2 * linux/kernel/ptrace.c
4 * (C) Copyright 1999 Linus Torvalds
6 * Common interfaces for "ptrace()" which we do not want
7 * to continually duplicate across every architecture.
10 #include <linux/capability.h>
11 #include <linux/module.h>
12 #include <linux/sched.h>
13 #include <linux/errno.h>
15 #include <linux/highmem.h>
16 #include <linux/pagemap.h>
17 #include <linux/smp_lock.h>
18 #include <linux/ptrace.h>
19 #include <linux/security.h>
20 #include <linux/signal.h>
21 #include <linux/utrace.h>
22 #include <linux/tracehook.h>
23 #include <linux/vs_context.h>
24 #include <asm/tracehook.h>
25 #include <asm/pgtable.h>
26 #include <asm/uaccess.h>
33 * These elements are always available, even when the struct is
34 * awaiting destruction at the next RCU callback point.
36 struct utrace_attached_engine *engine;
37 struct task_struct *task; /* Target task. */
38 struct task_struct *parent; /* Whom we report to. */
39 struct list_head entry; /* Entry on parent->ptracees list. */
41 u8 options; /* PTRACE_SETOPTIONS bits. */
42 unsigned int syscall:1; /* Reporting for syscall. */
44 unsigned int sysemu:1; /* PTRACE_SYSEMU in progress. */
46 unsigned int have_eventmsg:1; /* u.eventmsg valid. */
47 unsigned int cap_sys_ptrace:1; /* Tracer capable. */
51 unsigned long eventmsg;
56 static const struct utrace_engine_ops ptrace_utrace_ops; /* Initialized below. */
59 ptrace_state_unlink(struct ptrace_state *state)
61 task_lock(state->parent);
62 list_del_rcu(&state->entry);
63 task_unlock(state->parent);
66 static struct ptrace_state *
67 ptrace_setup(struct task_struct *target, struct utrace_attached_engine *engine,
68 struct task_struct *parent, u8 options, int cap_sys_ptrace,
69 struct ptrace_state *state)
72 state = kzalloc(sizeof *state, GFP_USER);
73 if (unlikely(state == NULL))
74 return ERR_PTR(-ENOMEM);
77 state->engine = engine;
79 state->parent = parent;
80 state->options = options;
81 state->cap_sys_ptrace = cap_sys_ptrace;
84 if (unlikely(parent->flags & PF_EXITING)) {
87 return ERR_PTR(-EALREADY);
89 list_add_rcu(&state->entry, &state->parent->ptracees);
90 task_unlock(state->parent);
92 BUG_ON(engine->data != 0);
93 rcu_assign_pointer(engine->data, (unsigned long) state);
99 ptrace_state_free(struct rcu_head *rhead)
101 struct ptrace_state *state = container_of(rhead,
102 struct ptrace_state, rcu);
107 ptrace_done(struct ptrace_state *state)
109 INIT_RCU_HEAD(&state->rcu);
110 call_rcu(&state->rcu, ptrace_state_free);
114 * Update the tracing engine state to match the new ptrace state.
116 static int __must_check
117 ptrace_update(struct task_struct *target,
118 struct utrace_attached_engine *engine,
119 unsigned long flags, int from_stopped)
121 struct ptrace_state *state = (struct ptrace_state *) engine->data;
124 * These events are always reported.
126 flags |= (UTRACE_EVENT(DEATH) | UTRACE_EVENT(EXEC)
127 | UTRACE_EVENT_SIGNAL_ALL | UTRACE_EVENT(JCTL));
130 * We always have to examine clone events to check for CLONE_PTRACE.
132 flags |= UTRACE_EVENT(CLONE);
135 * PTRACE_SETOPTIONS can request more events.
137 if (state->options & PTRACE_O_TRACEEXIT)
138 flags |= UTRACE_EVENT(EXIT);
139 if (state->options & PTRACE_O_TRACEVFORKDONE)
140 flags |= UTRACE_EVENT(VFORK_DONE);
143 * ptrace always inhibits normal parent reaping.
144 * But for a corner case we sometimes see the REAP event anyway.
146 flags |= UTRACE_ACTION_NOREAP | UTRACE_EVENT(REAP);
148 if (from_stopped && !(flags & UTRACE_ACTION_QUIESCE)) {
150 * We're letting the thread resume from ptrace stop.
151 * If SIGKILL is waking it up, it can be racing with us here
152 * to set its own exit_code in do_exit. Though we clobber
153 * it here, we check for the case in ptrace_report_death.
155 if (!unlikely(target->flags & PF_SIGNALED))
156 target->exit_code = 0;
158 if (!state->have_eventmsg)
159 state->u.siginfo = NULL;
161 if (target->state == TASK_STOPPED) {
163 * We have to double-check for naughty de_thread
164 * reaping despite NOREAP, before we can get siglock.
166 read_lock(&tasklist_lock);
167 if (!target->exit_state) {
168 spin_lock_irq(&target->sighand->siglock);
169 if (target->state == TASK_STOPPED)
170 target->signal->flags &=
171 ~SIGNAL_STOP_STOPPED;
172 spin_unlock_irq(&target->sighand->siglock);
174 read_unlock(&tasklist_lock);
178 return utrace_set_flags(target, engine, flags);
181 static int ptrace_traceme(void)
183 struct utrace_attached_engine *engine;
184 struct ptrace_state *state;
185 struct task_struct *parent;
188 engine = utrace_attach(current, (UTRACE_ATTACH_CREATE
189 | UTRACE_ATTACH_EXCLUSIVE
190 | UTRACE_ATTACH_MATCH_OPS),
191 &ptrace_utrace_ops, 0UL);
193 if (IS_ERR(engine)) {
194 retval = PTR_ERR(engine);
195 if (retval == -EEXIST)
200 * We need to preallocate so that we can hold
201 * rcu_read_lock from extracting ->parent through
202 * ptrace_setup using it.
204 state = kzalloc(sizeof *state, GFP_USER);
205 if (unlikely(state == NULL)) {
206 (void) utrace_detach(current, engine);
208 "ptrace out of memory, lost child %d of %d",
209 current->pid, current->parent->pid);
214 parent = rcu_dereference(current->parent);
217 retval = security_ptrace(parent, current);
218 task_unlock(current);
222 (void) utrace_detach(current, engine);
225 state = ptrace_setup(current, engine, parent, 0, 0,
228 retval = PTR_ERR(state);
234 * This can't fail because we can't die while we
235 * are here doing this.
237 retval = ptrace_update(current, engine, 0, 0);
240 else if (unlikely(retval == -EALREADY))
242 * We raced with our parent's exit, which would
243 * have detached us just after our attach if
244 * we'd won the race. Pretend we got attached
245 * and then detached immediately, no error.
253 static int ptrace_attach(struct task_struct *task)
255 struct utrace_attached_engine *engine;
256 struct ptrace_state *state;
262 if (task->tgid == current->tgid)
264 if (!task->mm) /* kernel threads */
267 pr_debug("%d ptrace_attach %d state %lu exit_code %x\n",
268 current->pid, task->pid, task->state, task->exit_code);
270 engine = utrace_attach(task, (UTRACE_ATTACH_CREATE
271 | UTRACE_ATTACH_EXCLUSIVE
272 | UTRACE_ATTACH_MATCH_OPS),
273 &ptrace_utrace_ops, 0);
274 if (IS_ERR(engine)) {
275 retval = PTR_ERR(engine);
276 if (retval == -EEXIST)
281 pr_debug("%d ptrace_attach %d after utrace_attach: %lu exit_code %x\n",
282 current->pid, task->pid, task->state, task->exit_code);
284 if (ptrace_may_attach(task)) {
285 state = ptrace_setup(task, engine, current, 0,
286 capable(CAP_SYS_PTRACE), NULL);
288 retval = PTR_ERR(state);
290 retval = ptrace_update(task, engine, 0, 0);
292 pr_debug("%d ptrace_attach %d after ptrace_update (%d)"
293 " %lu exit_code %x\n",
294 current->pid, task->pid, retval,
295 task->state, task->exit_code);
299 * It died before we enabled any callbacks.
301 if (retval == -EALREADY)
303 BUG_ON(retval != -ESRCH);
304 ptrace_state_unlink(state);
310 (void) utrace_detach(task, engine);
315 * We must double-check that task has not just died and
316 * been reaped (after ptrace_update succeeded).
317 * This happens when exec (de_thread) ignores NOREAP.
318 * We cannot call into the signal code if it's dead.
320 read_lock(&tasklist_lock);
321 if (likely(!task->exit_state)) {
322 force_sig_specific(SIGSTOP, task);
324 spin_lock_irq(&task->sighand->siglock);
325 stopped = (task->state == TASK_STOPPED);
326 spin_unlock_irq(&task->sighand->siglock);
328 read_unlock(&tasklist_lock);
331 const struct utrace_regset *regset;
334 * Set QUIESCE immediately, so we can allow
335 * ptrace requests while he's in TASK_STOPPED.
337 retval = ptrace_update(task, engine,
338 UTRACE_ACTION_QUIESCE, 0);
340 BUG_ON(retval != -ESRCH);
344 * Do now the regset 0 writeback that we do on every
345 * stop, since it's never been done. On register
346 * window machines, this makes sure the user memory
347 * backing the register data is up to date.
349 regset = utrace_regset(task, engine,
350 utrace_native_view(task), 0);
351 if (regset->writeback)
352 (*regset->writeback)(task, regset, 1);
355 pr_debug("%d ptrace_attach %d complete (%sstopped)"
356 " state %lu code %x",
357 current->pid, task->pid, stopped ? "" : "not ",
358 task->state, task->exit_code);
366 * The task might be dying or being reaped in parallel, in which case
367 * engine and state may no longer be valid. utrace_detach checks for us.
369 static int ptrace_detach(struct task_struct *task,
370 struct utrace_attached_engine *engine,
371 struct ptrace_state *state)
376 #ifdef HAVE_ARCH_PTRACE_DETACH
378 * Some funky compatibility code in arch_ptrace may have
379 * needed to install special state it should clean up now.
381 arch_ptrace_detach(task);
385 * Traditional ptrace behavior does wake_up_process no matter what
386 * in ptrace_detach. But utrace_detach will not do a wakeup if
387 * it's in a proper job control stop. We need it to wake up from
388 * TASK_STOPPED and either resume or process more signals. A
389 * pending stop signal will just leave it stopped again, but will
390 * consume the signal, and reset task->exit_code for the next wait
391 * call to see. This is important to userland if ptrace_do_wait
392 * "stole" the previous unwaited-for-ness (clearing exit_code), but
393 * there is a pending SIGSTOP, e.g. sent by a PTRACE_ATTACH done
394 * while already in job control stop.
396 read_lock(&tasklist_lock);
397 if (likely(task->signal != NULL)) {
398 spin_lock_irq(&task->sighand->siglock);
399 task->signal->flags &= ~SIGNAL_STOP_STOPPED;
400 spin_unlock_irq(&task->sighand->siglock);
402 read_unlock(&tasklist_lock);
404 error = utrace_detach(task, engine);
407 * We can only get here from the ptracer itself or via
408 * detach_zombie from another thread in its group.
410 BUG_ON(state->parent->tgid != current->tgid);
411 ptrace_state_unlink(state);
415 * Wake up any other threads that might be blocked in
416 * wait. Though traditional ptrace does not guarantee
417 * this wakeup on PTRACE_DETACH, it does prevent
418 * erroneous blocking in wait when another racing
419 * thread's wait call reap-detaches the last child.
420 * Without this wakeup, another thread might stay
421 * blocked when it should return -ECHILD.
423 spin_lock_irq(¤t->sighand->siglock);
424 wake_up_interruptible(¤t->signal->wait_chldexit);
425 spin_unlock_irq(¤t->sighand->siglock);
432 * This is called when we are exiting. We must stop all our ptracing.
435 ptrace_exit(struct task_struct *tsk)
437 struct list_head *pos, *n;
440 * Taking the task_lock after PF_EXITING is set ensures that a
441 * child in ptrace_traceme will not put itself on our list when
442 * we might already be tearing it down.
445 if (likely(list_empty(&tsk->ptracees))) {
454 list_for_each_safe_rcu(pos, n, &tsk->ptracees) {
455 struct ptrace_state *state = list_entry(pos,
458 int error = utrace_detach(state->task, state->engine);
459 BUG_ON(state->parent != tsk);
460 if (likely(error == 0)) {
461 ptrace_state_unlink(state);
464 else if (unlikely(error == -EALREADY)) {
466 * It's still doing report_death callbacks.
467 * Just wait for it to settle down.
468 * Since wait_task_inactive might yield,
469 * we must go out of rcu_read_lock and restart.
471 struct task_struct *p = state->task;
474 wait_task_inactive(p);
479 BUG_ON(error != -ESRCH);
484 BUG_ON(!list_empty(&tsk->ptracees));
488 ptrace_induce_signal(struct task_struct *target,
489 struct utrace_attached_engine *engine,
492 struct ptrace_state *state = (struct ptrace_state *) engine->data;
497 if (!valid_signal(signr))
500 if (state->syscall) {
502 * This is the traditional ptrace behavior when given
503 * a signal to resume from a syscall tracing stop.
505 send_sig(signr, target, 1);
507 else if (!state->have_eventmsg && state->u.siginfo) {
508 siginfo_t *info = state->u.siginfo;
510 /* Update the siginfo structure if the signal has
511 changed. If the debugger wanted something
512 specific in the siginfo structure then it should
513 have updated *info via PTRACE_SETSIGINFO. */
514 if (signr != info->si_signo) {
515 info->si_signo = signr;
517 info->si_code = SI_USER;
518 info->si_pid = current->pid;
519 info->si_uid = current->uid;
522 return utrace_inject_signal(target, engine,
523 UTRACE_ACTION_RESUME, info, NULL);
530 ptrace_regset_access(struct task_struct *target,
531 struct utrace_attached_engine *engine,
532 const struct utrace_regset_view *view,
533 int setno, unsigned long offset, unsigned int size,
534 void __user *data, int write)
536 const struct utrace_regset *regset = utrace_regset(target, engine,
540 if (unlikely(regset == NULL))
543 if (size == (unsigned int) -1)
544 size = regset->size * regset->n;
547 if (!access_ok(VERIFY_READ, data, size))
550 ret = (*regset->set)(target, regset,
551 offset, size, NULL, data);
554 if (!access_ok(VERIFY_WRITE, data, size))
557 ret = (*regset->get)(target, regset,
558 offset, size, NULL, data);
565 ptrace_onereg_access(struct task_struct *target,
566 struct utrace_attached_engine *engine,
567 const struct utrace_regset_view *view,
568 int setno, unsigned long regno,
569 void __user *data, int write)
571 const struct utrace_regset *regset = utrace_regset(target, engine,
576 if (unlikely(regset == NULL))
579 if (regno < regset->bias || regno >= regset->bias + regset->n)
582 pos = (regno - regset->bias) * regset->size;
585 if (!access_ok(VERIFY_READ, data, regset->size))
588 ret = (*regset->set)(target, regset, pos, regset->size,
592 if (!access_ok(VERIFY_WRITE, data, regset->size))
595 ret = (*regset->get)(target, regset, pos, regset->size,
603 ptrace_layout_access(struct task_struct *target,
604 struct utrace_attached_engine *engine,
605 const struct utrace_regset_view *view,
606 const struct ptrace_layout_segment layout[],
607 unsigned long addr, unsigned int size,
608 void __user *udata, void *kdata, int write)
610 const struct ptrace_layout_segment *seg;
614 !access_ok(write ? VERIFY_READ : VERIFY_WRITE, udata, size))
621 while (addr >= seg->end && seg->end != 0)
624 if (addr < seg->start || addr >= seg->end)
627 pos = addr - seg->start + seg->offset;
628 n = min(size, seg->end - (unsigned int) addr);
630 if (unlikely(seg->regset == (unsigned int) -1)) {
632 * This is a no-op/zero-fill portion of struct user.
635 if (!write && seg->offset == 0) {
638 else if (clear_user(udata, n))
644 const struct utrace_regset *regset = utrace_regset(
645 target, engine, view, seg->regset);
646 if (unlikely(regset == NULL))
650 * A ptrace compatibility layout can do a misaligned
651 * regset access, e.g. word access to larger data.
652 * An arch's compat layout can be this way only if
653 * it is actually ok with the regset code despite the
654 * regset->align setting.
656 align = min(regset->align, size);
657 if ((pos & (align - 1))
658 || pos >= regset->n * regset->size)
662 ret = (*regset->set)(target, regset,
663 pos, n, kdata, udata);
665 ret = (*regset->get)(target, regset,
666 pos, n, kdata, udata);
675 } while (ret == 0 && size > 0);
682 ptrace_start(long pid, long request,
683 struct task_struct **childp,
684 struct utrace_attached_engine **enginep,
685 struct ptrace_state **statep)
688 struct task_struct *child;
689 struct utrace_attached_engine *engine;
690 struct ptrace_state *state;
693 if (request == PTRACE_TRACEME)
694 return ptrace_traceme();
697 read_lock(&tasklist_lock);
698 child = find_task_by_pid(pid);
700 get_task_struct(child);
701 read_unlock(&tasklist_lock);
702 pr_debug("ptrace pid %ld => %p\n", pid, child);
707 if (pid == 1) /* you may not mess with init */
711 if (!vx_check(vx_task_xid(child), VS_WATCH_P|VS_IDENT))
714 if (request == PTRACE_ATTACH) {
715 ret = ptrace_attach(child);
720 engine = utrace_attach(child, UTRACE_ATTACH_MATCH_OPS,
721 &ptrace_utrace_ops, 0);
723 if (IS_ERR(engine) || engine == NULL)
725 state = rcu_dereference((struct ptrace_state *) engine->data);
726 if (state == NULL || state->parent != current)
731 * Traditional ptrace behavior demands that the target already be
732 * quiescent, but not dead.
734 if (request != PTRACE_KILL
735 && !(engine->flags & UTRACE_ACTION_QUIESCE)) {
736 pr_debug("%d not stopped (%lu)\n", child->pid, child->state);
741 * We do this for all requests to match traditional ptrace behavior.
742 * If the machine state synchronization done at context switch time
743 * includes e.g. writing back to user memory, we want to make sure
744 * that has finished before a PTRACE_PEEKDATA can fetch the results.
745 * On most machines, only regset data is affected by context switch
746 * and calling utrace_regset later on will take care of that, so
747 * this is superfluous.
749 * To do this purely in utrace terms, we could do:
750 * (void) utrace_regset(child, engine, utrace_native_view(child), 0);
752 wait_task_inactive(child);
754 if (child->exit_state)
765 put_task_struct(child);
771 ptrace_common(long request, struct task_struct *child,
772 struct utrace_attached_engine *engine,
773 struct ptrace_state *state,
774 unsigned long addr, long data)
782 * Detach a process that was attached.
784 ret = ptrace_induce_signal(child, engine, data);
786 ret = ptrace_detach(child, engine, state);
787 if (ret == -EALREADY) /* Already a zombie. */
790 BUG_ON(ret != -ESRCH);
795 * These are the operations that resume the child running.
803 case PTRACE_SYSEMU_SINGLESTEP:
805 #ifdef PTRACE_SINGLEBLOCK
806 case PTRACE_SINGLEBLOCK:
807 # ifdef ARCH_HAS_BLOCK_STEP
808 if (! ARCH_HAS_BLOCK_STEP)
810 if (request == PTRACE_SINGLEBLOCK)
813 case PTRACE_SINGLESTEP:
814 #ifdef ARCH_HAS_SINGLE_STEP
815 if (! ARCH_HAS_SINGLE_STEP)
817 if (request == PTRACE_SINGLESTEP
818 #ifdef PTRACE_SYSEMU_SINGLESTEP
819 || request == PTRACE_SYSEMU_SINGLESTEP
824 ret = ptrace_induce_signal(child, engine, data);
830 * Reset the action flags without QUIESCE, so it resumes.
834 state->sysemu = (request == PTRACE_SYSEMU_SINGLESTEP
835 || request == PTRACE_SYSEMU);
837 if (request == PTRACE_SINGLESTEP
839 || request == PTRACE_SYSEMU_SINGLESTEP
842 flags |= UTRACE_ACTION_SINGLESTEP;
843 #ifdef PTRACE_SINGLEBLOCK
844 else if (request == PTRACE_SINGLEBLOCK)
845 flags |= UTRACE_ACTION_BLOCKSTEP;
847 if (request == PTRACE_SYSCALL)
848 flags |= UTRACE_EVENT_SYSCALL;
850 else if (request == PTRACE_SYSEMU
851 || request == PTRACE_SYSEMU_SINGLESTEP)
852 flags |= UTRACE_EVENT(SYSCALL_ENTRY);
854 ret = ptrace_update(child, engine, flags, 1);
856 BUG_ON(ret != -ESRCH);
860 #ifdef PTRACE_OLDSETOPTIONS
861 case PTRACE_OLDSETOPTIONS:
863 case PTRACE_SETOPTIONS:
865 if (data & ~PTRACE_O_MASK)
867 state->options = data;
868 ret = ptrace_update(child, engine, UTRACE_ACTION_QUIESCE, 1);
870 BUG_ON(ret != -ESRCH);
879 asmlinkage long sys_ptrace(long request, long pid, long addr, long data)
881 struct task_struct *child;
882 struct utrace_attached_engine *engine;
883 struct ptrace_state *state;
886 pr_debug("%d sys_ptrace(%ld, %ld, %lx, %lx)\n",
887 current->pid, request, pid, addr, data);
889 ret = ptrace_start(pid, request, &child, &engine, &state);
894 ret = arch_ptrace(&request, child, engine, addr, data, &val);
895 if (ret != -ENOSYS) {
898 force_successful_syscall_return();
905 ret = ptrace_common(request, child, engine, state, addr, data);
908 case PTRACE_PEEKTEXT: /* read word at location addr. */
909 case PTRACE_PEEKDATA: {
913 copied = access_process_vm(child, addr, &tmp, sizeof(tmp), 0);
915 if (copied != sizeof(tmp))
917 ret = put_user(tmp, (unsigned long __user *) data);
921 case PTRACE_POKETEXT: /* write the word at location addr. */
922 case PTRACE_POKEDATA:
924 if (access_process_vm(child, addr, &data, sizeof(data), 1) == sizeof(data))
929 case PTRACE_GETEVENTMSG:
930 ret = put_user(state->have_eventmsg
931 ? state->u.eventmsg : 0L,
932 (unsigned long __user *) data);
934 case PTRACE_GETSIGINFO:
936 if (!state->have_eventmsg && state->u.siginfo)
937 ret = copy_siginfo_to_user((siginfo_t __user *) data,
940 case PTRACE_SETSIGINFO:
942 if (!state->have_eventmsg && state->u.siginfo) {
944 if (copy_from_user(state->u.siginfo,
945 (siginfo_t __user *) data,
953 put_task_struct(child);
955 pr_debug("%d ptrace -> %lx\n", current->pid, ret);
961 #include <linux/compat.h>
963 asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
964 compat_ulong_t addr, compat_long_t cdata)
966 const unsigned long data = (unsigned long) (compat_ulong_t) cdata;
967 struct task_struct *child;
968 struct utrace_attached_engine *engine;
969 struct ptrace_state *state;
970 compat_long_t ret, val;
972 pr_debug("%d compat_sys_ptrace(%d, %d, %x, %x)\n",
973 current->pid, request, pid, addr, cdata);
974 ret = ptrace_start(pid, request, &child, &engine, &state);
979 ret = arch_compat_ptrace(&request, child, engine, addr, cdata, &val);
980 if (ret != -ENOSYS) {
983 force_successful_syscall_return();
990 ret = ptrace_common(request, child, engine, state, addr, data);
993 case PTRACE_PEEKTEXT: /* read word at location addr. */
994 case PTRACE_PEEKDATA: {
998 copied = access_process_vm(child, addr, &tmp, sizeof(tmp), 0);
1000 if (copied != sizeof(tmp))
1002 ret = put_user(tmp, (compat_ulong_t __user *) data);
1006 case PTRACE_POKETEXT: /* write the word at location addr. */
1007 case PTRACE_POKEDATA:
1009 if (access_process_vm(child, addr, &cdata, sizeof(cdata), 1) == sizeof(cdata))
1014 case PTRACE_GETEVENTMSG:
1015 ret = put_user(state->have_eventmsg
1016 ? state->u.eventmsg : 0L,
1017 (compat_long_t __user *) data);
1019 case PTRACE_GETSIGINFO:
1021 if (!state->have_eventmsg && state->u.siginfo)
1022 ret = copy_siginfo_to_user32(
1023 (struct compat_siginfo __user *) data,
1026 case PTRACE_SETSIGINFO:
1028 if (!state->have_eventmsg && state->u.siginfo
1029 && copy_siginfo_from_user32(
1031 (struct compat_siginfo __user *) data))
1037 put_task_struct(child);
1039 pr_debug("%d ptrace -> %lx\n", current->pid, (long)ret);
1046 * Detach the zombie being reported for wait.
1049 detach_zombie(struct task_struct *tsk,
1050 struct task_struct *p, struct ptrace_state *state)
1053 struct utrace_attached_engine *engine;
1059 engine = state->engine;
1062 * We've excluded other ptrace_do_wait calls. But the
1063 * ptracer itself might have done ptrace_detach while we
1064 * did not have rcu_read_lock. So double-check that state
1067 engine = utrace_attach(
1068 p, (UTRACE_ATTACH_MATCH_OPS
1069 | UTRACE_ATTACH_MATCH_DATA),
1071 (unsigned long) state);
1072 if (IS_ERR(engine) || state->parent != tsk)
1073 detach_error = -ESRCH;
1075 BUG_ON(state->engine != engine);
1078 if (likely(!detach_error))
1079 detach_error = ptrace_detach(p, engine, state);
1080 if (unlikely(detach_error == -EALREADY)) {
1082 * It's still doing report_death callbacks.
1083 * Just wait for it to settle down.
1085 wait_task_inactive(p); /* Might block. */
1089 * A failure with -ESRCH means that report_reap is
1090 * already running and will do the cleanup, or that
1091 * we lost a race with ptrace_detach in another
1092 * thread or with the automatic detach in
1096 BUG_ON(detach_error != -ESRCH);
1100 * We're called with tasklist_lock held for reading.
1101 * If we return -ECHILD or zero, next_thread(tsk) must still be valid to use.
1102 * If we return another error code, or a successful PID value, we
1103 * release tasklist_lock first.
1106 ptrace_do_wait(struct task_struct *tsk,
1107 pid_t pid, int options, struct siginfo __user *infop,
1108 int __user *stat_addr, struct rusage __user *rusagep)
1110 struct ptrace_state *state;
1111 struct task_struct *p;
1113 int exit_code, why, status;
1116 list_for_each_entry_rcu(state, &tsk->ptracees, entry) {
1123 if (process_group(p) != process_group(current))
1125 } else if (pid != -1) {
1126 if (process_group(p) != -pid)
1129 if (((p->exit_signal != SIGCHLD) ^ ((options & __WCLONE) != 0))
1130 && !(options & __WALL))
1132 if (security_task_wait(p))
1136 * This is a matching child. If we don't win now, tell
1137 * our caller to block and repeat. From this point we
1138 * must ensure that wait_chldexit will get a wakeup for
1139 * any tracee stopping, dying, or being detached.
1140 * For death, tasklist_lock guarantees this already.
1144 switch (p->exit_state) {
1146 if (!likely(options & WEXITED))
1148 if (delay_group_leader(p)) {
1149 struct task_struct *next = next_thread(p);
1150 pr_debug("%d ptrace_do_wait leaving %d "
1152 "delay_group_leader (%d/%lu)\n",
1153 current->pid, p->pid, p->exit_code,
1154 next->pid, next->state);
1157 exit_code = p->exit_code;
1163 * tasklist_lock holds up any transitions to
1164 * EXIT_ZOMBIE. After releasing it we are
1165 * guaranteed a wakeup on wait_chldexit after
1168 if (p->flags & PF_EXITING)
1170 * It's in do_exit and might have set
1171 * p->exit_code already, but it's not quite
1172 * dead yet. It will get to report_death
1173 * and wakes us up when it finishes.
1180 * This xchg atomically ensures that only one do_wait
1181 * call can report this thread. Because exit_code is
1182 * always set before do_notify wakes us up, after this
1183 * check fails we are sure to get a wakeup if it stops.
1185 exit_code = xchg(&p->exit_code, 0);
1189 // XXX should handle WCONTINUED
1191 pr_debug("%d ptrace_do_wait leaving %d state %lu code %x\n",
1192 current->pid, p->pid, p->state, p->exit_code);
1196 pr_debug("%d ptrace_do_wait blocking\n", current->pid);
1201 BUG_ON(state->parent != tsk);
1204 pr_debug("%d ptrace_do_wait (%d) found %d code %x (%lu/%d)\n",
1205 current->pid, tsk->pid, p->pid, exit_code,
1206 p->exit_state, p->exit_signal);
1209 * If there was a group exit in progress, all threads report that
1210 * status. Most will have SIGKILL in their own exit_code.
1212 if (p->signal->flags & SIGNAL_GROUP_EXIT)
1213 exit_code = p->signal->group_exit_code;
1215 if (p->exit_state) {
1216 if (unlikely(p->parent == tsk && p->exit_signal != -1))
1218 * This is our natural child we were ptracing.
1219 * When it dies it detaches (see ptrace_report_death).
1220 * So we're seeing it here in a race. When it
1221 * finishes detaching it will become reapable in
1222 * the normal wait_task_zombie path instead.
1225 if ((exit_code & 0x7f) == 0) {
1227 status = exit_code >> 8;
1230 why = (exit_code & 0x80) ? CLD_DUMPED : CLD_KILLED;
1231 status = exit_code & 0x7f;
1237 exit_code = (status << 8) | 0x7f;
1241 * At this point we are committed to a successful return
1242 * or a user error return. Release the tasklist_lock.
1245 read_unlock(&tasklist_lock);
1248 err = getrusage(p, RUSAGE_BOTH, rusagep);
1251 err = put_user(SIGCHLD, &infop->si_signo);
1253 err = put_user(0, &infop->si_errno);
1255 err = put_user((short)why, &infop->si_code);
1257 err = put_user(p->pid, &infop->si_pid);
1259 err = put_user(p->uid, &infop->si_uid);
1261 err = put_user(status, &infop->si_status);
1263 if (!err && stat_addr)
1264 err = put_user(exit_code, stat_addr);
1267 if (why != CLD_TRAPPED)
1269 * This was a death report. The ptracer's wait
1270 * does an implicit detach, so the zombie reports
1271 * to its real parent now.
1273 detach_zombie(tsk, p, state);
1284 * All the report callbacks (except death and reap) are subject to a race
1285 * with ptrace_exit doing a quick detach and ptrace_done. It can do this
1286 * even when the target is not quiescent, so a callback may already be in
1287 * progress when it does ptrace_done. Callbacks use this function to fetch
1288 * the struct ptrace_state while ensuring it doesn't disappear until
1289 * put_ptrace_state is called. This just uses RCU, since state and
1290 * anything we try to do to state->parent is safe under rcu_read_lock.
1292 static struct ptrace_state *
1293 get_ptrace_state(struct utrace_attached_engine *engine,
1294 struct task_struct *tsk)
1296 struct ptrace_state *state;
1299 state = rcu_dereference((struct ptrace_state *) engine->data);
1300 if (likely(state != NULL))
1308 put_ptrace_state(struct ptrace_state *state)
1315 do_notify(struct task_struct *tsk, struct task_struct *parent, int why)
1317 struct siginfo info;
1318 unsigned long flags;
1319 struct sighand_struct *sighand;
1322 info.si_signo = SIGCHLD;
1324 info.si_pid = tsk->pid;
1325 info.si_uid = tsk->uid;
1327 /* FIXME: find out whether or not this is supposed to be c*time. */
1328 info.si_utime = cputime_to_jiffies(tsk->utime);
1329 info.si_stime = cputime_to_jiffies(tsk->stime);
1331 sa_mask = SA_NOCLDSTOP;
1333 info.si_status = tsk->exit_code & 0x7f;
1334 if (why == CLD_CONTINUED)
1335 info.si_status = SIGCONT;
1336 else if (why == CLD_STOPPED)
1337 info.si_status = tsk->signal->group_exit_code & 0x7f;
1338 else if (why == CLD_EXITED) {
1339 sa_mask = SA_NOCLDWAIT;
1340 if (tsk->exit_code & 0x80)
1341 info.si_code = CLD_DUMPED;
1342 else if (tsk->exit_code & 0x7f)
1343 info.si_code = CLD_KILLED;
1345 info.si_code = CLD_EXITED;
1346 info.si_status = tsk->exit_code >> 8;
1350 read_lock(&tasklist_lock);
1351 if (unlikely(parent->signal == NULL))
1354 sighand = parent->sighand;
1355 spin_lock_irqsave(&sighand->siglock, flags);
1356 if (sighand->action[SIGCHLD-1].sa.sa_handler != SIG_IGN &&
1357 !(sighand->action[SIGCHLD-1].sa.sa_flags & sa_mask))
1358 __group_send_sig_info(SIGCHLD, &info, parent);
1360 * Even if SIGCHLD is not generated, we must wake up wait4 calls.
1362 wake_up_interruptible_sync(&parent->signal->wait_chldexit);
1363 spin_unlock_irqrestore(&sighand->siglock, flags);
1366 read_unlock(&tasklist_lock);
1370 ptrace_report(struct utrace_attached_engine *engine,
1371 struct task_struct *tsk,
1372 struct ptrace_state *state,
1375 const struct utrace_regset *regset;
1377 pr_debug("%d ptrace_report %d engine %p"
1378 " state %p code %x parent %d (%p)\n",
1379 current->pid, tsk->pid, engine, state, code,
1380 state->parent->pid, state->parent);
1381 if (!state->have_eventmsg && state->u.siginfo) {
1382 const siginfo_t *si = state->u.siginfo;
1383 pr_debug(" si %d code %x errno %d addr %p\n",
1384 si->si_signo, si->si_code, si->si_errno,
1389 * Set our QUIESCE flag right now, before notifying the tracer.
1390 * We do this before setting tsk->exit_code rather than
1391 * by using UTRACE_ACTION_NEWSTATE in our return value, to
1392 * ensure that the tracer can't get the notification and then
1393 * try to resume us with PTRACE_CONT before we set the flag.
1395 utrace_set_flags(tsk, engine, engine->flags | UTRACE_ACTION_QUIESCE);
1398 * If regset 0 has a writeback call, do it now. On register window
1399 * machines, this makes sure the user memory backing the register
1400 * data is up to date by the time wait_task_inactive returns to
1401 * ptrace_start in our tracer doing a PTRACE_PEEKDATA or the like.
1403 regset = utrace_regset(tsk, engine, utrace_native_view(tsk), 0);
1404 if (regset->writeback)
1405 (*regset->writeback)(tsk, regset, 0);
1408 tsk->exit_code = code;
1409 do_notify(tsk, state->parent, CLD_TRAPPED);
1411 pr_debug("%d ptrace_report quiescing exit_code %x\n",
1412 current->pid, current->exit_code);
1414 put_ptrace_state(state);
1416 return UTRACE_ACTION_RESUME;
1420 ptrace_event(struct utrace_attached_engine *engine,
1421 struct task_struct *tsk,
1422 struct ptrace_state *state,
1426 return ptrace_report(engine, tsk, state, (event << 8) | SIGTRAP);
1430 * Unlike other report callbacks, this can't be called while ptrace_exit
1431 * is doing ptrace_done in parallel, so we don't need get_ptrace_state.
1434 ptrace_report_death(struct utrace_attached_engine *engine,
1435 struct task_struct *tsk)
1437 struct ptrace_state *state = (struct ptrace_state *) engine->data;
1439 if (tsk->exit_code == 0 && unlikely(tsk->flags & PF_SIGNALED))
1441 * This can only mean that tsk->exit_code was clobbered
1442 * by ptrace_update or ptrace_do_wait in a race with
1443 * an asynchronous wakeup and exit for SIGKILL.
1445 tsk->exit_code = SIGKILL;
1447 if (tsk->parent == state->parent && tsk->exit_signal != -1) {
1449 * This is a natural child (excluding clone siblings of a
1450 * child group_leader), so we detach and let the normal
1451 * reporting happen once our NOREAP action is gone. But
1452 * first, generate a SIGCHLD for those cases where normal
1453 * behavior won't. A ptrace'd child always generates SIGCHLD.
1455 pr_debug("ptrace %d death natural parent %d exit_code %x\n",
1456 tsk->pid, state->parent->pid, tsk->exit_code);
1457 if (!thread_group_empty(tsk))
1458 do_notify(tsk, state->parent, CLD_EXITED);
1459 ptrace_state_unlink(state);
1460 rcu_assign_pointer(engine->data, 0UL);
1462 return UTRACE_ACTION_DETACH;
1466 * This might be a second report_death callback for a group leader
1467 * that was delayed when its original report_death callback was made.
1468 * Repeating do_notify is exactly what we need for that case too.
1469 * After the wakeup, ptrace_do_wait will see delay_group_leader false.
1472 pr_debug("ptrace %d death notify %d exit_code %x: ",
1473 tsk->pid, state->parent->pid, tsk->exit_code);
1474 do_notify(tsk, state->parent, CLD_EXITED);
1475 pr_debug("%d notified %d\n", tsk->pid, state->parent->pid);
1476 return UTRACE_ACTION_RESUME;
1480 * We get this only in the case where our UTRACE_ACTION_NOREAP was ignored.
1481 * That happens solely when a non-leader exec reaps the old leader.
1484 ptrace_report_reap(struct utrace_attached_engine *engine,
1485 struct task_struct *tsk)
1487 struct ptrace_state *state = get_ptrace_state(engine, tsk);
1488 if (state != NULL) {
1489 ptrace_state_unlink(state);
1490 rcu_assign_pointer(engine->data, 0UL);
1492 put_ptrace_state(state);
1497 * Start tracing the child. This has to do put_ptrace_state before it can
1498 * do allocation that might block.
1501 ptrace_clone_setup(struct utrace_attached_engine *engine,
1502 struct task_struct *parent,
1503 struct ptrace_state *state,
1504 struct task_struct *child)
1506 struct task_struct *tracer;
1507 struct utrace_attached_engine *child_engine;
1508 struct ptrace_state *child_state;
1513 tracer = state->parent;
1514 options = state->options;
1515 cap_sys_ptrace = state->cap_sys_ptrace;
1516 get_task_struct(tracer);
1517 put_ptrace_state(state);
1519 child_engine = utrace_attach(child, (UTRACE_ATTACH_CREATE
1520 | UTRACE_ATTACH_EXCLUSIVE
1521 | UTRACE_ATTACH_MATCH_OPS),
1522 &ptrace_utrace_ops, 0UL);
1523 if (unlikely(IS_ERR(child_engine))) {
1524 BUG_ON(PTR_ERR(child_engine) != -ENOMEM);
1525 put_task_struct(tracer);
1529 child_state = ptrace_setup(child, child_engine,
1530 tracer, options, cap_sys_ptrace, NULL);
1532 put_task_struct(tracer);
1534 if (unlikely(IS_ERR(child_state))) {
1535 (void) utrace_detach(child, child_engine);
1537 if (PTR_ERR(child_state) == -ENOMEM)
1541 * Our tracer has started exiting. It's
1542 * too late to set it up tracing the child.
1544 BUG_ON(PTR_ERR(child_state) != -EALREADY);
1547 sigaddset(&child->pending.signal, SIGSTOP);
1548 set_tsk_thread_flag(child, TIF_SIGPENDING);
1549 ret = ptrace_update(child, child_engine, 0, 0);
1552 * The child hasn't run yet, it can't have died already.
1560 printk(KERN_ERR "ptrace out of memory, lost child %d of %d",
1561 child->pid, parent->pid);
1565 ptrace_report_clone(struct utrace_attached_engine *engine,
1566 struct task_struct *parent,
1567 unsigned long clone_flags, struct task_struct *child)
1570 struct ptrace_state *state = get_ptrace_state(engine, parent);
1571 if (unlikely(state == NULL))
1572 return UTRACE_ACTION_RESUME;
1574 pr_debug("%d (%p) engine %p"
1575 " ptrace_report_clone child %d (%p) fl %lx\n",
1576 parent->pid, parent, engine, child->pid, child, clone_flags);
1578 event = PTRACE_EVENT_FORK;
1579 option = PTRACE_O_TRACEFORK;
1580 if (clone_flags & CLONE_VFORK) {
1581 event = PTRACE_EVENT_VFORK;
1582 option = PTRACE_O_TRACEVFORK;
1584 else if ((clone_flags & CSIGNAL) != SIGCHLD) {
1585 event = PTRACE_EVENT_CLONE;
1586 option = PTRACE_O_TRACECLONE;
1589 if (state->options & option) {
1590 state->have_eventmsg = 1;
1591 state->u.eventmsg = child->pid;
1596 if (!(clone_flags & CLONE_UNTRACED)
1597 && (event || (clone_flags & CLONE_PTRACE))) {
1599 * Have our tracer start following the child too.
1601 ptrace_clone_setup(engine, parent, state, child);
1604 * That did put_ptrace_state, so we have to check
1605 * again in case our tracer just started exiting.
1607 state = get_ptrace_state(engine, parent);
1608 if (unlikely(state == NULL))
1609 return UTRACE_ACTION_RESUME;
1613 return ptrace_event(engine, parent, state, event);
1615 put_ptrace_state(state);
1617 return UTRACE_ACTION_RESUME;
1622 ptrace_report_vfork_done(struct utrace_attached_engine *engine,
1623 struct task_struct *parent, pid_t child_pid)
1625 struct ptrace_state *state = get_ptrace_state(engine, parent);
1626 if (unlikely(state == NULL))
1627 return UTRACE_ACTION_RESUME;
1629 state->have_eventmsg = 1;
1630 state->u.eventmsg = child_pid;
1631 return ptrace_event(engine, parent, state, PTRACE_EVENT_VFORK_DONE);
1636 ptrace_report_signal(struct utrace_attached_engine *engine,
1637 struct task_struct *tsk, struct pt_regs *regs,
1638 u32 action, siginfo_t *info,
1639 const struct k_sigaction *orig_ka,
1640 struct k_sigaction *return_ka)
1642 int signo = info == NULL ? SIGTRAP : info->si_signo;
1643 struct ptrace_state *state = get_ptrace_state(engine, tsk);
1644 if (unlikely(state == NULL))
1645 return UTRACE_ACTION_RESUME;
1648 state->have_eventmsg = 0;
1649 state->u.siginfo = info;
1650 return ptrace_report(engine, tsk, state, signo) | UTRACE_SIGNAL_IGN;
1654 ptrace_report_jctl(struct utrace_attached_engine *engine,
1655 struct task_struct *tsk, int type)
1657 struct ptrace_state *state = get_ptrace_state(engine, tsk);
1658 if (unlikely(state == NULL))
1659 return UTRACE_ACTION_RESUME;
1661 pr_debug("ptrace %d jctl notify %d type %x exit_code %x\n",
1662 tsk->pid, state->parent->pid, type, tsk->exit_code);
1664 do_notify(tsk, state->parent, type);
1665 put_ptrace_state(state);
1667 return UTRACE_JCTL_NOSIGCHLD;
1671 ptrace_report_exec(struct utrace_attached_engine *engine,
1672 struct task_struct *tsk,
1673 const struct linux_binprm *bprm,
1674 struct pt_regs *regs)
1676 struct ptrace_state *state = get_ptrace_state(engine, tsk);
1677 if (unlikely(state == NULL))
1678 return UTRACE_ACTION_RESUME;
1680 return ptrace_event(engine, tsk, state,
1681 (state->options & PTRACE_O_TRACEEXEC)
1682 ? PTRACE_EVENT_EXEC : 0);
1686 ptrace_report_syscall(struct utrace_attached_engine *engine,
1687 struct task_struct *tsk, struct pt_regs *regs,
1690 struct ptrace_state *state = get_ptrace_state(engine, tsk);
1691 if (unlikely(state == NULL))
1692 return UTRACE_ACTION_RESUME;
1694 #ifdef PTRACE_SYSEMU
1695 if (entry && state->sysemu)
1696 tracehook_abort_syscall(regs);
1699 return ptrace_report(engine, tsk, state,
1700 ((state->options & PTRACE_O_TRACESYSGOOD)
1701 ? 0x80 : 0) | SIGTRAP);
1705 ptrace_report_syscall_entry(struct utrace_attached_engine *engine,
1706 struct task_struct *tsk, struct pt_regs *regs)
1708 return ptrace_report_syscall(engine, tsk, regs, 1);
1712 ptrace_report_syscall_exit(struct utrace_attached_engine *engine,
1713 struct task_struct *tsk, struct pt_regs *regs)
1715 return ptrace_report_syscall(engine, tsk, regs, 0);
1719 ptrace_report_exit(struct utrace_attached_engine *engine,
1720 struct task_struct *tsk, long orig_code, long *code)
1722 struct ptrace_state *state = get_ptrace_state(engine, tsk);
1723 if (unlikely(state == NULL))
1724 return UTRACE_ACTION_RESUME;
1726 state->have_eventmsg = 1;
1727 state->u.eventmsg = *code;
1728 return ptrace_event(engine, tsk, state, PTRACE_EVENT_EXIT);
1732 ptrace_unsafe_exec(struct utrace_attached_engine *engine,
1733 struct task_struct *tsk)
1735 int unsafe = LSM_UNSAFE_PTRACE;
1736 struct ptrace_state *state = get_ptrace_state(engine, tsk);
1737 if (likely(state != NULL) && state->cap_sys_ptrace)
1738 unsafe = LSM_UNSAFE_PTRACE_CAP;
1739 put_ptrace_state(state);
1743 static struct task_struct *
1744 ptrace_tracer_task(struct utrace_attached_engine *engine,
1745 struct task_struct *target)
1747 struct task_struct *parent = NULL;
1748 struct ptrace_state *state = get_ptrace_state(engine, target);
1749 if (likely(state != NULL)) {
1750 parent = state->parent;
1751 put_ptrace_state(state);
1757 ptrace_allow_access_process_vm(struct utrace_attached_engine *engine,
1758 struct task_struct *target,
1759 struct task_struct *caller)
1761 struct ptrace_state *state;
1764 state = get_ptrace_state(engine, target);
1765 if (likely(state != NULL)) {
1766 ours = (((engine->flags & UTRACE_ACTION_QUIESCE)
1767 || target->state == TASK_STOPPED)
1768 && state->parent == caller);
1769 put_ptrace_state(state);
1772 return ours && security_ptrace(caller, target) == 0;
1776 static const struct utrace_engine_ops ptrace_utrace_ops =
1778 .report_syscall_entry = ptrace_report_syscall_entry,
1779 .report_syscall_exit = ptrace_report_syscall_exit,
1780 .report_exec = ptrace_report_exec,
1781 .report_jctl = ptrace_report_jctl,
1782 .report_signal = ptrace_report_signal,
1783 .report_vfork_done = ptrace_report_vfork_done,
1784 .report_clone = ptrace_report_clone,
1785 .report_exit = ptrace_report_exit,
1786 .report_death = ptrace_report_death,
1787 .report_reap = ptrace_report_reap,
1788 .unsafe_exec = ptrace_unsafe_exec,
1789 .tracer_task = ptrace_tracer_task,
1790 .allow_access_process_vm = ptrace_allow_access_process_vm,