregs32(struct thread *td, struct fpreg32 *fpregs32)
196 PROC_ACTION(set_fpregs32(td, fpregs32));
201 proc_sstep(struct thread *td)
204 PROC_ACTION(ptrace_single_step(td));
208 proc_rwmem(struct proc *p, struct uio *uio)
211 vm_offset_t pageno; /* page number */
213 int error, fault_flags, page_offset, writing;
216 * Assert that someone has locked this vmspace. (Should be
217 * curthread but we can't assert that.) This keeps the process
218 * from exiting out from under us until this operation completes.
221 PROC_LOCK_ASSERT(p, MA_NOTOWNED);
226 map = &p->p_vmspace->vm_map;
229 * If we are writing, then we request vm_fault() to create a private
230 * copy of each page. Since these copies will not be writeable by the
231 * process, we must explicity request that they be dirtied.
233 writing = uio->uio_rw == UIO_WRITE;
234 reqprot = writing ? VM_PROT_COPY | VM_PROT_READ : VM_PROT_READ;
235 fault_flags = writing ? VM_FAULT_DIRTY : VM_FAULT_NORMAL;
238 * Only map in one page at a time. We don't have to, but it
239 * makes things easier. This way is trivial - right?
246 uva = (vm_offset_t)uio->uio_offset;
249 * Get the page number of this segment.
251 pageno = trunc_page(uva);
252 page_offset = uva - pageno;
255 * How many bytes to copy
257 len = min(PAGE_SIZE - page_offset, uio->uio_resid);
260 * Fault and hold the page on behalf of the process.
262 error = vm_fault(map, pageno, reqprot, fault_flags, &m);
263 if (error != KERN_SUCCESS) {
264 if (error == KERN_RESOURCE_SHORTAGE)
272 * Now do the i/o move.
274 error = uiomove_fromphys(&m, page_offset, len, uio);
276 /* Make the I-cache coherent for breakpoints. */
277 if (writing && error == 0) {
278 vm_map_lock_read(map);
279 if (vm_map_check_protection(map, pageno, pageno +
280 PAGE_SIZE, VM_PROT_EXECUTE))
281 vm_sync_icache(map, uva, len);
282 vm_map_unlock_read(map);
288 vm_page_unwire(m, PQ_ACTIVE);
290 } while (error == 0 && uio->uio_resid > 0);
296 proc_iop(struct thread *td, struct proc *p, vm_offset_t va, void *buf,
297 size_t len, enum uio_rw rw)
303 MPASS(len < SSIZE_MAX);
306 iov.iov_base = (caddr_t)buf;
311 uio.uio_resid = slen;
312 uio.uio_segflg = UIO_SYSSPACE;
316 if (uio.uio_resid == slen)
318 return (slen - uio.uio_resid);
322 proc_readmem(struct thread *td, struct proc *p, vm_offset_t va, void *buf,
326 return (proc_iop(td, p, va, buf, len, UIO_READ));
330 proc_writemem(struct thread *td, struct proc *p, vm_offset_t va, void *buf,
334 return (proc_iop(td, p, va, buf, len, UIO_WRITE));
338 ptrace_vm_entry(struct thread *td, struct proc *p, struct ptrace_vm_entry *pve)
342 vm_map_entry_t entry;
343 vm_object_t obj, tobj, lobj;
346 char *freepath, *fullpath;
353 vm = vmspace_acquire_ref(p);
355 vm_map_lock_read(map);
358 KASSERT((map->header.eflags & MAP_ENTRY_IS_SUB_MAP) == 0,
359 ("Submap in map header"));
361 VM_MAP_ENTRY_FOREACH(entry, map) {
362 if (index >= pve->pve_entry &&
363 (entry->eflags & MAP_ENTRY_IS_SUB_MAP) == 0)
367 if (index < pve->pve_entry) {
371 if (entry == &map->header) {
376 /* We got an entry. */
377 pve->pve_entry = index + 1;
378 pve->pve_timestamp = map->timestamp;
379 pve->pve_start = entry->start;
380 pve->pve_end = entry->end - 1;
381 pve->pve_offset = entry->offset;
382 pve->pve_prot = entry->protection;
384 /* Backing object's path needed? */
385 if (pve->pve_pathlen == 0)
388 pathlen = pve->pve_pathlen;
389 pve->pve_pathlen = 0;
391 obj = entry->object.vm_object;
393 VM_OBJECT_RLOCK(obj);
396 vm_map_unlock_read(map);
398 pve->pve_fsid = VNOVAL;
399 pve->pve_fileid = VNOVAL;
401 if (error == 0 && obj != NULL) {
403 for (tobj = obj; tobj != NULL; tobj = tobj->backing_object) {
405 VM_OBJECT_RLOCK(tobj);
407 VM_OBJECT_RUNLOCK(lobj);
409 pve->pve_offset += tobj->backing_object_offset;
411 vp = vm_object_vnode(lobj);
415 VM_OBJECT_RUNLOCK(lobj);
416 VM_OBJECT_RUNLOCK(obj);
421 vn_fullpath(vp, &fullpath, &freepath);
422 vn_lock(vp, LK_SHARED | LK_RETRY);
423 if (VOP_GETATTR(vp, &vattr, td->td_ucred) == 0) {
424 pve->pve_fileid = vattr.va_fileid;
425 pve->pve_fsid = vattr.va_fsid;
429 if (fullpath != NULL) {
430 pve->pve_pathlen = strlen(fullpath) + 1;
431 if (pve->pve_pathlen <= pathlen) {
432 error = copyout(fullpath, pve->pve_path,
435 error = ENAMETOOLONG;
437 if (freepath != NULL)
438 free(freepath, M_TEMP);
443 CTR3(KTR_PTRACE, "PT_VM_ENTRY: pid %d, entry %d, start %p",
444 p->p_pid, pve->pve_entry, pve->pve_start);
450 * Process debugging system call.
452 #ifndef _SYS_SYSPROTO_H_
462 sys_ptrace(struct thread *td, struct ptrace_args *uap)
465 * XXX this obfuscation is to reduce stack usage, but the register
466 * structs may be too large to put on the stack anyway.
469 struct ptrace_io_desc piod;
470 struct ptrace_lwpinfo pl;
471 struct ptrace_vm_entry pve;
475 char args[sizeof(td->td_sa.args)];
476 struct ptrace_sc_ret psr;
482 AUDIT_ARG_PID(uap->pid);
483 AUDIT_ARG_CMD(uap->req);
484 AUDIT_ARG_VALUE(uap->data);
487 case PT_GET_EVENT_MASK:
493 bzero(&r.reg, sizeof(r.reg));
496 bzero(&r.fpreg, sizeof(r.fpreg));
499 bzero(&r.dbreg, sizeof(r.dbreg));
502 error = copyin(uap->addr, &r.reg, sizeof(r.reg));
505 error = copyin(uap->addr, &r.fpreg, sizeof(r.fpreg));
508 error = copyin(uap->addr, &r.dbreg, sizeof(r.dbreg));
510 case PT_SET_EVENT_MASK:
511 if (uap->data != sizeof(r.ptevents))
514 error = copyin(uap->addr, &r.ptevents, uap->data);
517 error = copyin(uap->addr, &r.piod, sizeof(r.piod));
520 error = copyin(uap->addr, &r.pve, sizeof(r.pve));
529 error = kern_ptrace(td, uap->req, uap->pid, addr, uap->data);
535 error = copyout(&r.pve, uap->addr, sizeof(r.pve));
538 error = copyout(&r.piod, uap->addr, sizeof(r.piod));
541 error = copyout(&r.reg, uap->addr, sizeof(r.reg));
544 error = copyout(&r.fpreg, uap->addr, sizeof(r.fpreg));
547 error = copyout(&r.dbreg, uap->addr, sizeof(r.dbreg));
549 case PT_GET_EVENT_MASK:
550 /* NB: The size in uap->data is validated in kern_ptrace(). */
551 error = copyout(&r.ptevents, uap->addr, uap->data);
554 /* NB: The size in uap->data is validated in kern_ptrace(). */
555 error = copyout(&r.pl, uap->addr, uap->data);
558 error = copyout(r.args, uap->addr, MIN(uap->data,
562 error = copyout(&r.psr, uap->addr, MIN(uap->data,
570 #ifdef COMPAT_FREEBSD32
572 * PROC_READ(regs, td2, addr);
574 * proc_read_regs(td2, addr);
576 * proc_read_regs32(td2, addr);
577 * .. except this is done at runtime. There is an additional
578 * complication in that PROC_WRITE disallows 32 bit consumers
579 * from writing to 64 bit address space targets.
581 #define PROC_READ(w, t, a) wrap32 ? \
582 proc_read_ ## w ## 32(t, a) : \
583 proc_read_ ## w (t, a)
584 #define PROC_WRITE(w, t, a) wrap32 ? \
585 (safe ? proc_write_ ## w ## 32(t, a) : EINVAL ) : \
586 proc_write_ ## w (t, a)
588 #define PROC_READ(w, t, a) proc_read_ ## w (t, a)
589 #define PROC_WRITE(w, t, a) proc_write_ ## w (t, a)
593 proc_set_traced(struct proc *p, bool stop)
596 sx_assert(&proctree_lock, SX_XLOCKED);
597 PROC_LOCK_ASSERT(p, MA_OWNED);
598 p->p_flag |= P_TRACED;
600 p->p_flag2 |= P2_PTRACE_FSTP;
601 p->p_ptevents = PTRACE_DEFAULT;
605 proc_can_ptrace(struct thread *td, struct proc *p)
609 PROC_LOCK_ASSERT(p, MA_OWNED);
611 if ((p->p_flag & P_WEXIT) != 0)
614 if ((error = p_cansee(td, p)) != 0)
616 if ((error = p_candebug(td, p)) != 0)
619 /* not being traced... */
620 if ((p->p_flag & P_TRACED) == 0)
623 /* not being traced by YOU */
624 if (p->p_pptr != td->td_proc)
627 /* not currently stopped */
628 if ((p->p_flag & P_STOPPED_TRACE) == 0 ||
629 p->p_suspcount != p->p_numthreads ||
630 (p->p_flag & P_WAITED) == 0)
636 kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
640 struct proc *curp, *p, *pp;
641 struct thread *td2 = NULL, *td3;
642 struct ptrace_io_desc *piod = NULL;
643 struct ptrace_lwpinfo *pl;
644 struct ptrace_sc_ret *psr;
646 lwpid_t tid = 0, *buf;
647 #ifdef COMPAT_FREEBSD32
648 int wrap32 = 0, safe = 0;
650 bool proctree_locked, p2_req_set;
653 proctree_locked = false;
656 /* Lock proctree before locking the process. */
667 case PT_GET_EVENT_MASK:
668 case PT_SET_EVENT_MASK:
671 sx_xlock(&proctree_lock);
672 proctree_locked = true;
678 if (req == PT_TRACE_ME) {
682 if (pid <= PID_MAX) {
683 if ((p = pfind(pid)) == NULL) {
685 sx_xunlock(&proctree_lock);
689 td2 = tdfind(pid, -1);
692 sx_xunlock(&proctree_lock);
700 AUDIT_ARG_PROCESS(p);
702 if ((p->p_flag & P_WEXIT) != 0) {
706 if ((error = p_cansee(td, p)) != 0)
709 if ((error = p_candebug(td, p)) != 0)
713 * System processes can't be debugged.
715 if ((p->p_flag & P_SYSTEM) != 0) {
721 if ((p->p_flag & P_STOPPED_TRACE) != 0) {
722 KASSERT(p->p_xthread != NULL, ("NULL p_xthread"));
725 td2 = FIRST_THREAD_IN_PROC(p);
730 #ifdef COMPAT_FREEBSD32
732 * Test if we're a 32 bit client and what the target is.
733 * Set the wrap controls accordingly.
735 if (SV_CURPROC_FLAG(SV_ILP32)) {
736 if (SV_PROC_FLAG(td2->td_proc, SV_ILP32))
747 * Always legal, when there is a parent process which
748 * could trace us. Otherwise, reject.
750 if ((p->p_flag & P_TRACED) != 0) {
754 if (p->p_pptr == initproc) {
762 if (p == td->td_proc) {
768 if (p->p_flag & P_TRACED) {
773 /* Can't trace an ancestor if you're being traced. */
774 if (curp->p_flag & P_TRACED) {
775 for (pp = curp->p_pptr; pp != NULL; pp = pp->p_pptr) {
787 /* Allow thread to clear single step for itself */
788 if (td->td_tid == tid)
794 * Check for ptrace eligibility before waiting for
797 error = proc_can_ptrace(td, p);
802 * Block parallel ptrace requests. Most important, do
803 * not allow other thread in debugger to continue the
804 * debuggee until coredump finished.
806 while ((p->p_flag2 & P2_PTRACEREQ) != 0) {
808 sx_xunlock(&proctree_lock);
809 error = msleep(&p->p_flag2, &p->p_mtx, PPAUSE | PCATCH |
810 (proctree_locked ? PDROP : 0), "pptrace", 0);
811 if (proctree_locked) {
812 sx_xlock(&proctree_lock);
815 if (error == 0 && td2->td_proc != p)
818 error = proc_can_ptrace(td, p);
828 * Keep this process around and request parallel ptrace()
829 * request to wait until we finish this request.
831 MPASS((p->p_flag2 & P2_PTRACEREQ) == 0);
832 p->p_flag2 |= P2_PTRACEREQ;
837 * Actually do the requests
840 td->td_retval[0] = 0;
844 /* set my trace flag and "owner" so it can read/write me */
845 proc_set_traced(p, false);
846 if (p->p_flag & P_PPWAIT)
847 p->p_flag |= P_PPTRACE;
848 CTR1(KTR_PTRACE, "PT_TRACE_ME: pid %d", p->p_pid);
852 /* security check done above */
854 * It would be nice if the tracing relationship was separate
855 * from the parent relationship but that would require
856 * another set of links in the proc struct or for "wait"
857 * to scan the entire proc table. To make life easier,
858 * we just re-parent the process we're trying to trace.
859 * The old parent is remembered so we can put things back
862 proc_set_traced(p, true);
863 proc_reparent(p, td->td_proc, false);
864 CTR2(KTR_PTRACE, "PT_ATTACH: pid %d, oppid %d", p->p_pid,
867 sx_xunlock(&proctree_lock);
868 proctree_locked = false;
869 MPASS(p->p_xthread == NULL);
870 MPASS((p->p_flag & P_STOPPED_TRACE) == 0);
873 * If already stopped due to a stop signal, clear the
874 * existing stop before triggering a traced SIGSTOP.
876 if ((p->p_flag & P_STOPPED_SIG) != 0) {
878 p->p_flag &= ~(P_STOPPED_SIG | P_WAITED);
883 kern_psignal(p, SIGSTOP);
887 CTR2(KTR_PTRACE, "PT_CLEARSTEP: tid %d (pid %d)", td2->td_tid,
889 error = ptrace_clear_single_step(td2);
893 CTR2(KTR_PTRACE, "PT_SETSTEP: tid %d (pid %d)", td2->td_tid,
895 error = ptrace_single_step(td2);
899 CTR2(KTR_PTRACE, "PT_SUSPEND: tid %d (pid %d)", td2->td_tid,
901 td2->td_dbgflags |= TDB_SUSPEND;
903 td2->td_flags |= TDF_NEEDSUSPCHK;
908 CTR2(KTR_PTRACE, "PT_RESUME: tid %d (pid %d)", td2->td_tid,
910 td2->td_dbgflags &= ~TDB_SUSPEND;
914 CTR3(KTR_PTRACE, "PT_FOLLOW_FORK: pid %d %s -> %s", p->p_pid,
915 p->p_ptevents & PTRACE_FORK ? "enabled" : "disabled",
916 data ? "enabled" : "disabled");
918 p->p_ptevents |= PTRACE_FORK;
920 p->p_ptevents &= ~PTRACE_FORK;
924 CTR3(KTR_PTRACE, "PT_LWP_EVENTS: pid %d %s -> %s", p->p_pid,
925 p->p_ptevents & PTRACE_LWP ? "enabled" : "disabled",
926 data ? "enabled" : "disabled");
928 p->p_ptevents |= PTRACE_LWP;
930 p->p_ptevents &= ~PTRACE_LWP;
933 case PT_GET_EVENT_MASK:
934 if (data != sizeof(p->p_ptevents)) {
938 CTR2(KTR_PTRACE, "PT_GET_EVENT_MASK: pid %d mask %#x", p->p_pid,
940 *(int *)addr = p->p_ptevents;
943 case PT_SET_EVENT_MASK:
944 if (data != sizeof(p->p_ptevents)) {
949 if ((tmp & ~(PTRACE_EXEC | PTRACE_SCE | PTRACE_SCX |
950 PTRACE_FORK | PTRACE_LWP | PTRACE_VFORK)) != 0) {
954 CTR3(KTR_PTRACE, "PT_SET_EVENT_MASK: pid %d mask %#x -> %#x",
955 p->p_pid, p->p_ptevents, tmp);
960 CTR1(KTR_PTRACE, "PT_GET_SC_ARGS: pid %d", p->p_pid);
961 if ((td2->td_dbgflags & (TDB_SCE | TDB_SCX)) == 0
962 #ifdef COMPAT_FREEBSD32
969 bzero(addr, sizeof(td2->td_sa.args));
970 bcopy(td2->td_sa.args, addr, td2->td_sa.callp->sy_narg *
975 if ((td2->td_dbgflags & (TDB_SCX)) == 0
976 #ifdef COMPAT_FREEBSD32
984 bzero(psr, sizeof(*psr));
985 psr->sr_error = td2->td_errno;
986 if (psr->sr_error == 0) {
987 psr->sr_retval[0] = td2->td_retval[0];
988 psr->sr_retval[1] = td2->td_retval[1];
991 "PT_GET_SC_RET: pid %d error %d retval %#lx,%#lx",
992 p->p_pid, psr->sr_error, psr->sr_retval[0],
1002 /* Zero means do not send any signal */
1003 if (data < 0 || data > _SIG_MAXSIG) {
1010 CTR3(KTR_PTRACE, "PT_STEP: tid %d (pid %d), sig = %d",
1011 td2->td_tid, p->p_pid, data);
1012 error = ptrace_single_step(td2);
1020 if (addr != (void *)1) {
1021 error = ptrace_set_pc(td2,
1022 (u_long)(uintfptr_t)addr);
1028 p->p_ptevents |= PTRACE_SCE;
1030 "PT_TO_SCE: pid %d, events = %#x, PC = %#lx, sig = %d",
1031 p->p_pid, p->p_ptevents,
1032 (u_long)(uintfptr_t)addr, data);
1035 p->p_ptevents |= PTRACE_SCX;
1037 "PT_TO_SCX: pid %d, events = %#x, PC = %#lx, sig = %d",
1038 p->p_pid, p->p_ptevents,
1039 (u_long)(uintfptr_t)addr, data);
1042 p->p_ptevents |= PTRACE_SYSCALL;
1044 "PT_SYSCALL: pid %d, events = %#x, PC = %#lx, sig = %d",
1045 p->p_pid, p->p_ptevents,
1046 (u_long)(uintfptr_t)addr, data);
1050 "PT_CONTINUE: pid %d, PC = %#lx, sig = %d",
1051 p->p_pid, (u_long)(uintfptr_t)addr, data);
1057 * Clear P_TRACED before reparenting
1058 * a detached process back to its original
1059 * parent. Otherwise the debugee will be set
1060 * as an orphan of the debugger.
1062 p->p_flag &= ~(P_TRACED | P_WAITED);
1065 * Reset the process parent.
1067 if (p->p_oppid != p->p_pptr->p_pid) {
1068 PROC_LOCK(p->p_pptr);
1069 sigqueue_take(p->p_ksi);
1070 PROC_UNLOCK(p->p_pptr);
1072 pp = proc_realparent(p);
1073 proc_reparent(p, pp, false);
1075 p->p_sigparent = SIGCHLD;
1077 "PT_DETACH: pid %d reparented to pid %d, sig %d",
1078 p->p_pid, pp->p_pid, data);
1080 CTR2(KTR_PTRACE, "PT_DETACH: pid %d, sig %d",
1085 FOREACH_THREAD_IN_PROC(p, td3) {
1086 if ((td3->td_dbgflags & TDB_FSTP) != 0) {
1087 sigqueue_delete(&td3->td_sigqueue,
1090 td3->td_dbgflags &= ~(TDB_XSIG | TDB_FSTP |
1094 if ((p->p_flag2 & P2_PTRACE_FSTP) != 0) {
1095 sigqueue_delete(&p->p_sigqueue, SIGSTOP);
1096 p->p_flag2 &= ~P2_PTRACE_FSTP;
1099 /* should we send SIGCHLD? */
1100 /* childproc_continued(p); */
1104 sx_xunlock(&proctree_lock);
1105 proctree_locked = false;
1108 MPASS(!proctree_locked);
1111 * Clear the pending event for the thread that just
1112 * reported its event (p_xthread). This may not be
1113 * the thread passed to PT_CONTINUE, PT_STEP, etc. if
1114 * the debugger is resuming a different thread.
1116 * Deliver any pending signal via the reporting thread.
1118 MPASS(p->p_xthread != NULL);
1119 p->p_xthread->td_dbgflags &= ~TDB_XSIG;
1120 p->p_xthread->td_xsig = data;
1121 p->p_xthread = NULL;
1125 * P_WKILLED is insurance that a PT_KILL/SIGKILL
1126 * always works immediately, even if another thread is
1127 * unsuspended first and attempts to handle a
1128 * different signal or if the POSIX.1b style signal
1129 * queue cannot accommodate any new signals.
1131 if (data == SIGKILL)
1135 * Unsuspend all threads. To leave a thread
1136 * suspended, use PT_SUSPEND to suspend it before
1137 * continuing the process.
1140 p->p_flag &= ~(P_STOPPED_TRACE | P_STOPPED_SIG | P_WAITED);
1141 thread_unsuspend(p);
1143 itimer_proc_continue(p);
1144 kqtimer_proc_continue(p);
1149 td2->td_dbgflags |= TDB_USERWR;
1152 if (proc_writemem(td, p, (off_t)(uintptr_t)addr, &data,
1153 sizeof(int)) != sizeof(int))
1156 CTR3(KTR_PTRACE, "PT_WRITE: pid %d: %p <= %#x",
1157 p->p_pid, addr, data);
1165 if (proc_readmem(td, p, (off_t)(uintptr_t)addr, &tmp,
1166 sizeof(int)) != sizeof(int))
1169 CTR3(KTR_PTRACE, "PT_READ: pid %d: %p >= %#x",
1170 p->p_pid, addr, tmp);
1171 td->td_retval[0] = tmp;
1177 iov.iov_base = piod->piod_addr;
1178 iov.iov_len = piod->piod_len;
1179 uio.uio_offset = (off_t)(uintptr_t)piod->piod_offs;
1180 uio.uio_resid = piod->piod_len;
1183 uio.uio_segflg = UIO_USERSPACE;
1185 switch (piod->piod_op) {
1188 CTR3(KTR_PTRACE, "PT_IO: pid %d: READ (%p, %#x)",
1189 p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid);
1190 uio.uio_rw = UIO_READ;
1194 CTR3(KTR_PTRACE, "PT_IO: pid %d: WRITE (%p, %#x)",
1195 p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid);
1196 td2->td_dbgflags |= TDB_USERWR;
1197 uio.uio_rw = UIO_WRITE;
1204 error = proc_rwmem(p, &uio);
1205 piod->piod_len -= uio.uio_resid;
1210 CTR1(KTR_PTRACE, "PT_KILL: pid %d", p->p_pid);
1212 goto sendsig; /* in PT_CONTINUE above */
1215 CTR2(KTR_PTRACE, "PT_SETREGS: tid %d (pid %d)", td2->td_tid,
1217 td2->td_dbgflags |= TDB_USERWR;
1218 error = PROC_WRITE(regs, td2, addr);
1222 CTR2(KTR_PTRACE, "PT_GETREGS: tid %d (pid %d)", td2->td_tid,
1224 error = PROC_READ(regs, td2, addr);
1228 CTR2(KTR_PTRACE, "PT_SETFPREGS: tid %d (pid %d)", td2->td_tid,
1230 td2->td_dbgflags |= TDB_USERWR;
1231 error = PROC_WRITE(fpregs, td2, addr);
1235 CTR2(KTR_PTRACE, "PT_GETFPREGS: tid %d (pid %d)", td2->td_tid,
1237 error = PROC_READ(fpregs, td2, addr);
1241 CTR2(KTR_PTRACE, "PT_SETDBREGS: tid %d (pid %d)", td2->td_tid,
1243 td2->td_dbgflags |= TDB_USERWR;
1244 error = PROC_WRITE(dbregs, td2, addr);
1248 CTR2(KTR_PTRACE, "PT_GETDBREGS: tid %d (pid %d)", td2->td_tid,
1250 error = PROC_READ(dbregs, td2, addr);
1254 if (data <= 0 || data > sizeof(*pl)) {
1259 bzero(pl, sizeof(*pl));
1260 pl->pl_lwpid = td2->td_tid;
1261 pl->pl_event = PL_EVENT_NONE;
1263 if (td2->td_dbgflags & TDB_XSIG) {
1264 pl->pl_event = PL_EVENT_SIGNAL;
1265 if (td2->td_si.si_signo != 0 &&
1266 data >= offsetof(struct ptrace_lwpinfo, pl_siginfo)
1267 + sizeof(pl->pl_siginfo)){
1268 pl->pl_flags |= PL_FLAG_SI;
1269 pl->pl_siginfo = td2->td_si;
1272 if (td2->td_dbgflags & TDB_SCE)
1273 pl->pl_flags |= PL_FLAG_SCE;
1274 else if (td2->td_dbgflags & TDB_SCX)
1275 pl->pl_flags |= PL_FLAG_SCX;
1276 if (td2->td_dbgflags & TDB_EXEC)
1277 pl->pl_flags |= PL_FLAG_EXEC;
1278 if (td2->td_dbgflags & TDB_FORK) {
1279 pl->pl_flags |= PL_FLAG_FORKED;
1280 pl->pl_child_pid = td2->td_dbg_forked;
1281 if (td2->td_dbgflags & TDB_VFORK)
1282 pl->pl_flags |= PL_FLAG_VFORKED;
1283 } else if ((td2->td_dbgflags & (TDB_SCX | TDB_VFORK)) ==
1285 pl->pl_flags |= PL_FLAG_VFORK_DONE;
1286 if (td2->td_dbgflags & TDB_CHILD)
1287 pl->pl_flags |= PL_FLAG_CHILD;
1288 if (td2->td_dbgflags & TDB_BORN)
1289 pl->pl_flags |= PL_FLAG_BORN;
1290 if (td2->td_dbgflags & TDB_EXIT)
1291 pl->pl_flags |= PL_FLAG_EXITED;
1292 pl->pl_sigmask = td2->td_sigmask;
1293 pl->pl_siglist = td2->td_siglist;
1294 strcpy(pl->pl_tdname, td2->td_name);
1295 if ((td2->td_dbgflags & (TDB_SCE | TDB_SCX)) != 0) {
1296 pl->pl_syscall_code = td2->td_sa.code;
1297 pl->pl_syscall_narg = td2->td_sa.callp->sy_narg;
1299 pl->pl_syscall_code = 0;
1300 pl->pl_syscall_narg = 0;
1303 "PT_LWPINFO: tid %d (pid %d) event %d flags %#x child pid %d syscall %d",
1304 td2->td_tid, p->p_pid, pl->pl_event, pl->pl_flags,
1305 pl->pl_child_pid, pl->pl_syscall_code);
1309 CTR2(KTR_PTRACE, "PT_GETNUMLWPS: pid %d: %d threads", p->p_pid,
1311 td->td_retval[0] = p->p_numthreads;
1315 CTR3(KTR_PTRACE, "PT_GETLWPLIST: pid %d: data %d, actual %d",
1316 p->p_pid, data, p->p_numthreads);
1321 num = imin(p->p_numthreads, data);
1323 buf = malloc(num * sizeof(lwpid_t), M_TEMP, M_WAITOK);
1326 FOREACH_THREAD_IN_PROC(p, td2) {
1329 buf[tmp++] = td2->td_tid;
1332 error = copyout(buf, addr, tmp * sizeof(lwpid_t));
1335 td->td_retval[0] = tmp;
1339 case PT_VM_TIMESTAMP:
1340 CTR2(KTR_PTRACE, "PT_VM_TIMESTAMP: pid %d: timestamp %d",
1341 p->p_pid, p->p_vmspace->vm_map.timestamp);
1342 td->td_retval[0] = p->p_vmspace->vm_map.timestamp;
1347 error = ptrace_vm_entry(td, p, addr);
1352 #ifdef __HAVE_PTRACE_MACHDEP
1353 if (req >= PT_FIRSTMACH) {
1355 error = cpu_ptrace(td2, req, addr, data);
1359 /* Unknown request. */
1365 /* Drop our hold on this process now that the request has completed. */
1369 if ((p->p_flag2 & P2_PTRACEREQ) != 0)
1370 wakeup(&p->p_flag2);
1371 p->p_flag2 &= ~P2_PTRACEREQ;
1374 if (proctree_locked)
1375 sx_xunlock(&proctree_lock);