2 * SPDX-License-Identifier: BSD-4-Clause
4 * Copyright (c) 1994, Sean Eric Fagan
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software
16 * must display the following acknowledgement:
17 * This product includes software developed by Sean Eric Fagan.
18 * 4. The name of the author may not be used to endorse or promote products
19 * derived from this software without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
37 #include <sys/param.h>
38 #include <sys/systm.h>
40 #include <sys/limits.h>
42 #include <sys/mutex.h>
44 #include <sys/syscallsubr.h>
45 #include <sys/sysent.h>
46 #include <sys/sysproto.h>
49 #include <sys/vnode.h>
50 #include <sys/ptrace.h>
51 #include <sys/rwlock.h>
53 #include <sys/malloc.h>
54 #include <sys/signalvar.h>
55 #include <sys/caprights.h>
56 #include <sys/filedesc.h>
58 #include <security/audit/audit.h>
62 #include <vm/vm_extern.h>
63 #include <vm/vm_map.h>
64 #include <vm/vm_kern.h>
65 #include <vm/vm_object.h>
66 #include <vm/vm_page.h>
67 #include <vm/vm_param.h>
69 #ifdef COMPAT_FREEBSD32
70 #include <sys/procfs.h>
73 /* Assert it's safe to unlock a process, e.g. to allocate working memory */
74 #define PROC_ASSERT_TRACEREQ(p) MPASS(((p)->p_flag2 & P2_PTRACEREQ) != 0)
77 * Functions implemented using PROC_ACTION():
79 * proc_read_regs(proc, regs)
80 * Get the current user-visible register set from the process
81 * and copy it into the regs structure (<machine/reg.h>).
82 * The process is stopped at the time read_regs is called.
84 * proc_write_regs(proc, regs)
85 * Update the current register set from the passed in regs
86 * structure. Take care to avoid clobbering special CPU
87 * registers or privileged bits in the PSL.
88 * Depending on the architecture this may have fix-up work to do,
89 * especially if the IAR or PCW are modified.
90 * The process is stopped at the time write_regs is called.
92 * proc_read_fpregs, proc_write_fpregs
93 * deal with the floating point register set, otherwise as above.
95 * proc_read_dbregs, proc_write_dbregs
96 * deal with the processor debug register set, otherwise as above.
99 * Arrange for the process to trap after executing a single instruction.
102 #define PROC_ACTION(action) do { \
105 PROC_LOCK_ASSERT(td->td_proc, MA_OWNED); \
106 if ((td->td_proc->p_flag & P_INMEM) == 0) \
114 proc_read_regs(struct thread *td, struct reg *regs)
117 PROC_ACTION(fill_regs(td, regs));
121 proc_write_regs(struct thread *td, struct reg *regs)
124 PROC_ACTION(set_regs(td, regs));
128 proc_read_dbregs(struct thread *td, struct dbreg *dbregs)
131 PROC_ACTION(fill_dbregs(td, dbregs));
135 proc_write_dbregs(struct thread *td, struct dbreg *dbregs)
138 PROC_ACTION(set_dbregs(td, dbregs));
142 * Ptrace doesn't support fpregs at all, and there are no security holes
143 * or translations for fpregs, so we can just copy them.
146 proc_read_fpregs(struct thread *td, struct fpreg *fpregs)
149 PROC_ACTION(fill_fpregs(td, fpregs));
153 proc_write_fpregs(struct thread *td, struct fpreg *fpregs)
156 PROC_ACTION(set_fpregs(td, fpregs));
159 static struct regset *
160 proc_find_regset(struct thread *td, int note)
162 struct regset **regsetp, **regset_end, *regset;
163 struct sysentvec *sv;
165 sv = td->td_proc->p_sysent;
166 regsetp = sv->sv_regset_begin;
169 regset_end = sv->sv_regset_end;
170 MPASS(regset_end != NULL);
171 for (; regsetp < regset_end; regsetp++) {
173 if (regset->note != note)
183 proc_read_regset(struct thread *td, int note, struct iovec *iov)
185 struct regset *regset;
191 regset = proc_find_regset(td, note);
195 if (iov->iov_base == NULL) {
196 iov->iov_len = regset->size;
197 if (iov->iov_len == 0)
203 /* The length is wrong, return an error */
204 if (iov->iov_len != regset->size)
207 if (regset->get == NULL)
214 /* Drop the proc lock while allocating the temp buffer */
215 PROC_ASSERT_TRACEREQ(p);
217 buf = malloc(size, M_TEMP, M_WAITOK);
220 if (!regset->get(regset, td, buf, &size)) {
223 KASSERT(size == regset->size,
224 ("%s: Getter function changed the size", __func__));
228 error = copyout(buf, iov->iov_base, size);
238 proc_write_regset(struct thread *td, int note, struct iovec *iov)
240 struct regset *regset;
246 regset = proc_find_regset(td, note);
250 /* The length is wrong, return an error */
251 if (iov->iov_len != regset->size)
254 if (regset->set == NULL)
260 /* Drop the proc lock while allocating the temp buffer */
261 PROC_ASSERT_TRACEREQ(p);
263 buf = malloc(size, M_TEMP, M_WAITOK);
264 error = copyin(iov->iov_base, buf, size);
268 if (!regset->set(regset, td, buf, size)) {
278 #ifdef COMPAT_FREEBSD32
279 /* For 32 bit binaries, we need to expose the 32 bit regs layouts. */
281 proc_read_regs32(struct thread *td, struct reg32 *regs32)
284 PROC_ACTION(fill_regs32(td, regs32));
288 proc_write_regs32(struct thread *td, struct reg32 *regs32)
291 PROC_ACTION(set_regs32(td, regs32));
295 proc_read_dbregs32(struct thread *td, struct dbreg32 *dbregs32)
298 PROC_ACTION(fill_dbregs32(td, dbregs32));
302 proc_write_dbregs32(struct thread *td, struct dbreg32 *dbregs32)
305 PROC_ACTION(set_dbregs32(td, dbregs32));
309 proc_read_fpregs32(struct thread *td, struct fpreg32 *fpregs32)
312 PROC_ACTION(fill_fpregs32(td, fpregs32));
316 proc_write_fpregs32(struct thread *td, struct fpreg32 *fpregs32)
319 PROC_ACTION(set_fpregs32(td, fpregs32));
324 proc_sstep(struct thread *td)
327 PROC_ACTION(ptrace_single_step(td));
331 proc_rwmem(struct proc *p, struct uio *uio)
334 vm_offset_t pageno; /* page number */
336 int error, fault_flags, page_offset, writing;
339 * Assert that someone has locked this vmspace. (Should be
340 * curthread but we can't assert that.) This keeps the process
341 * from exiting out from under us until this operation completes.
344 PROC_LOCK_ASSERT(p, MA_NOTOWNED);
349 map = &p->p_vmspace->vm_map;
352 * If we are writing, then we request vm_fault() to create a private
353 * copy of each page. Since these copies will not be writeable by the
354 * process, we must explicity request that they be dirtied.
356 writing = uio->uio_rw == UIO_WRITE;
357 reqprot = writing ? VM_PROT_COPY | VM_PROT_READ : VM_PROT_READ;
358 fault_flags = writing ? VM_FAULT_DIRTY : VM_FAULT_NORMAL;
361 * Only map in one page at a time. We don't have to, but it
362 * makes things easier. This way is trivial - right?
369 uva = (vm_offset_t)uio->uio_offset;
372 * Get the page number of this segment.
374 pageno = trunc_page(uva);
375 page_offset = uva - pageno;
378 * How many bytes to copy
380 len = min(PAGE_SIZE - page_offset, uio->uio_resid);
383 * Fault and hold the page on behalf of the process.
385 error = vm_fault(map, pageno, reqprot, fault_flags, &m);
386 if (error != KERN_SUCCESS) {
387 if (error == KERN_RESOURCE_SHORTAGE)
395 * Now do the i/o move.
397 error = uiomove_fromphys(&m, page_offset, len, uio);
399 /* Make the I-cache coherent for breakpoints. */
400 if (writing && error == 0) {
401 vm_map_lock_read(map);
402 if (vm_map_check_protection(map, pageno, pageno +
403 PAGE_SIZE, VM_PROT_EXECUTE))
404 vm_sync_icache(map, uva, len);
405 vm_map_unlock_read(map);
411 vm_page_unwire(m, PQ_ACTIVE);
413 } while (error == 0 && uio->uio_resid > 0);
419 proc_iop(struct thread *td, struct proc *p, vm_offset_t va, void *buf,
420 size_t len, enum uio_rw rw)
426 MPASS(len < SSIZE_MAX);
429 iov.iov_base = (caddr_t)buf;
434 uio.uio_resid = slen;
435 uio.uio_segflg = UIO_SYSSPACE;
439 if (uio.uio_resid == slen)
441 return (slen - uio.uio_resid);
445 proc_readmem(struct thread *td, struct proc *p, vm_offset_t va, void *buf,
449 return (proc_iop(td, p, va, buf, len, UIO_READ));
453 proc_writemem(struct thread *td, struct proc *p, vm_offset_t va, void *buf,
457 return (proc_iop(td, p, va, buf, len, UIO_WRITE));
461 ptrace_vm_entry(struct thread *td, struct proc *p, struct ptrace_vm_entry *pve)
465 vm_map_entry_t entry;
466 vm_object_t obj, tobj, lobj;
469 char *freepath, *fullpath;
476 vm = vmspace_acquire_ref(p);
478 vm_map_lock_read(map);
481 KASSERT((map->header.eflags & MAP_ENTRY_IS_SUB_MAP) == 0,
482 ("Submap in map header"));
484 VM_MAP_ENTRY_FOREACH(entry, map) {
485 if (index >= pve->pve_entry &&
486 (entry->eflags & MAP_ENTRY_IS_SUB_MAP) == 0)
490 if (index < pve->pve_entry) {
494 if (entry == &map->header) {
499 /* We got an entry. */
500 pve->pve_entry = index + 1;
501 pve->pve_timestamp = map->timestamp;
502 pve->pve_start = entry->start;
503 pve->pve_end = entry->end - 1;
504 pve->pve_offset = entry->offset;
505 pve->pve_prot = entry->protection;
507 /* Backing object's path needed? */
508 if (pve->pve_pathlen == 0)
511 pathlen = pve->pve_pathlen;
512 pve->pve_pathlen = 0;
514 obj = entry->object.vm_object;
516 VM_OBJECT_RLOCK(obj);
519 vm_map_unlock_read(map);
521 pve->pve_fsid = VNOVAL;
522 pve->pve_fileid = VNOVAL;
524 if (error == 0 && obj != NULL) {
526 for (tobj = obj; tobj != NULL; tobj = tobj->backing_object) {
528 VM_OBJECT_RLOCK(tobj);
530 VM_OBJECT_RUNLOCK(lobj);
532 pve->pve_offset += tobj->backing_object_offset;
534 vp = vm_object_vnode(lobj);
538 VM_OBJECT_RUNLOCK(lobj);
539 VM_OBJECT_RUNLOCK(obj);
544 vn_fullpath(vp, &fullpath, &freepath);
545 vn_lock(vp, LK_SHARED | LK_RETRY);
546 if (VOP_GETATTR(vp, &vattr, td->td_ucred) == 0) {
547 pve->pve_fileid = vattr.va_fileid;
548 pve->pve_fsid = vattr.va_fsid;
552 if (fullpath != NULL) {
553 pve->pve_pathlen = strlen(fullpath) + 1;
554 if (pve->pve_pathlen <= pathlen) {
555 error = copyout(fullpath, pve->pve_path,
558 error = ENAMETOOLONG;
560 if (freepath != NULL)
561 free(freepath, M_TEMP);
566 CTR3(KTR_PTRACE, "PT_VM_ENTRY: pid %d, entry %d, start %p",
567 p->p_pid, pve->pve_entry, pve->pve_start);
573 * Process debugging system call.
575 #ifndef _SYS_SYSPROTO_H_
585 sys_ptrace(struct thread *td, struct ptrace_args *uap)
588 * XXX this obfuscation is to reduce stack usage, but the register
589 * structs may be too large to put on the stack anyway.
592 struct ptrace_io_desc piod;
593 struct ptrace_lwpinfo pl;
594 struct ptrace_vm_entry pve;
595 struct ptrace_coredump pc;
600 char args[sizeof(td->td_sa.args)];
601 struct ptrace_sc_ret psr;
611 AUDIT_ARG_PID(uap->pid);
612 AUDIT_ARG_CMD(uap->req);
613 AUDIT_ARG_VALUE(uap->data);
616 case PT_GET_EVENT_MASK:
622 bzero(&r.reg, sizeof(r.reg));
625 bzero(&r.fpreg, sizeof(r.fpreg));
628 bzero(&r.dbreg, sizeof(r.dbreg));
632 error = copyin(uap->addr, &r.vec, sizeof(r.vec));
635 error = copyin(uap->addr, &r.reg, sizeof(r.reg));
638 error = copyin(uap->addr, &r.fpreg, sizeof(r.fpreg));
641 error = copyin(uap->addr, &r.dbreg, sizeof(r.dbreg));
643 case PT_SET_EVENT_MASK:
644 if (uap->data != sizeof(r.ptevents))
647 error = copyin(uap->addr, &r.ptevents, uap->data);
650 error = copyin(uap->addr, &r.piod, sizeof(r.piod));
653 error = copyin(uap->addr, &r.pve, sizeof(r.pve));
656 if (uap->data != sizeof(r.pc))
659 error = copyin(uap->addr, &r.pc, uap->data);
668 error = kern_ptrace(td, uap->req, uap->pid, addr, uap->data);
674 error = copyout(&r.pve, uap->addr, sizeof(r.pve));
677 error = copyout(&r.piod, uap->addr, sizeof(r.piod));
680 error = copyout(&r.reg, uap->addr, sizeof(r.reg));
683 error = copyout(&r.fpreg, uap->addr, sizeof(r.fpreg));
686 error = copyout(&r.dbreg, uap->addr, sizeof(r.dbreg));
689 error = copyout(&r.vec, uap->addr, sizeof(r.vec));
691 case PT_GET_EVENT_MASK:
692 /* NB: The size in uap->data is validated in kern_ptrace(). */
693 error = copyout(&r.ptevents, uap->addr, uap->data);
696 /* NB: The size in uap->data is validated in kern_ptrace(). */
697 error = copyout(&r.pl, uap->addr, uap->data);
700 error = copyout(r.args, uap->addr, MIN(uap->data,
704 error = copyout(&r.psr, uap->addr, MIN(uap->data,
712 #ifdef COMPAT_FREEBSD32
714 * PROC_READ(regs, td2, addr);
716 * proc_read_regs(td2, addr);
718 * proc_read_regs32(td2, addr);
719 * .. except this is done at runtime. There is an additional
720 * complication in that PROC_WRITE disallows 32 bit consumers
721 * from writing to 64 bit address space targets.
723 #define PROC_READ(w, t, a) wrap32 ? \
724 proc_read_ ## w ## 32(t, a) : \
725 proc_read_ ## w (t, a)
726 #define PROC_WRITE(w, t, a) wrap32 ? \
727 (safe ? proc_write_ ## w ## 32(t, a) : EINVAL ) : \
728 proc_write_ ## w (t, a)
730 #define PROC_READ(w, t, a) proc_read_ ## w (t, a)
731 #define PROC_WRITE(w, t, a) proc_write_ ## w (t, a)
735 proc_set_traced(struct proc *p, bool stop)
738 sx_assert(&proctree_lock, SX_XLOCKED);
739 PROC_LOCK_ASSERT(p, MA_OWNED);
740 p->p_flag |= P_TRACED;
742 p->p_flag2 |= P2_PTRACE_FSTP;
743 p->p_ptevents = PTRACE_DEFAULT;
747 ptrace_unsuspend(struct proc *p)
749 PROC_LOCK_ASSERT(p, MA_OWNED);
752 p->p_flag &= ~(P_STOPPED_TRACE | P_STOPPED_SIG | P_WAITED);
755 itimer_proc_continue(p);
756 kqtimer_proc_continue(p);
760 proc_can_ptrace(struct thread *td, struct proc *p)
764 PROC_LOCK_ASSERT(p, MA_OWNED);
766 if ((p->p_flag & P_WEXIT) != 0)
769 if ((error = p_cansee(td, p)) != 0)
771 if ((error = p_candebug(td, p)) != 0)
774 /* not being traced... */
775 if ((p->p_flag & P_TRACED) == 0)
778 /* not being traced by YOU */
779 if (p->p_pptr != td->td_proc)
782 /* not currently stopped */
783 if ((p->p_flag & P_STOPPED_TRACE) == 0 ||
784 p->p_suspcount != p->p_numthreads ||
785 (p->p_flag & P_WAITED) == 0)
791 static struct thread *
792 ptrace_sel_coredump_thread(struct proc *p)
796 PROC_LOCK_ASSERT(p, MA_OWNED);
797 MPASS((p->p_flag & P_STOPPED_TRACE) != 0);
799 FOREACH_THREAD_IN_PROC(p, td2) {
800 if ((td2->td_dbgflags & TDB_SSWITCH) != 0)
807 kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
811 struct proc *curp, *p, *pp;
812 struct thread *td2 = NULL, *td3;
813 struct ptrace_io_desc *piod = NULL;
814 struct ptrace_lwpinfo *pl;
815 struct ptrace_sc_ret *psr;
817 struct ptrace_coredump *pc;
818 struct thr_coredump_req *tcq;
820 lwpid_t tid = 0, *buf;
821 #ifdef COMPAT_FREEBSD32
822 int wrap32 = 0, safe = 0;
824 bool proctree_locked, p2_req_set;
827 proctree_locked = false;
830 /* Lock proctree before locking the process. */
841 case PT_GET_EVENT_MASK:
842 case PT_SET_EVENT_MASK:
845 sx_xlock(&proctree_lock);
846 proctree_locked = true;
852 if (req == PT_TRACE_ME) {
856 if (pid <= PID_MAX) {
857 if ((p = pfind(pid)) == NULL) {
859 sx_xunlock(&proctree_lock);
863 td2 = tdfind(pid, -1);
866 sx_xunlock(&proctree_lock);
874 AUDIT_ARG_PROCESS(p);
876 if ((p->p_flag & P_WEXIT) != 0) {
880 if ((error = p_cansee(td, p)) != 0)
883 if ((error = p_candebug(td, p)) != 0)
887 * System processes can't be debugged.
889 if ((p->p_flag & P_SYSTEM) != 0) {
895 if ((p->p_flag & P_STOPPED_TRACE) != 0) {
896 KASSERT(p->p_xthread != NULL, ("NULL p_xthread"));
899 td2 = FIRST_THREAD_IN_PROC(p);
904 #ifdef COMPAT_FREEBSD32
906 * Test if we're a 32 bit client and what the target is.
907 * Set the wrap controls accordingly.
909 if (SV_CURPROC_FLAG(SV_ILP32)) {
910 if (SV_PROC_FLAG(td2->td_proc, SV_ILP32))
921 * Always legal, when there is a parent process which
922 * could trace us. Otherwise, reject.
924 if ((p->p_flag & P_TRACED) != 0) {
928 if (p->p_pptr == initproc) {
936 if (p == td->td_proc) {
942 if (p->p_flag & P_TRACED) {
947 /* Can't trace an ancestor if you're being traced. */
948 if (curp->p_flag & P_TRACED) {
949 for (pp = curp->p_pptr; pp != NULL; pp = pp->p_pptr) {
961 /* Allow thread to clear single step for itself */
962 if (td->td_tid == tid)
968 * Check for ptrace eligibility before waiting for
971 error = proc_can_ptrace(td, p);
976 * Block parallel ptrace requests. Most important, do
977 * not allow other thread in debugger to continue the
978 * debuggee until coredump finished.
980 while ((p->p_flag2 & P2_PTRACEREQ) != 0) {
982 sx_xunlock(&proctree_lock);
983 error = msleep(&p->p_flag2, &p->p_mtx, PPAUSE | PCATCH |
984 (proctree_locked ? PDROP : 0), "pptrace", 0);
985 if (proctree_locked) {
986 sx_xlock(&proctree_lock);
989 if (error == 0 && td2->td_proc != p)
992 error = proc_can_ptrace(td, p);
1002 * Keep this process around and request parallel ptrace()
1003 * request to wait until we finish this request.
1005 MPASS((p->p_flag2 & P2_PTRACEREQ) == 0);
1006 p->p_flag2 |= P2_PTRACEREQ;
1011 * Actually do the requests
1014 td->td_retval[0] = 0;
1018 /* set my trace flag and "owner" so it can read/write me */
1019 proc_set_traced(p, false);
1020 if (p->p_flag & P_PPWAIT)
1021 p->p_flag |= P_PPTRACE;
1022 CTR1(KTR_PTRACE, "PT_TRACE_ME: pid %d", p->p_pid);
1026 /* security check done above */
1028 * It would be nice if the tracing relationship was separate
1029 * from the parent relationship but that would require
1030 * another set of links in the proc struct or for "wait"
1031 * to scan the entire proc table. To make life easier,
1032 * we just re-parent the process we're trying to trace.
1033 * The old parent is remembered so we can put things back
1036 proc_set_traced(p, true);
1037 proc_reparent(p, td->td_proc, false);
1038 CTR2(KTR_PTRACE, "PT_ATTACH: pid %d, oppid %d", p->p_pid,
1041 sx_xunlock(&proctree_lock);
1042 proctree_locked = false;
1043 MPASS(p->p_xthread == NULL);
1044 MPASS((p->p_flag & P_STOPPED_TRACE) == 0);
1047 * If already stopped due to a stop signal, clear the
1048 * existing stop before triggering a traced SIGSTOP.
1050 if ((p->p_flag & P_STOPPED_SIG) != 0) {
1052 p->p_flag &= ~(P_STOPPED_SIG | P_WAITED);
1053 thread_unsuspend(p);
1057 kern_psignal(p, SIGSTOP);
1061 CTR2(KTR_PTRACE, "PT_CLEARSTEP: tid %d (pid %d)", td2->td_tid,
1063 error = ptrace_clear_single_step(td2);
1067 CTR2(KTR_PTRACE, "PT_SETSTEP: tid %d (pid %d)", td2->td_tid,
1069 error = ptrace_single_step(td2);
1073 CTR2(KTR_PTRACE, "PT_SUSPEND: tid %d (pid %d)", td2->td_tid,
1075 td2->td_dbgflags |= TDB_SUSPEND;
1077 td2->td_flags |= TDF_NEEDSUSPCHK;
1082 CTR2(KTR_PTRACE, "PT_RESUME: tid %d (pid %d)", td2->td_tid,
1084 td2->td_dbgflags &= ~TDB_SUSPEND;
1087 case PT_FOLLOW_FORK:
1088 CTR3(KTR_PTRACE, "PT_FOLLOW_FORK: pid %d %s -> %s", p->p_pid,
1089 p->p_ptevents & PTRACE_FORK ? "enabled" : "disabled",
1090 data ? "enabled" : "disabled");
1092 p->p_ptevents |= PTRACE_FORK;
1094 p->p_ptevents &= ~PTRACE_FORK;
1098 CTR3(KTR_PTRACE, "PT_LWP_EVENTS: pid %d %s -> %s", p->p_pid,
1099 p->p_ptevents & PTRACE_LWP ? "enabled" : "disabled",
1100 data ? "enabled" : "disabled");
1102 p->p_ptevents |= PTRACE_LWP;
1104 p->p_ptevents &= ~PTRACE_LWP;
1107 case PT_GET_EVENT_MASK:
1108 if (data != sizeof(p->p_ptevents)) {
1112 CTR2(KTR_PTRACE, "PT_GET_EVENT_MASK: pid %d mask %#x", p->p_pid,
1114 *(int *)addr = p->p_ptevents;
1117 case PT_SET_EVENT_MASK:
1118 if (data != sizeof(p->p_ptevents)) {
1123 if ((tmp & ~(PTRACE_EXEC | PTRACE_SCE | PTRACE_SCX |
1124 PTRACE_FORK | PTRACE_LWP | PTRACE_VFORK)) != 0) {
1128 CTR3(KTR_PTRACE, "PT_SET_EVENT_MASK: pid %d mask %#x -> %#x",
1129 p->p_pid, p->p_ptevents, tmp);
1130 p->p_ptevents = tmp;
1133 case PT_GET_SC_ARGS:
1134 CTR1(KTR_PTRACE, "PT_GET_SC_ARGS: pid %d", p->p_pid);
1135 if ((td2->td_dbgflags & (TDB_SCE | TDB_SCX)) == 0
1136 #ifdef COMPAT_FREEBSD32
1137 || (wrap32 && !safe)
1143 bzero(addr, sizeof(td2->td_sa.args));
1144 /* See the explanation in linux_ptrace_get_syscall_info(). */
1145 bcopy(td2->td_sa.args, addr, SV_PROC_ABI(td->td_proc) ==
1146 SV_ABI_LINUX ? sizeof(td2->td_sa.args) :
1147 td2->td_sa.callp->sy_narg * sizeof(register_t));
1151 if ((td2->td_dbgflags & (TDB_SCX)) == 0
1152 #ifdef COMPAT_FREEBSD32
1153 || (wrap32 && !safe)
1160 bzero(psr, sizeof(*psr));
1161 psr->sr_error = td2->td_errno;
1162 if (psr->sr_error == 0) {
1163 psr->sr_retval[0] = td2->td_retval[0];
1164 psr->sr_retval[1] = td2->td_retval[1];
1167 "PT_GET_SC_RET: pid %d error %d retval %#lx,%#lx",
1168 p->p_pid, psr->sr_error, psr->sr_retval[0],
1178 /* Zero means do not send any signal */
1179 if (data < 0 || data > _SIG_MAXSIG) {
1186 CTR3(KTR_PTRACE, "PT_STEP: tid %d (pid %d), sig = %d",
1187 td2->td_tid, p->p_pid, data);
1188 error = ptrace_single_step(td2);
1196 if (addr != (void *)1) {
1197 error = ptrace_set_pc(td2,
1198 (u_long)(uintfptr_t)addr);
1204 p->p_ptevents |= PTRACE_SCE;
1206 "PT_TO_SCE: pid %d, events = %#x, PC = %#lx, sig = %d",
1207 p->p_pid, p->p_ptevents,
1208 (u_long)(uintfptr_t)addr, data);
1211 p->p_ptevents |= PTRACE_SCX;
1213 "PT_TO_SCX: pid %d, events = %#x, PC = %#lx, sig = %d",
1214 p->p_pid, p->p_ptevents,
1215 (u_long)(uintfptr_t)addr, data);
1218 p->p_ptevents |= PTRACE_SYSCALL;
1220 "PT_SYSCALL: pid %d, events = %#x, PC = %#lx, sig = %d",
1221 p->p_pid, p->p_ptevents,
1222 (u_long)(uintfptr_t)addr, data);
1226 "PT_CONTINUE: pid %d, PC = %#lx, sig = %d",
1227 p->p_pid, (u_long)(uintfptr_t)addr, data);
1233 * Clear P_TRACED before reparenting
1234 * a detached process back to its original
1235 * parent. Otherwise the debugee will be set
1236 * as an orphan of the debugger.
1238 p->p_flag &= ~(P_TRACED | P_WAITED);
1241 * Reset the process parent.
1243 if (p->p_oppid != p->p_pptr->p_pid) {
1244 PROC_LOCK(p->p_pptr);
1245 sigqueue_take(p->p_ksi);
1246 PROC_UNLOCK(p->p_pptr);
1248 pp = proc_realparent(p);
1249 proc_reparent(p, pp, false);
1251 p->p_sigparent = SIGCHLD;
1253 "PT_DETACH: pid %d reparented to pid %d, sig %d",
1254 p->p_pid, pp->p_pid, data);
1256 CTR2(KTR_PTRACE, "PT_DETACH: pid %d, sig %d",
1261 FOREACH_THREAD_IN_PROC(p, td3) {
1262 if ((td3->td_dbgflags & TDB_FSTP) != 0) {
1263 sigqueue_delete(&td3->td_sigqueue,
1266 td3->td_dbgflags &= ~(TDB_XSIG | TDB_FSTP |
1270 if ((p->p_flag2 & P2_PTRACE_FSTP) != 0) {
1271 sigqueue_delete(&p->p_sigqueue, SIGSTOP);
1272 p->p_flag2 &= ~P2_PTRACE_FSTP;
1275 /* should we send SIGCHLD? */
1276 /* childproc_continued(p); */
1280 sx_xunlock(&proctree_lock);
1281 proctree_locked = false;
1284 MPASS(!proctree_locked);
1287 * Clear the pending event for the thread that just
1288 * reported its event (p_xthread). This may not be
1289 * the thread passed to PT_CONTINUE, PT_STEP, etc. if
1290 * the debugger is resuming a different thread.
1292 * Deliver any pending signal via the reporting thread.
1294 MPASS(p->p_xthread != NULL);
1295 p->p_xthread->td_dbgflags &= ~TDB_XSIG;
1296 p->p_xthread->td_xsig = data;
1297 p->p_xthread = NULL;
1301 * P_WKILLED is insurance that a PT_KILL/SIGKILL
1302 * always works immediately, even if another thread is
1303 * unsuspended first and attempts to handle a
1304 * different signal or if the POSIX.1b style signal
1305 * queue cannot accommodate any new signals.
1307 if (data == SIGKILL)
1311 * Unsuspend all threads. To leave a thread
1312 * suspended, use PT_SUSPEND to suspend it before
1313 * continuing the process.
1315 ptrace_unsuspend(p);
1320 td2->td_dbgflags |= TDB_USERWR;
1323 if (proc_writemem(td, p, (off_t)(uintptr_t)addr, &data,
1324 sizeof(int)) != sizeof(int))
1327 CTR3(KTR_PTRACE, "PT_WRITE: pid %d: %p <= %#x",
1328 p->p_pid, addr, data);
1336 if (proc_readmem(td, p, (off_t)(uintptr_t)addr, &tmp,
1337 sizeof(int)) != sizeof(int))
1340 CTR3(KTR_PTRACE, "PT_READ: pid %d: %p >= %#x",
1341 p->p_pid, addr, tmp);
1342 td->td_retval[0] = tmp;
1348 iov.iov_base = piod->piod_addr;
1349 iov.iov_len = piod->piod_len;
1350 uio.uio_offset = (off_t)(uintptr_t)piod->piod_offs;
1351 uio.uio_resid = piod->piod_len;
1354 uio.uio_segflg = UIO_USERSPACE;
1356 switch (piod->piod_op) {
1359 CTR3(KTR_PTRACE, "PT_IO: pid %d: READ (%p, %#x)",
1360 p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid);
1361 uio.uio_rw = UIO_READ;
1365 CTR3(KTR_PTRACE, "PT_IO: pid %d: WRITE (%p, %#x)",
1366 p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid);
1367 td2->td_dbgflags |= TDB_USERWR;
1368 uio.uio_rw = UIO_WRITE;
1375 error = proc_rwmem(p, &uio);
1376 piod->piod_len -= uio.uio_resid;
1381 CTR1(KTR_PTRACE, "PT_KILL: pid %d", p->p_pid);
1383 goto sendsig; /* in PT_CONTINUE above */
1386 CTR2(KTR_PTRACE, "PT_SETREGS: tid %d (pid %d)", td2->td_tid,
1388 td2->td_dbgflags |= TDB_USERWR;
1389 error = PROC_WRITE(regs, td2, addr);
1393 CTR2(KTR_PTRACE, "PT_GETREGS: tid %d (pid %d)", td2->td_tid,
1395 error = PROC_READ(regs, td2, addr);
1399 CTR2(KTR_PTRACE, "PT_SETFPREGS: tid %d (pid %d)", td2->td_tid,
1401 td2->td_dbgflags |= TDB_USERWR;
1402 error = PROC_WRITE(fpregs, td2, addr);
1406 CTR2(KTR_PTRACE, "PT_GETFPREGS: tid %d (pid %d)", td2->td_tid,
1408 error = PROC_READ(fpregs, td2, addr);
1412 CTR2(KTR_PTRACE, "PT_SETDBREGS: tid %d (pid %d)", td2->td_tid,
1414 td2->td_dbgflags |= TDB_USERWR;
1415 error = PROC_WRITE(dbregs, td2, addr);
1419 CTR2(KTR_PTRACE, "PT_GETDBREGS: tid %d (pid %d)", td2->td_tid,
1421 error = PROC_READ(dbregs, td2, addr);
1425 CTR2(KTR_PTRACE, "PT_SETREGSET: tid %d (pid %d)", td2->td_tid,
1427 error = proc_write_regset(td2, data, addr);
1431 CTR2(KTR_PTRACE, "PT_GETREGSET: tid %d (pid %d)", td2->td_tid,
1433 error = proc_read_regset(td2, data, addr);
1437 if (data <= 0 || data > sizeof(*pl)) {
1442 bzero(pl, sizeof(*pl));
1443 pl->pl_lwpid = td2->td_tid;
1444 pl->pl_event = PL_EVENT_NONE;
1446 if (td2->td_dbgflags & TDB_XSIG) {
1447 pl->pl_event = PL_EVENT_SIGNAL;
1448 if (td2->td_si.si_signo != 0 &&
1449 data >= offsetof(struct ptrace_lwpinfo, pl_siginfo)
1450 + sizeof(pl->pl_siginfo)){
1451 pl->pl_flags |= PL_FLAG_SI;
1452 pl->pl_siginfo = td2->td_si;
1455 if (td2->td_dbgflags & TDB_SCE)
1456 pl->pl_flags |= PL_FLAG_SCE;
1457 else if (td2->td_dbgflags & TDB_SCX)
1458 pl->pl_flags |= PL_FLAG_SCX;
1459 if (td2->td_dbgflags & TDB_EXEC)
1460 pl->pl_flags |= PL_FLAG_EXEC;
1461 if (td2->td_dbgflags & TDB_FORK) {
1462 pl->pl_flags |= PL_FLAG_FORKED;
1463 pl->pl_child_pid = td2->td_dbg_forked;
1464 if (td2->td_dbgflags & TDB_VFORK)
1465 pl->pl_flags |= PL_FLAG_VFORKED;
1466 } else if ((td2->td_dbgflags & (TDB_SCX | TDB_VFORK)) ==
1468 pl->pl_flags |= PL_FLAG_VFORK_DONE;
1469 if (td2->td_dbgflags & TDB_CHILD)
1470 pl->pl_flags |= PL_FLAG_CHILD;
1471 if (td2->td_dbgflags & TDB_BORN)
1472 pl->pl_flags |= PL_FLAG_BORN;
1473 if (td2->td_dbgflags & TDB_EXIT)
1474 pl->pl_flags |= PL_FLAG_EXITED;
1475 pl->pl_sigmask = td2->td_sigmask;
1476 pl->pl_siglist = td2->td_siglist;
1477 strcpy(pl->pl_tdname, td2->td_name);
1478 if ((td2->td_dbgflags & (TDB_SCE | TDB_SCX)) != 0) {
1479 pl->pl_syscall_code = td2->td_sa.code;
1480 pl->pl_syscall_narg = td2->td_sa.callp->sy_narg;
1482 pl->pl_syscall_code = 0;
1483 pl->pl_syscall_narg = 0;
1486 "PT_LWPINFO: tid %d (pid %d) event %d flags %#x child pid %d syscall %d",
1487 td2->td_tid, p->p_pid, pl->pl_event, pl->pl_flags,
1488 pl->pl_child_pid, pl->pl_syscall_code);
1492 CTR2(KTR_PTRACE, "PT_GETNUMLWPS: pid %d: %d threads", p->p_pid,
1494 td->td_retval[0] = p->p_numthreads;
1498 CTR3(KTR_PTRACE, "PT_GETLWPLIST: pid %d: data %d, actual %d",
1499 p->p_pid, data, p->p_numthreads);
1504 num = imin(p->p_numthreads, data);
1506 buf = malloc(num * sizeof(lwpid_t), M_TEMP, M_WAITOK);
1509 FOREACH_THREAD_IN_PROC(p, td2) {
1512 buf[tmp++] = td2->td_tid;
1515 error = copyout(buf, addr, tmp * sizeof(lwpid_t));
1518 td->td_retval[0] = tmp;
1522 case PT_VM_TIMESTAMP:
1523 CTR2(KTR_PTRACE, "PT_VM_TIMESTAMP: pid %d: timestamp %d",
1524 p->p_pid, p->p_vmspace->vm_map.timestamp);
1525 td->td_retval[0] = p->p_vmspace->vm_map.timestamp;
1530 error = ptrace_vm_entry(td, p, addr);
1536 CTR2(KTR_PTRACE, "PT_COREDUMP: pid %d, fd %d",
1537 p->p_pid, pc->pc_fd);
1539 if ((pc->pc_flags & ~(PC_COMPRESS | PC_ALL)) != 0) {
1545 tcq = malloc(sizeof(*tcq), M_TEMP, M_WAITOK | M_ZERO);
1547 error = fget_write(td, pc->pc_fd, &cap_write_rights, &fp);
1549 goto coredump_cleanup_nofp;
1550 if (fp->f_type != DTYPE_VNODE || fp->f_vnode->v_type != VREG) {
1552 goto coredump_cleanup;
1556 error = proc_can_ptrace(td, p);
1558 goto coredump_cleanup_locked;
1560 td2 = ptrace_sel_coredump_thread(p);
1563 goto coredump_cleanup_locked;
1565 KASSERT((td2->td_dbgflags & TDB_COREDUMPRQ) == 0,
1566 ("proc %d tid %d req coredump", p->p_pid, td2->td_tid));
1568 tcq->tc_vp = fp->f_vnode;
1569 tcq->tc_limit = pc->pc_limit == 0 ? OFF_MAX : pc->pc_limit;
1570 tcq->tc_flags = SVC_PT_COREDUMP;
1571 if ((pc->pc_flags & PC_COMPRESS) == 0)
1572 tcq->tc_flags |= SVC_NOCOMPRESS;
1573 if ((pc->pc_flags & PC_ALL) != 0)
1574 tcq->tc_flags |= SVC_ALL;
1575 td2->td_coredump = tcq;
1576 td2->td_dbgflags |= TDB_COREDUMPRQ;
1577 thread_run_flash(td2);
1578 while ((td2->td_dbgflags & TDB_COREDUMPRQ) != 0)
1579 msleep(p, &p->p_mtx, PPAUSE, "crdmp", 0);
1580 error = tcq->tc_error;
1581 coredump_cleanup_locked:
1585 coredump_cleanup_nofp:
1591 #ifdef __HAVE_PTRACE_MACHDEP
1592 if (req >= PT_FIRSTMACH) {
1594 error = cpu_ptrace(td2, req, addr, data);
1598 /* Unknown request. */
1603 /* Drop our hold on this process now that the request has completed. */
1607 if ((p->p_flag2 & P2_PTRACEREQ) != 0)
1608 wakeup(&p->p_flag2);
1609 p->p_flag2 &= ~P2_PTRACEREQ;
1612 if (proctree_locked)
1613 sx_xunlock(&proctree_lock);