/arch/i386/kernel/ptrace.c

https://bitbucket.org/evzijst/gittest · C · 717 lines · 490 code · 90 blank · 137 comment · 90 complexity · d28b75151044cc972e0f1aa0d2486785 MD5 · raw file

  1. /* ptrace.c */
  2. /* By Ross Biro 1/23/92 */
  3. /*
  4. * Pentium III FXSR, SSE support
  5. * Gareth Hughes <gareth@valinux.com>, May 2000
  6. */
  7. #include <linux/kernel.h>
  8. #include <linux/sched.h>
  9. #include <linux/mm.h>
  10. #include <linux/smp.h>
  11. #include <linux/smp_lock.h>
  12. #include <linux/errno.h>
  13. #include <linux/ptrace.h>
  14. #include <linux/user.h>
  15. #include <linux/security.h>
  16. #include <linux/audit.h>
  17. #include <linux/seccomp.h>
  18. #include <asm/uaccess.h>
  19. #include <asm/pgtable.h>
  20. #include <asm/system.h>
  21. #include <asm/processor.h>
  22. #include <asm/i387.h>
  23. #include <asm/debugreg.h>
  24. #include <asm/ldt.h>
  25. #include <asm/desc.h>
  26. /*
  27. * does not yet catch signals sent when the child dies.
  28. * in exit.c or in signal.c.
  29. */
  30. /* determines which flags the user has access to. */
  31. /* 1 = access 0 = no access */
  32. #define FLAG_MASK 0x00044dd5
  33. /* set's the trap flag. */
  34. #define TRAP_FLAG 0x100
  35. /*
  36. * Offset of eflags on child stack..
  37. */
  38. #define EFL_OFFSET ((EFL-2)*4-sizeof(struct pt_regs))
  39. static inline struct pt_regs *get_child_regs(struct task_struct *task)
  40. {
  41. void *stack_top = (void *)task->thread.esp0;
  42. return stack_top - sizeof(struct pt_regs);
  43. }
  44. /*
  45. * this routine will get a word off of the processes privileged stack.
  46. * the offset is how far from the base addr as stored in the TSS.
  47. * this routine assumes that all the privileged stacks are in our
  48. * data space.
  49. */
  50. static inline int get_stack_long(struct task_struct *task, int offset)
  51. {
  52. unsigned char *stack;
  53. stack = (unsigned char *)task->thread.esp0;
  54. stack += offset;
  55. return (*((int *)stack));
  56. }
  57. /*
  58. * this routine will put a word on the processes privileged stack.
  59. * the offset is how far from the base addr as stored in the TSS.
  60. * this routine assumes that all the privileged stacks are in our
  61. * data space.
  62. */
  63. static inline int put_stack_long(struct task_struct *task, int offset,
  64. unsigned long data)
  65. {
  66. unsigned char * stack;
  67. stack = (unsigned char *) task->thread.esp0;
  68. stack += offset;
  69. *(unsigned long *) stack = data;
  70. return 0;
  71. }
  72. static int putreg(struct task_struct *child,
  73. unsigned long regno, unsigned long value)
  74. {
  75. switch (regno >> 2) {
  76. case FS:
  77. if (value && (value & 3) != 3)
  78. return -EIO;
  79. child->thread.fs = value;
  80. return 0;
  81. case GS:
  82. if (value && (value & 3) != 3)
  83. return -EIO;
  84. child->thread.gs = value;
  85. return 0;
  86. case DS:
  87. case ES:
  88. if (value && (value & 3) != 3)
  89. return -EIO;
  90. value &= 0xffff;
  91. break;
  92. case SS:
  93. case CS:
  94. if ((value & 3) != 3)
  95. return -EIO;
  96. value &= 0xffff;
  97. break;
  98. case EFL:
  99. value &= FLAG_MASK;
  100. value |= get_stack_long(child, EFL_OFFSET) & ~FLAG_MASK;
  101. break;
  102. }
  103. if (regno > GS*4)
  104. regno -= 2*4;
  105. put_stack_long(child, regno - sizeof(struct pt_regs), value);
  106. return 0;
  107. }
  108. static unsigned long getreg(struct task_struct *child,
  109. unsigned long regno)
  110. {
  111. unsigned long retval = ~0UL;
  112. switch (regno >> 2) {
  113. case FS:
  114. retval = child->thread.fs;
  115. break;
  116. case GS:
  117. retval = child->thread.gs;
  118. break;
  119. case DS:
  120. case ES:
  121. case SS:
  122. case CS:
  123. retval = 0xffff;
  124. /* fall through */
  125. default:
  126. if (regno > GS*4)
  127. regno -= 2*4;
  128. regno = regno - sizeof(struct pt_regs);
  129. retval &= get_stack_long(child, regno);
  130. }
  131. return retval;
  132. }
  133. #define LDT_SEGMENT 4
  134. static unsigned long convert_eip_to_linear(struct task_struct *child, struct pt_regs *regs)
  135. {
  136. unsigned long addr, seg;
  137. addr = regs->eip;
  138. seg = regs->xcs & 0xffff;
  139. if (regs->eflags & VM_MASK) {
  140. addr = (addr & 0xffff) + (seg << 4);
  141. return addr;
  142. }
  143. /*
  144. * We'll assume that the code segments in the GDT
  145. * are all zero-based. That is largely true: the
  146. * TLS segments are used for data, and the PNPBIOS
  147. * and APM bios ones we just ignore here.
  148. */
  149. if (seg & LDT_SEGMENT) {
  150. u32 *desc;
  151. unsigned long base;
  152. down(&child->mm->context.sem);
  153. desc = child->mm->context.ldt + (seg & ~7);
  154. base = (desc[0] >> 16) | ((desc[1] & 0xff) << 16) | (desc[1] & 0xff000000);
  155. /* 16-bit code segment? */
  156. if (!((desc[1] >> 22) & 1))
  157. addr &= 0xffff;
  158. addr += base;
  159. up(&child->mm->context.sem);
  160. }
  161. return addr;
  162. }
  163. static inline int is_at_popf(struct task_struct *child, struct pt_regs *regs)
  164. {
  165. int i, copied;
  166. unsigned char opcode[16];
  167. unsigned long addr = convert_eip_to_linear(child, regs);
  168. copied = access_process_vm(child, addr, opcode, sizeof(opcode), 0);
  169. for (i = 0; i < copied; i++) {
  170. switch (opcode[i]) {
  171. /* popf */
  172. case 0x9d:
  173. return 1;
  174. /* opcode and address size prefixes */
  175. case 0x66: case 0x67:
  176. continue;
  177. /* irrelevant prefixes (segment overrides and repeats) */
  178. case 0x26: case 0x2e:
  179. case 0x36: case 0x3e:
  180. case 0x64: case 0x65:
  181. case 0xf0: case 0xf2: case 0xf3:
  182. continue;
  183. /*
  184. * pushf: NOTE! We should probably not let
  185. * the user see the TF bit being set. But
  186. * it's more pain than it's worth to avoid
  187. * it, and a debugger could emulate this
  188. * all in user space if it _really_ cares.
  189. */
  190. case 0x9c:
  191. default:
  192. return 0;
  193. }
  194. }
  195. return 0;
  196. }
  197. static void set_singlestep(struct task_struct *child)
  198. {
  199. struct pt_regs *regs = get_child_regs(child);
  200. /*
  201. * Always set TIF_SINGLESTEP - this guarantees that
  202. * we single-step system calls etc.. This will also
  203. * cause us to set TF when returning to user mode.
  204. */
  205. set_tsk_thread_flag(child, TIF_SINGLESTEP);
  206. /*
  207. * If TF was already set, don't do anything else
  208. */
  209. if (regs->eflags & TRAP_FLAG)
  210. return;
  211. /* Set TF on the kernel stack.. */
  212. regs->eflags |= TRAP_FLAG;
  213. /*
  214. * ..but if TF is changed by the instruction we will trace,
  215. * don't mark it as being "us" that set it, so that we
  216. * won't clear it by hand later.
  217. */
  218. if (is_at_popf(child, regs))
  219. return;
  220. child->ptrace |= PT_DTRACE;
  221. }
  222. static void clear_singlestep(struct task_struct *child)
  223. {
  224. /* Always clear TIF_SINGLESTEP... */
  225. clear_tsk_thread_flag(child, TIF_SINGLESTEP);
  226. /* But touch TF only if it was set by us.. */
  227. if (child->ptrace & PT_DTRACE) {
  228. struct pt_regs *regs = get_child_regs(child);
  229. regs->eflags &= ~TRAP_FLAG;
  230. child->ptrace &= ~PT_DTRACE;
  231. }
  232. }
  233. /*
  234. * Called by kernel/ptrace.c when detaching..
  235. *
  236. * Make sure the single step bit is not set.
  237. */
  238. void ptrace_disable(struct task_struct *child)
  239. {
  240. clear_singlestep(child);
  241. }
  242. /*
  243. * Perform get_thread_area on behalf of the traced child.
  244. */
  245. static int
  246. ptrace_get_thread_area(struct task_struct *child,
  247. int idx, struct user_desc __user *user_desc)
  248. {
  249. struct user_desc info;
  250. struct desc_struct *desc;
  251. /*
  252. * Get the current Thread-Local Storage area:
  253. */
  254. #define GET_BASE(desc) ( \
  255. (((desc)->a >> 16) & 0x0000ffff) | \
  256. (((desc)->b << 16) & 0x00ff0000) | \
  257. ( (desc)->b & 0xff000000) )
  258. #define GET_LIMIT(desc) ( \
  259. ((desc)->a & 0x0ffff) | \
  260. ((desc)->b & 0xf0000) )
  261. #define GET_32BIT(desc) (((desc)->b >> 22) & 1)
  262. #define GET_CONTENTS(desc) (((desc)->b >> 10) & 3)
  263. #define GET_WRITABLE(desc) (((desc)->b >> 9) & 1)
  264. #define GET_LIMIT_PAGES(desc) (((desc)->b >> 23) & 1)
  265. #define GET_PRESENT(desc) (((desc)->b >> 15) & 1)
  266. #define GET_USEABLE(desc) (((desc)->b >> 20) & 1)
  267. if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
  268. return -EINVAL;
  269. desc = child->thread.tls_array + idx - GDT_ENTRY_TLS_MIN;
  270. info.entry_number = idx;
  271. info.base_addr = GET_BASE(desc);
  272. info.limit = GET_LIMIT(desc);
  273. info.seg_32bit = GET_32BIT(desc);
  274. info.contents = GET_CONTENTS(desc);
  275. info.read_exec_only = !GET_WRITABLE(desc);
  276. info.limit_in_pages = GET_LIMIT_PAGES(desc);
  277. info.seg_not_present = !GET_PRESENT(desc);
  278. info.useable = GET_USEABLE(desc);
  279. if (copy_to_user(user_desc, &info, sizeof(info)))
  280. return -EFAULT;
  281. return 0;
  282. }
  283. /*
  284. * Perform set_thread_area on behalf of the traced child.
  285. */
  286. static int
  287. ptrace_set_thread_area(struct task_struct *child,
  288. int idx, struct user_desc __user *user_desc)
  289. {
  290. struct user_desc info;
  291. struct desc_struct *desc;
  292. if (copy_from_user(&info, user_desc, sizeof(info)))
  293. return -EFAULT;
  294. if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
  295. return -EINVAL;
  296. desc = child->thread.tls_array + idx - GDT_ENTRY_TLS_MIN;
  297. if (LDT_empty(&info)) {
  298. desc->a = 0;
  299. desc->b = 0;
  300. } else {
  301. desc->a = LDT_entry_a(&info);
  302. desc->b = LDT_entry_b(&info);
  303. }
  304. return 0;
  305. }
  306. asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
  307. {
  308. struct task_struct *child;
  309. struct user * dummy = NULL;
  310. int i, ret;
  311. unsigned long __user *datap = (unsigned long __user *)data;
  312. lock_kernel();
  313. ret = -EPERM;
  314. if (request == PTRACE_TRACEME) {
  315. /* are we already being traced? */
  316. if (current->ptrace & PT_PTRACED)
  317. goto out;
  318. ret = security_ptrace(current->parent, current);
  319. if (ret)
  320. goto out;
  321. /* set the ptrace bit in the process flags. */
  322. current->ptrace |= PT_PTRACED;
  323. ret = 0;
  324. goto out;
  325. }
  326. ret = -ESRCH;
  327. read_lock(&tasklist_lock);
  328. child = find_task_by_pid(pid);
  329. if (child)
  330. get_task_struct(child);
  331. read_unlock(&tasklist_lock);
  332. if (!child)
  333. goto out;
  334. ret = -EPERM;
  335. if (pid == 1) /* you may not mess with init */
  336. goto out_tsk;
  337. if (request == PTRACE_ATTACH) {
  338. ret = ptrace_attach(child);
  339. goto out_tsk;
  340. }
  341. ret = ptrace_check_attach(child, request == PTRACE_KILL);
  342. if (ret < 0)
  343. goto out_tsk;
  344. switch (request) {
  345. /* when I and D space are separate, these will need to be fixed. */
  346. case PTRACE_PEEKTEXT: /* read word at location addr. */
  347. case PTRACE_PEEKDATA: {
  348. unsigned long tmp;
  349. int copied;
  350. copied = access_process_vm(child, addr, &tmp, sizeof(tmp), 0);
  351. ret = -EIO;
  352. if (copied != sizeof(tmp))
  353. break;
  354. ret = put_user(tmp, datap);
  355. break;
  356. }
  357. /* read the word at location addr in the USER area. */
  358. case PTRACE_PEEKUSR: {
  359. unsigned long tmp;
  360. ret = -EIO;
  361. if ((addr & 3) || addr < 0 ||
  362. addr > sizeof(struct user) - 3)
  363. break;
  364. tmp = 0; /* Default return condition */
  365. if(addr < FRAME_SIZE*sizeof(long))
  366. tmp = getreg(child, addr);
  367. if(addr >= (long) &dummy->u_debugreg[0] &&
  368. addr <= (long) &dummy->u_debugreg[7]){
  369. addr -= (long) &dummy->u_debugreg[0];
  370. addr = addr >> 2;
  371. tmp = child->thread.debugreg[addr];
  372. }
  373. ret = put_user(tmp, datap);
  374. break;
  375. }
  376. /* when I and D space are separate, this will have to be fixed. */
  377. case PTRACE_POKETEXT: /* write the word at location addr. */
  378. case PTRACE_POKEDATA:
  379. ret = 0;
  380. if (access_process_vm(child, addr, &data, sizeof(data), 1) == sizeof(data))
  381. break;
  382. ret = -EIO;
  383. break;
  384. case PTRACE_POKEUSR: /* write the word at location addr in the USER area */
  385. ret = -EIO;
  386. if ((addr & 3) || addr < 0 ||
  387. addr > sizeof(struct user) - 3)
  388. break;
  389. if (addr < FRAME_SIZE*sizeof(long)) {
  390. ret = putreg(child, addr, data);
  391. break;
  392. }
  393. /* We need to be very careful here. We implicitly
  394. want to modify a portion of the task_struct, and we
  395. have to be selective about what portions we allow someone
  396. to modify. */
  397. ret = -EIO;
  398. if(addr >= (long) &dummy->u_debugreg[0] &&
  399. addr <= (long) &dummy->u_debugreg[7]){
  400. if(addr == (long) &dummy->u_debugreg[4]) break;
  401. if(addr == (long) &dummy->u_debugreg[5]) break;
  402. if(addr < (long) &dummy->u_debugreg[4] &&
  403. ((unsigned long) data) >= TASK_SIZE-3) break;
  404. /* Sanity-check data. Take one half-byte at once with
  405. * check = (val >> (16 + 4*i)) & 0xf. It contains the
  406. * R/Wi and LENi bits; bits 0 and 1 are R/Wi, and bits
  407. * 2 and 3 are LENi. Given a list of invalid values,
  408. * we do mask |= 1 << invalid_value, so that
  409. * (mask >> check) & 1 is a correct test for invalid
  410. * values.
  411. *
  412. * R/Wi contains the type of the breakpoint /
  413. * watchpoint, LENi contains the length of the watched
  414. * data in the watchpoint case.
  415. *
  416. * The invalid values are:
  417. * - LENi == 0x10 (undefined), so mask |= 0x0f00.
  418. * - R/Wi == 0x10 (break on I/O reads or writes), so
  419. * mask |= 0x4444.
  420. * - R/Wi == 0x00 && LENi != 0x00, so we have mask |=
  421. * 0x1110.
  422. *
  423. * Finally, mask = 0x0f00 | 0x4444 | 0x1110 == 0x5f54.
  424. *
  425. * See the Intel Manual "System Programming Guide",
  426. * 15.2.4
  427. *
  428. * Note that LENi == 0x10 is defined on x86_64 in long
  429. * mode (i.e. even for 32-bit userspace software, but
  430. * 64-bit kernel), so the x86_64 mask value is 0x5454.
  431. * See the AMD manual no. 24593 (AMD64 System
  432. * Programming)*/
  433. if(addr == (long) &dummy->u_debugreg[7]) {
  434. data &= ~DR_CONTROL_RESERVED;
  435. for(i=0; i<4; i++)
  436. if ((0x5f54 >> ((data >> (16 + 4*i)) & 0xf)) & 1)
  437. goto out_tsk;
  438. }
  439. addr -= (long) &dummy->u_debugreg;
  440. addr = addr >> 2;
  441. child->thread.debugreg[addr] = data;
  442. ret = 0;
  443. }
  444. break;
  445. case PTRACE_SYSCALL: /* continue and stop at next (return from) syscall */
  446. case PTRACE_CONT: /* restart after signal. */
  447. ret = -EIO;
  448. if ((unsigned long) data > _NSIG)
  449. break;
  450. if (request == PTRACE_SYSCALL) {
  451. set_tsk_thread_flag(child, TIF_SYSCALL_TRACE);
  452. }
  453. else {
  454. clear_tsk_thread_flag(child, TIF_SYSCALL_TRACE);
  455. }
  456. child->exit_code = data;
  457. /* make sure the single step bit is not set. */
  458. clear_singlestep(child);
  459. wake_up_process(child);
  460. ret = 0;
  461. break;
  462. /*
  463. * make the child exit. Best I can do is send it a sigkill.
  464. * perhaps it should be put in the status that it wants to
  465. * exit.
  466. */
  467. case PTRACE_KILL:
  468. ret = 0;
  469. if (child->exit_state == EXIT_ZOMBIE) /* already dead */
  470. break;
  471. child->exit_code = SIGKILL;
  472. /* make sure the single step bit is not set. */
  473. clear_singlestep(child);
  474. wake_up_process(child);
  475. break;
  476. case PTRACE_SINGLESTEP: /* set the trap flag. */
  477. ret = -EIO;
  478. if ((unsigned long) data > _NSIG)
  479. break;
  480. clear_tsk_thread_flag(child, TIF_SYSCALL_TRACE);
  481. set_singlestep(child);
  482. child->exit_code = data;
  483. /* give it a chance to run. */
  484. wake_up_process(child);
  485. ret = 0;
  486. break;
  487. case PTRACE_DETACH:
  488. /* detach a process that was attached. */
  489. ret = ptrace_detach(child, data);
  490. break;
  491. case PTRACE_GETREGS: { /* Get all gp regs from the child. */
  492. if (!access_ok(VERIFY_WRITE, datap, FRAME_SIZE*sizeof(long))) {
  493. ret = -EIO;
  494. break;
  495. }
  496. for ( i = 0; i < FRAME_SIZE*sizeof(long); i += sizeof(long) ) {
  497. __put_user(getreg(child, i), datap);
  498. datap++;
  499. }
  500. ret = 0;
  501. break;
  502. }
  503. case PTRACE_SETREGS: { /* Set all gp regs in the child. */
  504. unsigned long tmp;
  505. if (!access_ok(VERIFY_READ, datap, FRAME_SIZE*sizeof(long))) {
  506. ret = -EIO;
  507. break;
  508. }
  509. for ( i = 0; i < FRAME_SIZE*sizeof(long); i += sizeof(long) ) {
  510. __get_user(tmp, datap);
  511. putreg(child, i, tmp);
  512. datap++;
  513. }
  514. ret = 0;
  515. break;
  516. }
  517. case PTRACE_GETFPREGS: { /* Get the child FPU state. */
  518. if (!access_ok(VERIFY_WRITE, datap,
  519. sizeof(struct user_i387_struct))) {
  520. ret = -EIO;
  521. break;
  522. }
  523. ret = 0;
  524. if (!tsk_used_math(child))
  525. init_fpu(child);
  526. get_fpregs((struct user_i387_struct __user *)data, child);
  527. break;
  528. }
  529. case PTRACE_SETFPREGS: { /* Set the child FPU state. */
  530. if (!access_ok(VERIFY_READ, datap,
  531. sizeof(struct user_i387_struct))) {
  532. ret = -EIO;
  533. break;
  534. }
  535. set_stopped_child_used_math(child);
  536. set_fpregs(child, (struct user_i387_struct __user *)data);
  537. ret = 0;
  538. break;
  539. }
  540. case PTRACE_GETFPXREGS: { /* Get the child extended FPU state. */
  541. if (!access_ok(VERIFY_WRITE, datap,
  542. sizeof(struct user_fxsr_struct))) {
  543. ret = -EIO;
  544. break;
  545. }
  546. if (!tsk_used_math(child))
  547. init_fpu(child);
  548. ret = get_fpxregs((struct user_fxsr_struct __user *)data, child);
  549. break;
  550. }
  551. case PTRACE_SETFPXREGS: { /* Set the child extended FPU state. */
  552. if (!access_ok(VERIFY_READ, datap,
  553. sizeof(struct user_fxsr_struct))) {
  554. ret = -EIO;
  555. break;
  556. }
  557. set_stopped_child_used_math(child);
  558. ret = set_fpxregs(child, (struct user_fxsr_struct __user *)data);
  559. break;
  560. }
  561. case PTRACE_GET_THREAD_AREA:
  562. ret = ptrace_get_thread_area(child, addr,
  563. (struct user_desc __user *) data);
  564. break;
  565. case PTRACE_SET_THREAD_AREA:
  566. ret = ptrace_set_thread_area(child, addr,
  567. (struct user_desc __user *) data);
  568. break;
  569. default:
  570. ret = ptrace_request(child, request, addr, data);
  571. break;
  572. }
  573. out_tsk:
  574. put_task_struct(child);
  575. out:
  576. unlock_kernel();
  577. return ret;
  578. }
  579. void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, int error_code)
  580. {
  581. struct siginfo info;
  582. tsk->thread.trap_no = 1;
  583. tsk->thread.error_code = error_code;
  584. memset(&info, 0, sizeof(info));
  585. info.si_signo = SIGTRAP;
  586. info.si_code = TRAP_BRKPT;
  587. /* User-mode eip? */
  588. info.si_addr = user_mode(regs) ? (void __user *) regs->eip : NULL;
  589. /* Send us the fakey SIGTRAP */
  590. force_sig_info(SIGTRAP, &info, tsk);
  591. }
  592. /* notification of system call entry/exit
  593. * - triggered by current->work.syscall_trace
  594. */
  595. __attribute__((regparm(3)))
  596. void do_syscall_trace(struct pt_regs *regs, int entryexit)
  597. {
  598. /* do the secure computing check first */
  599. secure_computing(regs->orig_eax);
  600. if (unlikely(current->audit_context)) {
  601. if (!entryexit)
  602. audit_syscall_entry(current, regs->orig_eax,
  603. regs->ebx, regs->ecx,
  604. regs->edx, regs->esi);
  605. else
  606. audit_syscall_exit(current, regs->eax);
  607. }
  608. if (!(current->ptrace & PT_PTRACED))
  609. return;
  610. /* Fake a debug trap */
  611. if (test_thread_flag(TIF_SINGLESTEP))
  612. send_sigtrap(current, regs, 0);
  613. if (!test_thread_flag(TIF_SYSCALL_TRACE))
  614. return;
  615. /* the 0x80 provides a way for the tracing parent to distinguish
  616. between a syscall stop and SIGTRAP delivery */
  617. ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) ? 0x80 : 0));
  618. /*
  619. * this isn't the same as continuing with a signal, but it will do
  620. * for normal use. strace only continues with a signal if the
  621. * stopping signal is not SIGTRAP. -brl
  622. */
  623. if (current->exit_code) {
  624. send_sig(current->exit_code, current, 1);
  625. current->exit_code = 0;
  626. }
  627. }