sys/kern/sys_process.c

139804Simp/*-
1945Sdg * Copyright (c) 1994, Sean Eric Fagan
1945Sdg * All rights reserved.
1541Srgrimes *
1541Srgrimes * Redistribution and use in source and binary forms, with or without
1541Srgrimes * modification, are permitted provided that the following conditions
1541Srgrimes * are met:
1541Srgrimes * 1. Redistributions of source code must retain the above copyright
1541Srgrimes *    notice, this list of conditions and the following disclaimer.
1541Srgrimes * 2. Redistributions in binary form must reproduce the above copyright
1541Srgrimes *    notice, this list of conditions and the following disclaimer in the
1541Srgrimes *    documentation and/or other materials provided with the distribution.
1541Srgrimes * 3. All advertising materials mentioning features or use of this software
1541Srgrimes *    must display the following acknowledgement:
1945Sdg *	This product includes software developed by Sean Eric Fagan.
1945Sdg * 4. The name of the author may not be used to endorse or promote products
1945Sdg *    derived from this software without specific prior written permission.
1541Srgrimes *
1945Sdg * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
1541Srgrimes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1541Srgrimes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1945Sdg * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1541Srgrimes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1541Srgrimes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1541Srgrimes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1541Srgrimes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1541Srgrimes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1541Srgrimes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1541Srgrimes * SUCH DAMAGE.
1541Srgrimes */
1541Srgrimes
116182Sobrien#include <sys/cdefs.h>
116182Sobrien__FBSDID("$FreeBSD: stable/10/sys/kern/sys_process.c 328379 2018-01-24 21:48:39Z jhb $");
116182Sobrien
147692Speter#include "opt_compat.h"
147692Speter
1541Srgrimes#include <sys/param.h>
2112Swollman#include <sys/systm.h>
76166Smarkm#include <sys/lock.h>
76166Smarkm#include <sys/mutex.h>
102946Siedowse#include <sys/syscallsubr.h>
189282Skib#include <sys/sysent.h>
12221Sbde#include <sys/sysproto.h>
255708Sjhb#include <sys/priv.h>
1541Srgrimes#include <sys/proc.h>
1945Sdg#include <sys/vnode.h>
1945Sdg#include <sys/ptrace.h>
248084Sattilio#include <sys/rwlock.h>
74927Sjhb#include <sys/sx.h>
132089Sdavidxu#include <sys/malloc.h>
138129Sdas#include <sys/signalvar.h>
1541Srgrimes
1945Sdg#include <machine/reg.h>
76166Smarkm
155634Swsalamon#include <security/audit/audit.h>
155634Swsalamon
1945Sdg#include <vm/vm.h>
12662Sdg#include <vm/pmap.h>
84637Sdes#include <vm/vm_extern.h>
12662Sdg#include <vm/vm_map.h>
84637Sdes#include <vm/vm_kern.h>
84637Sdes#include <vm/vm_object.h>
1945Sdg#include <vm/vm_page.h>
194766Skib#include <vm/vm_param.h>
1945Sdg
205014Snwhitehorn#ifdef COMPAT_FREEBSD32
147692Speter#include <sys/procfs.h>
209688Skib#include <compat/freebsd32/freebsd32_signal.h>
147692Speter
147692Speterstruct ptrace_io_desc32 {
147692Speter	int		piod_op;
209390Sed	uint32_t	piod_offs;
209390Sed	uint32_t	piod_addr;
209390Sed	uint32_t	piod_len;
147692Speter};
203708Smarcel
203708Smarcelstruct ptrace_vm_entry32 {
203783Smarcel	int		pve_entry;
203783Smarcel	int		pve_timestamp;
203708Smarcel	uint32_t	pve_start;
203708Smarcel	uint32_t	pve_end;
203708Smarcel	uint32_t	pve_offset;
203708Smarcel	u_int		pve_prot;
203708Smarcel	u_int		pve_pathlen;
203783Smarcel	int32_t		pve_fileid;
203783Smarcel	u_int		pve_fsid;
203708Smarcel	uint32_t	pve_path;
203708Smarcel};
203708Smarcel
209688Skibstruct ptrace_lwpinfo32 {
209688Skib	lwpid_t	pl_lwpid;	/* LWP described. */
209688Skib	int	pl_event;	/* Event that stopped the LWP. */
209688Skib	int	pl_flags;	/* LWP flags. */
209688Skib	sigset_t	pl_sigmask;	/* LWP signal mask */
209688Skib	sigset_t	pl_siglist;	/* LWP pending signal */
209688Skib	struct siginfo32 pl_siginfo;	/* siginfo for signal */
215679Sattilio	char	pl_tdname[MAXCOMLEN + 1];	/* LWP name. */
290464Sjhb	pid_t	pl_child_pid;		/* New child pid */
289780Sjhb	u_int		pl_syscall_code;
289780Sjhb	u_int		pl_syscall_narg;
209688Skib};
209688Skib
147692Speter#endif
147692Speter
91006Sbde/*
91006Sbde * Functions implemented using PROC_ACTION():
91006Sbde *
91006Sbde * proc_read_regs(proc, regs)
91006Sbde *	Get the current user-visible register set from the process
91006Sbde *	and copy it into the regs structure (<machine/reg.h>).
91006Sbde *	The process is stopped at the time read_regs is called.
91006Sbde *
91006Sbde * proc_write_regs(proc, regs)
91006Sbde *	Update the current register set from the passed in regs
91006Sbde *	structure.  Take care to avoid clobbering special CPU
91006Sbde *	registers or privileged bits in the PSL.
91006Sbde *	Depending on the architecture this may have fix-up work to do,
91006Sbde *	especially if the IAR or PCW are modified.
91006Sbde *	The process is stopped at the time write_regs is called.
91006Sbde *
91006Sbde * proc_read_fpregs, proc_write_fpregs
91006Sbde *	deal with the floating point register set, otherwise as above.
91006Sbde *
91006Sbde * proc_read_dbregs, proc_write_dbregs
91006Sbde *	deal with the processor debug register set, otherwise as above.
91006Sbde *
91006Sbde * proc_sstep(proc)
91006Sbde *	Arrange for the process to trap after executing a single instruction.
91006Sbde */
91006Sbde
91006Sbde#define	PROC_ACTION(action) do {					\
85297Sdes	int error;							\
85297Sdes									\
113868Sjhb	PROC_LOCK_ASSERT(td->td_proc, MA_OWNED);			\
172207Sjeff	if ((td->td_proc->p_flag & P_INMEM) == 0)			\
91006Sbde		error = EIO;						\
91006Sbde	else								\
91006Sbde		error = (action);					\
85297Sdes	return (error);							\
91006Sbde} while(0)
112389Sdes
91006Sbdeint
91006Sbdeproc_read_regs(struct thread *td, struct reg *regs)
91006Sbde{
91006Sbde
91006Sbde	PROC_ACTION(fill_regs(td, regs));
85297Sdes}
85297Sdes
91006Sbdeint
91006Sbdeproc_write_regs(struct thread *td, struct reg *regs)
91006Sbde{
85297Sdes
91006Sbde	PROC_ACTION(set_regs(td, regs));
91006Sbde}
91006Sbde
84637Sdesint
91006Sbdeproc_read_dbregs(struct thread *td, struct dbreg *dbregs)
91006Sbde{
91006Sbde
91006Sbde	PROC_ACTION(fill_dbregs(td, dbregs));
91006Sbde}
91006Sbde
91006Sbdeint
91006Sbdeproc_write_dbregs(struct thread *td, struct dbreg *dbregs)
91006Sbde{
91006Sbde
91006Sbde	PROC_ACTION(set_dbregs(td, dbregs));
91006Sbde}
91006Sbde
91006Sbde/*
91006Sbde * Ptrace doesn't support fpregs at all, and there are no security holes
91006Sbde * or translations for fpregs, so we can just copy them.
91006Sbde */
91006Sbdeint
91006Sbdeproc_read_fpregs(struct thread *td, struct fpreg *fpregs)
91006Sbde{
91006Sbde
91006Sbde	PROC_ACTION(fill_fpregs(td, fpregs));
91006Sbde}
91006Sbde
91006Sbdeint
91006Sbdeproc_write_fpregs(struct thread *td, struct fpreg *fpregs)
91006Sbde{
91006Sbde
91006Sbde	PROC_ACTION(set_fpregs(td, fpregs));
91006Sbde}
91006Sbde
205014Snwhitehorn#ifdef COMPAT_FREEBSD32
147692Speter/* For 32 bit binaries, we need to expose the 32 bit regs layouts. */
91006Sbdeint
147692Speterproc_read_regs32(struct thread *td, struct reg32 *regs32)
147692Speter{
147692Speter
147692Speter	PROC_ACTION(fill_regs32(td, regs32));
147692Speter}
147692Speter
147692Speterint
147692Speterproc_write_regs32(struct thread *td, struct reg32 *regs32)
147692Speter{
147692Speter
147692Speter	PROC_ACTION(set_regs32(td, regs32));
147692Speter}
147692Speter
147692Speterint
147692Speterproc_read_dbregs32(struct thread *td, struct dbreg32 *dbregs32)
147692Speter{
147692Speter
147692Speter	PROC_ACTION(fill_dbregs32(td, dbregs32));
147692Speter}
147692Speter
147692Speterint
147692Speterproc_write_dbregs32(struct thread *td, struct dbreg32 *dbregs32)
147692Speter{
147692Speter
147692Speter	PROC_ACTION(set_dbregs32(td, dbregs32));
147692Speter}
147692Speter
147692Speterint
147692Speterproc_read_fpregs32(struct thread *td, struct fpreg32 *fpregs32)
147692Speter{
147692Speter
147692Speter	PROC_ACTION(fill_fpregs32(td, fpregs32));
147692Speter}
147692Speter
147692Speterint
147692Speterproc_write_fpregs32(struct thread *td, struct fpreg32 *fpregs32)
147692Speter{
147692Speter
147692Speter	PROC_ACTION(set_fpregs32(td, fpregs32));
147692Speter}
147692Speter#endif
147692Speter
147692Speterint
85297Sdesproc_sstep(struct thread *td)
85297Sdes{
85297Sdes
91006Sbde	PROC_ACTION(ptrace_single_step(td));
85297Sdes}
85297Sdes
85297Sdesint
84637Sdesproc_rwmem(struct proc *p, struct uio *uio)
84483Sdes{
84637Sdes	vm_map_t map;
199819Salc	vm_offset_t pageno;		/* page number */
84637Sdes	vm_prot_t reqprot;
216604Salc	int error, fault_flags, page_offset, writing;
1945Sdg
84637Sdes	/*
155922Sjhb	 * Assert that someone has locked this vmspace.  (Should be
155922Sjhb	 * curthread but we can't assert that.)  This keeps the process
155922Sjhb	 * from exiting out from under us until this operation completes.
84637Sdes	 */
155922Sjhb	KASSERT(p->p_lock >= 1, ("%s: process %p (pid %d) not held", __func__,
155922Sjhb	    p, p->p_pid));
132684Salc
84637Sdes	/*
84637Sdes	 * The map we want...
84637Sdes	 */
155922Sjhb	map = &p->p_vmspace->vm_map;
1945Sdg
216604Salc	/*
216604Salc	 * If we are writing, then we request vm_fault() to create a private
216604Salc	 * copy of each page.  Since these copies will not be writeable by the
216604Salc	 * process, we must explicity request that they be dirtied.
216604Salc	 */
84637Sdes	writing = uio->uio_rw == UIO_WRITE;
199819Salc	reqprot = writing ? VM_PROT_COPY | VM_PROT_READ : VM_PROT_READ;
216604Salc	fault_flags = writing ? VM_FAULT_DIRTY : VM_FAULT_NORMAL;
8876Srgrimes
84637Sdes	/*
84637Sdes	 * Only map in one page at a time.  We don't have to, but it
84637Sdes	 * makes things easier.  This way is trivial - right?
84637Sdes	 */
84637Sdes	do {
84637Sdes		vm_offset_t uva;
84637Sdes		u_int len;
84637Sdes		vm_page_t m;
8876Srgrimes
84637Sdes		uva = (vm_offset_t)uio->uio_offset;
1945Sdg
84637Sdes		/*
84637Sdes		 * Get the page number of this segment.
84637Sdes		 */
84637Sdes		pageno = trunc_page(uva);
84637Sdes		page_offset = uva - pageno;
1945Sdg
84637Sdes		/*
84637Sdes		 * How many bytes to copy
84637Sdes		 */
84637Sdes		len = min(PAGE_SIZE - page_offset, uio->uio_resid);
84637Sdes
84637Sdes		/*
253953Sattilio		 * Fault and hold the page on behalf of the process.
84637Sdes		 */
253953Sattilio		error = vm_fault_hold(map, pageno, reqprot, fault_flags, &m);
216604Salc		if (error != KERN_SUCCESS) {
194766Skib			if (error == KERN_RESOURCE_SHORTAGE)
194766Skib				error = ENOMEM;
194766Skib			else
194766Skib				error = EFAULT;
84637Sdes			break;
1945Sdg		}
1945Sdg
84637Sdes		/*
84637Sdes		 * Now do the i/o move.
84637Sdes		 */
127386Salc		error = uiomove_fromphys(&m, page_offset, len, uio);
1945Sdg
198341Smarcel		/* Make the I-cache coherent for breakpoints. */
216604Salc		if (writing && error == 0) {
216604Salc			vm_map_lock_read(map);
216604Salc			if (vm_map_check_protection(map, pageno, pageno +
216604Salc			    PAGE_SIZE, VM_PROT_EXECUTE))
216604Salc				vm_sync_icache(map, uva, len);
216604Salc			vm_map_unlock_read(map);
216604Salc		}
198341Smarcel
84637Sdes		/*
118697Salc		 * Release the page.
84637Sdes		 */
253953Sattilio		vm_page_lock(m);
253953Sattilio		vm_page_unhold(m);
253953Sattilio		vm_page_unlock(m);
1945Sdg
84637Sdes	} while (error == 0 && uio->uio_resid > 0);
1945Sdg
84637Sdes	return (error);
1945Sdg}
1945Sdg
203696Smarcelstatic int
203696Smarcelptrace_vm_entry(struct thread *td, struct proc *p, struct ptrace_vm_entry *pve)
203696Smarcel{
203783Smarcel	struct vattr vattr;
203696Smarcel	vm_map_t map;
203696Smarcel	vm_map_entry_t entry;
203696Smarcel	vm_object_t obj, tobj, lobj;
203783Smarcel	struct vmspace *vm;
203696Smarcel	struct vnode *vp;
203696Smarcel	char *freepath, *fullpath;
203696Smarcel	u_int pathlen;
241896Skib	int error, index;
203696Smarcel
203783Smarcel	error = 0;
203783Smarcel	obj = NULL;
203783Smarcel
203783Smarcel	vm = vmspace_acquire_ref(p);
203783Smarcel	map = &vm->vm_map;
203783Smarcel	vm_map_lock_read(map);
203783Smarcel
203783Smarcel	do {
203783Smarcel		entry = map->header.next;
203783Smarcel		index = 0;
203783Smarcel		while (index < pve->pve_entry && entry != &map->header) {
203696Smarcel			entry = entry->next;
203783Smarcel			index++;
203783Smarcel		}
203783Smarcel		if (index != pve->pve_entry) {
203783Smarcel			error = EINVAL;
203783Smarcel			break;
203783Smarcel		}
203783Smarcel		while (entry != &map->header &&
203783Smarcel		    (entry->eflags & MAP_ENTRY_IS_SUB_MAP) != 0) {
203783Smarcel			entry = entry->next;
203783Smarcel			index++;
203783Smarcel		}
203783Smarcel		if (entry == &map->header) {
203783Smarcel			error = ENOENT;
203783Smarcel			break;
203783Smarcel		}
203696Smarcel
203783Smarcel		/* We got an entry. */
203783Smarcel		pve->pve_entry = index + 1;
203783Smarcel		pve->pve_timestamp = map->timestamp;
203783Smarcel		pve->pve_start = entry->start;
203783Smarcel		pve->pve_end = entry->end - 1;
203783Smarcel		pve->pve_offset = entry->offset;
203783Smarcel		pve->pve_prot = entry->protection;
203696Smarcel
203783Smarcel		/* Backing object's path needed? */
203783Smarcel		if (pve->pve_pathlen == 0)
203783Smarcel			break;
203696Smarcel
203783Smarcel		pathlen = pve->pve_pathlen;
203783Smarcel		pve->pve_pathlen = 0;
203696Smarcel
203783Smarcel		obj = entry->object.vm_object;
203783Smarcel		if (obj != NULL)
249277Sattilio			VM_OBJECT_RLOCK(obj);
203783Smarcel	} while (0);
203696Smarcel
203783Smarcel	vm_map_unlock_read(map);
203783Smarcel
203788Smarcel	pve->pve_fsid = VNOVAL;
203788Smarcel	pve->pve_fileid = VNOVAL;
203788Smarcel
203783Smarcel	if (error == 0 && obj != NULL) {
203783Smarcel		lobj = obj;
203783Smarcel		for (tobj = obj; tobj != NULL; tobj = tobj->backing_object) {
203783Smarcel			if (tobj != obj)
249277Sattilio				VM_OBJECT_RLOCK(tobj);
203783Smarcel			if (lobj != obj)
249277Sattilio				VM_OBJECT_RUNLOCK(lobj);
203783Smarcel			lobj = tobj;
203783Smarcel			pve->pve_offset += tobj->backing_object_offset;
203783Smarcel		}
288499Svangyzen		vp = vm_object_vnode(lobj);
203696Smarcel		if (vp != NULL)
203696Smarcel			vref(vp);
203696Smarcel		if (lobj != obj)
249277Sattilio			VM_OBJECT_RUNLOCK(lobj);
249277Sattilio		VM_OBJECT_RUNLOCK(obj);
203696Smarcel
203783Smarcel		if (vp != NULL) {
203783Smarcel			freepath = NULL;
203783Smarcel			fullpath = NULL;
203783Smarcel			vn_fullpath(td, vp, &fullpath, &freepath);
203783Smarcel			vn_lock(vp, LK_SHARED | LK_RETRY);
203783Smarcel			if (VOP_GETATTR(vp, &vattr, td->td_ucred) == 0) {
203783Smarcel				pve->pve_fileid = vattr.va_fileid;
203783Smarcel				pve->pve_fsid = vattr.va_fsid;
203783Smarcel			}
203783Smarcel			vput(vp);
203696Smarcel
203783Smarcel			if (fullpath != NULL) {
203783Smarcel				pve->pve_pathlen = strlen(fullpath) + 1;
203783Smarcel				if (pve->pve_pathlen <= pathlen) {
203783Smarcel					error = copyout(fullpath, pve->pve_path,
203783Smarcel					    pve->pve_pathlen);
203783Smarcel				} else
203783Smarcel					error = ENAMETOOLONG;
203783Smarcel			}
203783Smarcel			if (freepath != NULL)
203783Smarcel				free(freepath, M_TEMP);
203783Smarcel		}
203783Smarcel	}
303198Skib	vmspace_free(vm);
284343Sjhb	if (error == 0)
284343Sjhb		CTR3(KTR_PTRACE, "PT_VM_ENTRY: pid %d, entry %d, start %p",
284343Sjhb		    p->p_pid, pve->pve_entry, pve->pve_start);
203696Smarcel
203783Smarcel	return (error);
203783Smarcel}
203783Smarcel
205014Snwhitehorn#ifdef COMPAT_FREEBSD32
290324Skibstatic int
203783Smarcelptrace_vm_entry32(struct thread *td, struct proc *p,
203783Smarcel    struct ptrace_vm_entry32 *pve32)
203783Smarcel{
203783Smarcel	struct ptrace_vm_entry pve;
203783Smarcel	int error;
203783Smarcel
203783Smarcel	pve.pve_entry = pve32->pve_entry;
203783Smarcel	pve.pve_pathlen = pve32->pve_pathlen;
203783Smarcel	pve.pve_path = (void *)(uintptr_t)pve32->pve_path;
203783Smarcel
203783Smarcel	error = ptrace_vm_entry(td, p, &pve);
203783Smarcel	if (error == 0) {
203783Smarcel		pve32->pve_entry = pve.pve_entry;
203783Smarcel		pve32->pve_timestamp = pve.pve_timestamp;
203783Smarcel		pve32->pve_start = pve.pve_start;
203783Smarcel		pve32->pve_end = pve.pve_end;
203783Smarcel		pve32->pve_offset = pve.pve_offset;
203783Smarcel		pve32->pve_prot = pve.pve_prot;
203783Smarcel		pve32->pve_fileid = pve.pve_fileid;
203783Smarcel		pve32->pve_fsid = pve.pve_fsid;
203696Smarcel	}
203783Smarcel
203783Smarcel	pve32->pve_pathlen = pve.pve_pathlen;
203696Smarcel	return (error);
203696Smarcel}
209688Skib
209688Skibstatic void
209688Skibptrace_lwpinfo_to32(const struct ptrace_lwpinfo *pl,
209688Skib    struct ptrace_lwpinfo32 *pl32)
209688Skib{
209688Skib
325643Skib	bzero(pl32, sizeof(*pl32));
209688Skib	pl32->pl_lwpid = pl->pl_lwpid;
209688Skib	pl32->pl_event = pl->pl_event;
209688Skib	pl32->pl_flags = pl->pl_flags;
209688Skib	pl32->pl_sigmask = pl->pl_sigmask;
209688Skib	pl32->pl_siglist = pl->pl_siglist;
209688Skib	siginfo_to_siginfo32(&pl->pl_siginfo, &pl32->pl_siginfo);
215679Sattilio	strcpy(pl32->pl_tdname, pl->pl_tdname);
217819Skib	pl32->pl_child_pid = pl->pl_child_pid;
289780Sjhb	pl32->pl_syscall_code = pl->pl_syscall_code;
289780Sjhb	pl32->pl_syscall_narg = pl->pl_syscall_narg;
209688Skib}
205014Snwhitehorn#endif /* COMPAT_FREEBSD32 */
203696Smarcel
1541Srgrimes/*
1541Srgrimes * Process debugging system call.
1541Srgrimes */
12221Sbde#ifndef _SYS_SYSPROTO_H_
1541Srgrimesstruct ptrace_args {
1541Srgrimes	int	req;
1541Srgrimes	pid_t	pid;
1541Srgrimes	caddr_t	addr;
1541Srgrimes	int	data;
1541Srgrimes};
12221Sbde#endif
1945Sdg
205014Snwhitehorn#ifdef COMPAT_FREEBSD32
114028Sjhb/*
147692Speter * This CPP subterfuge is to try and reduce the number of ifdefs in
147692Speter * the body of the code.
147692Speter *   COPYIN(uap->addr, &r.reg, sizeof r.reg);
147692Speter * becomes either:
147692Speter *   copyin(uap->addr, &r.reg, sizeof r.reg);
147692Speter * or
147692Speter *   copyin(uap->addr, &r.reg32, sizeof r.reg32);
147692Speter * .. except this is done at runtime.
147692Speter */
147692Speter#define	COPYIN(u, k, s)		wrap32 ? \
147692Speter	copyin(u, k ## 32, s ## 32) : \
147692Speter	copyin(u, k, s)
147692Speter#define	COPYOUT(k, u, s)	wrap32 ? \
147692Speter	copyout(k ## 32, u, s ## 32) : \
147692Speter	copyout(k, u, s)
147692Speter#else
147692Speter#define	COPYIN(u, k, s)		copyin(u, k, s)
147692Speter#define	COPYOUT(k, u, s)	copyout(k, u, s)
147692Speter#endif
1549Srgrimesint
225617Skmacysys_ptrace(struct thread *td, struct ptrace_args *uap)
1541Srgrimes{
91007Sbde	/*
91007Sbde	 * XXX this obfuscation is to reduce stack usage, but the register
91007Sbde	 * structs may be too large to put on the stack anyway.
91007Sbde	 */
84637Sdes	union {
92395Sdes		struct ptrace_io_desc piod;
132016Smarcel		struct ptrace_lwpinfo pl;
203696Smarcel		struct ptrace_vm_entry pve;
91007Sbde		struct dbreg dbreg;
91007Sbde		struct fpreg fpreg;
91007Sbde		struct reg reg;
205014Snwhitehorn#ifdef COMPAT_FREEBSD32
147692Speter		struct dbreg32 dbreg32;
147692Speter		struct fpreg32 fpreg32;
147692Speter		struct reg32 reg32;
147692Speter		struct ptrace_io_desc32 piod32;
209688Skib		struct ptrace_lwpinfo32 pl32;
203708Smarcel		struct ptrace_vm_entry32 pve32;
147692Speter#endif
304188Sjhb		int ptevents;
84637Sdes	} r;
102946Siedowse	void *addr;
102946Siedowse	int error = 0;
205014Snwhitehorn#ifdef COMPAT_FREEBSD32
147692Speter	int wrap32 = 0;
102946Siedowse
189282Skib	if (SV_CURPROC_FLAG(SV_ILP32))
147692Speter		wrap32 = 1;
147692Speter#endif
195104Srwatson	AUDIT_ARG_PID(uap->pid);
195104Srwatson	AUDIT_ARG_CMD(uap->req);
195104Srwatson	AUDIT_ARG_VALUE(uap->data);
102946Siedowse	addr = &r;
102946Siedowse	switch (uap->req) {
304188Sjhb	case PT_GET_EVENT_MASK:
102946Siedowse	case PT_GETREGS:
102946Siedowse	case PT_GETFPREGS:
102946Siedowse	case PT_GETDBREGS:
132016Smarcel	case PT_LWPINFO:
102946Siedowse		break;
102946Siedowse	case PT_SETREGS:
147692Speter		error = COPYIN(uap->addr, &r.reg, sizeof r.reg);
102946Siedowse		break;
102946Siedowse	case PT_SETFPREGS:
147692Speter		error = COPYIN(uap->addr, &r.fpreg, sizeof r.fpreg);
102946Siedowse		break;
102946Siedowse	case PT_SETDBREGS:
147692Speter		error = COPYIN(uap->addr, &r.dbreg, sizeof r.dbreg);
102946Siedowse		break;
304188Sjhb	case PT_SET_EVENT_MASK:
304188Sjhb		if (uap->data != sizeof(r.ptevents))
304188Sjhb			error = EINVAL;
304188Sjhb		else
304188Sjhb			error = copyin(uap->addr, &r.ptevents, uap->data);
304188Sjhb		break;
102946Siedowse	case PT_IO:
147692Speter		error = COPYIN(uap->addr, &r.piod, sizeof r.piod);
102946Siedowse		break;
203696Smarcel	case PT_VM_ENTRY:
203696Smarcel		error = COPYIN(uap->addr, &r.pve, sizeof r.pve);
203696Smarcel		break;
102946Siedowse	default:
102946Siedowse		addr = uap->addr;
118932Smarcel		break;
102946Siedowse	}
102946Siedowse	if (error)
102946Siedowse		return (error);
102946Siedowse
102946Siedowse	error = kern_ptrace(td, uap->req, uap->pid, addr, uap->data);
102946Siedowse	if (error)
102946Siedowse		return (error);
102946Siedowse
102946Siedowse	switch (uap->req) {
203696Smarcel	case PT_VM_ENTRY:
203696Smarcel		error = COPYOUT(&r.pve, uap->addr, sizeof r.pve);
203696Smarcel		break;
102946Siedowse	case PT_IO:
147692Speter		error = COPYOUT(&r.piod, uap->addr, sizeof r.piod);
102946Siedowse		break;
102946Siedowse	case PT_GETREGS:
147692Speter		error = COPYOUT(&r.reg, uap->addr, sizeof r.reg);
102946Siedowse		break;
102946Siedowse	case PT_GETFPREGS:
147692Speter		error = COPYOUT(&r.fpreg, uap->addr, sizeof r.fpreg);
102946Siedowse		break;
102946Siedowse	case PT_GETDBREGS:
147692Speter		error = COPYOUT(&r.dbreg, uap->addr, sizeof r.dbreg);
102946Siedowse		break;
304188Sjhb	case PT_GET_EVENT_MASK:
304188Sjhb		/* NB: The size in uap->data is validated in kern_ptrace(). */
304188Sjhb		error = copyout(&r.ptevents, uap->addr, uap->data);
304188Sjhb		break;
132016Smarcel	case PT_LWPINFO:
304188Sjhb		/* NB: The size in uap->data is validated in kern_ptrace(). */
132016Smarcel		error = copyout(&r.pl, uap->addr, uap->data);
132016Smarcel		break;
102946Siedowse	}
102946Siedowse
102946Siedowse	return (error);
102946Siedowse}
147692Speter#undef COPYIN
147692Speter#undef COPYOUT
102946Siedowse
205014Snwhitehorn#ifdef COMPAT_FREEBSD32
147692Speter/*
147692Speter *   PROC_READ(regs, td2, addr);
147692Speter * becomes either:
147692Speter *   proc_read_regs(td2, addr);
147692Speter * or
147692Speter *   proc_read_regs32(td2, addr);
147692Speter * .. except this is done at runtime.  There is an additional
147692Speter * complication in that PROC_WRITE disallows 32 bit consumers
147692Speter * from writing to 64 bit address space targets.
147692Speter */
147692Speter#define	PROC_READ(w, t, a)	wrap32 ? \
147692Speter	proc_read_ ## w ## 32(t, a) : \
147692Speter	proc_read_ ## w (t, a)
147692Speter#define	PROC_WRITE(w, t, a)	wrap32 ? \
147692Speter	(safe ? proc_write_ ## w ## 32(t, a) : EINVAL ) : \
147692Speter	proc_write_ ## w (t, a)
147692Speter#else
147692Speter#define	PROC_READ(w, t, a)	proc_read_ ## w (t, a)
147692Speter#define	PROC_WRITE(w, t, a)	proc_write_ ## w (t, a)
147692Speter#endif
147692Speter
304190Skibvoid
304613Smarkjproc_set_traced(struct proc *p, bool stop)
304190Skib{
304190Skib
304190Skib	PROC_LOCK_ASSERT(p, MA_OWNED);
304190Skib	p->p_flag |= P_TRACED;
304613Smarkj	if (stop)
304613Smarkj		p->p_flag2 |= P2_PTRACE_FSTP;
304190Skib	p->p_ptevents = PTRACE_DEFAULT;
304190Skib	p->p_oppid = p->p_pptr->p_pid;
304190Skib}
304190Skib
102946Siedowseint
102946Siedowsekern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
102946Siedowse{
102946Siedowse	struct iovec iov;
102946Siedowse	struct uio uio;
94665Salfred	struct proc *curp, *p, *pp;
238287Sdavidxu	struct thread *td2 = NULL, *td3;
147692Speter	struct ptrace_io_desc *piod = NULL;
132016Smarcel	struct ptrace_lwpinfo *pl;
132089Sdavidxu	int error, write, tmp, num;
94556Sjhb	int proctree_locked = 0;
132089Sdavidxu	lwpid_t tid = 0, *buf;
205014Snwhitehorn#ifdef COMPAT_FREEBSD32
147692Speter	int wrap32 = 0, safe = 0;
147692Speter	struct ptrace_io_desc32 *piod32 = NULL;
209688Skib	struct ptrace_lwpinfo32 *pl32 = NULL;
209688Skib	struct ptrace_lwpinfo plr;
147692Speter#endif
1541Srgrimes
94665Salfred	curp = td->td_proc;
94665Salfred
102946Siedowse	/* Lock proctree before locking the process. */
102946Siedowse	switch (req) {
94556Sjhb	case PT_TRACE_ME:
94556Sjhb	case PT_ATTACH:
94556Sjhb	case PT_STEP:
94556Sjhb	case PT_CONTINUE:
120937Srobert	case PT_TO_SCE:
120937Srobert	case PT_TO_SCX:
143820Sdas	case PT_SYSCALL:
217819Skib	case PT_FOLLOW_FORK:
304017Sjhb	case PT_LWP_EVENTS:
304188Sjhb	case PT_GET_EVENT_MASK:
304188Sjhb	case PT_SET_EVENT_MASK:
94556Sjhb	case PT_DETACH:
94556Sjhb		sx_xlock(&proctree_lock);
94556Sjhb		proctree_locked = 1;
94556Sjhb		break;
94556Sjhb	default:
95165Smarcel		break;
94556Sjhb	}
112389Sdes
48430Speter	write = 0;
102946Siedowse	if (req == PT_TRACE_ME) {
94556Sjhb		p = td->td_proc;
75893Sjhb		PROC_LOCK(p);
75893Sjhb	} else {
131450Sdavidxu		if (pid <= PID_MAX) {
131450Sdavidxu			if ((p = pfind(pid)) == NULL) {
131450Sdavidxu				if (proctree_locked)
131450Sdavidxu					sx_xunlock(&proctree_lock);
131450Sdavidxu				return (ESRCH);
131450Sdavidxu			}
131450Sdavidxu		} else {
213642Sdavidxu			td2 = tdfind(pid, -1);
213642Sdavidxu			if (td2 == NULL) {
131450Sdavidxu				if (proctree_locked)
131450Sdavidxu					sx_xunlock(&proctree_lock);
131450Sdavidxu				return (ESRCH);
131450Sdavidxu			}
213642Sdavidxu			p = td2->td_proc;
131450Sdavidxu			tid = pid;
131450Sdavidxu			pid = p->p_pid;
94556Sjhb		}
1945Sdg	}
195104Srwatson	AUDIT_ARG_PROCESS(p);
155922Sjhb
155922Sjhb	if ((p->p_flag & P_WEXIT) != 0) {
155922Sjhb		error = ESRCH;
155922Sjhb		goto fail;
155922Sjhb	}
100418Srwatson	if ((error = p_cansee(td, p)) != 0)
94556Sjhb		goto fail;
84637Sdes
96886Sjhb	if ((error = p_candebug(td, p)) != 0)
94556Sjhb		goto fail;
94556Sjhb
13607Speter	/*
91007Sbde	 * System processes can't be debugged.
84637Sdes	 */
84637Sdes	if ((p->p_flag & P_SYSTEM) != 0) {
94556Sjhb		error = EINVAL;
94556Sjhb		goto fail;
84637Sdes	}
112389Sdes
131450Sdavidxu	if (tid == 0) {
153697Sdavidxu		if ((p->p_flag & P_STOPPED_TRACE) != 0) {
153697Sdavidxu			KASSERT(p->p_xthread != NULL, ("NULL p_xthread"));
153697Sdavidxu			td2 = p->p_xthread;
153697Sdavidxu		} else {
153697Sdavidxu			td2 = FIRST_THREAD_IN_PROC(p);
153697Sdavidxu		}
131450Sdavidxu		tid = td2->td_tid;
131450Sdavidxu	}
131450Sdavidxu
205014Snwhitehorn#ifdef COMPAT_FREEBSD32
84637Sdes	/*
147692Speter	 * Test if we're a 32 bit client and what the target is.
147692Speter	 * Set the wrap controls accordingly.
147692Speter	 */
189282Skib	if (SV_CURPROC_FLAG(SV_ILP32)) {
217896Sdchagin		if (SV_PROC_FLAG(td2->td_proc, SV_ILP32))
147692Speter			safe = 1;
147692Speter		wrap32 = 1;
147692Speter	}
147692Speter#endif
147692Speter	/*
13607Speter	 * Permissions check
13607Speter	 */
102946Siedowse	switch (req) {
13607Speter	case PT_TRACE_ME:
290324Skib		/*
290324Skib		 * Always legal, when there is a parent process which
290324Skib		 * could trace us.  Otherwise, reject.
290324Skib		 */
290324Skib		if ((p->p_flag & P_TRACED) != 0) {
290324Skib			error = EBUSY;
290324Skib			goto fail;
290324Skib		}
290324Skib		if (p->p_pptr == initproc) {
290324Skib			error = EPERM;
290324Skib			goto fail;
290324Skib		}
13607Speter		break;
1945Sdg
13607Speter	case PT_ATTACH:
13607Speter		/* Self */
290323Skib		if (p == td->td_proc) {
94556Sjhb			error = EINVAL;
94556Sjhb			goto fail;
75893Sjhb		}
13607Speter
13607Speter		/* Already traced */
73917Sjhb		if (p->p_flag & P_TRACED) {
94556Sjhb			error = EBUSY;
94556Sjhb			goto fail;
73917Sjhb		}
13607Speter
94665Salfred		/* Can't trace an ancestor if you're being traced. */
94665Salfred		if (curp->p_flag & P_TRACED) {
94665Salfred			for (pp = curp->p_pptr; pp != NULL; pp = pp->p_pptr) {
94665Salfred				if (pp == p) {
94665Salfred					error = EINVAL;
94665Salfred					goto fail;
94665Salfred				}
94665Salfred			}
94665Salfred		}
94665Salfred
94665Salfred
13607Speter		/* OK */
13607Speter		break;
13607Speter
132089Sdavidxu	case PT_CLEARSTEP:
132089Sdavidxu		/* Allow thread to clear single step for itself */
132089Sdavidxu		if (td->td_tid == tid)
132089Sdavidxu			break;
132089Sdavidxu
132089Sdavidxu		/* FALLTHROUGH */
118932Smarcel	default:
13607Speter		/* not being traced... */
73917Sjhb		if ((p->p_flag & P_TRACED) == 0) {
94556Sjhb			error = EPERM;
94556Sjhb			goto fail;
73917Sjhb		}
13607Speter
13607Speter		/* not being traced by YOU */
94556Sjhb		if (p->p_pptr != td->td_proc) {
94556Sjhb			error = EBUSY;
94556Sjhb			goto fail;
70317Sjake		}
13607Speter
13607Speter		/* not currently stopped */
153697Sdavidxu		if ((p->p_flag & (P_STOPPED_SIG | P_STOPPED_TRACE)) == 0 ||
153697Sdavidxu		    p->p_suspcount != p->p_numthreads  ||
132089Sdavidxu		    (p->p_flag & P_WAITED) == 0) {
94556Sjhb			error = EBUSY;
94556Sjhb			goto fail;
69506Sjhb		}
13607Speter
153697Sdavidxu		if ((p->p_flag & P_STOPPED_TRACE) == 0) {
153697Sdavidxu			static int count = 0;
153697Sdavidxu			if (count++ == 0)
153697Sdavidxu				printf("P_STOPPED_TRACE not set.\n");
153697Sdavidxu		}
153697Sdavidxu
13607Speter		/* OK */
13607Speter		break;
1945Sdg	}
13607Speter
155922Sjhb	/* Keep this process around until we finish this request. */
155922Sjhb	_PHOLD(p);
155922Sjhb
13607Speter#ifdef FIX_SSTEP
13607Speter	/*
13607Speter	 * Single step fixup ala procfs
13607Speter	 */
155922Sjhb	FIX_SSTEP(td2);
1945Sdg#endif
13607Speter
1541Srgrimes	/*
13607Speter	 * Actually do the requests
1541Srgrimes	 */
1945Sdg
83366Sjulian	td->td_retval[0] = 0;
13607Speter
102946Siedowse	switch (req) {
13607Speter	case PT_TRACE_ME:
13607Speter		/* set my trace flag and "owner" so it can read/write me */
304613Smarkj		proc_set_traced(p, false);
246484Skib		if (p->p_flag & P_PPWAIT)
246484Skib			p->p_flag |= P_PPTRACE;
284343Sjhb		CTR1(KTR_PTRACE, "PT_TRACE_ME: pid %d", p->p_pid);
155922Sjhb		break;
1945Sdg
13607Speter	case PT_ATTACH:
13607Speter		/* security check done above */
223212Sobrien		/*
223212Sobrien		 * It would be nice if the tracing relationship was separate
223212Sobrien		 * from the parent relationship but that would require
223212Sobrien		 * another set of links in the proc struct or for "wait"
223212Sobrien		 * to scan the entire proc table.  To make life easier,
223212Sobrien		 * we just re-parent the process we're trying to trace.
223212Sobrien		 * The old parent is remembered so we can put things back
223212Sobrien		 * on a "detach".
223212Sobrien		 */
304613Smarkj		proc_set_traced(p, true);
223088Sobrien		if (p->p_pptr != td->td_proc) {
94556Sjhb			proc_reparent(p, td->td_proc);
223088Sobrien		}
102946Siedowse		data = SIGSTOP;
284343Sjhb		CTR2(KTR_PTRACE, "PT_ATTACH: pid %d, oppid %d", p->p_pid,
284343Sjhb		    p->p_oppid);
13607Speter		goto sendsig;	/* in PT_CONTINUE below */
13607Speter
132089Sdavidxu	case PT_CLEARSTEP:
284343Sjhb		CTR2(KTR_PTRACE, "PT_CLEARSTEP: tid %d (pid %d)", td2->td_tid,
284343Sjhb		    p->p_pid);
132089Sdavidxu		error = ptrace_clear_single_step(td2);
155922Sjhb		break;
132089Sdavidxu
132089Sdavidxu	case PT_SETSTEP:
284343Sjhb		CTR2(KTR_PTRACE, "PT_SETSTEP: tid %d (pid %d)", td2->td_tid,
284343Sjhb		    p->p_pid);
132089Sdavidxu		error = ptrace_single_step(td2);
155922Sjhb		break;
132089Sdavidxu
132089Sdavidxu	case PT_SUSPEND:
284343Sjhb		CTR2(KTR_PTRACE, "PT_SUSPEND: tid %d (pid %d)", td2->td_tid,
284343Sjhb		    p->p_pid);
183911Sdavidxu		td2->td_dbgflags |= TDB_SUSPEND;
170307Sjeff		thread_lock(td2);
183911Sdavidxu		td2->td_flags |= TDF_NEEDSUSPCHK;
170307Sjeff		thread_unlock(td2);
155922Sjhb		break;
132089Sdavidxu
132089Sdavidxu	case PT_RESUME:
284343Sjhb		CTR2(KTR_PTRACE, "PT_RESUME: tid %d (pid %d)", td2->td_tid,
284343Sjhb		    p->p_pid);
183911Sdavidxu		td2->td_dbgflags &= ~TDB_SUSPEND;
155922Sjhb		break;
132089Sdavidxu
217819Skib	case PT_FOLLOW_FORK:
284343Sjhb		CTR3(KTR_PTRACE, "PT_FOLLOW_FORK: pid %d %s -> %s", p->p_pid,
304188Sjhb		    p->p_ptevents & PTRACE_FORK ? "enabled" : "disabled",
284343Sjhb		    data ? "enabled" : "disabled");
217819Skib		if (data)
304188Sjhb			p->p_ptevents |= PTRACE_FORK;
217819Skib		else
304188Sjhb			p->p_ptevents &= ~PTRACE_FORK;
217819Skib		break;
217819Skib
304017Sjhb	case PT_LWP_EVENTS:
304017Sjhb		CTR3(KTR_PTRACE, "PT_LWP_EVENTS: pid %d %s -> %s", p->p_pid,
304188Sjhb		    p->p_ptevents & PTRACE_LWP ? "enabled" : "disabled",
304017Sjhb		    data ? "enabled" : "disabled");
304017Sjhb		if (data)
304188Sjhb			p->p_ptevents |= PTRACE_LWP;
304017Sjhb		else
304188Sjhb			p->p_ptevents &= ~PTRACE_LWP;
304017Sjhb		break;
304017Sjhb
304188Sjhb	case PT_GET_EVENT_MASK:
304188Sjhb		if (data != sizeof(p->p_ptevents)) {
304188Sjhb			error = EINVAL;
304188Sjhb			break;
304188Sjhb		}
304188Sjhb		CTR2(KTR_PTRACE, "PT_GET_EVENT_MASK: pid %d mask %#x", p->p_pid,
304188Sjhb		    p->p_ptevents);
304188Sjhb		*(int *)addr = p->p_ptevents;
304188Sjhb		break;
304188Sjhb
304188Sjhb	case PT_SET_EVENT_MASK:
304188Sjhb		if (data != sizeof(p->p_ptevents)) {
304188Sjhb			error = EINVAL;
304188Sjhb			break;
304188Sjhb		}
304188Sjhb		tmp = *(int *)addr;
304188Sjhb		if ((tmp & ~(PTRACE_EXEC | PTRACE_SCE | PTRACE_SCX |
304499Sjhb		    PTRACE_FORK | PTRACE_LWP | PTRACE_VFORK)) != 0) {
304188Sjhb			error = EINVAL;
304188Sjhb			break;
304188Sjhb		}
304188Sjhb		CTR3(KTR_PTRACE, "PT_SET_EVENT_MASK: pid %d mask %#x -> %#x",
304188Sjhb		    p->p_pid, p->p_ptevents, tmp);
304188Sjhb		p->p_ptevents = tmp;
304188Sjhb		break;
304188Sjhb
13607Speter	case PT_STEP:
13607Speter	case PT_CONTINUE:
120937Srobert	case PT_TO_SCE:
120937Srobert	case PT_TO_SCX:
143820Sdas	case PT_SYSCALL:
1945Sdg	case PT_DETACH:
118749Snectar		/* Zero means do not send any signal */
118749Snectar		if (data < 0 || data > _SIG_MAXSIG) {
94556Sjhb			error = EINVAL;
155922Sjhb			break;
94556Sjhb		}
13607Speter
120937Srobert		switch (req) {
120937Srobert		case PT_STEP:
324215Sjhb			CTR3(KTR_PTRACE, "PT_STEP: tid %d (pid %d), sig = %d",
324215Sjhb			    td2->td_tid, p->p_pid, data);
90391Speter			error = ptrace_single_step(td2);
155922Sjhb			if (error)
155922Sjhb				goto out;
120937Srobert			break;
208555Sjhb		case PT_CONTINUE:
120937Srobert		case PT_TO_SCE:
120937Srobert		case PT_TO_SCX:
120937Srobert		case PT_SYSCALL:
208555Sjhb			if (addr != (void *)1) {
208555Sjhb				error = ptrace_set_pc(td2,
208555Sjhb				    (u_long)(uintfptr_t)addr);
208555Sjhb				if (error)
208555Sjhb					goto out;
208555Sjhb			}
208555Sjhb			switch (req) {
208555Sjhb			case PT_TO_SCE:
304188Sjhb				p->p_ptevents |= PTRACE_SCE;
290456Sjhb				CTR4(KTR_PTRACE,
304188Sjhb		    "PT_TO_SCE: pid %d, events = %#x, PC = %#lx, sig = %d",
304188Sjhb				    p->p_pid, p->p_ptevents,
290456Sjhb				    (u_long)(uintfptr_t)addr, data);
208555Sjhb				break;
208555Sjhb			case PT_TO_SCX:
304188Sjhb				p->p_ptevents |= PTRACE_SCX;
290456Sjhb				CTR4(KTR_PTRACE,
304188Sjhb		    "PT_TO_SCX: pid %d, events = %#x, PC = %#lx, sig = %d",
304188Sjhb				    p->p_pid, p->p_ptevents,
290456Sjhb				    (u_long)(uintfptr_t)addr, data);
208555Sjhb				break;
208555Sjhb			case PT_SYSCALL:
304188Sjhb				p->p_ptevents |= PTRACE_SYSCALL;
290456Sjhb				CTR4(KTR_PTRACE,
304188Sjhb		    "PT_SYSCALL: pid %d, events = %#x, PC = %#lx, sig = %d",
304188Sjhb				    p->p_pid, p->p_ptevents,
290456Sjhb				    (u_long)(uintfptr_t)addr, data);
208555Sjhb				break;
284343Sjhb			case PT_CONTINUE:
290456Sjhb				CTR3(KTR_PTRACE,
290456Sjhb				    "PT_CONTINUE: pid %d, PC = %#lx, sig = %d",
290456Sjhb				    p->p_pid, (u_long)(uintfptr_t)addr, data);
284343Sjhb				break;
208555Sjhb			}
120937Srobert			break;
208555Sjhb		case PT_DETACH:
287604Sjhb			/*
287604Sjhb			 * Reset the process parent.
287604Sjhb			 *
287604Sjhb			 * NB: This clears P_TRACED before reparenting
287604Sjhb			 * a detached process back to its original
287604Sjhb			 * parent.  Otherwise the debugee will be set
287604Sjhb			 * as an orphan of the debugger.
287604Sjhb			 */
304188Sjhb			p->p_flag &= ~(P_TRACED | P_WAITED);
13607Speter			if (p->p_oppid != p->p_pptr->p_pid) {
152214Sdavidxu				PROC_LOCK(p->p_pptr);
152214Sdavidxu				sigqueue_take(p->p_ksi);
152214Sdavidxu				PROC_UNLOCK(p->p_pptr);
152214Sdavidxu
270264Skib				pp = proc_realparent(p);
76274Sjhb				proc_reparent(p, pp);
125993Struckman				if (pp == initproc)
125993Struckman					p->p_sigparent = SIGCHLD;
290456Sjhb				CTR3(KTR_PTRACE,
290456Sjhb			    "PT_DETACH: pid %d reparented to pid %d, sig %d",
290456Sjhb				    p->p_pid, pp->p_pid, data);
284343Sjhb			} else
290456Sjhb				CTR2(KTR_PTRACE, "PT_DETACH: pid %d, sig %d",
290456Sjhb				    p->p_pid, data);
223088Sobrien			p->p_oppid = 0;
304188Sjhb			p->p_ptevents = 0;
304190Skib			FOREACH_THREAD_IN_PROC(p, td3) {
304190Skib				if ((td3->td_dbgflags & TDB_FSTP) != 0) {
304190Skib					sigqueue_delete(&td3->td_sigqueue,
304190Skib					    SIGSTOP);
304190Skib				}
304190Skib				td3->td_dbgflags &= ~(TDB_XSIG | TDB_FSTP);
304190Skib			}
304190Skib			if ((p->p_flag2 & P2_PTRACE_FSTP) != 0) {
304190Skib				sigqueue_delete(&p->p_sigqueue, SIGSTOP);
304190Skib				p->p_flag2 &= ~P2_PTRACE_FSTP;
304190Skib			}
73917Sjhb
13607Speter			/* should we send SIGCHLD? */
152214Sdavidxu			/* childproc_continued(p); */
208555Sjhb			break;
13607Speter		}
13607Speter
13607Speter	sendsig:
328379Sjhb		/*
328379Sjhb		 * Clear the pending event for the thread that just
328379Sjhb		 * reported its event (p_xthread).  This may not be
328379Sjhb		 * the thread passed to PT_CONTINUE, PT_STEP, etc. if
328379Sjhb		 * the debugger is resuming a different thread.
328379Sjhb		 */
328379Sjhb		td2 = p->p_xthread;
155922Sjhb		if (proctree_locked) {
94556Sjhb			sx_xunlock(&proctree_lock);
155922Sjhb			proctree_locked = 0;
155922Sjhb		}
153697Sdavidxu		p->p_xstat = data;
153697Sdavidxu		p->p_xthread = NULL;
153697Sdavidxu		if ((p->p_flag & (P_STOPPED_SIG | P_STOPPED_TRACE)) != 0) {
172485Sjeff			/* deliver or queue signal */
183911Sdavidxu			td2->td_dbgflags &= ~TDB_XSIG;
172485Sjeff			td2->td_xsig = data;
172485Sjeff
315949Sbadger			/*
315949Sbadger			 * P_WKILLED is insurance that a PT_KILL/SIGKILL always
315949Sbadger			 * works immediately, even if another thread is
315949Sbadger			 * unsuspended first and attempts to handle a different
315949Sbadger			 * signal or if the POSIX.1b style signal queue cannot
315949Sbadger			 * accommodate any new signals.
315949Sbadger			 */
315949Sbadger			if (data == SIGKILL)
315949Sbadger				p->p_flag |= P_WKILLED;
315949Sbadger
132089Sdavidxu			if (req == PT_DETACH) {
238287Sdavidxu				FOREACH_THREAD_IN_PROC(p, td3)
304190Skib					td3->td_dbgflags &= ~TDB_SUSPEND;
132089Sdavidxu			}
132089Sdavidxu			/*
132089Sdavidxu			 * unsuspend all threads, to not let a thread run,
132089Sdavidxu			 * you should use PT_SUSPEND to suspend it before
132089Sdavidxu			 * continuing process.
132089Sdavidxu			 */
184667Sdavidxu			PROC_SLOCK(p);
153697Sdavidxu			p->p_flag &= ~(P_STOPPED_TRACE|P_STOPPED_SIG|P_WAITED);
103216Sjulian			thread_unsuspend(p);
184667Sdavidxu			PROC_SUNLOCK(p);
238287Sdavidxu			if (req == PT_ATTACH)
238287Sdavidxu				kern_psignal(p, data);
172485Sjeff		} else {
172485Sjeff			if (data)
225617Skmacy				kern_psignal(p, data);
153697Sdavidxu		}
155922Sjhb		break;
1945Sdg
1945Sdg	case PT_WRITE_I:
1945Sdg	case PT_WRITE_D:
202882Skib		td2->td_dbgflags |= TDB_USERWR;
13607Speter		write = 1;
102412Scharnier		/* FALLTHROUGH */
13607Speter	case PT_READ_I:
13607Speter	case PT_READ_D:
94556Sjhb		PROC_UNLOCK(p);
99880Stmm		tmp = 0;
13607Speter		/* write = 0 set above */
102946Siedowse		iov.iov_base = write ? (caddr_t)&data : (caddr_t)&tmp;
13607Speter		iov.iov_len = sizeof(int);
13607Speter		uio.uio_iov = &iov;
13607Speter		uio.uio_iovcnt = 1;
102946Siedowse		uio.uio_offset = (off_t)(uintptr_t)addr;
13607Speter		uio.uio_resid = sizeof(int);
91007Sbde		uio.uio_segflg = UIO_SYSSPACE;	/* i.e.: the uap */
13607Speter		uio.uio_rw = write ? UIO_WRITE : UIO_READ;
83366Sjulian		uio.uio_td = td;
84637Sdes		error = proc_rwmem(p, &uio);
14925Speter		if (uio.uio_resid != 0) {
14925Speter			/*
84637Sdes			 * XXX proc_rwmem() doesn't currently return ENOSPC,
14925Speter			 * so I think write() can bogusly return 0.
14925Speter			 * XXX what happens for short writes?  We don't want
14925Speter			 * to write partial data.
84637Sdes			 * XXX proc_rwmem() returns EPERM for other invalid
14925Speter			 * addresses.  Convert this to EINVAL.  Does this
14925Speter			 * clobber returns of EPERM for other reasons?
14925Speter			 */
14925Speter			if (error == 0 || error == ENOSPC || error == EPERM)
14925Speter				error = EINVAL;	/* EOF */
14925Speter		}
99880Stmm		if (!write)
99880Stmm			td->td_retval[0] = tmp;
284343Sjhb		if (error == 0) {
284343Sjhb			if (write)
284343Sjhb				CTR3(KTR_PTRACE, "PT_WRITE: pid %d: %p <= %#x",
284343Sjhb				    p->p_pid, addr, data);
284343Sjhb			else
284343Sjhb				CTR3(KTR_PTRACE, "PT_READ: pid %d: %p >= %#x",
284343Sjhb				    p->p_pid, addr, tmp);
284343Sjhb		}
155922Sjhb		PROC_LOCK(p);
155922Sjhb		break;
1945Sdg
92395Sdes	case PT_IO:
205014Snwhitehorn#ifdef COMPAT_FREEBSD32
147692Speter		if (wrap32) {
147692Speter			piod32 = addr;
147692Speter			iov.iov_base = (void *)(uintptr_t)piod32->piod_addr;
147692Speter			iov.iov_len = piod32->piod_len;
147692Speter			uio.uio_offset = (off_t)(uintptr_t)piod32->piod_offs;
147692Speter			uio.uio_resid = piod32->piod_len;
147692Speter		} else
147692Speter#endif
147692Speter		{
147692Speter			piod = addr;
147692Speter			iov.iov_base = piod->piod_addr;
147692Speter			iov.iov_len = piod->piod_len;
147692Speter			uio.uio_offset = (off_t)(uintptr_t)piod->piod_offs;
147692Speter			uio.uio_resid = piod->piod_len;
147692Speter		}
92395Sdes		uio.uio_iov = &iov;
92395Sdes		uio.uio_iovcnt = 1;
92395Sdes		uio.uio_segflg = UIO_USERSPACE;
92395Sdes		uio.uio_td = td;
205014Snwhitehorn#ifdef COMPAT_FREEBSD32
147692Speter		tmp = wrap32 ? piod32->piod_op : piod->piod_op;
147692Speter#else
147692Speter		tmp = piod->piod_op;
147692Speter#endif
147692Speter		switch (tmp) {
92395Sdes		case PIOD_READ_D:
92395Sdes		case PIOD_READ_I:
284343Sjhb			CTR3(KTR_PTRACE, "PT_IO: pid %d: READ (%p, %#x)",
284343Sjhb			    p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid);
92395Sdes			uio.uio_rw = UIO_READ;
92395Sdes			break;
92395Sdes		case PIOD_WRITE_D:
92395Sdes		case PIOD_WRITE_I:
284343Sjhb			CTR3(KTR_PTRACE, "PT_IO: pid %d: WRITE (%p, %#x)",
284343Sjhb			    p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid);
202882Skib			td2->td_dbgflags |= TDB_USERWR;
92395Sdes			uio.uio_rw = UIO_WRITE;
92395Sdes			break;
92395Sdes		default:
155922Sjhb			error = EINVAL;
155922Sjhb			goto out;
92395Sdes		}
155922Sjhb		PROC_UNLOCK(p);
92395Sdes		error = proc_rwmem(p, &uio);
205014Snwhitehorn#ifdef COMPAT_FREEBSD32
147692Speter		if (wrap32)
147692Speter			piod32->piod_len -= uio.uio_resid;
147692Speter		else
147692Speter#endif
147692Speter			piod->piod_len -= uio.uio_resid;
155922Sjhb		PROC_LOCK(p);
155922Sjhb		break;
92395Sdes
1945Sdg	case PT_KILL:
284343Sjhb		CTR1(KTR_PTRACE, "PT_KILL: pid %d", p->p_pid);
102946Siedowse		data = SIGKILL;
13607Speter		goto sendsig;	/* in PT_CONTINUE above */
13607Speter
13607Speter	case PT_SETREGS:
284343Sjhb		CTR2(KTR_PTRACE, "PT_SETREGS: tid %d (pid %d)", td2->td_tid,
284343Sjhb		    p->p_pid);
202882Skib		td2->td_dbgflags |= TDB_USERWR;
147692Speter		error = PROC_WRITE(regs, td2, addr);
155922Sjhb		break;
84637Sdes
1945Sdg	case PT_GETREGS:
284343Sjhb		CTR2(KTR_PTRACE, "PT_GETREGS: tid %d (pid %d)", td2->td_tid,
284343Sjhb		    p->p_pid);
147692Speter		error = PROC_READ(regs, td2, addr);
155922Sjhb		break;
13607Speter
13607Speter	case PT_SETFPREGS:
284343Sjhb		CTR2(KTR_PTRACE, "PT_SETFPREGS: tid %d (pid %d)", td2->td_tid,
284343Sjhb		    p->p_pid);
202882Skib		td2->td_dbgflags |= TDB_USERWR;
147692Speter		error = PROC_WRITE(fpregs, td2, addr);
155922Sjhb		break;
84637Sdes
13607Speter	case PT_GETFPREGS:
284343Sjhb		CTR2(KTR_PTRACE, "PT_GETFPREGS: tid %d (pid %d)", td2->td_tid,
284343Sjhb		    p->p_pid);
147692Speter		error = PROC_READ(fpregs, td2, addr);
155922Sjhb		break;
13607Speter
48691Sjlemon	case PT_SETDBREGS:
284343Sjhb		CTR2(KTR_PTRACE, "PT_SETDBREGS: tid %d (pid %d)", td2->td_tid,
284343Sjhb		    p->p_pid);
202882Skib		td2->td_dbgflags |= TDB_USERWR;
147692Speter		error = PROC_WRITE(dbregs, td2, addr);
155922Sjhb		break;
92369Sdes
48691Sjlemon	case PT_GETDBREGS:
284343Sjhb		CTR2(KTR_PTRACE, "PT_GETDBREGS: tid %d (pid %d)", td2->td_tid,
284343Sjhb		    p->p_pid);
147692Speter		error = PROC_READ(dbregs, td2, addr);
155922Sjhb		break;
48691Sjlemon
132016Smarcel	case PT_LWPINFO:
209688Skib		if (data <= 0 ||
209688Skib#ifdef COMPAT_FREEBSD32
209688Skib		    (!wrap32 && data > sizeof(*pl)) ||
209688Skib		    (wrap32 && data > sizeof(*pl32))) {
209688Skib#else
209688Skib		    data > sizeof(*pl)) {
209688Skib#endif
155922Sjhb			error = EINVAL;
155922Sjhb			break;
155922Sjhb		}
209688Skib#ifdef COMPAT_FREEBSD32
209688Skib		if (wrap32) {
209688Skib			pl = &plr;
209688Skib			pl32 = addr;
209688Skib		} else
209688Skib#endif
132016Smarcel		pl = addr;
325643Skib		bzero(pl, sizeof(*pl));
153697Sdavidxu		pl->pl_lwpid = td2->td_tid;
239135Skib		pl->pl_event = PL_EVENT_NONE;
209688Skib		pl->pl_flags = 0;
209688Skib		if (td2->td_dbgflags & TDB_XSIG) {
132089Sdavidxu			pl->pl_event = PL_EVENT_SIGNAL;
209688Skib			if (td2->td_dbgksi.ksi_signo != 0 &&
209688Skib#ifdef COMPAT_FREEBSD32
209688Skib			    ((!wrap32 && data >= offsetof(struct ptrace_lwpinfo,
209688Skib			    pl_siginfo) + sizeof(pl->pl_siginfo)) ||
209688Skib			    (wrap32 && data >= offsetof(struct ptrace_lwpinfo32,
209688Skib			    pl_siginfo) + sizeof(struct siginfo32)))
209688Skib#else
209688Skib			    data >= offsetof(struct ptrace_lwpinfo, pl_siginfo)
209688Skib			    + sizeof(pl->pl_siginfo)
209688Skib#endif
209688Skib			){
209688Skib				pl->pl_flags |= PL_FLAG_SI;
209688Skib				pl->pl_siginfo = td2->td_dbgksi.ksi_info;
209688Skib			}
209688Skib		}
208453Skib		if (td2->td_dbgflags & TDB_SCE)
208453Skib			pl->pl_flags |= PL_FLAG_SCE;
208453Skib		else if (td2->td_dbgflags & TDB_SCX)
208453Skib			pl->pl_flags |= PL_FLAG_SCX;
208453Skib		if (td2->td_dbgflags & TDB_EXEC)
208453Skib			pl->pl_flags |= PL_FLAG_EXEC;
217819Skib		if (td2->td_dbgflags & TDB_FORK) {
217819Skib			pl->pl_flags |= PL_FLAG_FORKED;
217819Skib			pl->pl_child_pid = td2->td_dbg_forked;
304499Sjhb			if (td2->td_dbgflags & TDB_VFORK)
304499Sjhb				pl->pl_flags |= PL_FLAG_VFORKED;
304499Sjhb		} else if ((td2->td_dbgflags & (TDB_SCX | TDB_VFORK)) ==
304499Sjhb		    TDB_VFORK)
304499Sjhb			pl->pl_flags |= PL_FLAG_VFORK_DONE;
231320Skib		if (td2->td_dbgflags & TDB_CHILD)
231320Skib			pl->pl_flags |= PL_FLAG_CHILD;
304017Sjhb		if (td2->td_dbgflags & TDB_BORN)
304017Sjhb			pl->pl_flags |= PL_FLAG_BORN;
304017Sjhb		if (td2->td_dbgflags & TDB_EXIT)
304017Sjhb			pl->pl_flags |= PL_FLAG_EXITED;
155381Sdavidxu		pl->pl_sigmask = td2->td_sigmask;
155381Sdavidxu		pl->pl_siglist = td2->td_siglist;
215679Sattilio		strcpy(pl->pl_tdname, td2->td_name);
289780Sjhb		if ((td2->td_dbgflags & (TDB_SCE | TDB_SCX)) != 0) {
289780Sjhb			pl->pl_syscall_code = td2->td_dbg_sc_code;
289780Sjhb			pl->pl_syscall_narg = td2->td_dbg_sc_narg;
289780Sjhb		} else {
289780Sjhb			pl->pl_syscall_code = 0;
289780Sjhb			pl->pl_syscall_narg = 0;
289780Sjhb		}
209688Skib#ifdef COMPAT_FREEBSD32
209688Skib		if (wrap32)
209688Skib			ptrace_lwpinfo_to32(pl, pl32);
209688Skib#endif
290456Sjhb		CTR6(KTR_PTRACE,
290456Sjhb    "PT_LWPINFO: tid %d (pid %d) event %d flags %#x child pid %d syscall %d",
284343Sjhb		    td2->td_tid, p->p_pid, pl->pl_event, pl->pl_flags,
290456Sjhb		    pl->pl_child_pid, pl->pl_syscall_code);
155922Sjhb		break;
132016Smarcel
132089Sdavidxu	case PT_GETNUMLWPS:
284343Sjhb		CTR2(KTR_PTRACE, "PT_GETNUMLWPS: pid %d: %d threads", p->p_pid,
284343Sjhb		    p->p_numthreads);
132089Sdavidxu		td->td_retval[0] = p->p_numthreads;
155922Sjhb		break;
132089Sdavidxu
132089Sdavidxu	case PT_GETLWPLIST:
284343Sjhb		CTR3(KTR_PTRACE, "PT_GETLWPLIST: pid %d: data %d, actual %d",
284343Sjhb		    p->p_pid, data, p->p_numthreads);
132089Sdavidxu		if (data <= 0) {
155922Sjhb			error = EINVAL;
155922Sjhb			break;
132089Sdavidxu		}
132089Sdavidxu		num = imin(p->p_numthreads, data);
132089Sdavidxu		PROC_UNLOCK(p);
132089Sdavidxu		buf = malloc(num * sizeof(lwpid_t), M_TEMP, M_WAITOK);
132089Sdavidxu		tmp = 0;
132089Sdavidxu		PROC_LOCK(p);
132089Sdavidxu		FOREACH_THREAD_IN_PROC(p, td2) {
132089Sdavidxu			if (tmp >= num)
132089Sdavidxu				break;
132089Sdavidxu			buf[tmp++] = td2->td_tid;
132089Sdavidxu		}
132089Sdavidxu		PROC_UNLOCK(p);
132089Sdavidxu		error = copyout(buf, addr, tmp * sizeof(lwpid_t));
132089Sdavidxu		free(buf, M_TEMP);
132089Sdavidxu		if (!error)
163345Strhodes			td->td_retval[0] = tmp;
155922Sjhb		PROC_LOCK(p);
155922Sjhb		break;
132089Sdavidxu
203696Smarcel	case PT_VM_TIMESTAMP:
284343Sjhb		CTR2(KTR_PTRACE, "PT_VM_TIMESTAMP: pid %d: timestamp %d",
284343Sjhb		    p->p_pid, p->p_vmspace->vm_map.timestamp);
203696Smarcel		td->td_retval[0] = p->p_vmspace->vm_map.timestamp;
203696Smarcel		break;
203696Smarcel
203696Smarcel	case PT_VM_ENTRY:
203783Smarcel		PROC_UNLOCK(p);
205014Snwhitehorn#ifdef COMPAT_FREEBSD32
203783Smarcel		if (wrap32)
203783Smarcel			error = ptrace_vm_entry32(td, p, addr);
203783Smarcel		else
203708Smarcel#endif
203696Smarcel		error = ptrace_vm_entry(td, p, addr);
203696Smarcel		PROC_LOCK(p);
203696Smarcel		break;
203696Smarcel
1945Sdg	default:
118932Smarcel#ifdef __HAVE_PTRACE_MACHDEP
118932Smarcel		if (req >= PT_FIRSTMACH) {
127034Sjhb			PROC_UNLOCK(p);
118932Smarcel			error = cpu_ptrace(td2, req, addr, data);
155922Sjhb			PROC_LOCK(p);
155922Sjhb		} else
118932Smarcel#endif
155922Sjhb			/* Unknown request. */
155922Sjhb			error = EINVAL;
1945Sdg		break;
1945Sdg	}
1945Sdg
155922Sjhbout:
155922Sjhb	/* Drop our hold on this process now that the request has completed. */
155922Sjhb	_PRELE(p);
94556Sjhbfail:
94556Sjhb	PROC_UNLOCK(p);
94556Sjhb	if (proctree_locked)
94556Sjhb		sx_xunlock(&proctree_lock);
94556Sjhb	return (error);
1541Srgrimes}
147692Speter#undef PROC_READ
147692Speter#undef PROC_WRITE
1541Srgrimes
31564Ssef/*
84637Sdes * Stop a process because of a debugging event;
31564Ssef * stay stopped until p->p_step is cleared
31564Ssef * (cleared by PIOCCONT in procfs).
31564Ssef */
31564Ssefvoid
84637Sdesstopevent(struct proc *p, unsigned int event, unsigned int val)
71567Sjhb{
71567Sjhb
113635Sjhb	PROC_LOCK_ASSERT(p, MA_OWNED);
31564Ssef	p->p_step = 1;
284343Sjhb	CTR3(KTR_PTRACE, "stopevent: pid %d event %u val %u", p->p_pid, event,
284343Sjhb	    val);
31564Ssef	do {
31564Ssef		p->p_xstat = val;
132089Sdavidxu		p->p_xthread = NULL;
31564Ssef		p->p_stype = event;	/* Which event caused the stop? */
31564Ssef		wakeup(&p->p_stype);	/* Wake up any PIOCWAIT'ing procs */
71567Sjhb		msleep(&p->p_step, &p->p_mtx, PWAIT, "stopevent", 0);
31564Ssef	} while (p->p_step);
31564Ssef}