2 * SPDX-License-Identifier: BSD-4-Clause
4 * Copyright (c) 1994, Sean Eric Fagan
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software
16 * must display the following acknowledgement:
17 * This product includes software developed by Sean Eric Fagan.
18 * 4. The name of the author may not be used to endorse or promote products
19 * derived from this software without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
37 #include <sys/param.h>
38 #include <sys/systm.h>
40 #include <sys/limits.h>
42 #include <sys/mutex.h>
43 #include <sys/syscallsubr.h>
44 #include <sys/sysent.h>
45 #include <sys/sysproto.h>
48 #include <sys/vnode.h>
49 #include <sys/ptrace.h>
50 #include <sys/rwlock.h>
52 #include <sys/malloc.h>
53 #include <sys/signalvar.h>
55 #include <machine/reg.h>
57 #include <security/audit/audit.h>
61 #include <vm/vm_extern.h>
62 #include <vm/vm_map.h>
63 #include <vm/vm_kern.h>
64 #include <vm/vm_object.h>
65 #include <vm/vm_page.h>
66 #include <vm/vm_param.h>
68 #ifdef COMPAT_FREEBSD32
69 #include <sys/procfs.h>
70 #include <compat/freebsd32/freebsd32_signal.h>
72 struct ptrace_io_desc32 {
79 struct ptrace_sc_ret32 {
80 uint32_t sr_retval[2];
84 struct ptrace_vm_entry32 {
99 * Functions implemented using PROC_ACTION():
101 * proc_read_regs(proc, regs)
102 * Get the current user-visible register set from the process
103 * and copy it into the regs structure (<machine/reg.h>).
104 * The process is stopped at the time read_regs is called.
106 * proc_write_regs(proc, regs)
107 * Update the current register set from the passed in regs
108 * structure. Take care to avoid clobbering special CPU
109 * registers or privileged bits in the PSL.
110 * Depending on the architecture this may have fix-up work to do,
111 * especially if the IAR or PCW are modified.
112 * The process is stopped at the time write_regs is called.
114 * proc_read_fpregs, proc_write_fpregs
115 * deal with the floating point register set, otherwise as above.
117 * proc_read_dbregs, proc_write_dbregs
118 * deal with the processor debug register set, otherwise as above.
121 * Arrange for the process to trap after executing a single instruction.
124 #define PROC_ACTION(action) do { \
127 PROC_LOCK_ASSERT(td->td_proc, MA_OWNED); \
128 if ((td->td_proc->p_flag & P_INMEM) == 0) \
136 proc_read_regs(struct thread *td, struct reg *regs)
139 PROC_ACTION(fill_regs(td, regs));
143 proc_write_regs(struct thread *td, struct reg *regs)
146 PROC_ACTION(set_regs(td, regs));
150 proc_read_dbregs(struct thread *td, struct dbreg *dbregs)
153 PROC_ACTION(fill_dbregs(td, dbregs));
157 proc_write_dbregs(struct thread *td, struct dbreg *dbregs)
160 PROC_ACTION(set_dbregs(td, dbregs));
164 * Ptrace doesn't support fpregs at all, and there are no security holes
165 * or translations for fpregs, so we can just copy them.
168 proc_read_fpregs(struct thread *td, struct fpreg *fpregs)
171 PROC_ACTION(fill_fpregs(td, fpregs));
175 proc_write_fpregs(struct thread *td, struct fpreg *fpregs)
178 PROC_ACTION(set_fpregs(td, fpregs));
181 #ifdef COMPAT_FREEBSD32
182 /* For 32 bit binaries, we need to expose the 32 bit regs layouts. */
184 proc_read_regs32(struct thread *td, struct reg32 *regs32)
187 PROC_ACTION(fill_regs32(td, regs32));
191 proc_write_regs32(struct thread *td, struct reg32 *regs32)
194 PROC_ACTION(set_regs32(td, regs32));
198 proc_read_dbregs32(struct thread *td, struct dbreg32 *dbregs32)
201 PROC_ACTION(fill_dbregs32(td, dbregs32));
205 proc_write_dbregs32(struct thread *td, struct dbreg32 *dbregs32)
208 PROC_ACTION(set_dbregs32(td, dbregs32));
212 proc_read_fpregs32(struct thread *td, struct fpreg32 *fpregs32)
215 PROC_ACTION(fill_fpregs32(td, fpregs32));
219 proc_write_fpregs32(struct thread *td, struct fpreg32 *fpregs32)
222 PROC_ACTION(set_fpregs32(td, fpregs32));
227 proc_sstep(struct thread *td)
230 PROC_ACTION(ptrace_single_step(td));
234 proc_rwmem(struct proc *p, struct uio *uio)
237 vm_offset_t pageno; /* page number */
239 int error, fault_flags, page_offset, writing;
242 * Assert that someone has locked this vmspace. (Should be
243 * curthread but we can't assert that.) This keeps the process
244 * from exiting out from under us until this operation completes.
247 PROC_LOCK_ASSERT(p, MA_NOTOWNED);
252 map = &p->p_vmspace->vm_map;
255 * If we are writing, then we request vm_fault() to create a private
256 * copy of each page. Since these copies will not be writeable by the
257 * process, we must explicity request that they be dirtied.
259 writing = uio->uio_rw == UIO_WRITE;
260 reqprot = writing ? VM_PROT_COPY | VM_PROT_READ : VM_PROT_READ;
261 fault_flags = writing ? VM_FAULT_DIRTY : VM_FAULT_NORMAL;
264 * Only map in one page at a time. We don't have to, but it
265 * makes things easier. This way is trivial - right?
272 uva = (vm_offset_t)uio->uio_offset;
275 * Get the page number of this segment.
277 pageno = trunc_page(uva);
278 page_offset = uva - pageno;
281 * How many bytes to copy
283 len = min(PAGE_SIZE - page_offset, uio->uio_resid);
286 * Fault and hold the page on behalf of the process.
288 error = vm_fault(map, pageno, reqprot, fault_flags, &m);
289 if (error != KERN_SUCCESS) {
290 if (error == KERN_RESOURCE_SHORTAGE)
298 * Now do the i/o move.
300 error = uiomove_fromphys(&m, page_offset, len, uio);
302 /* Make the I-cache coherent for breakpoints. */
303 if (writing && error == 0) {
304 vm_map_lock_read(map);
305 if (vm_map_check_protection(map, pageno, pageno +
306 PAGE_SIZE, VM_PROT_EXECUTE))
307 vm_sync_icache(map, uva, len);
308 vm_map_unlock_read(map);
314 vm_page_unwire(m, PQ_ACTIVE);
316 } while (error == 0 && uio->uio_resid > 0);
322 proc_iop(struct thread *td, struct proc *p, vm_offset_t va, void *buf,
323 size_t len, enum uio_rw rw)
329 MPASS(len < SSIZE_MAX);
332 iov.iov_base = (caddr_t)buf;
337 uio.uio_resid = slen;
338 uio.uio_segflg = UIO_SYSSPACE;
342 if (uio.uio_resid == slen)
344 return (slen - uio.uio_resid);
348 proc_readmem(struct thread *td, struct proc *p, vm_offset_t va, void *buf,
352 return (proc_iop(td, p, va, buf, len, UIO_READ));
356 proc_writemem(struct thread *td, struct proc *p, vm_offset_t va, void *buf,
360 return (proc_iop(td, p, va, buf, len, UIO_WRITE));
364 ptrace_vm_entry(struct thread *td, struct proc *p, struct ptrace_vm_entry *pve)
368 vm_map_entry_t entry;
369 vm_object_t obj, tobj, lobj;
372 char *freepath, *fullpath;
379 vm = vmspace_acquire_ref(p);
381 vm_map_lock_read(map);
384 KASSERT((map->header.eflags & MAP_ENTRY_IS_SUB_MAP) == 0,
385 ("Submap in map header"));
387 VM_MAP_ENTRY_FOREACH(entry, map) {
388 if (index >= pve->pve_entry &&
389 (entry->eflags & MAP_ENTRY_IS_SUB_MAP) == 0)
393 if (index < pve->pve_entry) {
397 if (entry == &map->header) {
402 /* We got an entry. */
403 pve->pve_entry = index + 1;
404 pve->pve_timestamp = map->timestamp;
405 pve->pve_start = entry->start;
406 pve->pve_end = entry->end - 1;
407 pve->pve_offset = entry->offset;
408 pve->pve_prot = entry->protection;
410 /* Backing object's path needed? */
411 if (pve->pve_pathlen == 0)
414 pathlen = pve->pve_pathlen;
415 pve->pve_pathlen = 0;
417 obj = entry->object.vm_object;
419 VM_OBJECT_RLOCK(obj);
422 vm_map_unlock_read(map);
424 pve->pve_fsid = VNOVAL;
425 pve->pve_fileid = VNOVAL;
427 if (error == 0 && obj != NULL) {
429 for (tobj = obj; tobj != NULL; tobj = tobj->backing_object) {
431 VM_OBJECT_RLOCK(tobj);
433 VM_OBJECT_RUNLOCK(lobj);
435 pve->pve_offset += tobj->backing_object_offset;
437 vp = vm_object_vnode(lobj);
441 VM_OBJECT_RUNLOCK(lobj);
442 VM_OBJECT_RUNLOCK(obj);
447 vn_fullpath(td, vp, &fullpath, &freepath);
448 vn_lock(vp, LK_SHARED | LK_RETRY);
449 if (VOP_GETATTR(vp, &vattr, td->td_ucred) == 0) {
450 pve->pve_fileid = vattr.va_fileid;
451 pve->pve_fsid = vattr.va_fsid;
455 if (fullpath != NULL) {
456 pve->pve_pathlen = strlen(fullpath) + 1;
457 if (pve->pve_pathlen <= pathlen) {
458 error = copyout(fullpath, pve->pve_path,
461 error = ENAMETOOLONG;
463 if (freepath != NULL)
464 free(freepath, M_TEMP);
469 CTR3(KTR_PTRACE, "PT_VM_ENTRY: pid %d, entry %d, start %p",
470 p->p_pid, pve->pve_entry, pve->pve_start);
475 #ifdef COMPAT_FREEBSD32
477 ptrace_vm_entry32(struct thread *td, struct proc *p,
478 struct ptrace_vm_entry32 *pve32)
480 struct ptrace_vm_entry pve;
483 pve.pve_entry = pve32->pve_entry;
484 pve.pve_pathlen = pve32->pve_pathlen;
485 pve.pve_path = (void *)(uintptr_t)pve32->pve_path;
487 error = ptrace_vm_entry(td, p, &pve);
489 pve32->pve_entry = pve.pve_entry;
490 pve32->pve_timestamp = pve.pve_timestamp;
491 pve32->pve_start = pve.pve_start;
492 pve32->pve_end = pve.pve_end;
493 pve32->pve_offset = pve.pve_offset;
494 pve32->pve_prot = pve.pve_prot;
495 pve32->pve_fileid = pve.pve_fileid;
496 pve32->pve_fsid = pve.pve_fsid;
499 pve32->pve_pathlen = pve.pve_pathlen;
504 ptrace_lwpinfo_to32(const struct ptrace_lwpinfo *pl,
505 struct ptrace_lwpinfo32 *pl32)
508 bzero(pl32, sizeof(*pl32));
509 pl32->pl_lwpid = pl->pl_lwpid;
510 pl32->pl_event = pl->pl_event;
511 pl32->pl_flags = pl->pl_flags;
512 pl32->pl_sigmask = pl->pl_sigmask;
513 pl32->pl_siglist = pl->pl_siglist;
514 siginfo_to_siginfo32(&pl->pl_siginfo, &pl32->pl_siginfo);
515 strcpy(pl32->pl_tdname, pl->pl_tdname);
516 pl32->pl_child_pid = pl->pl_child_pid;
517 pl32->pl_syscall_code = pl->pl_syscall_code;
518 pl32->pl_syscall_narg = pl->pl_syscall_narg;
522 ptrace_sc_ret_to32(const struct ptrace_sc_ret *psr,
523 struct ptrace_sc_ret32 *psr32)
526 bzero(psr32, sizeof(*psr32));
527 psr32->sr_retval[0] = psr->sr_retval[0];
528 psr32->sr_retval[1] = psr->sr_retval[1];
529 psr32->sr_error = psr->sr_error;
531 #endif /* COMPAT_FREEBSD32 */
534 * Process debugging system call.
536 #ifndef _SYS_SYSPROTO_H_
545 #ifdef COMPAT_FREEBSD32
547 * This CPP subterfuge is to try and reduce the number of ifdefs in
548 * the body of the code.
549 * COPYIN(uap->addr, &r.reg, sizeof r.reg);
551 * copyin(uap->addr, &r.reg, sizeof r.reg);
553 * copyin(uap->addr, &r.reg32, sizeof r.reg32);
554 * .. except this is done at runtime.
556 #define BZERO(a, s) wrap32 ? \
557 bzero(a ## 32, s ## 32) : \
559 #define COPYIN(u, k, s) wrap32 ? \
560 copyin(u, k ## 32, s ## 32) : \
562 #define COPYOUT(k, u, s) wrap32 ? \
563 copyout(k ## 32, u, s ## 32) : \
566 #define BZERO(a, s) bzero(a, s)
567 #define COPYIN(u, k, s) copyin(u, k, s)
568 #define COPYOUT(k, u, s) copyout(k, u, s)
571 sys_ptrace(struct thread *td, struct ptrace_args *uap)
574 * XXX this obfuscation is to reduce stack usage, but the register
575 * structs may be too large to put on the stack anyway.
578 struct ptrace_io_desc piod;
579 struct ptrace_lwpinfo pl;
580 struct ptrace_vm_entry pve;
584 #ifdef COMPAT_FREEBSD32
585 struct dbreg32 dbreg32;
586 struct fpreg32 fpreg32;
588 struct ptrace_io_desc32 piod32;
589 struct ptrace_lwpinfo32 pl32;
590 struct ptrace_vm_entry32 pve32;
592 char args[sizeof(td->td_sa.args)];
593 struct ptrace_sc_ret psr;
598 #ifdef COMPAT_FREEBSD32
601 if (SV_CURPROC_FLAG(SV_ILP32))
604 AUDIT_ARG_PID(uap->pid);
605 AUDIT_ARG_CMD(uap->req);
606 AUDIT_ARG_VALUE(uap->data);
609 case PT_GET_EVENT_MASK:
615 BZERO(&r.reg, sizeof r.reg);
618 BZERO(&r.fpreg, sizeof r.fpreg);
621 BZERO(&r.dbreg, sizeof r.dbreg);
624 error = COPYIN(uap->addr, &r.reg, sizeof r.reg);
627 error = COPYIN(uap->addr, &r.fpreg, sizeof r.fpreg);
630 error = COPYIN(uap->addr, &r.dbreg, sizeof r.dbreg);
632 case PT_SET_EVENT_MASK:
633 if (uap->data != sizeof(r.ptevents))
636 error = copyin(uap->addr, &r.ptevents, uap->data);
639 error = COPYIN(uap->addr, &r.piod, sizeof r.piod);
642 error = COPYIN(uap->addr, &r.pve, sizeof r.pve);
651 error = kern_ptrace(td, uap->req, uap->pid, addr, uap->data);
657 error = COPYOUT(&r.pve, uap->addr, sizeof r.pve);
660 error = COPYOUT(&r.piod, uap->addr, sizeof r.piod);
663 error = COPYOUT(&r.reg, uap->addr, sizeof r.reg);
666 error = COPYOUT(&r.fpreg, uap->addr, sizeof r.fpreg);
669 error = COPYOUT(&r.dbreg, uap->addr, sizeof r.dbreg);
671 case PT_GET_EVENT_MASK:
672 /* NB: The size in uap->data is validated in kern_ptrace(). */
673 error = copyout(&r.ptevents, uap->addr, uap->data);
676 /* NB: The size in uap->data is validated in kern_ptrace(). */
677 error = copyout(&r.pl, uap->addr, uap->data);
680 error = copyout(r.args, uap->addr, MIN(uap->data,
684 error = copyout(&r.psr, uap->addr, MIN(uap->data,
695 #ifdef COMPAT_FREEBSD32
697 * PROC_READ(regs, td2, addr);
699 * proc_read_regs(td2, addr);
701 * proc_read_regs32(td2, addr);
702 * .. except this is done at runtime. There is an additional
703 * complication in that PROC_WRITE disallows 32 bit consumers
704 * from writing to 64 bit address space targets.
706 #define PROC_READ(w, t, a) wrap32 ? \
707 proc_read_ ## w ## 32(t, a) : \
708 proc_read_ ## w (t, a)
709 #define PROC_WRITE(w, t, a) wrap32 ? \
710 (safe ? proc_write_ ## w ## 32(t, a) : EINVAL ) : \
711 proc_write_ ## w (t, a)
713 #define PROC_READ(w, t, a) proc_read_ ## w (t, a)
714 #define PROC_WRITE(w, t, a) proc_write_ ## w (t, a)
718 proc_set_traced(struct proc *p, bool stop)
721 sx_assert(&proctree_lock, SX_XLOCKED);
722 PROC_LOCK_ASSERT(p, MA_OWNED);
723 p->p_flag |= P_TRACED;
725 p->p_flag2 |= P2_PTRACE_FSTP;
726 p->p_ptevents = PTRACE_DEFAULT;
730 kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
734 struct proc *curp, *p, *pp;
735 struct thread *td2 = NULL, *td3;
736 struct ptrace_io_desc *piod = NULL;
737 struct ptrace_lwpinfo *pl;
738 struct ptrace_sc_ret *psr;
740 int proctree_locked = 0;
741 lwpid_t tid = 0, *buf;
742 #ifdef COMPAT_FREEBSD32
743 int wrap32 = 0, safe = 0;
744 struct ptrace_io_desc32 *piod32 = NULL;
745 struct ptrace_lwpinfo32 *pl32 = NULL;
746 struct ptrace_sc_ret32 *psr32 = NULL;
748 struct ptrace_lwpinfo pl;
749 struct ptrace_sc_ret psr;
755 /* Lock proctree before locking the process. */
766 case PT_GET_EVENT_MASK:
767 case PT_SET_EVENT_MASK:
770 sx_xlock(&proctree_lock);
777 if (req == PT_TRACE_ME) {
781 if (pid <= PID_MAX) {
782 if ((p = pfind(pid)) == NULL) {
784 sx_xunlock(&proctree_lock);
788 td2 = tdfind(pid, -1);
791 sx_xunlock(&proctree_lock);
799 AUDIT_ARG_PROCESS(p);
801 if ((p->p_flag & P_WEXIT) != 0) {
805 if ((error = p_cansee(td, p)) != 0)
808 if ((error = p_candebug(td, p)) != 0)
812 * System processes can't be debugged.
814 if ((p->p_flag & P_SYSTEM) != 0) {
820 if ((p->p_flag & P_STOPPED_TRACE) != 0) {
821 KASSERT(p->p_xthread != NULL, ("NULL p_xthread"));
824 td2 = FIRST_THREAD_IN_PROC(p);
829 #ifdef COMPAT_FREEBSD32
831 * Test if we're a 32 bit client and what the target is.
832 * Set the wrap controls accordingly.
834 if (SV_CURPROC_FLAG(SV_ILP32)) {
835 if (SV_PROC_FLAG(td2->td_proc, SV_ILP32))
846 * Always legal, when there is a parent process which
847 * could trace us. Otherwise, reject.
849 if ((p->p_flag & P_TRACED) != 0) {
853 if (p->p_pptr == initproc) {
861 if (p == td->td_proc) {
867 if (p->p_flag & P_TRACED) {
872 /* Can't trace an ancestor if you're being traced. */
873 if (curp->p_flag & P_TRACED) {
874 for (pp = curp->p_pptr; pp != NULL; pp = pp->p_pptr) {
886 /* Allow thread to clear single step for itself */
887 if (td->td_tid == tid)
892 /* not being traced... */
893 if ((p->p_flag & P_TRACED) == 0) {
898 /* not being traced by YOU */
899 if (p->p_pptr != td->td_proc) {
904 /* not currently stopped */
905 if ((p->p_flag & P_STOPPED_TRACE) == 0 ||
906 p->p_suspcount != p->p_numthreads ||
907 (p->p_flag & P_WAITED) == 0) {
916 /* Keep this process around until we finish this request. */
921 * Single step fixup ala procfs
927 * Actually do the requests
930 td->td_retval[0] = 0;
934 /* set my trace flag and "owner" so it can read/write me */
935 proc_set_traced(p, false);
936 if (p->p_flag & P_PPWAIT)
937 p->p_flag |= P_PPTRACE;
938 CTR1(KTR_PTRACE, "PT_TRACE_ME: pid %d", p->p_pid);
942 /* security check done above */
944 * It would be nice if the tracing relationship was separate
945 * from the parent relationship but that would require
946 * another set of links in the proc struct or for "wait"
947 * to scan the entire proc table. To make life easier,
948 * we just re-parent the process we're trying to trace.
949 * The old parent is remembered so we can put things back
952 proc_set_traced(p, true);
953 proc_reparent(p, td->td_proc, false);
954 CTR2(KTR_PTRACE, "PT_ATTACH: pid %d, oppid %d", p->p_pid,
957 sx_xunlock(&proctree_lock);
959 MPASS(p->p_xthread == NULL);
960 MPASS((p->p_flag & P_STOPPED_TRACE) == 0);
963 * If already stopped due to a stop signal, clear the
964 * existing stop before triggering a traced SIGSTOP.
966 if ((p->p_flag & P_STOPPED_SIG) != 0) {
968 p->p_flag &= ~(P_STOPPED_SIG | P_WAITED);
973 kern_psignal(p, SIGSTOP);
977 CTR2(KTR_PTRACE, "PT_CLEARSTEP: tid %d (pid %d)", td2->td_tid,
979 error = ptrace_clear_single_step(td2);
983 CTR2(KTR_PTRACE, "PT_SETSTEP: tid %d (pid %d)", td2->td_tid,
985 error = ptrace_single_step(td2);
989 CTR2(KTR_PTRACE, "PT_SUSPEND: tid %d (pid %d)", td2->td_tid,
991 td2->td_dbgflags |= TDB_SUSPEND;
993 td2->td_flags |= TDF_NEEDSUSPCHK;
998 CTR2(KTR_PTRACE, "PT_RESUME: tid %d (pid %d)", td2->td_tid,
1000 td2->td_dbgflags &= ~TDB_SUSPEND;
1003 case PT_FOLLOW_FORK:
1004 CTR3(KTR_PTRACE, "PT_FOLLOW_FORK: pid %d %s -> %s", p->p_pid,
1005 p->p_ptevents & PTRACE_FORK ? "enabled" : "disabled",
1006 data ? "enabled" : "disabled");
1008 p->p_ptevents |= PTRACE_FORK;
1010 p->p_ptevents &= ~PTRACE_FORK;
1014 CTR3(KTR_PTRACE, "PT_LWP_EVENTS: pid %d %s -> %s", p->p_pid,
1015 p->p_ptevents & PTRACE_LWP ? "enabled" : "disabled",
1016 data ? "enabled" : "disabled");
1018 p->p_ptevents |= PTRACE_LWP;
1020 p->p_ptevents &= ~PTRACE_LWP;
1023 case PT_GET_EVENT_MASK:
1024 if (data != sizeof(p->p_ptevents)) {
1028 CTR2(KTR_PTRACE, "PT_GET_EVENT_MASK: pid %d mask %#x", p->p_pid,
1030 *(int *)addr = p->p_ptevents;
1033 case PT_SET_EVENT_MASK:
1034 if (data != sizeof(p->p_ptevents)) {
1039 if ((tmp & ~(PTRACE_EXEC | PTRACE_SCE | PTRACE_SCX |
1040 PTRACE_FORK | PTRACE_LWP | PTRACE_VFORK)) != 0) {
1044 CTR3(KTR_PTRACE, "PT_SET_EVENT_MASK: pid %d mask %#x -> %#x",
1045 p->p_pid, p->p_ptevents, tmp);
1046 p->p_ptevents = tmp;
1049 case PT_GET_SC_ARGS:
1050 CTR1(KTR_PTRACE, "PT_GET_SC_ARGS: pid %d", p->p_pid);
1051 if ((td2->td_dbgflags & (TDB_SCE | TDB_SCX)) == 0
1052 #ifdef COMPAT_FREEBSD32
1053 || (wrap32 && !safe)
1059 bzero(addr, sizeof(td2->td_sa.args));
1060 #ifdef COMPAT_FREEBSD32
1062 for (num = 0; num < nitems(td2->td_sa.args); num++)
1063 ((uint32_t *)addr)[num] = (uint32_t)
1064 td2->td_sa.args[num];
1067 bcopy(td2->td_sa.args, addr, td2->td_sa.narg *
1068 sizeof(register_t));
1072 if ((td2->td_dbgflags & (TDB_SCX)) == 0
1073 #ifdef COMPAT_FREEBSD32
1074 || (wrap32 && !safe)
1080 #ifdef COMPAT_FREEBSD32
1087 bzero(psr, sizeof(*psr));
1088 psr->sr_error = td2->td_errno;
1089 if (psr->sr_error == 0) {
1090 psr->sr_retval[0] = td2->td_retval[0];
1091 psr->sr_retval[1] = td2->td_retval[1];
1093 #ifdef COMPAT_FREEBSD32
1095 ptrace_sc_ret_to32(psr, psr32);
1098 "PT_GET_SC_RET: pid %d error %d retval %#lx,%#lx",
1099 p->p_pid, psr->sr_error, psr->sr_retval[0],
1109 /* Zero means do not send any signal */
1110 if (data < 0 || data > _SIG_MAXSIG) {
1117 CTR3(KTR_PTRACE, "PT_STEP: tid %d (pid %d), sig = %d",
1118 td2->td_tid, p->p_pid, data);
1119 error = ptrace_single_step(td2);
1127 if (addr != (void *)1) {
1128 error = ptrace_set_pc(td2,
1129 (u_long)(uintfptr_t)addr);
1135 p->p_ptevents |= PTRACE_SCE;
1137 "PT_TO_SCE: pid %d, events = %#x, PC = %#lx, sig = %d",
1138 p->p_pid, p->p_ptevents,
1139 (u_long)(uintfptr_t)addr, data);
1142 p->p_ptevents |= PTRACE_SCX;
1144 "PT_TO_SCX: pid %d, events = %#x, PC = %#lx, sig = %d",
1145 p->p_pid, p->p_ptevents,
1146 (u_long)(uintfptr_t)addr, data);
1149 p->p_ptevents |= PTRACE_SYSCALL;
1151 "PT_SYSCALL: pid %d, events = %#x, PC = %#lx, sig = %d",
1152 p->p_pid, p->p_ptevents,
1153 (u_long)(uintfptr_t)addr, data);
1157 "PT_CONTINUE: pid %d, PC = %#lx, sig = %d",
1158 p->p_pid, (u_long)(uintfptr_t)addr, data);
1164 * Reset the process parent.
1166 * NB: This clears P_TRACED before reparenting
1167 * a detached process back to its original
1168 * parent. Otherwise the debugee will be set
1169 * as an orphan of the debugger.
1171 p->p_flag &= ~(P_TRACED | P_WAITED);
1172 if (p->p_oppid != p->p_pptr->p_pid) {
1173 PROC_LOCK(p->p_pptr);
1174 sigqueue_take(p->p_ksi);
1175 PROC_UNLOCK(p->p_pptr);
1177 pp = proc_realparent(p);
1178 proc_reparent(p, pp, false);
1180 p->p_sigparent = SIGCHLD;
1182 "PT_DETACH: pid %d reparented to pid %d, sig %d",
1183 p->p_pid, pp->p_pid, data);
1185 CTR2(KTR_PTRACE, "PT_DETACH: pid %d, sig %d",
1188 FOREACH_THREAD_IN_PROC(p, td3) {
1189 if ((td3->td_dbgflags & TDB_FSTP) != 0) {
1190 sigqueue_delete(&td3->td_sigqueue,
1193 td3->td_dbgflags &= ~(TDB_XSIG | TDB_FSTP |
1197 if ((p->p_flag2 & P2_PTRACE_FSTP) != 0) {
1198 sigqueue_delete(&p->p_sigqueue, SIGSTOP);
1199 p->p_flag2 &= ~P2_PTRACE_FSTP;
1202 /* should we send SIGCHLD? */
1203 /* childproc_continued(p); */
1207 sx_xunlock(&proctree_lock);
1208 proctree_locked = 0;
1211 MPASS(proctree_locked == 0);
1214 * Clear the pending event for the thread that just
1215 * reported its event (p_xthread). This may not be
1216 * the thread passed to PT_CONTINUE, PT_STEP, etc. if
1217 * the debugger is resuming a different thread.
1219 * Deliver any pending signal via the reporting thread.
1221 MPASS(p->p_xthread != NULL);
1222 p->p_xthread->td_dbgflags &= ~TDB_XSIG;
1223 p->p_xthread->td_xsig = data;
1224 p->p_xthread = NULL;
1228 * P_WKILLED is insurance that a PT_KILL/SIGKILL
1229 * always works immediately, even if another thread is
1230 * unsuspended first and attempts to handle a
1231 * different signal or if the POSIX.1b style signal
1232 * queue cannot accommodate any new signals.
1234 if (data == SIGKILL)
1238 * Unsuspend all threads. To leave a thread
1239 * suspended, use PT_SUSPEND to suspend it before
1240 * continuing the process.
1243 p->p_flag &= ~(P_STOPPED_TRACE | P_STOPPED_SIG | P_WAITED);
1244 thread_unsuspend(p);
1250 td2->td_dbgflags |= TDB_USERWR;
1253 if (proc_writemem(td, p, (off_t)(uintptr_t)addr, &data,
1254 sizeof(int)) != sizeof(int))
1257 CTR3(KTR_PTRACE, "PT_WRITE: pid %d: %p <= %#x",
1258 p->p_pid, addr, data);
1266 if (proc_readmem(td, p, (off_t)(uintptr_t)addr, &tmp,
1267 sizeof(int)) != sizeof(int))
1270 CTR3(KTR_PTRACE, "PT_READ: pid %d: %p >= %#x",
1271 p->p_pid, addr, tmp);
1272 td->td_retval[0] = tmp;
1277 #ifdef COMPAT_FREEBSD32
1280 iov.iov_base = (void *)(uintptr_t)piod32->piod_addr;
1281 iov.iov_len = piod32->piod_len;
1282 uio.uio_offset = (off_t)(uintptr_t)piod32->piod_offs;
1283 uio.uio_resid = piod32->piod_len;
1288 iov.iov_base = piod->piod_addr;
1289 iov.iov_len = piod->piod_len;
1290 uio.uio_offset = (off_t)(uintptr_t)piod->piod_offs;
1291 uio.uio_resid = piod->piod_len;
1295 uio.uio_segflg = UIO_USERSPACE;
1297 #ifdef COMPAT_FREEBSD32
1298 tmp = wrap32 ? piod32->piod_op : piod->piod_op;
1300 tmp = piod->piod_op;
1305 CTR3(KTR_PTRACE, "PT_IO: pid %d: READ (%p, %#x)",
1306 p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid);
1307 uio.uio_rw = UIO_READ;
1311 CTR3(KTR_PTRACE, "PT_IO: pid %d: WRITE (%p, %#x)",
1312 p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid);
1313 td2->td_dbgflags |= TDB_USERWR;
1314 uio.uio_rw = UIO_WRITE;
1321 error = proc_rwmem(p, &uio);
1322 #ifdef COMPAT_FREEBSD32
1324 piod32->piod_len -= uio.uio_resid;
1327 piod->piod_len -= uio.uio_resid;
1332 CTR1(KTR_PTRACE, "PT_KILL: pid %d", p->p_pid);
1334 goto sendsig; /* in PT_CONTINUE above */
1337 CTR2(KTR_PTRACE, "PT_SETREGS: tid %d (pid %d)", td2->td_tid,
1339 td2->td_dbgflags |= TDB_USERWR;
1340 error = PROC_WRITE(regs, td2, addr);
1344 CTR2(KTR_PTRACE, "PT_GETREGS: tid %d (pid %d)", td2->td_tid,
1346 error = PROC_READ(regs, td2, addr);
1350 CTR2(KTR_PTRACE, "PT_SETFPREGS: tid %d (pid %d)", td2->td_tid,
1352 td2->td_dbgflags |= TDB_USERWR;
1353 error = PROC_WRITE(fpregs, td2, addr);
1357 CTR2(KTR_PTRACE, "PT_GETFPREGS: tid %d (pid %d)", td2->td_tid,
1359 error = PROC_READ(fpregs, td2, addr);
1363 CTR2(KTR_PTRACE, "PT_SETDBREGS: tid %d (pid %d)", td2->td_tid,
1365 td2->td_dbgflags |= TDB_USERWR;
1366 error = PROC_WRITE(dbregs, td2, addr);
1370 CTR2(KTR_PTRACE, "PT_GETDBREGS: tid %d (pid %d)", td2->td_tid,
1372 error = PROC_READ(dbregs, td2, addr);
1377 #ifdef COMPAT_FREEBSD32
1378 (!wrap32 && data > sizeof(*pl)) ||
1379 (wrap32 && data > sizeof(*pl32))) {
1381 data > sizeof(*pl)) {
1386 #ifdef COMPAT_FREEBSD32
1393 bzero(pl, sizeof(*pl));
1394 pl->pl_lwpid = td2->td_tid;
1395 pl->pl_event = PL_EVENT_NONE;
1397 if (td2->td_dbgflags & TDB_XSIG) {
1398 pl->pl_event = PL_EVENT_SIGNAL;
1399 if (td2->td_si.si_signo != 0 &&
1400 #ifdef COMPAT_FREEBSD32
1401 ((!wrap32 && data >= offsetof(struct ptrace_lwpinfo,
1402 pl_siginfo) + sizeof(pl->pl_siginfo)) ||
1403 (wrap32 && data >= offsetof(struct ptrace_lwpinfo32,
1404 pl_siginfo) + sizeof(struct siginfo32)))
1406 data >= offsetof(struct ptrace_lwpinfo, pl_siginfo)
1407 + sizeof(pl->pl_siginfo)
1410 pl->pl_flags |= PL_FLAG_SI;
1411 pl->pl_siginfo = td2->td_si;
1414 if (td2->td_dbgflags & TDB_SCE)
1415 pl->pl_flags |= PL_FLAG_SCE;
1416 else if (td2->td_dbgflags & TDB_SCX)
1417 pl->pl_flags |= PL_FLAG_SCX;
1418 if (td2->td_dbgflags & TDB_EXEC)
1419 pl->pl_flags |= PL_FLAG_EXEC;
1420 if (td2->td_dbgflags & TDB_FORK) {
1421 pl->pl_flags |= PL_FLAG_FORKED;
1422 pl->pl_child_pid = td2->td_dbg_forked;
1423 if (td2->td_dbgflags & TDB_VFORK)
1424 pl->pl_flags |= PL_FLAG_VFORKED;
1425 } else if ((td2->td_dbgflags & (TDB_SCX | TDB_VFORK)) ==
1427 pl->pl_flags |= PL_FLAG_VFORK_DONE;
1428 if (td2->td_dbgflags & TDB_CHILD)
1429 pl->pl_flags |= PL_FLAG_CHILD;
1430 if (td2->td_dbgflags & TDB_BORN)
1431 pl->pl_flags |= PL_FLAG_BORN;
1432 if (td2->td_dbgflags & TDB_EXIT)
1433 pl->pl_flags |= PL_FLAG_EXITED;
1434 pl->pl_sigmask = td2->td_sigmask;
1435 pl->pl_siglist = td2->td_siglist;
1436 strcpy(pl->pl_tdname, td2->td_name);
1437 if ((td2->td_dbgflags & (TDB_SCE | TDB_SCX)) != 0) {
1438 pl->pl_syscall_code = td2->td_sa.code;
1439 pl->pl_syscall_narg = td2->td_sa.narg;
1441 pl->pl_syscall_code = 0;
1442 pl->pl_syscall_narg = 0;
1444 #ifdef COMPAT_FREEBSD32
1446 ptrace_lwpinfo_to32(pl, pl32);
1449 "PT_LWPINFO: tid %d (pid %d) event %d flags %#x child pid %d syscall %d",
1450 td2->td_tid, p->p_pid, pl->pl_event, pl->pl_flags,
1451 pl->pl_child_pid, pl->pl_syscall_code);
1455 CTR2(KTR_PTRACE, "PT_GETNUMLWPS: pid %d: %d threads", p->p_pid,
1457 td->td_retval[0] = p->p_numthreads;
1461 CTR3(KTR_PTRACE, "PT_GETLWPLIST: pid %d: data %d, actual %d",
1462 p->p_pid, data, p->p_numthreads);
1467 num = imin(p->p_numthreads, data);
1469 buf = malloc(num * sizeof(lwpid_t), M_TEMP, M_WAITOK);
1472 FOREACH_THREAD_IN_PROC(p, td2) {
1475 buf[tmp++] = td2->td_tid;
1478 error = copyout(buf, addr, tmp * sizeof(lwpid_t));
1481 td->td_retval[0] = tmp;
1485 case PT_VM_TIMESTAMP:
1486 CTR2(KTR_PTRACE, "PT_VM_TIMESTAMP: pid %d: timestamp %d",
1487 p->p_pid, p->p_vmspace->vm_map.timestamp);
1488 td->td_retval[0] = p->p_vmspace->vm_map.timestamp;
1493 #ifdef COMPAT_FREEBSD32
1495 error = ptrace_vm_entry32(td, p, addr);
1498 error = ptrace_vm_entry(td, p, addr);
1503 #ifdef __HAVE_PTRACE_MACHDEP
1504 if (req >= PT_FIRSTMACH) {
1506 error = cpu_ptrace(td2, req, addr, data);
1510 /* Unknown request. */
1516 /* Drop our hold on this process now that the request has completed. */
1520 if (proctree_locked)
1521 sx_xunlock(&proctree_lock);