Up to [cvs.NetBSD.org] / src / sys / kern
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Pull up following revision(s) (requested by hgutch in ticket #1039): sys/kern/sys_process_lwpstatus.c: revision 1.5 sys/sys/ptrace.h: revision 1.77 sys/kern/sys_ptrace_common.c: revision 1.96 PR/58983: Harold Gutch: Fix INSTALL_FLOPPY on i386. Make the register handling code conditional on if PTRACE is enabled in the kernel.
PR/58983: Harold Gutch: Fix INSTALL_FLOPPY on i386. Make the register handling code conditional on if PTRACE is enabled in the kernel.
check both for PT_KILL and SIGKILL.
PR/58896: Martin Husemann: PT_KILL will not deliver a kill signal to a stopped process: When the process is stopped, the code resumes it instead of sending the signal. Change it so that if we are sending SIGKILL, resume and send the signal.
Complete ptrace strings array and add some more debugging.
fix various typos in compatibility, mainly in comments.
Sync w/ HEAD.
Merge the two separate sets of init/fini routines and unbreak the build. XXX Still does not fix the problems noted with 32-bit arm - that will need a lot more thought.
Finish the proper naming of the module init/fini routines. Should fix the "ptrace cannot be used by unpriv user" issue reported by Rin Okuyama (thanks for the detailed report and analysis).
Separate the compat_netbsd32_coredump from the compat_netbsd32 and coredump modules, into its own module. Welcome to 7.99.75 !!!
ptrace_Common is a module unto itself. Don't use the ptrace module's init/fini routines.
Basic register read/write functionality and lwp setting are always provided by the kernel because they are needed by multiple things (ptrace/procfs/coredump), so move them to sys_process_lwpstatus (this file should be renamed to sys_process_common.c?)
Rollback unintended changes in the previous commit
Remove obsolete references to 4.4BSD papers
Pull up following revision(s) (requested by kamil in ticket #1117): sys/arch/sh3/include/ptrace.h: revision 1.19 sys/arch/amd64/amd64/process_machdep.c: revision 1.48 sys/arch/sh3/sh3/process_machdep.c: revision 1.23 sys/arch/sh3/sh3/process_machdep.c: revision 1.24 sys/arch/i386/i386/process_machdep.c: revision 1.95 sys/arch/x86/x86/fpu.c (apply patch) sys/kern/sys_ptrace_common.c: revision 1.84 sys/arch/powerpc/powerpc/process_machdep.c: revision 1.40 sys/sys/ptrace.h: revision 1.71 sys/arch/powerpc/powerpc/process_machdep.c: revision 1.41 (all via patch, adapted) Fix s87_tw reconstruction to correctly indicate register states Fix the code reconstructing s87_tw (full tag word) from fx_sw (abridged tag word) to correctly represent all register states. The previous code only distinguished between empty/non-empty registers, and assigned 'regular value' to all non-empty registers. The new code explicitly distinguishes the two other tag word values: empty and special. Fix the machine-dependent ptrace register-related requests (e.g. PT_GETXMMREGS, PT_GETXSTATE on x86) to correctly respect the LWP number passed as the data argument. Before this change, these requests did not operate on the requested LWP of a multithreaded program. This change required moving ptrace_update_lwp() out of unit scope, and changing ptrace_machdep_dorequest() function to take a pointer to pointer as the second argument, consistently with ptrace_regs(). I am planning to extend the ATF ptrace() register tests in the future to check for regressions in multithreaded programs, as time permits. Reviewed by kamil. Add missing 'error' declaration
Fix the machine-dependent ptrace requests to respect LWP number Fix the machine-dependent ptrace register-related requests (e.g. PT_GETXMMREGS, PT_GETXSTATE on x86) to correctly respect the LWP number passed as the data argument. Before this change, these requests did not operate on the requested LWP of a multithreaded program. This change required moving ptrace_update_lwp() out of unit scope, and changing ptrace_machdep_dorequest() function to take a pointer to pointer as the second argument, consistently with ptrace_regs(). I am planning to extend the ATF ptrace() register tests in the future to check for regressions in multithreaded programs, as time permits. Reviewed by kamil.
Introduce PTRACE_REGS_ALIGN, and on x86, enforce a 16-byte alignment, due to fpregs having fxsave which requires 16-byte alignment. Reported-by: syzbot+f44d47e617ebf7fda081@syzkaller.appspotmail.com
Avoid taking lwp_lock when calling process_sstep() for sibling LWPs This makes the code consistend between single-threaded and multi-threaded code.
Move proc_lock into the data segment. It was dynamically allocated because at the time we had mutex_obj_alloc() but not __cacheline_aligned.
Introduce new ptrace(2) operations: PT_SET_SIGPASS and PT_GET_SIGPASS They deliver the logic of bypassing selected signals directly to the debuggee, without informing the debugger. This can be used to implement the QPassSignals GDB/LLDB protocol. This call can be useful to avoid signal races in ATF ptrace tests.
Clear PSL_TRACEDCHILD on ptrace(PT_DETACH) This avoids potential race of detaching and attaching to a prestarted process and receiving SIGTRAP instead of SIGSTOP.
Mostly merge changes from HEAD upto 20200411
Sync with head.
pass the address of the field, instead of relying on it being the first field of the structure, no functional change, ok kamil
Correct the rule to iterate over LWPs with PT_LWPNEXT and PT_LWPINFO Correctly exclude dead/dying/zombie and system threads. Fixes kern/54802 (gdb -p kills the kernel) by <martin>
Put ptrace_read_lwpstatus() and process_read_lwpstatus() to a new file Fixes "no PTRACE" kernel build, in particular zaurus kernel=INSTALL_C700.
Cast PTRACE_LWP_GETPRIVATE to (void *) through (intptr_t) Fixes sparc build.
Introduce PT_LWPSTATUS + PT_LWPNEXT, obsolete PT_LWPINFO PT_LWPINFO is a legacy ptrace(2) operation that was originally intended to retrieve the thread (LWP) information inside a traced process. It has a number of flaws and is confused with PT_LWPINFO from FreeBSD. PT_LWPSTATUS and PT_LWPNEXT address the problems (shortly by: rename, removal of pl_event) and introduces new features: signal context (pl_sigpend, pl_sigmask), LWP name (pl_name), LWP TLS base address (pl_private). The private pointer was so far missing information for a debugger. PT_LWPSTATUS@nnn is now shipped with core(5) files and contain LWP specific information, so far missed in the core(5) files. PT_LWPSTATUS retrieves LWP information for the prompted thread. PT_LWPNEXT retrieves LWP information for the next thread, borrowing the semantics from NetBSD specific PT_LWPINFO. PT_LWPINFO is namespaced with __LEGACY_PT_LWPINFO and still available for the foreseeable future, without plans of removing it. Add ATF tests for PT_LWPSTATUS + PT_LWPNEXT. Keep ATF tests for PT_LWPINFO. Switch GDB to new API. Proposed on tech-kern@.
Pull up following revision(s) (requested by rin in ticket #465): sys/kern/sys_ptrace_common.c: revision 1.73 Fix regression introduced to ptrace_regs() in rev 1.27: http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/kern/sys_ptrace_common.c#rev1.27 Size of registers should be determined from tracer, NOT tracee. Now, 64-bit tracer can manipulate registers of 32-bit tracee again. gdb for amd64 works for i386 binaries to some extent. XXX pullup to netbsd-9 and -8.
Pull up following revision(s) (requested by rin in ticket #1456): sys/kern/sys_ptrace_common.c: revision 1.73 Fix regression introduced to ptrace_regs() in rev 1.27: http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/kern/sys_ptrace_common.c#rev1.27 Size of registers should be determined from tracer, NOT tracee. Now, 64-bit tracer can manipulate registers of 32-bit tracee again. gdb for amd64 works for i386 binaries to some extent. XXX pullup to netbsd-9 and -8.
Fix regression introduced to ptrace_regs() in rev 1.27: http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/kern/sys_ptrace_common.c#rev1.27 Size of registers should be determined from tracer, NOT tracee. Now, 64-bit tracer can manipulate registers of 32-bit tracee again. gdb for amd64 works for i386 binaries to some extent. XXX pullup to netbsd-9 and -8.
Pull up following revision(s) (requested by rin in ticket #455): sys/kern/sys_ptrace_common.c: revision 1.72 Fix pointer arithmetic for 32-bit process on LP64 kernel in process_auxv_offset(). Now, PIOD_READ_AUXV works fine with COMPAT_NETBSD32. XXX pullup to netbsd-9 and netbsd-8
Pull up following revision(s) (requested by rin in ticket #1452): sys/kern/sys_ptrace_common.c: revision 1.72 Fix pointer arithmetic for 32-bit process on LP64 kernel in process_auxv_offset(). Now, PIOD_READ_AUXV works fine with COMPAT_NETBSD32. XXX pullup to netbsd-9 and netbsd-8
Fix pointer arithmetic for 32-bit process on LP64 kernel in process_auxv_offset(). Now, PIOD_READ_AUXV works fine with COMPAT_NETBSD32. XXX pullup to netbsd-9 and netbsd-8
Return success if no coredump module is loaded/hooked.
Pull up following revision(s) (requested by pgoyette in ticket #413): sys/kern/kern_core.c: revision 1.27 (patch) sys/kern/kern_sig.c: revision 1.377 (patch) sys/kern/kern_sig.c: revision 1.378 (patch) sys/kern/sys_sig.c: revision 1.50 sys/kern/sys_ptrace_common.c: revision 1.70 sys/kern/compat_stub.c: revision 1.16 sys/compat/common/kern_sig_16.c: revision 1.4 sys/kern/compat_stub.c: revision 1.17 sys/sys/compat_stub.h: revision 1.20 sys/sys/signalvar.h: revision 1.98 sys/sys/compat_stub.h: revision 1.21 sys/sys/signalvar.h: revision 1.99 Convert the sendsig_sigcontext_16 function pointer to use the new compat_hook mechanism. XXX Despite being a kernel<-->module abi change, this should be XXX pulled up to -9 - Convert the coredump_vec modular function pointer to use the new compat_hook mechanism. XXX Should be pulled up to -9 despite the kernel <--> module ABI XXX change.
Convert the coredump_vec modular function pointer to use the new compat_hook mechanism. XXX Should be pulled up to -9 despite the kernel <--> module ABI XXX change.
Pull up following revision(s) (requested by kamil in ticket #366): tests/lib/libc/sys/t_ptrace_wait.c: revision 1.136 sys/kern/kern_sig.c: revision 1.373 tests/lib/libc/sys/t_ptrace_wait.c: revision 1.138 tests/lib/libc/sys/t_ptrace_wait.c: revision 1.139 sys/kern/kern_sig.c: revision 1.376 tests/lib/libc/sys/t_ptrace_wait.c: revision 1.140 sys/kern/sys_ptrace_common.c: revision 1.64 Fix typo in a comment Enable TEST_LWP_ENABLED in t_ptrace_wait* The LWP events (created, exited) are now reliable in my local tests. PR kern/51420 PR kern/51995 Remove the short-circuit lwp_exit() path from sigswitch() sigswitch() can be called from exit1() through: ttywait()->ttysleep()-> cv_timedwait_sig()->sleepq_block()->issignal()->sigswitch() lwp_exit() called for the last LWP triggers exit1() and this causes a panic. The debugger related signals have short-circuit demise paths in eventswitch() and other functions, before calling sigswitch(). This change restores the original behavior, but there is an open question whether the kernel crash is a red herring of misbehavior of ttywait(). This should fix PR kern/54618 by David H. Gutteridge Fix a race condition when handling concurrent LWP signals and add a test Fix a race condition that caused PT_GET_SIGINFO to return incorrect information when multiple signals were delivered concurrently to different LWPs. Add a regression test that verifies that when 50 threads concurrently use pthread_kill() on themselves, the debugger receives all signals with correct information. The kernel uses separate signal queues for each LWP. However, the signal context used to implement PT_GET_SIGINFO is stored in 'struct proc' and therefore common to all LWPs in the process. Previously, this member was filled in kpsignal2(), i.e. when the signal was sent. This meant that if another LWP managed to send another signal concurrently, the data was overwritten before the process was stopped. As a result, PT_GET_SIGINFO did not report the correct LWP and signal (it could even report a different signal than wait()). This can be quite reliably reproduced with the number of 20 LWPs, however it can also occur with 10. This patch moves setting of signal context to issignal(), just before the process is actually stopped. The data is taken from per-LWP or per-process signal queue. The added test confirms that the debugger correctly receives all signals, and PT_GET_SIGINFO reports both correct LWP and signal number. Reviewed by kamil. Remove preprocessor switch TEST_VFORK_ENABLED in t_ptrace_wait* vfork(2) tests are now enabled always and confirmed to be stable. Remove preprocessor switch TEST_LWP_ENABLED in t_ptrace_wait* LWP tests are now enabled always and confirmed to be stable.
Add and use __FPTRCAST, requested by uwe@
Add void * function pointer casts. There are different ways to "fix" those warnings: 1. this one: add a void * cast (which I think is the least intrusive) 2. add pragmas to elide the warning 3. add intermediate inline conversion functions 4. change the called function prototypes, adding unused arguments and converting some of the pointer arguments to void *. 5. make the functions varyadic (which defeats the purpose of checking) 6. pass command line flags to elide the warning I did try 3 and 4 and I was not pleased with the result (sys_ptrace_common.c) (3) added too much code and defines, and (4) made the regular use clumsy.
Pull up following revision(s) (requested by kamil in ticket #325): sys/sys/ptrace.h: revision 1.66 sys/kern/sys_ptrace_common.c: revision 1.66 Introduce new ptrace(2) operation PT_STOP It works like: - kill(SIGSTOP) for unstopped tracee - ptrace(PT_CONTINUE,SIGSTOP) for stopped tracee The child will be stopped and always possible to be waited (with wait(2) like calls). For stopped traccee kill(SIGSTOP) has no effect. PT_CONTINUE+SIGSTOP cannot be used on an unstopped process (EBUSY). This operation is modeled after PT_KILL that is similar for the SIGKILL call. While there, allow PT_KILL on unstopped traced child. This operation is useful in an abnormal exit of a debugger from a signal handler, usually followed by waitpid(2) and ptrace(PT_DETACH).
Pull up following revision(s) (requested by kamil in ticket #323): sys/kern/sys_ptrace_common.c: revision 1.65 Correct the same expression on both sides of | PR sw-bug/54610 by David Binderman
Pull up following revision(s) (requested by kamil in ticket #321): sys/kern/sys_ptrace_common.c: revision 1.63 Add two KASSERTS in the ptrace(2) kernel code Verify that we will never return empty ptrace_state for CHILD/LWP event.
Pull up following revision(s) (requested by kamil in ticket #320): sys/kern/kern_synch.c: revision 1.324 sys/kern/kern_sig.c: revision 1.366 sys/kern/kern_exit.c: revision 1.277 sys/kern/kern_lwp.c: revision 1.204 sys/kern/sys_ptrace_common.c: revision 1.62 Separate flag for suspended by _lwp_suspend and suspended by a debugger Once a thread was stopped with ptrace(2), userland process must not be able to unstop it deliberately or by an accident. This was a Windows-style behavior that makes threading tracing fragile.
Pull up following revision(s) (requested by kamil in ticket #319): sys/kern/sys_ptrace_common.c: revision 1.61 Remove 2 static asserts from the kernel ptrace code sizeof(pid) and sizeof(lwp) will unlikely ever change and the check can confuse. The assert has been moved to ATF t_ptrace_wait.c r.1.132. Requested by <christos>
Pull up following revision(s) (requested by kamil in ticket #313): sys/kern/sys_ptrace_common.c: revision 1.60 Restore the old behavior in PT_GET_PROCESS_STATE For !child and !lwp events return zeroed struct ptrace_state. There is code that depends on it (GDB). Fixes PR toolchain/54590 by martin@
Pull up following revision(s) (requested by kamil in ticket #311): sys/sys/siginfo.h: revision 1.34 sys/kern/sys_ptrace_common.c: revision 1.59 sys/kern/sys_lwp.c: revision 1.70 sys/compat/sys/siginfo.h: revision 1.8 sys/kern/kern_sig.c: revision 1.365 sys/kern/kern_lwp.c: revision 1.203 sys/sys/signalvar.h: revision 1.96 sys/kern/kern_exec.c: revision 1.482 sys/kern/kern_fork.c: revision 1.214 Move TRAP_CHLD/TRAP_LWP ptrace information from struct proc to siginfo Storing struct ptrace_state information inside struct proc was vulnerable to synchronization bugs, as multiple events emitted in the same time were overwritting other ones. Cache the original parent process id in p_oppid. Reusing here p_opptr is in theory prone to slight race codition. Change the semantics of PT_GET_PROCESS_STATE, reutning EINVAL for calls prompting for the value in cases when there wasn't registered an appropriate event. Add an alternative approach to check the ptrace_state information, directly from the siginfo_t value returned from PT_GET_SIGINFO. The original PT_GET_PROCESS_STATE approach is kept for compat with older NetBSD and OpenBSD. New code is recommended to keep using PT_GET_PROCESS_STATE. Add a couple of compile-time asserts for assumptions in the code. No functional change intended in existing ptrace(2) software. All ATF ptrace(2) and ATF GDB tests pass. This change improves reliability of the threading ptrace(2) code.
Pull up following revision(s) (requested by kamil in ticket #309): sys/kern/sys_ptrace_common.c: revision 1.67 Avoid signed integer overflow for -lwp where lwp is INT_MIN
Avoid signed integer overflow for -lwp where lwp is INT_MIN Reported-by: syzbot+68b80b44b898e66da3fc@syzkaller.appspotmail.com
Introduce new ptrace(2) operation PT_STOP It works like: - kill(SIGSTOP) for unstopped tracee - ptrace(PT_CONTINUE,SIGSTOP) for stopped tracee The child will be stopped and always possible to be waited (with wait(2) like calls). For stopped traccee kill(SIGSTOP) has no effect. PT_CONTINUE+SIGSTOP cannot be used on an unstopped process (EBUSY). This operation is modeled after PT_KILL that is similar for the SIGKILL call. While there, allow PT_KILL on unstopped traced child. This operation is useful in an abnormal exit of a debugger from a signal handler, usually followed by waitpid(2) and ptrace(PT_DETACH).
Correct the same expression on both sides of | PR sw-bug/54610 by David Binderman
Fix typo in a comment
Add two KASSERTS in the ptrace(2) kernel code Verify that we will never return empty ptrace_state for CHILD/LWP event.
Separate flag for suspended by _lwp_suspend and suspended by a debugger Once a thread was stopped with ptrace(2), userland process must not be able to unstop it deliberately or by an accident. This was a Windows-style behavior that makes threading tracing fragile.
Remove 2 static asserts from the kernel ptrace code sizeof(pid) and sizeof(lwp) will unlikely ever change and the check can confuse. The assert has been moved to ATF t_ptrace_wait.c r.1.132. Requested by <christos>
Restore the old behavior in PT_GET_PROCESS_STATE For !child and !lwp events return zeroed struct ptrace_state. There is code that depends on it (GDB). Fixes PR toolchain/54590 by martin@
Move TRAP_CHLD/TRAP_LWP ptrace information from struct proc to siginfo Storing struct ptrace_state information inside struct proc was vulnerable to synchronization bugs, as multiple events emitted in the same time were overwritting other ones. Cache the original parent process id in p_oppid. Reusing here p_opptr is in theory prone to slight race codition. Change the semantics of PT_GET_PROCESS_STATE, reutning EINVAL for calls prompting for the value in cases when there wasn't registered an appropriate event. Add an alternative approach to check the ptrace_state information, directly from the siginfo_t value returned from PT_GET_SIGINFO. The original PT_GET_PROCESS_STATE approach is kept for compat with older NetBSD and OpenBSD. New code is recommended to keep using PT_GET_PROCESS_STATE. Add a couple of compile-time asserts for assumptions in the code. No functional change intended in existing ptrace(2) software. All ATF ptrace(2) and ATF GDB tests pass. This change improves reliability of the threading ptrace(2) code.
Pull up following revision(s) (requested by maxv in ticket #1319): sys/kern/sys_ptrace_common.c: revision 1.57 Fix bug, don't release the reflock if we didn't take it in the first place. Looks like there are other locking issues in here.
Pull up following revision(s) (requested by kamil in ticket #1302): sys/kern/sys_ptrace_common.c: revision 1.58 Enhance locking of ptrace_update_lwp Replace lwp_delref() + mutex_enter() with: mutex_enter() + lwp_delref2().= This avoids extra taking and exiting from a mutex. Add missing mutex_exit() for LW_SYSTEM. Do not switch lwp for PT_SET_SIGINFO. This operation is not needed and avoids panic for >2 LWPs as p_lock is attempted to be entered again in a critical section.
Enhance locking of ptrace_update_lwp Replace lwp_delref() + mutex_enter() with: mutex_enter() + lwp_delref2(). This avoids extra taking and exiting from a mutex. Add missing mutex_exit() for LW_SYSTEM. Do not switch lwp for PT_SET_SIGINFO. This operation is not needed and avoids panic for >2 LWPs as p_lock is attempted to be entered again in a critical section.
Fix bug, don't release the reflock if we didn't take it in the first place. Looks like there are other locking issues in here. Reported-by: syzbot+81d2c90809163ab1e13c@syzkaller.appspotmail.com
the tracer, not the tracee determine if we are going to convert the ptrace data from 64 to 32.
Add support for PTRACE_POSIX_SPAWN to report posix_spawn(3) events posix_spawn(3) is a first class syscall in NetBSD, different to (V)FORK+EXEC as these operations are executed in one go. This differs to Linux and FreeBSD, where posix_spawn(3) is implemented with existing kernel primitives (clone(2), vfork(2), exec(3)) inside libc. Typically LLDB and GDB software is aware of FORK/VFORK events. As discussed with the LLDB community, instead of slicing the posix_spawn(3) operation into phases emulating (V)FORK+EXEC(+VFORK_DONE) and returning intermediate state to the debugger, that might have abnormal state, introduce new event type: PTRACE_POSIX_SPAWN. A debugger implementor can easily map it into existing fork+exec semantics or treat as a distinct event. There is no functional change for existing debuggers as there was no support for reporting posix_spawn(3) events on the kernel side.
Sync with HEAD
Relax prohibition of Program Counter set to 0x0 in ptrace(2) In PT_CONTINUE, PT_SYSCALL and PT_DETACH the 3rd argument of ptrace(2) allows to set PC. It used to be allowed to set PC to 0x0 without restrictions, later prohibited unconditionally. Change the condition and make it depending on vm.user_va0_disable. Whenever the VA 0 mapping is disallowed, reject setting PC to 0x0. While there comment truncated and empty transfers in PT_READ/PT_WRITE and PT_IO.
Fix typo: PT_GETFOREGS -> PT_GETFPREGS (NFC)
Allow cancelled byte transfer in ptrace(2) again Current GDB depends on it on NetBSD (which is probably a GDB support bug). In future GDB will be examined for this and this code revisited.
Disallow resuming program with PC=0x0 in ptrace(2) If the address parameter is 0, report error. It's a popular mistake to set Program Counter to 0x0. In certain kernels this is allowable parameter and causes portability issue. Disallow explicitly zeroed PC, instead of triggering a harder to debug crash later.
Reject ptrace(2) PIOD_READ/WRITE operations with length 0 Return EINVAL for such invalid requests.
Return EIO for empty memory transfer from ptrace(2) Certain operations of PT_READ/PT_WRITE and PIOD_READ/PIOD_WRITE can result in 0 byte transfer and the ptrace(2) call still returned success. GDB had a special handling of this case for PT_IO checking piod_len != 0, but in LLDB this corner case caused infinite loop and breakage. The LLDB case has been enhanced. Unfortunately the status of operation of PT_READ/PT_WRITE is not distinguishable between successful operation and empty opeartion. This renders this call into a questionable one. Change the behavior and return error with EIO in scenarios of truncated/empty byte transfers by PT_READ/PT_WRITE and empty byte transfers from PT_IO. No code changed is needed in GDB and LLDB.
Set the "required modules" to NULL, not to an empty string. It really doesn't make that much difference to the code, but the output from modstat(8) is different! (With an empty string in the MODULE() macro modstat reports an empty string, but with a NULL in the macro, modstat prints a '-' just like it does for other "empty" fields.)
- add or adjust /* FALLTHROUGH */ where appropriate - add __unreachable() after functions that can return but won't in this case, and thus can't be marked __dead easily
Sync with HEAD, resolve a few conflicts
Pull up following revision(s) (requested by maxv in ticket #1112): sys/kern/sys_ptrace_common.c: revision 1.46 Fix stack info leak. + Possible info leak: [len=136, leaked=92] | #0 0xffffffff80baf397 in kleak_copyout | #1 0xffffffff80bd4155 in ptrace_copyout_siginfo | #2 0xffffffff80bd5348 in do_ptrace | #3 0xffffffff80bd40fe in sys_ptrace | #4 0xffffffff80259c42 in syscall
Fix stack info leak. + Possible info leak: [len=136, leaked=92] | #0 0xffffffff80baf397 in kleak_copyout | #1 0xffffffff80bd4155 in ptrace_copyout_siginfo | #2 0xffffffff80bd5348 in do_ptrace | #3 0xffffffff80bd40fe in sys_ptrace | #4 0xffffffff80259c42 in syscall
Sync with HEAD
Add some debugging in case someone else wants to debug gdb...
Simplify comparison of two processes No need to check p_pid to compare whether two processes are the same. No functional change intended. Sponsored by <The NetBSD Foundation>
Harden PT_ATTACH in ptrace(2) Don't allow to PT_ATTACH from a vfork(2)ed child (before exec(3)/_exit(3)) to its parent. Return error with EPERM errno. This scenario does not have a purpose and there is no clear picture how to route signals. Sponsored by <The NetBSD Foundation>
Sync with HEAD
Make stopsigmask a non-static symbol now as it's used in ptrace(2) code This is a missing part of the previous commit. While there fix a typo in a newly added comment in the ptrace(2) code. Sponsored by <The NetBSD Foundation>
Fix and enable traceme_signal_nohandler2 in ATF ptrace(2) tests traceme_signal_nohandler2 checks emitting SIGSTOP to a traced process with the PT_CONTINUE operation. The expected behavior is to simulate a behavior of receiving SIGSTOP, generating SIGCHLD to its parent (in this case the debugger) and ability to call wait(2)-like function receiving the stopped child event. The previous behavior was unstopping the process and it has been adjusted in the kernel code. FreeBSD keeps unstopping a process for emitting SIGSTOP. Linux handles this scenario in the same way as NetBSD now. While there, implement the missing bits in the userland ATF test for traceme_signal_nohandler2: receiving and validating 2nd SIGSTOP event and continuing the process, followed by its normal termination. Sponsored by <The NetBSD Foundation>
Pull up following revision(s) (requested by kamil in ticket #792): sys/kern/sys_ptrace_common.c: revision 1.38 Harden the NetBSD PT_TRACE_ME operation You can't say to the parent of a process to start tracing if: (1) the parent is initproc, (2) the child is already traced. Rationale: (1) - It has a side effect of being an anti-debugger functionality, as we cannot kill initproc (PID1) and reset the traced flag. - initproc is not a debugger, raising debugging events from a child to initproc can result in at least a stopped/hanging process in the system. (2) - It does not make sense to be simultanously traced by two debuggers - It does not make sense to be traced twice by the same debugger. Permit enable tracing for a parent that has been chroot(8)ed, as this is harmless and the parent is already monitoring for child signals. The same semantics exist in FreeBSD. If you are looking for an antidebugging trick for old NetBSD (pre 8.0) or other popular kernels, here is an example: $ cat antidebug.c int main(int argc, char **argv) { pid_t child; int rv; int n =3D 0; child =3D fork(); if (child =3D=3D 0) { while (getppid() !=3D 1) continue; rv =3D ptrace(PT_TRACE_ME, 0, 0, 0); if (rv !=3D 0) abort(); printf("Try to detach to me with a debugger!! "); printf("haha My PID is %d\n", getpid()); while (1) { printf("%d\n", n++); sleep(1); } } exit(0); } A developer is no longer able to attach GDB, strace or LLDB to this program without killing the initproc (your favourite system daemon).. this action would be fatal for the operation of the whole Operating System stability. Examples from a current non-NetBSD popular kernel: $ ps -o ppid=3D -p 17904 1 $ strace -p 17904 strace: attach: ptrace(PTRACE_SEIZE, 17904): Operation not permitted $ gdb -p 17904 [...] Attaching to process 17904 warning: process 17904 is already traced by process 1 ptrace: Operation not permitted. (gdb) $ lldb-3.9 -p 17904 (lldb) process attach --pid 17904 error: attach failed: unable to attach On NetBSD 8.0 and newer it is now guaranteed to have an option to kill a malevolent (fake?) debugger and attach with a new tracer to the process Sponsored by <The NetBSD Foundation>
Synch with HEAD
Implement PTRACE_VFORK Add support for tracing vfork(2) events in the context of ptrace(2). This API covers other frontends to fork1(9) like posix_spawn(2) or clone(2), if they cause parent to wait for exec(2) or exit(2) of the child. Changes: - Add new argument to sigswitch() determining whether we need to acquire the proc_lock or whether it's already held. - Refactor fork1(9) for fork(2) and vfork(2)-like events. Call sigswitch() from fork(1) for forking or vforking parent, instead of emitting kpsignal(9). We need to emit the signal and suspend the parent, returning to user and relock proc_lock. - Add missing prototype for proc_stop_done() in kern_sig.c. - Make sigswitch a public function accessible from other kernel code including <sys/signalvar.h>. - Remove an entry about unimplemented PTRACE_VFORK in the ptrace(2) man page. - Permin PTRACE_VFORK in the ptrace(2) frontend for userland. - Remove expected failure for unimplemented PTRACE_VFORK tests in the ATF ptrace(2) test-suite. - Relax signal routing constraints under a debugger for a vfork(2)ed child. This intended to protect from signaling a parent of a vfork(2)ed child that called PT_TRACE_ME, but wrongly misrouted other signals in vfork(2) use-cases. Add XXX comments about still existing problems and future enhancements: - correct vfork(2) + PT_TRACE_ME handling. - fork1(2) handling of scenarios when a process is collected in valid but rare cases. All ATF ptrace(2) fork[1-8] and vfork[1-8] tests pass. Fix PR kern/51630 by Kamil Rytarowski (myself). Sponsored by <The NetBSD Foundation>
Add additional hardening in PT_TRACE_ME and PT_ATTACH Prohibit: - calling PT_TRACE_ME by initproc (PID1), - calling PT_ATTACH by initproc (PID1). PID1 and its parent cannot become a tracer. Sponsored by <The NetBSD Foundation>
Harden the NetBSD PT_TRACE_ME operation You can't say to the parent of a process to start tracing if: (1) the parent is initproc, (2) the child is already traced. Rationale: (1) - It has a side effect of being an anti-debugger functionality, as we cannot kill initproc (PID1) and reset the traced flag. - initproc is not a debugger, raising debugging events from a child to initproc can result in at least a stopped/hanging process in the system. (2) - It does not make sense to be simultanously traced by two debuggers. - It does not make sense to be traced twice by the same debugger. Permit enable tracing for a parent that has been chroot(8)ed, as this is harmless and the parent is already monitoring for child signals. The same semantics exist in FreeBSD. If you are looking for an antidebugging trick for old NetBSD (pre 8.0) or other popular kernels, here is an example: $ cat antidebug.c #include <sys/types.h> #include <sys/ptrace.h> #include <stdlib.h> #include <unistd.h> #include <stdio.h> #include <errno.h> int main(int argc, char **argv) { pid_t child; int rv; int n = 0; child = fork(); if (child == 0) { while (getppid() != 1) continue; rv = ptrace(PT_TRACE_ME, 0, 0, 0); if (rv != 0) abort(); printf("Try to detach to me with a debugger!! "); printf("haha My PID is %d\n", getpid()); while (1) { printf("%d\n", n++); sleep(1); } } exit(0); } A developer is no longer able to attach GDB, strace or LLDB to this program without killing the initproc (your favourite system daemon).. this action would be fatal for the operation of the whole Operating System stability. Examples from a current non-NetBSD popular kernel: $ ps -o ppid= -p 17904 1 $ strace -p 17904 strace: attach: ptrace(PTRACE_SEIZE, 17904): Operation not permitted $ gdb -p 17904 [...] Attaching to process 17904 warning: process 17904 is already traced by process 1 ptrace: Operation not permitted. (gdb) $ lldb-3.9 -p 17904 (lldb) process attach --pid 17904 error: attach failed: unable to attach On NetBSD 8.0 and newer it is now guaranteed to have an option to kill a malevolent (fake?) debugger and attach with a new tracer to the process. Sponsored by <The NetBSD Foundation>
Correct XXX comment in the ptrace(2) kernel code Explain I and D read/write operations and its history, removing dummy XXX comments. Sponsored by <The NetBSD Foundation>
Sync with HEAD, resolve some conflicts
Pull up following revision(s) (requested by kamil in ticket #713): sys/modules/procfs/Makefile: revision 1.4 sys/miscfs/procfs/procfs_vfsops.c: revision 1.98 bin/ps/ps.1: revision 1.108 sys/compat/linux/arch/i386/linux_ptrace.c: revision 1.32 sys/miscfs/procfs/procfs_vnops.c: revision 1.198 sys/kern/sys_ptrace_common.c: revision 1.23 sys/kern/sys_ptrace_common.c: revision 1.24 sbin/mount_procfs/mount_procfs.8: revision 1.36 sys/kern/sys_ptrace_common.c: revision 1.25 sys/kern/sys_ptrace.c: revision 1.5 sys/compat/linux/arch/powerpc/linux_ptrace.c: revision 1.30 sys/sys/proc.h: revision 1.342 sys/kern/sys_ptrace_common.c: revision 1.26 sys/miscfs/procfs/procfs_ctl.c: file removal sys/kern/sys_ptrace_common.c: revision 1.27 sys/miscfs/procfs/procfs_subr.c: revision 1.109 sys/kern/sys_ptrace_common.c: revision 1.28 sys/secmodel/extensions/secmodel_extensions.c: revision 1.8 sys/kern/sys_ptrace_common.c: revision 1.29 sys/sys/ptrace.h: revision 1.62 sys/compat/netbsd32/netbsd32_signal.c: revision 1.45 share/man/man9/kauth.9: revision 1.109 sys/miscfs/procfs/files.procfs: revision 1.12 sys/compat/netbsd32/netbsd32.h: revision 1.115 sys/miscfs/procfs/procfs.h: revision 1.72 sys/compat/netbsd32/netbsd32_ptrace.c: revision 1.5 sys/kern/kern_sig.c: revision 1.337 sys/sys/kauth.h: revision 1.75 sys/sys/sysctl.h: revision 1.224 sys/kern/sys_ptrace_common.c: revision 1.30 sys/kern/sys_ptrace_common.c: revision 1.31 sys/kern/sys_ptrace_common.c: revision 1.32 sys/kern/sys_ptrace_common.c: revision 1.33 sys/compat/linux/arch/arm/linux_ptrace.c: revision 1.20 sys/kern/sys_ptrace_common.c: revision 1.34 sys/kern/sys_ptrace_common.c: revision 1.36 sys/kern/kern_proc.c: revision 1.207 sys/kern/kern_exit.c: revision 1.269 doc/TODO.ptrace: revision 1.29 Make {s,g}et{db,fp,}regs work again for PK_32 processes XXX: pullup-8 add disgusting magic to handle compat_netbsd32 as a module. use process_*reg32 instead of struct *reg32. Remove the filesystem tracing feature This is a legacy interface from 4.4BSD, and it was introduced to overcome shortcomings of ptrace(2) at that time, which are no longer relevant (performance). Today /proc/#/ctl offers a narrow subset of ptrace(2) commands and is not applicable for modern applications use beyond simplistic tracing scenarios. This removal will simplify kernel internals. Users will still be able to use all the other /proc files. This change won't affect other procfs files neither Linux compat features within mount_procfs(8). /proc/#/ctl isn't available on Linux. Remove: - /proc/#/ctl from mount_procfs(8) - P_FSTRACE note from the documentation of ps(1) - /proc/#/ctl and filesystem tracing documentation from mount_procfs(8) - KAUTH_REQ_PROCESS_PROCFS_CTL documentation from kauth(9) - source code file miscfs/procfs/procfs_ctl.c - PFSctl and procfs_doctl() from sys/miscfs/procfs/procfs.h - KAUTH_REQ_PROCESS_PROCFS_CTL from sys/sys/kauth.h - PSL_FSTRACE (0x00010000) from sys/sys/proc.h - P_FSTRACE (0x00010000) from sys/sys/sysctl.h Reduce code complexity after removal of this functionality. Update TODO.ptrace accordingly: remove two entries about /proc tracing. Do not keep legacy notes as comments in the headers about removed PSL_FSTRACE / P_FSTRACE, as this interface had little number of users (close or equal to zero). Proposed on tech-kern@. All filesystem tracing utility users are encouraged to switch to ptrace(2). Sponsored by <The NetBSD Foundation> untangle the mess: - factor out common code - break each ptrace subcall to its own sub-function .. more to come ... - reduce ifdef ugliness by moving it up top. - factor out PT_IO and make PT_{READ,WRITE}_{I,D} use it - factor out PT_DUMPCORE - factor out sendsig code .. more to come ... handle siginfo requests for ptrace32 ptrace: Partially undo PT_{READ,WRITE}_{I,D} and unbreak these commands The refactored code did not work and was generating EFAULT. Sponsored by <The NetBSD Foundation> Merge the code back; the problem was that since we are reading/writing to a kernel address for PT_{READ,WRITE}_{I,D} we need the kernel vmspace. provide separate read and write functions to accomodate register functions that need a size argument. don't ignore error from copyout_piod Use the proper process (the tracee) to get information about lwps and registers and the tracer for vmspace. Add new sysctl(3) entry: security.models.extensions.user_set_dbregs Model this new sysctl(3) entry after "user_set_cpu_affinity" in the same level of sysctl(3) switches. Allow to read unconditionally Debug Registers (no change here). This is convenient as even if a user of a debugger does not use hardware assisted watchpoints/breakpoints, a debugger can still prompt these values to store in an internal cache with context of registers. Reading them should have no security concerns. Add a paranoid MI switch that prohibits by default setting these registers by a regular user (non-superuser). Make this switch disabled by default. There are enough reserved bits out there to allow using them unconditionally on hardened hosts. Features shipped with Debug Registers are optional features in debuggers. There is no reduction in elementary functionality. Reviewed by <christos> Sponsored by <The NetBSD Foundation>
Add new sysctl(3) entry: security.models.extensions.user_set_dbregs Model this new sysctl(3) entry after "user_set_cpu_affinity" in the same level of sysctl(3) switches. Allow to read unconditionally Debug Registers (no change here). This is convenient as even if a user of a debugger does not use hardware assisted watchpoints/breakpoints, a debugger can still prompt these values to store in an internal cache with context of registers. Reading them should have no security concerns. Add a paranoid MI switch that prohibits by default setting these registers by a regular user (non-superuser). Make this switch disabled by default. There are enough reserved bits out there to allow using them unconditionally on hardened hosts. Features shipped with Debug Registers are optional features in debuggers. There is no reduction in elementary functionality. Reviewed by <christos> Sponsored by <The NetBSD Foundation>
Pull up following revision(s) (requested by kamil in ticket #602): doc/CHANGES{,.prev}: revision 1.138 sys/sys/ptrace.h: revision 1.63 lib/libc/sys/ptrace.2: revision 1.68 sys/kern/sys_ptrace_common.c: revision 1.35 (via patch) tests/lib/libc/sys/t_ptrace_wait.c: revision 1.23 Remove PT_GET_SIGMASK / PT_SET_SIGMASK These operations cloned Linux's specific PTRACE_GETSIGMASK / PTRACE_SETSIGMASK. This feature was useful in applications like rr/criu/reptyr-like, where the ptrace(2) interface is abused for the purpose of constructing an arbitrary process. It's not reliable and not portable. For the NetBSD case it will = be better to invent something dedicated for serializing and deserializing a process with threads. Noted on tech-toolchain@ and blog entry "LLDB restoration and return to ptrace(2)" https://blog.netbsd.org/tnf/entry/lldb_restoration_and_return_to
Remove PT_GET_SIGMASK / PT_SET_SIGMASK These operations cloned Linux's specific PTRACE_GETSIGMASK / PTRACE_SETSIGMASK. This feature was useful in applications like rr/criu/reptyr-like, where the ptrace(2) interface is abused for the purpose of constructing an arbitrary process. It's not reliable and not portable. For the NetBSD case it will be better to invent something dedicated for serializing and deserializing a process with threads. Noted on tech-toolchain@ and blog entry "LLDB restoration and return to ptrace(2)" https://blog.netbsd.org/tnf/entry/lldb_restoration_and_return_to
Use the proper process (the tracee) to get information about lwps and registers and the tracer for vmspace.
don't ignore error from copyout_piod
provide separate read and write functions to accomodate register functions that need a size argument.
Merge the code back; the problem was that since we are reading/writing to a kernel address for PT_{READ,WRITE}_{I,D} we need the kernel vmspace.
ptrace: Partially undo PT_{READ,WRITE}_{I,D} and unbreak these commands The refactored code did not work and was generating EFAULT. Sponsored by <The NetBSD Foundation>
handle siginfo requests for ptrace32
- reduce ifdef ugliness by moving it up top. - factor out PT_IO and make PT_{READ,WRITE}_{I,D} use it - factor out PT_DUMPCORE - factor out sendsig code ... more to come ...
untangle the mess: - factor out common code - break each ptrace subcall to its own sub-function ... more to come ...
use process_*reg32 instead of struct *reg32.
add disgusting magic to handle compat_netbsd32 as a module.
Make {s,g}et{db,fp,}regs work again for PK_32 processes XXX: pullup-8
update from HEAD
Sync with HEAD
file sys_ptrace_common.c was added on branch tls-maxphys on 2017-12-03 11:38:45 +0000
Remove the filesystem tracing feature This is a legacy interface from 4.4BSD, and it was introduced to overcome shortcomings of ptrace(2) at that time, which are no longer relevant (performance). Today /proc/#/ctl offers a narrow subset of ptrace(2) commands and is not applicable for modern applications use beyond simplistic tracing scenarios. This removal will simplify kernel internals. Users will still be able to use all the other /proc files. This change won't affect other procfs files neither Linux compat features within mount_procfs(8). /proc/#/ctl isn't available on Linux. Remove: - /proc/#/ctl from mount_procfs(8) - P_FSTRACE note from the documentation of ps(1) - /proc/#/ctl and filesystem tracing documentation from mount_procfs(8) - KAUTH_REQ_PROCESS_PROCFS_CTL documentation from kauth(9) - source code file miscfs/procfs/procfs_ctl.c - PFSctl and procfs_doctl() from sys/miscfs/procfs/procfs.h - KAUTH_REQ_PROCESS_PROCFS_CTL from sys/sys/kauth.h - PSL_FSTRACE (0x00010000) from sys/sys/proc.h - P_FSTRACE (0x00010000) from sys/sys/sysctl.h Reduce code complexity after removal of this functionality. Update TODO.ptrace accordingly: remove two entries about /proc tracing. Do not keep legacy notes as comments in the headers about removed PSL_FSTRACE / P_FSTRACE, as this interface had little number of users (close or equal to zero). Proposed on tech-kern@. All filesystem tracing utility users are encouraged to switch to ptrace(2). Sponsored by <The NetBSD Foundation>
Sync with HEAD
Fix kernel panic triggered with LLDB PT_SETSTEP and PT_CLEARSTEP in the current design must unlock proc_lock and t->p_lock. These functions use lwp_delref() for a tracee with more than one LWP. This function internally lock (t->)p_lock and this is lock against self. There are coming new ATF test with PT_*STEP with multiple LWPs to catch these bugs in future changes. Sponsored by <The NetBSD Foundation>
Sync with HEAD
Sync with HEAD
Add new ptrace(2) API: PT_SETSTEP & PT_CLEARSTEP These operations allow to mark thread as a single-stepping one. This allows to i.a.: - single step and emit a signal (PT_SETSTEP & PT_CONTINUE) - single step and trace syscall entry and exit (PT_SETSTEP & PT_SYSCALL) The former is useful for debuggers like GDB or LLDB. The latter can be used to singlestep a usermode kernel. These examples don't limit use-cases of this interface. Define PT_*STEP only for platforms defining PT_STEP. Add new ATF tests setstep[1234]. These ptrace(2) operations first appeared in FreeBSD. Sponsored by <The NetBSD Foundation>
Revert previous. Pointed out by Christous Zoulas that ELF_AUX_ENTRIES * sizeof(AuxInfo) assumption is incomplete. There is emulation code that can use different values (smaller and larger).
Generate ELF AUXV for core(5) and ptrace(2) limited to the vector TYPE x V Previously PT_DUMPCORE and PIOD_READ_AUXV and regular core dumping retrieved the vector of AuxInfo {a_type, a_v} + MAXPATHLEN + ALIGN(1). The extra data is not actually needed in the returned chunk. It can be retrieved with PT_READ_I operations and it's the preferred way to access them as the AuxInfo fields contain pointers (void* format) to them. This changes the behavior of the kernel, no stable releases are affected with this move. Current software is not affected as other systems already stop generating data on AT_NULL. This streamlines the NetBSD behavior with other ELF format OSes. This move also simplifies determination if we got all the needed data inside the debugger and we no longer need to eliminate the unneeded chunk at the end. Sponsored by <The NetBSD Foundation>
Sync with HEAD
Fix build of ports without PT_STEP Fallout after PT_*DBREGS introduction. Sponsored by <The NetBSD Foundation>
Introduce PT_GETDBREGS and PT_SETDBREGS in ptrace(2) on i386 and amd64 This interface is modeled after FreeBSD API with the usage. This replaced previous watchpoint API. The previous one was introduced recently in NetBSD-current and remove its spurs without any backward-compatibility. Design choices for Debug Register accessors: - exec() (TRAP_EXEC event) must remove debug registers from LWP - debug registers are only per-LWP, not per-process globally - debug registers must not be inherited after (v)forking a process - debug registers must not be inherited after forking a thread - a debugger is responsible to set global watchpoints/breakpoints with the debug registers, to achieve this PTRACE_LWP_CREATE/PTRACE_LWP_EXIT event monitoring function is designed to be used - debug register traps must generate SIGTRAP with si_code TRAP_DBREG - debugger is responsible to retrieve debug register state to distinguish the exact debug register trap (DR6 is Status Register on x86) - kernel must not remove debug register traps after triggering a trap event a debugger is responsible to detach this trap with appropriate PT_SETDBREGS call (DR7 is Control Register on x86) - debug registers must not be exposed in mcontext - userland must not be allowed to set a trap on the kernel Implementation notes on i386 and amd64: - the initial state of debug register is retrieved on boot and this value is stored in a local copy (initdbregs), this value is used to initialize dbreg context after PT_GETDBREGS - struct dbregs is stored in pcb as a pointer and by default not initialized - reserved registers (DR4-DR5, DR9-DR15) are ignored Further ideas: - restrict this interface with securelevel Tested on real hardware i386 (Intel Pentium IV) and amd64 (Intel i7). This commit enables 390 debug register ATF tests in kernel/arch/x86. All tests are passing. This commit does not cover netbsd32 compat code. Currently other interface PT_GET_SIGINFO/PT_SET_SIGINFO is required in netbsd32 compat code in order to validate reliably PT_GETDBREGS/PT_SETDBREGS. This implementation does not cover FreeBSD specific defines in their <x86/reg.h>: DBREG_DR7_LOCAL_ENABLE, DBREG_DR7_GLOBAL_ENABLE, DBREG_DR7_LEN_1 etc. These values tend to be reinvented by each tracer on its own. GNU Debugger (GDB) works with NetBSD debug registers after adding this patch: --- gdb/amd64bsd-nat.c.orig 2016-02-10 03:19:39.000000000 +0000 +++ gdb/amd64bsd-nat.c @@ -167,6 +167,10 @@ amd64bsd_target (void) #ifdef HAVE_PT_GETDBREGS +#ifndef DBREG_DRX +#define DBREG_DRX(d,x) ((d)->dr[(x)]) +#endif + static unsigned long amd64bsd_dr_get (ptid_t ptid, int regnum) { Another reason to stop introducing unpopular defines covering machine specific register macros is that these value varies across generations of the same CPU family. GDB demo: (gdb) c Continuing. Watchpoint 2: traceme Old value = 0 New value = 16 main (argc=1, argv=0x7f7fff79fe30) at test.c:8 8 printf("traceme=%d\n", traceme); (Currently the GDB interface is not reliable due to NetBSD support bugs) Sponsored by <The NetBSD Foundation>
Improve PT_SET_SIGMASK and PT_GET_SIGMASK API in ptrace(2) Use proper check for LW_SYSTEM, don't depend on PT_GETREGS/PT_SETREGS. Don't allow to mask SA_CANTMASK signals with PT_SET_SIGMASK (this covers SIGSTOP and SIGKILL). Add new ATF tests: - setsigmask5 Verify that sigmask cannot be set to SIGKILL - setsigmask6 Verify that sigmask cannot be set to SIGSTOP Sponsored by <The NetBSD Foundation>
Introduce new ptrace(2) API to allow/prevent exection of LWP Introduce new API for debuggers to allow/prevent execution of the specified thread. New ptrace(2) operations: PT_RESUME Allow execution of a specified thread, change its state from suspended to continued. The addr argument is unused. The data argument specifies the LWP ID. This call is equivalent to _lwp_continue(2) called by a traced process. This call does not change the general process state from stopped to continued. PT_SUSPEND Prevent execution of a specified thread, change its state from continued to suspended. The addr argument is unused. The data argument specifies the requested LWP ID. This call is equivalent to _lwp_suspend(2) called by a traced process. This call does not change the general process state from continued to stopped. This interface is modeled after FreeBSD, however with NetBSD specific arguments passed to ptrace(2) -- FreeBSD passes only thread id, NetBSD passes process and thread id. Extend PT_LWPINFO operation in ptrace(2) to report suspended threads. In the ptrace_lwpinfo structure in pl_event next to PL_EVENT_NONE and PL_EVENT_SIGNAL add new value PL_EVENT_SUSPENDED. Add new errno(2) value EDEADLK that might be returned by ptrace(2). It prevents dead-locking in a scenario of resuming a process or thread that is prevented from execution. This fixes bug that old API was vulnerable to this scenario. Kernel bump delayed till introduction of PT_GETDBREGS/PT_SETDBREGS soon. Add new ATF tests: - resume1 Verify that a thread can be suspended by a debugger and later resumed by the debugger - suspend1 Verify that a thread can be suspended by a debugger and later resumed by a tracee - suspend2 Verify that the while the only thread within a process is suspended, the whole process cannot be unstopped Sponsored by <The NetBSD Foundation>
Introduce new interface in ptrace(2) - PT_GET_SIGMASK and PT_SET_SIGMASK Add new interface to add ability to get/set signal mask of a tracee. It has been inspired by Linux PTRACE_GETSIGMASK and PTRACE_SETSIGMASK, but adapted for NetBSD API. This interface is used for checkpointing software to set/restore context of a process including signal mask like criu or just to track this property in reverse-execution software like Record and Replay Framework (rr). Add new ATF tests for this interface ==================================== getsigmask1: Verify that plain PT_SET_SIGMASK can be called getsigmask2: Verify that PT_SET_SIGMASK reports correct mask from tracee setsigmask1: Verify that plain PT_SET_SIGMASK can be called with empty mask setsigmask2: Verify that sigmask is preserved between PT_GET_SIGMASK and PT_SET_SIGMASK setsigmask3: Verify that sigmask is preserved between PT_GET_SIGMASK, process resumed and PT_SET_SIGMASK setsigmask4: Verify that new sigmask is visible in tracee Kernel ABI bump delayed as there are more interfaces to come in ptrace(2). Sponsored by <The NetBSD Foundation>
Be paranoid about PT_SET_SIGINFO and PT_GET_SIGINFO in ptrace(2) Currently a tracer is prohibited to read and write memory of a tracee. Prohibit reading and faking signal information. Sponsored by <The NetBSD Foundation>
Sync with HEAD
don't return early holding a lock!
PR/51916: Kamil Rytarowski: Don't multiply es_arglen with ptrsz since it is already in bytes and contains the maximum possible size: ELF_AUX_ENTRIES * sizeof(auxv) + MAXPATHLEN + ALIGN
Introduce PTRACE_LWP_{CREATE,EXIT} in ptrace(2) and TRAP_LWP in siginfo(5) Add interface in ptrace(2) to track thread (LWP) events: - birth, - termination. The purpose of this thread is to keep track of the current thread state in a tracee and apply e.g. per-thread designed hardware assisted watchpoints. This interface reuses the EVENT_MASK and PROCESS_STATE interface, and shares it with PTRACE_FORK, PTRACE_VFORK and PTRACE_VFORK_DONE. Change the following structure: typedef struct ptrace_state { int pe_report_event; pid_t pe_other_pid; } ptrace_state_t; to typedef struct ptrace_state { int pe_report_event; union { pid_t _pe_other_pid; lwpid_t _pe_lwp; } _option; } ptrace_state_t; #define pe_other_pid _option._pe_other_pid #define pe_lwp _option._pe_lwp This keeps size of ptrace_state_t unchanged as both pid_t and lwpid_t are defined as int32_t-like integer. This change does not break existing prebuilt software and has minimal effect on necessity for source-code changes. In summary, this change should be binary compatible and shouldn't break build of existing software. Introduce new siginfo(5) type for LWP events under the SIGTRAP signal: TRAP_LWP. This change will help debuggers to distinguish exact source of SIGTRAP. Add two basic t_ptrace_wait* tests: lwp_create1: Verify that 1 LWP creation is intercepted by ptrace(2) with EVENT_MASK set to PTRACE_LWP_CREATE lwp_exit1: Verify that 1 LWP creation is intercepted by ptrace(2) with EVENT_MASK set to PTRACE_LWP_EXIT All tests are passing. Surfing the previous kernel ABI bump to 7.99.59 for PTRACE_VFORK{,_DONE}. Sponsored by <The NetBSD Foundation>
Add support for PTRACE_VFORK_DONE and stub for PTRACE_VFORK in ptrace(2) PTRACE_VFORK is supposed to be used to track vfork(2)-like events, when parent gives birth to new process child and stops till it exits or calls exec(). Currently PTRACE_VFORK is a stub. PTRACE_VFORK_DONE is notification to notify a debugger that a parent has resumed after vfork(2)-like action. PTRACE_VFORK_DONE throws SIGTRAP with TRAP_CHLD. Sponsored by <The NetBSD Foundation>
Sync with HEAD. (Note that most of these changes are simply $NetBSD$ tag issues.)
Introduce new ptrace(2) interface: PT_SET_SIGINFO and PT_GET_SIGINFO This interface is designed to read signal information emited to tracee and fake this signal with new value. This functionality is required to distinguish types of events that occured in the tracee and intercepted by a debugger. These accessors introduce a new structure type ptrace_siginfo: /* * Signal Information structure */ typedef struct ptrace_siginfo { siginfo_t psi_siginfo; /* signal information structure */ lwpid_t psi_lwpid; /* destination LWP of the signal * value 0 means the whole process * (route signal to all LWPs) */ } ptrace_siginfo_t; Include <sys/siginfo.h> in <sys/ptrace.h> in order to not break existing software due to unknown symbol siginfo_t. This interface has been proposed to the tech-kern@ mailing list. Sponsored by <The NetBSD Foundation>
Add support for hardware assisted watchpoints/breakpoints API in ptrace(2) Add new ptrace(2) calls: - PT_COUNT_WATCHPOINTS - count the number of available hardware watchpoints - PT_READ_WATCHPOINT - read struct ptrace_watchpoint from the kernel state - PT_WRITE_WATCHPOINT - write new struct ptrace_watchpoint state, this includes enabling and disabling watchpoints The ptrace_watchpoint structure contains MI and MD parts: typedef struct ptrace_watchpoint { int pw_index; /* HW Watchpoint ID (count from 0) */ lwpid_t pw_lwpid; /* LWP described */ struct mdpw pw_md; /* MD fields */ } ptrace_watchpoint_t; For example amd64 defines MD as follows: struct mdpw { void *md_address; int md_condition; int md_length; }; These calls are protected with the __HAVE_PTRACE_WATCHPOINTS guard. Tested on amd64, initial support added for i386 and XEN. Sponsored by <The NetBSD Foundation>
set the signal flag when the signal was sent to every lwp, not to just an individual one.
Sync with HEAD
file sys_ptrace_common.c was added on branch nick-nhusb on 2016-12-05 10:55:26 +0000
Add FALLTHROUGH commit
back to using SIGSTOP..
kern/51621: When attaching to a child send it a SIGTRAP not a SIGSTOP like Linux and FreeBSD do.
deduplicate the complex lock reparent dance.
Sync with HEAD
file sys_ptrace_common.c was added on branch pgoyette-localcount on 2016-11-04 14:49:17 +0000
* Split sys/kern/sys_process.c into three parts: 1 - ptrace(2) syscall for native emulation 2 - common ptrace(2) syscall code (shared with compat_netbsd32) 3 - support routines that are shared with PROCFS and/or KTRACE * Add module glue for #1 and #2. Both modules will be built-in to the kernel if "options PTRACE" is included in the config file (this is the default, defined in sys/conf/std). * Mark the ptrace(2) syscall as modular in syscalls.master (generated files will be committed shortly). * Conditionalize all remaining portions of PTRACE code on a new kernel option PTRACE_HOOKS. XXX Instead of PROCFS depending on 'options PTRACE', we should probably just add a procfs attribute to the sys/kern/sys_process.c file's entry in files.kern, and add PROCFS to the "#if defineds" for process_domem(). It's really confusing to have two different ways of requiring this file.