LXR linux/kernel/ptrace.c

   1/*
   2 * linux/kernel/ptrace.c
   3 *
   4 * (C) Copyright 1999 Linus Torvalds
   5 *
   6 * Common interfaces for "ptrace()" which we do not want
   7 * to continually duplicate across every architecture.
   8 */
   9
  10#include <linux/capability.h>
  11#include <linux/module.h>
  12#include <linux/sched.h>
  13#include <linux/errno.h>
  14#include <linux/mm.h>
  15#include <linux/highmem.h>
  16#include <linux/pagemap.h>
  17#include <linux/smp_lock.h>
  18#include <linux/ptrace.h>
  19#include <linux/security.h>
  20#include <linux/signal.h>
  21#include <linux/audit.h>
  22#include <linux/pid_namespace.h>
  23#include <linux/syscalls.h>
  24
  25#include <asm/pgtable.h>
  26#include <asm/uaccess.h>
  27
  28/*
  29 * ptrace a task: make the debugger its new parent and
  30 * move it to the ptrace list.
  31 *
  32 * Must be called with the tasklist lock write-held.
  33 */
  34void __ptrace_link(struct task_struct *child, struct task_struct *new_parent)
  35{
  36        BUG_ON(!list_empty(&child->ptrace_list));
  37        if (child->parent == new_parent)
  38                return;
  39        list_add(&child->ptrace_list, &child->parent->ptrace_children);
  40        remove_parent(child);
  41        child->parent = new_parent;
  42        add_parent(child);
  43}
  44 
  45/*
  46 * Turn a tracing stop into a normal stop now, since with no tracer there
  47 * would be no way to wake it up with SIGCONT or SIGKILL.  If there was a
  48 * signal sent that would resume the child, but didn't because it was in
  49 * TASK_TRACED, resume it now.
  50 * Requires that irqs be disabled.
  51 */
  52void ptrace_untrace(struct task_struct *child)
  53{
  54        spin_lock(&child->sighand->siglock);
  55        if (task_is_traced(child)) {
  56                if (child->signal->flags & SIGNAL_STOP_STOPPED) {
  57                        __set_task_state(child, TASK_STOPPED);
  58                } else {
  59                        signal_wake_up(child, 1);
  60                }
  61        }
  62        spin_unlock(&child->sighand->siglock);
  63}
  64
  65/*
  66 * unptrace a task: move it back to its original parent and
  67 * remove it from the ptrace list.
  68 *
  69 * Must be called with the tasklist lock write-held.
  70 */
  71void __ptrace_unlink(struct task_struct *child)
  72{
  73        BUG_ON(!child->ptrace);
  74
  75        child->ptrace = 0;
  76        if (ptrace_reparented(child)) {
  77                list_del_init(&child->ptrace_list);
  78                remove_parent(child);
  79                child->parent = child->real_parent;
  80                add_parent(child);
  81        }
  82
  83        if (task_is_traced(child))
  84                ptrace_untrace(child);
  85}
  86
  87/*
  88 * Check that we have indeed attached to the thing..
  89 */
  90int ptrace_check_attach(struct task_struct *child, int kill)
  91{
  92        int ret = -ESRCH;
  93
  94        /*
  95         * We take the read lock around doing both checks to close a
  96         * possible race where someone else was tracing our child and
  97         * detached between these two checks.  After this locked check,
  98         * we are sure that this is our traced child and that can only
  99         * be changed by us so it's not changing right after this.
 100         */
 101        read_lock(&tasklist_lock);
 102        if ((child->ptrace & PT_PTRACED) && child->parent == current) {
 103                ret = 0;
 104                /*
 105                 * child->sighand can't be NULL, release_task()
 106                 * does ptrace_unlink() before __exit_signal().
 107                 */
 108                spin_lock_irq(&child->sighand->siglock);
 109                if (task_is_stopped(child))
 110                        child->state = TASK_TRACED;
 111                else if (!task_is_traced(child) && !kill)
 112                        ret = -ESRCH;
 113                spin_unlock_irq(&child->sighand->siglock);
 114        }
 115        read_unlock(&tasklist_lock);
 116
 117        if (!ret && !kill)
 118                wait_task_inactive(child);
 119
 120        /* All systems go.. */
 121        return ret;
 122}
 123
 124int __ptrace_may_attach(struct task_struct *task)
 125{
 126        /* May we inspect the given task?
 127         * This check is used both for attaching with ptrace
 128         * and for allowing access to sensitive information in /proc.
 129         *
 130         * ptrace_attach denies several cases that /proc allows
 131         * because setting up the necessary parent/child relationship
 132         * or halting the specified task is impossible.
 133         */
 134        int dumpable = 0;
 135        /* Don't let security modules deny introspection */
 136        if (task == current)
 137                return 0;
 138        if (((current->uid != task->euid) ||
 139             (current->uid != task->suid) ||
 140             (current->uid != task->uid) ||
 141             (current->gid != task->egid) ||
 142             (current->gid != task->sgid) ||
 143             (current->gid != task->gid)) && !capable(CAP_SYS_PTRACE))
 144                return -EPERM;
 145        smp_rmb();
 146        if (task->mm)
 147                dumpable = get_dumpable(task->mm);
 148        if (!dumpable && !capable(CAP_SYS_PTRACE))
 149                return -EPERM;
 150
 151        return security_ptrace(current, task);
 152}
 153
 154int ptrace_may_attach(struct task_struct *task)
 155{
 156        int err;
 157        task_lock(task);
 158        err = __ptrace_may_attach(task);
 159        task_unlock(task);
 160        return !err;
 161}
 162
 163int ptrace_attach(struct task_struct *task)
 164{
 165        int retval;
 166        unsigned long flags;
 167
 168        audit_ptrace(task);
 169
 170        retval = -EPERM;
 171        if (same_thread_group(task, current))
 172                goto out;
 173
 174repeat:
 175        /*
 176         * Nasty, nasty.
 177         *
 178         * We want to hold both the task-lock and the
 179         * tasklist_lock for writing at the same time.
 180         * But that's against the rules (tasklist_lock
 181         * is taken for reading by interrupts on other
 182         * cpu's that may have task_lock).
 183         */
 184        task_lock(task);
 185        if (!write_trylock_irqsave(&tasklist_lock, flags)) {
 186                task_unlock(task);
 187                do {
 188                        cpu_relax();
 189                } while (!write_can_lock(&tasklist_lock));
 190                goto repeat;
 191        }
 192
 193        if (!task->mm)
 194                goto bad;
 195        /* the same process cannot be attached many times */
 196        if (task->ptrace & PT_PTRACED)
 197                goto bad;
 198        retval = __ptrace_may_attach(task);
 199        if (retval)
 200                goto bad;
 201
 202        /* Go */
 203        task->ptrace |= PT_PTRACED;
 204        if (capable(CAP_SYS_PTRACE))
 205                task->ptrace |= PT_PTRACE_CAP;
 206
 207        __ptrace_link(task, current);
 208
 209        send_sig_info(SIGSTOP, SEND_SIG_FORCED, task);
 210bad:
 211        write_unlock_irqrestore(&tasklist_lock, flags);
 212        task_unlock(task);
 213out:
 214        return retval;
 215}
 216
 217static inline void __ptrace_detach(struct task_struct *child, unsigned int data)
 218{
 219        child->exit_code = data;
 220        /* .. re-parent .. */
 221        __ptrace_unlink(child);
 222        /* .. and wake it up. */
 223        if (child->exit_state != EXIT_ZOMBIE)
 224                wake_up_process(child);
 225}
 226
 227int ptrace_detach(struct task_struct *child, unsigned int data)
 228{
 229        if (!valid_signal(data))
 230                return -EIO;
 231
 232        /* Architecture-specific hardware disable .. */
 233        ptrace_disable(child);
 234        clear_tsk_thread_flag(child, TIF_SYSCALL_TRACE);
 235
 236        write_lock_irq(&tasklist_lock);
 237        /* protect against de_thread()->release_task() */
 238        if (child->ptrace)
 239                __ptrace_detach(child, data);
 240        write_unlock_irq(&tasklist_lock);
 241
 242        return 0;
 243}
 244
 245int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst, int len)
 246{
 247        int copied = 0;
 248
 249        while (len > 0) {
 250                char buf[128];
 251                int this_len, retval;
 252
 253                this_len = (len > sizeof(buf)) ? sizeof(buf) : len;
 254                retval = access_process_vm(tsk, src, buf, this_len, 0);
 255                if (!retval) {
 256                        if (copied)
 257                                break;
 258                        return -EIO;
 259                }
 260                if (copy_to_user(dst, buf, retval))
 261                        return -EFAULT;
 262                copied += retval;
 263                src += retval;
 264                dst += retval;
 265                len -= retval;                  
 266        }
 267        return copied;
 268}
 269
 270int ptrace_writedata(struct task_struct *tsk, char __user *src, unsigned long dst, int len)
 271{
 272        int copied = 0;
 273
 274        while (len > 0) {
 275                char buf[128];
 276                int this_len, retval;
 277
 278                this_len = (len > sizeof(buf)) ? sizeof(buf) : len;
 279                if (copy_from_user(buf, src, this_len))
 280                        return -EFAULT;
 281                retval = access_process_vm(tsk, dst, buf, this_len, 1);
 282                if (!retval) {
 283                        if (copied)
 284                                break;
 285                        return -EIO;
 286                }
 287                copied += retval;
 288                src += retval;
 289                dst += retval;
 290                len -= retval;                  
 291        }
 292        return copied;
 293}
 294
 295static int ptrace_setoptions(struct task_struct *child, long data)
 296{
 297        child->ptrace &= ~PT_TRACE_MASK;
 298
 299        if (data & PTRACE_O_TRACESYSGOOD)
 300                child->ptrace |= PT_TRACESYSGOOD;
 301
 302        if (data & PTRACE_O_TRACEFORK)
 303                child->ptrace |= PT_TRACE_FORK;
 304
 305        if (data & PTRACE_O_TRACEVFORK)
 306                child->ptrace |= PT_TRACE_VFORK;
 307
 308        if (data & PTRACE_O_TRACECLONE)
 309                child->ptrace |= PT_TRACE_CLONE;
 310
 311        if (data & PTRACE_O_TRACEEXEC)
 312                child->ptrace |= PT_TRACE_EXEC;
 313
 314        if (data & PTRACE_O_TRACEVFORKDONE)
 315                child->ptrace |= PT_TRACE_VFORK_DONE;
 316
 317        if (data & PTRACE_O_TRACEEXIT)
 318                child->ptrace |= PT_TRACE_EXIT;
 319
 320        return (data & ~PTRACE_O_MASK) ? -EINVAL : 0;
 321}
 322
 323static int ptrace_getsiginfo(struct task_struct *child, siginfo_t *info)
 324{
 325        int error = -ESRCH;
 326
 327        read_lock(&tasklist_lock);
 328        if (likely(child->sighand != NULL)) {
 329                error = -EINVAL;
 330                spin_lock_irq(&child->sighand->siglock);
 331                if (likely(child->last_siginfo != NULL)) {
 332                        *info = *child->last_siginfo;
 333                        error = 0;
 334                }
 335                spin_unlock_irq(&child->sighand->siglock);
 336        }
 337        read_unlock(&tasklist_lock);
 338        return error;
 339}
 340
 341static int ptrace_setsiginfo(struct task_struct *child, const siginfo_t *info)
 342{
 343        int error = -ESRCH;
 344
 345        read_lock(&tasklist_lock);
 346        if (likely(child->sighand != NULL)) {
 347                error = -EINVAL;
 348                spin_lock_irq(&child->sighand->siglock);
 349                if (likely(child->last_siginfo != NULL)) {
 350                        *child->last_siginfo = *info;
 351                        error = 0;
 352                }
 353                spin_unlock_irq(&child->sighand->siglock);
 354        }
 355        read_unlock(&tasklist_lock);
 356        return error;
 357}
 358
 359
 360#ifdef PTRACE_SINGLESTEP
 361#define is_singlestep(request)          ((request) == PTRACE_SINGLESTEP)
 362#else
 363#define is_singlestep(request)          0
 364#endif
 365
 366#ifdef PTRACE_SINGLEBLOCK
 367#define is_singleblock(request)         ((request) == PTRACE_SINGLEBLOCK)
 368#else
 369#define is_singleblock(request)         0
 370#endif
 371
 372#ifdef PTRACE_SYSEMU
 373#define is_sysemu_singlestep(request)   ((request) == PTRACE_SYSEMU_SINGLESTEP)
 374#else
 375#define is_sysemu_singlestep(request)   0
 376#endif
 377
 378static int ptrace_resume(struct task_struct *child, long request, long data)
 379{
 380        if (!valid_signal(data))
 381                return -EIO;
 382
 383        if (request == PTRACE_SYSCALL)
 384                set_tsk_thread_flag(child, TIF_SYSCALL_TRACE);
 385        else
 386                clear_tsk_thread_flag(child, TIF_SYSCALL_TRACE);
 387
 388#ifdef TIF_SYSCALL_EMU
 389        if (request == PTRACE_SYSEMU || request == PTRACE_SYSEMU_SINGLESTEP)
 390                set_tsk_thread_flag(child, TIF_SYSCALL_EMU);
 391        else
 392                clear_tsk_thread_flag(child, TIF_SYSCALL_EMU);
 393#endif
 394
 395        if (is_singleblock(request)) {
 396                if (unlikely(!arch_has_block_step()))
 397                        return -EIO;
 398                user_enable_block_step(child);
 399        } else if (is_singlestep(request) || is_sysemu_singlestep(request)) {
 400                if (unlikely(!arch_has_single_step()))
 401                        return -EIO;
 402                user_enable_single_step(child);
 403        }
 404        else
 405                user_disable_single_step(child);
 406
 407        child->exit_code = data;
 408        wake_up_process(child);
 409
 410        return 0;
 411}
 412
 413int ptrace_request(struct task_struct *child, long request,
 414                   long addr, long data)
 415{
 416        int ret = -EIO;
 417        siginfo_t siginfo;
 418
 419        switch (request) {
 420        case PTRACE_PEEKTEXT:
 421        case PTRACE_PEEKDATA:
 422                return generic_ptrace_peekdata(child, addr, data);
 423        case PTRACE_POKETEXT:
 424        case PTRACE_POKEDATA:
 425                return generic_ptrace_pokedata(child, addr, data);
 426
 427#ifdef PTRACE_OLDSETOPTIONS
 428        case PTRACE_OLDSETOPTIONS:
 429#endif
 430        case PTRACE_SETOPTIONS:
 431                ret = ptrace_setoptions(child, data);
 432                break;
 433        case PTRACE_GETEVENTMSG:
 434                ret = put_user(child->ptrace_message, (unsigned long __user *) data);
 435                break;
 436
 437        case PTRACE_GETSIGINFO:
 438                ret = ptrace_getsiginfo(child, &siginfo);
 439                if (!ret)
 440                        ret = copy_siginfo_to_user((siginfo_t __user *) data,
 441                                                   &siginfo);
 442                break;
 443
 444        case PTRACE_SETSIGINFO:
 445                if (copy_from_user(&siginfo, (siginfo_t __user *) data,
 446                                   sizeof siginfo))
 447                        ret = -EFAULT;
 448                else
 449                        ret = ptrace_setsiginfo(child, &siginfo);
 450                break;
 451
 452        case PTRACE_DETACH:      /* detach a process that was attached. */
 453                ret = ptrace_detach(child, data);
 454                break;
 455
 456#ifdef PTRACE_SINGLESTEP
 457        case PTRACE_SINGLESTEP:
 458#endif
 459#ifdef PTRACE_SINGLEBLOCK
 460        case PTRACE_SINGLEBLOCK:
 461#endif
 462#ifdef PTRACE_SYSEMU
 463        case PTRACE_SYSEMU:
 464        case PTRACE_SYSEMU_SINGLESTEP:
 465#endif
 466        case PTRACE_SYSCALL:
 467        case PTRACE_CONT:
 468                return ptrace_resume(child, request, data);
 469
 470        case PTRACE_KILL:
 471                if (child->exit_state)  /* already dead */
 472                        return 0;
 473                return ptrace_resume(child, request, SIGKILL);
 474
 475        default:
 476                break;
 477        }
 478
 479        return ret;
 480}
 481
 482/**
 483 * ptrace_traceme  --  helper for PTRACE_TRACEME
 484 *
 485 * Performs checks and sets PT_PTRACED.
 486 * Should be used by all ptrace implementations for PTRACE_TRACEME.
 487 */
 488int ptrace_traceme(void)
 489{
 490        int ret = -EPERM;
 491
 492        /*
 493         * Are we already being traced?
 494         */
 495        task_lock(current);
 496        if (!(current->ptrace & PT_PTRACED)) {
 497                ret = security_ptrace(current->parent, current);
 498                /*
 499                 * Set the ptrace bit in the process ptrace flags.
 500                 */
 501                if (!ret)
 502                        current->ptrace |= PT_PTRACED;
 503        }
 504        task_unlock(current);
 505        return ret;
 506}
 507
 508/**
 509 * ptrace_get_task_struct  --  grab a task struct reference for ptrace
 510 * @pid:       process id to grab a task_struct reference of
 511 *
 512 * This function is a helper for ptrace implementations.  It checks
 513 * permissions and then grabs a task struct for use of the actual
 514 * ptrace implementation.
 515 *
 516 * Returns the task_struct for @pid or an ERR_PTR() on failure.
 517 */
 518struct task_struct *ptrace_get_task_struct(pid_t pid)
 519{
 520        struct task_struct *child;
 521
 522        read_lock(&tasklist_lock);
 523        child = find_task_by_vpid(pid);
 524        if (child)
 525                get_task_struct(child);
 526
 527        read_unlock(&tasklist_lock);
 528        if (!child)
 529                return ERR_PTR(-ESRCH);
 530        return child;
 531}
 532
 533#ifndef arch_ptrace_attach
 534#define arch_ptrace_attach(child)       do { } while (0)
 535#endif
 536
 537asmlinkage long sys_ptrace(long request, long pid, long addr, long data)
 538{
 539        struct task_struct *child;
 540        long ret;
 541
 542        /*
 543         * This lock_kernel fixes a subtle race with suid exec
 544         */
 545        lock_kernel();
 546        if (request == PTRACE_TRACEME) {
 547                ret = ptrace_traceme();
 548                if (!ret)
 549                        arch_ptrace_attach(current);
 550                goto out;
 551        }
 552
 553        child = ptrace_get_task_struct(pid);
 554        if (IS_ERR(child)) {
 555                ret = PTR_ERR(child);
 556                goto out;
 557        }
 558
 559        if (request == PTRACE_ATTACH) {
 560                ret = ptrace_attach(child);
 561                /*
 562                 * Some architectures need to do book-keeping after
 563                 * a ptrace attach.
 564                 */
 565                if (!ret)
 566                        arch_ptrace_attach(child);
 567                goto out_put_task_struct;
 568        }
 569
 570        ret = ptrace_check_attach(child, request == PTRACE_KILL);
 571        if (ret < 0)
 572                goto out_put_task_struct;
 573
 574        ret = arch_ptrace(child, request, addr, data);
 575        if (ret < 0)
 576                goto out_put_task_struct;
 577
 578 out_put_task_struct:
 579        put_task_struct(child);
 580 out:
 581        unlock_kernel();
 582        return ret;
 583}
 584
 585int generic_ptrace_peekdata(struct task_struct *tsk, long addr, long data)
 586{
 587        unsigned long tmp;
 588        int copied;
 589
 590        copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0);
 591        if (copied != sizeof(tmp))
 592                return -EIO;
 593        return put_user(tmp, (unsigned long __user *)data);
 594}
 595
 596int generic_ptrace_pokedata(struct task_struct *tsk, long addr, long data)
 597{
 598        int copied;
 599
 600        copied = access_process_vm(tsk, addr, &data, sizeof(data), 1);
 601        return (copied == sizeof(data)) ? 0 : -EIO;
 602}
 603
 604#if defined CONFIG_COMPAT && defined __ARCH_WANT_COMPAT_SYS_PTRACE
 605#include <linux/compat.h>
 606
 607int compat_ptrace_request(struct task_struct *child, compat_long_t request,
 608                          compat_ulong_t addr, compat_ulong_t data)
 609{
 610        compat_ulong_t __user *datap = compat_ptr(data);
 611        compat_ulong_t word;
 612        siginfo_t siginfo;
 613        int ret;
 614
 615        switch (request) {
 616        case PTRACE_PEEKTEXT:
 617        case PTRACE_PEEKDATA:
 618                ret = access_process_vm(child, addr, &word, sizeof(word), 0);
 619                if (ret != sizeof(word))
 620                        ret = -EIO;
 621                else
 622                        ret = put_user(word, datap);
 623                break;
 624
 625        case PTRACE_POKETEXT:
 626        case PTRACE_POKEDATA:
 627                ret = access_process_vm(child, addr, &data, sizeof(data), 1);
 628                ret = (ret != sizeof(data) ? -EIO : 0);
 629                break;
 630
 631        case PTRACE_GETEVENTMSG:
 632                ret = put_user((compat_ulong_t) child->ptrace_message, datap);
 633                break;
 634
 635        case PTRACE_GETSIGINFO:
 636                ret = ptrace_getsiginfo(child, &siginfo);
 637                if (!ret)
 638                        ret = copy_siginfo_to_user32(
 639                                (struct compat_siginfo __user *) datap,
 640                                &siginfo);
 641                break;
 642
 643        case PTRACE_SETSIGINFO:
 644                memset(&siginfo, 0, sizeof siginfo);
 645                if (copy_siginfo_from_user32(
 646                            &siginfo, (struct compat_siginfo __user *) datap))
 647                        ret = -EFAULT;
 648                else
 649                        ret = ptrace_setsiginfo(child, &siginfo);
 650                break;
 651
 652        default:
 653                ret = ptrace_request(child, request, addr, data);
 654        }
 655
 656        return ret;
 657}
 658
 659asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
 660                                  compat_long_t addr, compat_long_t data)
 661{
 662        struct task_struct *child;
 663        long ret;
 664
 665        /*
 666         * This lock_kernel fixes a subtle race with suid exec
 667         */
 668        lock_kernel();
 669        if (request == PTRACE_TRACEME) {
 670                ret = ptrace_traceme();
 671                goto out;
 672        }
 673
 674        child = ptrace_get_task_struct(pid);
 675        if (IS_ERR(child)) {
 676                ret = PTR_ERR(child);
 677                goto out;
 678        }
 679
 680        if (request == PTRACE_ATTACH) {
 681                ret = ptrace_attach(child);
 682                /*
 683                 * Some architectures need to do book-keeping after
 684                 * a ptrace attach.
 685                 */
 686                if (!ret)
 687                        arch_ptrace_attach(child);
 688                goto out_put_task_struct;
 689        }
 690
 691        ret = ptrace_check_attach(child, request == PTRACE_KILL);
 692        if (!ret)
 693                ret = compat_arch_ptrace(child, request, addr, data);
 694
 695 out_put_task_struct:
 696        put_task_struct(child);
 697 out:
 698        unlock_kernel();
 699        return ret;
 700}
 701#endif  /* CONFIG_COMPAT && __ARCH_WANT_COMPAT_SYS_PTRACE */
 702