2 * SPDX-License-Identifier: BSD-4-Clause
4 * Copyright (c) 1994, Sean Eric Fagan
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software
16 * must display the following acknowledgement:
17 * This product includes software developed by Sean Eric Fagan.
18 * 4. The name of the author may not be used to endorse or promote products
19 * derived from this software without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
37 #include <sys/param.h>
38 #include <sys/systm.h>
40 #include <sys/limits.h>
42 #include <sys/mutex.h>
44 #include <sys/syscallsubr.h>
45 #include <sys/sysent.h>
46 #include <sys/sysproto.h>
49 #include <sys/vnode.h>
50 #include <sys/ptrace.h>
51 #include <sys/rwlock.h>
53 #include <sys/malloc.h>
54 #include <sys/signalvar.h>
55 #include <sys/caprights.h>
56 #include <sys/filedesc.h>
58 #include <security/audit/audit.h>
62 #include <vm/vm_extern.h>
63 #include <vm/vm_map.h>
64 #include <vm/vm_kern.h>
65 #include <vm/vm_object.h>
66 #include <vm/vm_page.h>
67 #include <vm/vm_param.h>
69 #ifdef COMPAT_FREEBSD32
70 #include <sys/procfs.h>
74 * Functions implemented using PROC_ACTION():
76 * proc_read_regs(proc, regs)
77 * Get the current user-visible register set from the process
78 * and copy it into the regs structure (<machine/reg.h>).
79 * The process is stopped at the time read_regs is called.
81 * proc_write_regs(proc, regs)
82 * Update the current register set from the passed in regs
83 * structure. Take care to avoid clobbering special CPU
84 * registers or privileged bits in the PSL.
85 * Depending on the architecture this may have fix-up work to do,
86 * especially if the IAR or PCW are modified.
87 * The process is stopped at the time write_regs is called.
89 * proc_read_fpregs, proc_write_fpregs
90 * deal with the floating point register set, otherwise as above.
92 * proc_read_dbregs, proc_write_dbregs
93 * deal with the processor debug register set, otherwise as above.
96 * Arrange for the process to trap after executing a single instruction.
99 #define PROC_ACTION(action) do { \
102 PROC_LOCK_ASSERT(td->td_proc, MA_OWNED); \
103 if ((td->td_proc->p_flag & P_INMEM) == 0) \
111 proc_read_regs(struct thread *td, struct reg *regs)
114 PROC_ACTION(fill_regs(td, regs));
118 proc_write_regs(struct thread *td, struct reg *regs)
121 PROC_ACTION(set_regs(td, regs));
125 proc_read_dbregs(struct thread *td, struct dbreg *dbregs)
128 PROC_ACTION(fill_dbregs(td, dbregs));
132 proc_write_dbregs(struct thread *td, struct dbreg *dbregs)
135 PROC_ACTION(set_dbregs(td, dbregs));
139 * Ptrace doesn't support fpregs at all, and there are no security holes
140 * or translations for fpregs, so we can just copy them.
143 proc_read_fpregs(struct thread *td, struct fpreg *fpregs)
146 PROC_ACTION(fill_fpregs(td, fpregs));
150 proc_write_fpregs(struct thread *td, struct fpreg *fpregs)
153 PROC_ACTION(set_fpregs(td, fpregs));
156 #ifdef COMPAT_FREEBSD32
157 /* For 32 bit binaries, we need to expose the 32 bit regs layouts. */
159 proc_read_regs32(struct thread *td, struct reg32 *regs32)
162 PROC_ACTION(fill_regs32(td, regs32));
166 proc_write_regs32(struct thread *td, struct reg32 *regs32)
169 PROC_ACTION(set_regs32(td, regs32));
173 proc_read_dbregs32(struct thread *td, struct dbreg32 *dbregs32)
176 PROC_ACTION(fill_dbregs32(td, dbregs32));
180 proc_write_dbregs32(struct thread *td, struct dbreg32 *dbregs32)
183 PROC_ACTION(set_dbregs32(td, dbregs32));
187 proc_read_fpregs32(struct thread *td, struct fpreg32 *fpregs32)
190 PROC_ACTION(fill_fpregs32(td, fpregs32));
194 proc_write_fpregs32(struct thread *td, struct fpreg32 *fpregs32)
197 PROC_ACTION(set_fpregs32(td, fpregs32));
202 proc_sstep(struct thread *td)
205 PROC_ACTION(ptrace_single_step(td));
209 proc_rwmem(struct proc *p, struct uio *uio)
212 vm_offset_t pageno; /* page number */
214 int error, fault_flags, page_offset, writing;
217 * Make sure that the process' vmspace remains live.
221 PROC_LOCK_ASSERT(p, MA_NOTOWNED);
226 map = &p->p_vmspace->vm_map;
229 * If we are writing, then we request vm_fault() to create a private
230 * copy of each page. Since these copies will not be writeable by the
231 * process, we must explicity request that they be dirtied.
233 writing = uio->uio_rw == UIO_WRITE;
234 reqprot = writing ? VM_PROT_COPY | VM_PROT_READ : VM_PROT_READ;
235 fault_flags = writing ? VM_FAULT_DIRTY : VM_FAULT_NORMAL;
238 * Only map in one page at a time. We don't have to, but it
239 * makes things easier. This way is trivial - right?
246 uva = (vm_offset_t)uio->uio_offset;
249 * Get the page number of this segment.
251 pageno = trunc_page(uva);
252 page_offset = uva - pageno;
255 * How many bytes to copy
257 len = min(PAGE_SIZE - page_offset, uio->uio_resid);
260 * Fault and hold the page on behalf of the process.
262 error = vm_fault(map, pageno, reqprot, fault_flags, &m);
263 if (error != KERN_SUCCESS) {
264 if (error == KERN_RESOURCE_SHORTAGE)
272 * Now do the i/o move.
274 error = uiomove_fromphys(&m, page_offset, len, uio);
276 /* Make the I-cache coherent for breakpoints. */
277 if (writing && error == 0) {
278 vm_map_lock_read(map);
279 if (vm_map_check_protection(map, pageno, pageno +
280 PAGE_SIZE, VM_PROT_EXECUTE))
281 vm_sync_icache(map, uva, len);
282 vm_map_unlock_read(map);
288 vm_page_unwire(m, PQ_ACTIVE);
290 } while (error == 0 && uio->uio_resid > 0);
296 proc_iop(struct thread *td, struct proc *p, vm_offset_t va, void *buf,
297 size_t len, enum uio_rw rw)
303 MPASS(len < SSIZE_MAX);
306 iov.iov_base = (caddr_t)buf;
311 uio.uio_resid = slen;
312 uio.uio_segflg = UIO_SYSSPACE;
316 if (uio.uio_resid == slen)
318 return (slen - uio.uio_resid);
322 proc_readmem(struct thread *td, struct proc *p, vm_offset_t va, void *buf,
326 return (proc_iop(td, p, va, buf, len, UIO_READ));
330 proc_writemem(struct thread *td, struct proc *p, vm_offset_t va, void *buf,
334 return (proc_iop(td, p, va, buf, len, UIO_WRITE));
338 ptrace_vm_entry(struct thread *td, struct proc *p, struct ptrace_vm_entry *pve)
342 vm_map_entry_t entry;
343 vm_object_t obj, tobj, lobj;
346 char *freepath, *fullpath;
353 vm = vmspace_acquire_ref(p);
355 vm_map_lock_read(map);
358 KASSERT((map->header.eflags & MAP_ENTRY_IS_SUB_MAP) == 0,
359 ("Submap in map header"));
361 VM_MAP_ENTRY_FOREACH(entry, map) {
362 if (index >= pve->pve_entry &&
363 (entry->eflags & MAP_ENTRY_IS_SUB_MAP) == 0)
367 if (index < pve->pve_entry) {
371 if (entry == &map->header) {
376 /* We got an entry. */
377 pve->pve_entry = index + 1;
378 pve->pve_timestamp = map->timestamp;
379 pve->pve_start = entry->start;
380 pve->pve_end = entry->end - 1;
381 pve->pve_offset = entry->offset;
382 pve->pve_prot = entry->protection;
384 /* Backing object's path needed? */
385 if (pve->pve_pathlen == 0)
388 pathlen = pve->pve_pathlen;
389 pve->pve_pathlen = 0;
391 obj = entry->object.vm_object;
393 VM_OBJECT_RLOCK(obj);
396 vm_map_unlock_read(map);
398 pve->pve_fsid = VNOVAL;
399 pve->pve_fileid = VNOVAL;
401 if (error == 0 && obj != NULL) {
403 for (tobj = obj; tobj != NULL; tobj = tobj->backing_object) {
405 VM_OBJECT_RLOCK(tobj);
407 VM_OBJECT_RUNLOCK(lobj);
409 pve->pve_offset += tobj->backing_object_offset;
411 vp = vm_object_vnode(lobj);
415 VM_OBJECT_RUNLOCK(lobj);
416 VM_OBJECT_RUNLOCK(obj);
421 vn_fullpath(vp, &fullpath, &freepath);
422 vn_lock(vp, LK_SHARED | LK_RETRY);
423 if (VOP_GETATTR(vp, &vattr, td->td_ucred) == 0) {
424 pve->pve_fileid = vattr.va_fileid;
425 pve->pve_fsid = vattr.va_fsid;
429 if (fullpath != NULL) {
430 pve->pve_pathlen = strlen(fullpath) + 1;
431 if (pve->pve_pathlen <= pathlen) {
432 error = copyout(fullpath, pve->pve_path,
435 error = ENAMETOOLONG;
437 if (freepath != NULL)
438 free(freepath, M_TEMP);
443 CTR3(KTR_PTRACE, "PT_VM_ENTRY: pid %d, entry %d, start %p",
444 p->p_pid, pve->pve_entry, pve->pve_start);
450 * Process debugging system call.
452 #ifndef _SYS_SYSPROTO_H_
462 sys_ptrace(struct thread *td, struct ptrace_args *uap)
465 * XXX this obfuscation is to reduce stack usage, but the register
466 * structs may be too large to put on the stack anyway.
469 struct ptrace_io_desc piod;
470 struct ptrace_lwpinfo pl;
471 struct ptrace_vm_entry pve;
472 struct ptrace_coredump pc;
476 char args[sizeof(td->td_sa.args)];
477 struct ptrace_sc_ret psr;
487 AUDIT_ARG_PID(uap->pid);
488 AUDIT_ARG_CMD(uap->req);
489 AUDIT_ARG_VALUE(uap->data);
492 case PT_GET_EVENT_MASK:
498 bzero(&r.reg, sizeof(r.reg));
501 bzero(&r.fpreg, sizeof(r.fpreg));
504 bzero(&r.dbreg, sizeof(r.dbreg));
507 error = copyin(uap->addr, &r.reg, sizeof(r.reg));
510 error = copyin(uap->addr, &r.fpreg, sizeof(r.fpreg));
513 error = copyin(uap->addr, &r.dbreg, sizeof(r.dbreg));
515 case PT_SET_EVENT_MASK:
516 if (uap->data != sizeof(r.ptevents))
519 error = copyin(uap->addr, &r.ptevents, uap->data);
522 error = copyin(uap->addr, &r.piod, sizeof(r.piod));
525 error = copyin(uap->addr, &r.pve, sizeof(r.pve));
528 if (uap->data != sizeof(r.pc))
531 error = copyin(uap->addr, &r.pc, uap->data);
540 error = kern_ptrace(td, uap->req, uap->pid, addr, uap->data);
546 error = copyout(&r.pve, uap->addr, sizeof(r.pve));
549 error = copyout(&r.piod, uap->addr, sizeof(r.piod));
552 error = copyout(&r.reg, uap->addr, sizeof(r.reg));
555 error = copyout(&r.fpreg, uap->addr, sizeof(r.fpreg));
558 error = copyout(&r.dbreg, uap->addr, sizeof(r.dbreg));
560 case PT_GET_EVENT_MASK:
561 /* NB: The size in uap->data is validated in kern_ptrace(). */
562 error = copyout(&r.ptevents, uap->addr, uap->data);
565 /* NB: The size in uap->data is validated in kern_ptrace(). */
566 error = copyout(&r.pl, uap->addr, uap->data);
569 error = copyout(r.args, uap->addr, MIN(uap->data,
573 error = copyout(&r.psr, uap->addr, MIN(uap->data,
581 #ifdef COMPAT_FREEBSD32
583 * PROC_READ(regs, td2, addr);
585 * proc_read_regs(td2, addr);
587 * proc_read_regs32(td2, addr);
588 * .. except this is done at runtime. There is an additional
589 * complication in that PROC_WRITE disallows 32 bit consumers
590 * from writing to 64 bit address space targets.
592 #define PROC_READ(w, t, a) wrap32 ? \
593 proc_read_ ## w ## 32(t, a) : \
594 proc_read_ ## w (t, a)
595 #define PROC_WRITE(w, t, a) wrap32 ? \
596 (safe ? proc_write_ ## w ## 32(t, a) : EINVAL ) : \
597 proc_write_ ## w (t, a)
599 #define PROC_READ(w, t, a) proc_read_ ## w (t, a)
600 #define PROC_WRITE(w, t, a) proc_write_ ## w (t, a)
604 proc_set_traced(struct proc *p, bool stop)
607 sx_assert(&proctree_lock, SX_XLOCKED);
608 PROC_LOCK_ASSERT(p, MA_OWNED);
609 p->p_flag |= P_TRACED;
611 p->p_flag2 |= P2_PTRACE_FSTP;
612 p->p_ptevents = PTRACE_DEFAULT;
616 ptrace_unsuspend(struct proc *p)
618 PROC_LOCK_ASSERT(p, MA_OWNED);
621 p->p_flag &= ~(P_STOPPED_TRACE | P_STOPPED_SIG | P_WAITED);
624 itimer_proc_continue(p);
625 kqtimer_proc_continue(p);
629 proc_can_ptrace(struct thread *td, struct proc *p)
633 PROC_LOCK_ASSERT(p, MA_OWNED);
635 if ((p->p_flag & P_WEXIT) != 0)
638 if ((error = p_cansee(td, p)) != 0)
640 if ((error = p_candebug(td, p)) != 0)
643 /* not being traced... */
644 if ((p->p_flag & P_TRACED) == 0)
647 /* not being traced by YOU */
648 if (p->p_pptr != td->td_proc)
651 /* not currently stopped */
652 if ((p->p_flag & P_STOPPED_TRACE) == 0 ||
653 p->p_suspcount != p->p_numthreads ||
654 (p->p_flag & P_WAITED) == 0)
660 static struct thread *
661 ptrace_sel_coredump_thread(struct proc *p)
665 PROC_LOCK_ASSERT(p, MA_OWNED);
666 MPASS((p->p_flag & P_STOPPED_TRACE) != 0);
668 FOREACH_THREAD_IN_PROC(p, td2) {
669 if ((td2->td_dbgflags & TDB_SSWITCH) != 0)
676 kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
680 struct proc *curp, *p, *pp;
681 struct thread *td2 = NULL, *td3;
682 struct ptrace_io_desc *piod = NULL;
683 struct ptrace_lwpinfo *pl;
684 struct ptrace_sc_ret *psr;
686 struct ptrace_coredump *pc;
687 struct thr_coredump_req *tcq;
689 lwpid_t tid = 0, *buf;
690 #ifdef COMPAT_FREEBSD32
691 int wrap32 = 0, safe = 0;
693 bool proctree_locked, p2_req_set;
696 proctree_locked = false;
699 /* Lock proctree before locking the process. */
710 case PT_GET_EVENT_MASK:
711 case PT_SET_EVENT_MASK:
714 sx_xlock(&proctree_lock);
715 proctree_locked = true;
721 if (req == PT_TRACE_ME) {
725 if (pid <= PID_MAX) {
726 if ((p = pfind(pid)) == NULL) {
728 sx_xunlock(&proctree_lock);
732 td2 = tdfind(pid, -1);
735 sx_xunlock(&proctree_lock);
743 AUDIT_ARG_PROCESS(p);
745 if ((p->p_flag & P_WEXIT) != 0) {
749 if ((error = p_cansee(td, p)) != 0)
752 if ((error = p_candebug(td, p)) != 0)
756 * System processes can't be debugged.
758 if ((p->p_flag & P_SYSTEM) != 0) {
764 if ((p->p_flag & P_STOPPED_TRACE) != 0) {
765 KASSERT(p->p_xthread != NULL, ("NULL p_xthread"));
768 td2 = FIRST_THREAD_IN_PROC(p);
773 #ifdef COMPAT_FREEBSD32
775 * Test if we're a 32 bit client and what the target is.
776 * Set the wrap controls accordingly.
778 if (SV_CURPROC_FLAG(SV_ILP32)) {
779 if (SV_PROC_FLAG(td2->td_proc, SV_ILP32))
790 * Always legal, when there is a parent process which
791 * could trace us. Otherwise, reject.
793 if ((p->p_flag & P_TRACED) != 0) {
797 if (p->p_pptr == initproc) {
805 if (p == td->td_proc) {
811 if (p->p_flag & P_TRACED) {
816 /* Can't trace an ancestor if you're being traced. */
817 if (curp->p_flag & P_TRACED) {
818 for (pp = curp->p_pptr; pp != NULL; pp = pp->p_pptr) {
830 /* Allow thread to clear single step for itself */
831 if (td->td_tid == tid)
837 * Check for ptrace eligibility before waiting for
840 error = proc_can_ptrace(td, p);
845 * Block parallel ptrace requests. Most important, do
846 * not allow other thread in debugger to continue the
847 * debuggee until coredump finished.
849 while ((p->p_flag2 & P2_PTRACEREQ) != 0) {
851 sx_xunlock(&proctree_lock);
852 error = msleep(&p->p_flag2, &p->p_mtx, PPAUSE | PCATCH |
853 (proctree_locked ? PDROP : 0), "pptrace", 0);
854 if (proctree_locked) {
855 sx_xlock(&proctree_lock);
858 if (error == 0 && td2->td_proc != p)
861 error = proc_can_ptrace(td, p);
871 * Keep this process around and request parallel ptrace()
872 * request to wait until we finish this request.
874 MPASS((p->p_flag2 & P2_PTRACEREQ) == 0);
875 p->p_flag2 |= P2_PTRACEREQ;
880 * Actually do the requests
883 td->td_retval[0] = 0;
887 /* set my trace flag and "owner" so it can read/write me */
888 proc_set_traced(p, false);
889 if (p->p_flag & P_PPWAIT)
890 p->p_flag |= P_PPTRACE;
891 CTR1(KTR_PTRACE, "PT_TRACE_ME: pid %d", p->p_pid);
895 /* security check done above */
897 * It would be nice if the tracing relationship was separate
898 * from the parent relationship but that would require
899 * another set of links in the proc struct or for "wait"
900 * to scan the entire proc table. To make life easier,
901 * we just re-parent the process we're trying to trace.
902 * The old parent is remembered so we can put things back
905 proc_set_traced(p, true);
906 proc_reparent(p, td->td_proc, false);
907 CTR2(KTR_PTRACE, "PT_ATTACH: pid %d, oppid %d", p->p_pid,
910 sx_xunlock(&proctree_lock);
911 proctree_locked = false;
912 MPASS(p->p_xthread == NULL);
913 MPASS((p->p_flag & P_STOPPED_TRACE) == 0);
916 * If already stopped due to a stop signal, clear the
917 * existing stop before triggering a traced SIGSTOP.
919 if ((p->p_flag & P_STOPPED_SIG) != 0) {
921 p->p_flag &= ~(P_STOPPED_SIG | P_WAITED);
926 kern_psignal(p, SIGSTOP);
930 CTR2(KTR_PTRACE, "PT_CLEARSTEP: tid %d (pid %d)", td2->td_tid,
932 error = ptrace_clear_single_step(td2);
936 CTR2(KTR_PTRACE, "PT_SETSTEP: tid %d (pid %d)", td2->td_tid,
938 error = ptrace_single_step(td2);
942 CTR2(KTR_PTRACE, "PT_SUSPEND: tid %d (pid %d)", td2->td_tid,
944 td2->td_dbgflags |= TDB_SUSPEND;
946 td2->td_flags |= TDF_NEEDSUSPCHK;
951 CTR2(KTR_PTRACE, "PT_RESUME: tid %d (pid %d)", td2->td_tid,
953 td2->td_dbgflags &= ~TDB_SUSPEND;
957 CTR3(KTR_PTRACE, "PT_FOLLOW_FORK: pid %d %s -> %s", p->p_pid,
958 p->p_ptevents & PTRACE_FORK ? "enabled" : "disabled",
959 data ? "enabled" : "disabled");
961 p->p_ptevents |= PTRACE_FORK;
963 p->p_ptevents &= ~PTRACE_FORK;
967 CTR3(KTR_PTRACE, "PT_LWP_EVENTS: pid %d %s -> %s", p->p_pid,
968 p->p_ptevents & PTRACE_LWP ? "enabled" : "disabled",
969 data ? "enabled" : "disabled");
971 p->p_ptevents |= PTRACE_LWP;
973 p->p_ptevents &= ~PTRACE_LWP;
976 case PT_GET_EVENT_MASK:
977 if (data != sizeof(p->p_ptevents)) {
981 CTR2(KTR_PTRACE, "PT_GET_EVENT_MASK: pid %d mask %#x", p->p_pid,
983 *(int *)addr = p->p_ptevents;
986 case PT_SET_EVENT_MASK:
987 if (data != sizeof(p->p_ptevents)) {
992 if ((tmp & ~(PTRACE_EXEC | PTRACE_SCE | PTRACE_SCX |
993 PTRACE_FORK | PTRACE_LWP | PTRACE_VFORK)) != 0) {
997 CTR3(KTR_PTRACE, "PT_SET_EVENT_MASK: pid %d mask %#x -> %#x",
998 p->p_pid, p->p_ptevents, tmp);
1002 case PT_GET_SC_ARGS:
1003 CTR1(KTR_PTRACE, "PT_GET_SC_ARGS: pid %d", p->p_pid);
1004 if ((td2->td_dbgflags & (TDB_SCE | TDB_SCX)) == 0
1005 #ifdef COMPAT_FREEBSD32
1006 || (wrap32 && !safe)
1012 bzero(addr, sizeof(td2->td_sa.args));
1013 /* See the explanation in linux_ptrace_get_syscall_info(). */
1014 bcopy(td2->td_sa.args, addr, SV_PROC_ABI(td->td_proc) ==
1015 SV_ABI_LINUX ? sizeof(td2->td_sa.args) :
1016 td2->td_sa.callp->sy_narg * sizeof(register_t));
1020 if ((td2->td_dbgflags & (TDB_SCX)) == 0
1021 #ifdef COMPAT_FREEBSD32
1022 || (wrap32 && !safe)
1029 bzero(psr, sizeof(*psr));
1030 psr->sr_error = td2->td_errno;
1031 if (psr->sr_error == 0) {
1032 psr->sr_retval[0] = td2->td_retval[0];
1033 psr->sr_retval[1] = td2->td_retval[1];
1036 "PT_GET_SC_RET: pid %d error %d retval %#lx,%#lx",
1037 p->p_pid, psr->sr_error, psr->sr_retval[0],
1047 /* Zero means do not send any signal */
1048 if (data < 0 || data > _SIG_MAXSIG) {
1055 CTR3(KTR_PTRACE, "PT_STEP: tid %d (pid %d), sig = %d",
1056 td2->td_tid, p->p_pid, data);
1057 error = ptrace_single_step(td2);
1065 if (addr != (void *)1) {
1066 error = ptrace_set_pc(td2,
1067 (u_long)(uintfptr_t)addr);
1073 p->p_ptevents |= PTRACE_SCE;
1075 "PT_TO_SCE: pid %d, events = %#x, PC = %#lx, sig = %d",
1076 p->p_pid, p->p_ptevents,
1077 (u_long)(uintfptr_t)addr, data);
1080 p->p_ptevents |= PTRACE_SCX;
1082 "PT_TO_SCX: pid %d, events = %#x, PC = %#lx, sig = %d",
1083 p->p_pid, p->p_ptevents,
1084 (u_long)(uintfptr_t)addr, data);
1087 p->p_ptevents |= PTRACE_SYSCALL;
1089 "PT_SYSCALL: pid %d, events = %#x, PC = %#lx, sig = %d",
1090 p->p_pid, p->p_ptevents,
1091 (u_long)(uintfptr_t)addr, data);
1095 "PT_CONTINUE: pid %d, PC = %#lx, sig = %d",
1096 p->p_pid, (u_long)(uintfptr_t)addr, data);
1102 * Clear P_TRACED before reparenting
1103 * a detached process back to its original
1104 * parent. Otherwise the debugee will be set
1105 * as an orphan of the debugger.
1107 p->p_flag &= ~(P_TRACED | P_WAITED);
1110 * Reset the process parent.
1112 if (p->p_oppid != p->p_pptr->p_pid) {
1113 PROC_LOCK(p->p_pptr);
1114 sigqueue_take(p->p_ksi);
1115 PROC_UNLOCK(p->p_pptr);
1117 pp = proc_realparent(p);
1118 proc_reparent(p, pp, false);
1120 p->p_sigparent = SIGCHLD;
1122 "PT_DETACH: pid %d reparented to pid %d, sig %d",
1123 p->p_pid, pp->p_pid, data);
1125 CTR2(KTR_PTRACE, "PT_DETACH: pid %d, sig %d",
1130 FOREACH_THREAD_IN_PROC(p, td3) {
1131 if ((td3->td_dbgflags & TDB_FSTP) != 0) {
1132 sigqueue_delete(&td3->td_sigqueue,
1135 td3->td_dbgflags &= ~(TDB_XSIG | TDB_FSTP |
1139 if ((p->p_flag2 & P2_PTRACE_FSTP) != 0) {
1140 sigqueue_delete(&p->p_sigqueue, SIGSTOP);
1141 p->p_flag2 &= ~P2_PTRACE_FSTP;
1144 /* should we send SIGCHLD? */
1145 /* childproc_continued(p); */
1149 sx_xunlock(&proctree_lock);
1150 proctree_locked = false;
1153 MPASS(!proctree_locked);
1156 * Clear the pending event for the thread that just
1157 * reported its event (p_xthread). This may not be
1158 * the thread passed to PT_CONTINUE, PT_STEP, etc. if
1159 * the debugger is resuming a different thread.
1161 * Deliver any pending signal via the reporting thread.
1163 MPASS(p->p_xthread != NULL);
1164 p->p_xthread->td_dbgflags &= ~TDB_XSIG;
1165 p->p_xthread->td_xsig = data;
1166 p->p_xthread = NULL;
1170 * P_WKILLED is insurance that a PT_KILL/SIGKILL
1171 * always works immediately, even if another thread is
1172 * unsuspended first and attempts to handle a
1173 * different signal or if the POSIX.1b style signal
1174 * queue cannot accommodate any new signals.
1176 if (data == SIGKILL)
1180 * Unsuspend all threads. To leave a thread
1181 * suspended, use PT_SUSPEND to suspend it before
1182 * continuing the process.
1184 ptrace_unsuspend(p);
1189 td2->td_dbgflags |= TDB_USERWR;
1192 if (proc_writemem(td, p, (off_t)(uintptr_t)addr, &data,
1193 sizeof(int)) != sizeof(int))
1196 CTR3(KTR_PTRACE, "PT_WRITE: pid %d: %p <= %#x",
1197 p->p_pid, addr, data);
1205 if (proc_readmem(td, p, (off_t)(uintptr_t)addr, &tmp,
1206 sizeof(int)) != sizeof(int))
1209 CTR3(KTR_PTRACE, "PT_READ: pid %d: %p >= %#x",
1210 p->p_pid, addr, tmp);
1211 td->td_retval[0] = tmp;
1217 iov.iov_base = piod->piod_addr;
1218 iov.iov_len = piod->piod_len;
1219 uio.uio_offset = (off_t)(uintptr_t)piod->piod_offs;
1220 uio.uio_resid = piod->piod_len;
1223 uio.uio_segflg = UIO_USERSPACE;
1225 switch (piod->piod_op) {
1228 CTR3(KTR_PTRACE, "PT_IO: pid %d: READ (%p, %#x)",
1229 p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid);
1230 uio.uio_rw = UIO_READ;
1234 CTR3(KTR_PTRACE, "PT_IO: pid %d: WRITE (%p, %#x)",
1235 p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid);
1236 td2->td_dbgflags |= TDB_USERWR;
1237 uio.uio_rw = UIO_WRITE;
1244 error = proc_rwmem(p, &uio);
1245 piod->piod_len -= uio.uio_resid;
1250 CTR1(KTR_PTRACE, "PT_KILL: pid %d", p->p_pid);
1252 goto sendsig; /* in PT_CONTINUE above */
1255 CTR2(KTR_PTRACE, "PT_SETREGS: tid %d (pid %d)", td2->td_tid,
1257 td2->td_dbgflags |= TDB_USERWR;
1258 error = PROC_WRITE(regs, td2, addr);
1262 CTR2(KTR_PTRACE, "PT_GETREGS: tid %d (pid %d)", td2->td_tid,
1264 error = PROC_READ(regs, td2, addr);
1268 CTR2(KTR_PTRACE, "PT_SETFPREGS: tid %d (pid %d)", td2->td_tid,
1270 td2->td_dbgflags |= TDB_USERWR;
1271 error = PROC_WRITE(fpregs, td2, addr);
1275 CTR2(KTR_PTRACE, "PT_GETFPREGS: tid %d (pid %d)", td2->td_tid,
1277 error = PROC_READ(fpregs, td2, addr);
1281 CTR2(KTR_PTRACE, "PT_SETDBREGS: tid %d (pid %d)", td2->td_tid,
1283 td2->td_dbgflags |= TDB_USERWR;
1284 error = PROC_WRITE(dbregs, td2, addr);
1288 CTR2(KTR_PTRACE, "PT_GETDBREGS: tid %d (pid %d)", td2->td_tid,
1290 error = PROC_READ(dbregs, td2, addr);
1294 if (data <= 0 || data > sizeof(*pl)) {
1299 bzero(pl, sizeof(*pl));
1300 pl->pl_lwpid = td2->td_tid;
1301 pl->pl_event = PL_EVENT_NONE;
1303 if (td2->td_dbgflags & TDB_XSIG) {
1304 pl->pl_event = PL_EVENT_SIGNAL;
1305 if (td2->td_si.si_signo != 0 &&
1306 data >= offsetof(struct ptrace_lwpinfo, pl_siginfo)
1307 + sizeof(pl->pl_siginfo)){
1308 pl->pl_flags |= PL_FLAG_SI;
1309 pl->pl_siginfo = td2->td_si;
1312 if (td2->td_dbgflags & TDB_SCE)
1313 pl->pl_flags |= PL_FLAG_SCE;
1314 else if (td2->td_dbgflags & TDB_SCX)
1315 pl->pl_flags |= PL_FLAG_SCX;
1316 if (td2->td_dbgflags & TDB_EXEC)
1317 pl->pl_flags |= PL_FLAG_EXEC;
1318 if (td2->td_dbgflags & TDB_FORK) {
1319 pl->pl_flags |= PL_FLAG_FORKED;
1320 pl->pl_child_pid = td2->td_dbg_forked;
1321 if (td2->td_dbgflags & TDB_VFORK)
1322 pl->pl_flags |= PL_FLAG_VFORKED;
1323 } else if ((td2->td_dbgflags & (TDB_SCX | TDB_VFORK)) ==
1325 pl->pl_flags |= PL_FLAG_VFORK_DONE;
1326 if (td2->td_dbgflags & TDB_CHILD)
1327 pl->pl_flags |= PL_FLAG_CHILD;
1328 if (td2->td_dbgflags & TDB_BORN)
1329 pl->pl_flags |= PL_FLAG_BORN;
1330 if (td2->td_dbgflags & TDB_EXIT)
1331 pl->pl_flags |= PL_FLAG_EXITED;
1332 pl->pl_sigmask = td2->td_sigmask;
1333 pl->pl_siglist = td2->td_siglist;
1334 strcpy(pl->pl_tdname, td2->td_name);
1335 if ((td2->td_dbgflags & (TDB_SCE | TDB_SCX)) != 0) {
1336 pl->pl_syscall_code = td2->td_sa.code;
1337 pl->pl_syscall_narg = td2->td_sa.callp->sy_narg;
1339 pl->pl_syscall_code = 0;
1340 pl->pl_syscall_narg = 0;
1343 "PT_LWPINFO: tid %d (pid %d) event %d flags %#x child pid %d syscall %d",
1344 td2->td_tid, p->p_pid, pl->pl_event, pl->pl_flags,
1345 pl->pl_child_pid, pl->pl_syscall_code);
1349 CTR2(KTR_PTRACE, "PT_GETNUMLWPS: pid %d: %d threads", p->p_pid,
1351 td->td_retval[0] = p->p_numthreads;
1355 CTR3(KTR_PTRACE, "PT_GETLWPLIST: pid %d: data %d, actual %d",
1356 p->p_pid, data, p->p_numthreads);
1361 num = imin(p->p_numthreads, data);
1363 buf = malloc(num * sizeof(lwpid_t), M_TEMP, M_WAITOK);
1366 FOREACH_THREAD_IN_PROC(p, td2) {
1369 buf[tmp++] = td2->td_tid;
1372 error = copyout(buf, addr, tmp * sizeof(lwpid_t));
1375 td->td_retval[0] = tmp;
1379 case PT_VM_TIMESTAMP:
1380 CTR2(KTR_PTRACE, "PT_VM_TIMESTAMP: pid %d: timestamp %d",
1381 p->p_pid, p->p_vmspace->vm_map.timestamp);
1382 td->td_retval[0] = p->p_vmspace->vm_map.timestamp;
1387 error = ptrace_vm_entry(td, p, addr);
1393 CTR2(KTR_PTRACE, "PT_COREDUMP: pid %d, fd %d",
1394 p->p_pid, pc->pc_fd);
1396 if ((pc->pc_flags & ~(PC_COMPRESS | PC_ALL)) != 0) {
1402 tcq = malloc(sizeof(*tcq), M_TEMP, M_WAITOK | M_ZERO);
1404 error = fget_write(td, pc->pc_fd, &cap_write_rights, &fp);
1406 goto coredump_cleanup_nofp;
1407 if (fp->f_type != DTYPE_VNODE || fp->f_vnode->v_type != VREG) {
1409 goto coredump_cleanup;
1413 error = proc_can_ptrace(td, p);
1415 goto coredump_cleanup_locked;
1417 td2 = ptrace_sel_coredump_thread(p);
1420 goto coredump_cleanup_locked;
1422 KASSERT((td2->td_dbgflags & TDB_COREDUMPRQ) == 0,
1423 ("proc %d tid %d req coredump", p->p_pid, td2->td_tid));
1425 tcq->tc_vp = fp->f_vnode;
1426 tcq->tc_limit = pc->pc_limit == 0 ? OFF_MAX : pc->pc_limit;
1427 tcq->tc_flags = SVC_PT_COREDUMP;
1428 if ((pc->pc_flags & PC_COMPRESS) == 0)
1429 tcq->tc_flags |= SVC_NOCOMPRESS;
1430 if ((pc->pc_flags & PC_ALL) != 0)
1431 tcq->tc_flags |= SVC_ALL;
1432 td2->td_coredump = tcq;
1433 td2->td_dbgflags |= TDB_COREDUMPRQ;
1434 thread_run_flash(td2);
1435 while ((td2->td_dbgflags & TDB_COREDUMPRQ) != 0)
1436 msleep(p, &p->p_mtx, PPAUSE, "crdmp", 0);
1437 error = tcq->tc_error;
1438 coredump_cleanup_locked:
1442 coredump_cleanup_nofp:
1448 #ifdef __HAVE_PTRACE_MACHDEP
1449 if (req >= PT_FIRSTMACH) {
1451 error = cpu_ptrace(td2, req, addr, data);
1455 /* Unknown request. */
1460 /* Drop our hold on this process now that the request has completed. */
1464 if ((p->p_flag2 & P2_PTRACEREQ) != 0)
1465 wakeup(&p->p_flag2);
1466 p->p_flag2 &= ~P2_PTRACEREQ;
1469 if (proctree_locked)
1470 sx_xunlock(&proctree_lock);