1 /* 2 * linux/kernel/ptrace.c 3 * 4 * (C) Copyright 1999 Linus Torvalds 5 * 6 * Common interfaces for "ptrace()" which we do not want 7 * to continually duplicate across every architecture. 8 */ 9 10 #include <linux/capability.h> 11 #include <linux/export.h> 12 #include <linux/sched.h> 13 #include <linux/sched/mm.h> 14 #include <linux/sched/coredump.h> 15 #include <linux/sched/task.h> 16 #include <linux/errno.h> 17 #include <linux/mm.h> 18 #include <linux/highmem.h> 19 #include <linux/pagemap.h> 20 #include <linux/ptrace.h> 21 #include <linux/security.h> 22 #include <linux/signal.h> 23 #include <linux/uio.h> 24 #include <linux/audit.h> 25 #include <linux/pid_namespace.h> 26 #include <linux/syscalls.h> 27 #include <linux/uaccess.h> 28 #include <linux/regset.h> 29 #include <linux/hw_breakpoint.h> 30 #include <linux/cn_proc.h> 31 #include <linux/compat.h> 32 33 /* 34 * Access another process' address space via ptrace. 35 * Source/target buffer must be kernel space, 36 * Do not walk the page table directly, use get_user_pages 37 */ 38 int ptrace_access_vm(struct task_struct *tsk, unsigned long addr, 39 void *buf, int len, unsigned int gup_flags) 40 { 41 struct mm_struct *mm; 42 int ret; 43 44 mm = get_task_mm(tsk); 45 if (!mm) 46 return 0; 47 48 if (!tsk->ptrace || 49 (current != tsk->parent) || 50 ((get_dumpable(mm) != SUID_DUMP_USER) && 51 !ptracer_capable(tsk, mm->user_ns))) { 52 mmput(mm); 53 return 0; 54 } 55 56 ret = __access_remote_vm(tsk, mm, addr, buf, len, gup_flags); 57 mmput(mm); 58 59 return ret; 60 } 61 62 63 /* 64 * ptrace a task: make the debugger its new parent and 65 * move it to the ptrace list. 66 * 67 * Must be called with the tasklist lock write-held. 68 */ 69 void __ptrace_link(struct task_struct *child, struct task_struct *new_parent) 70 { 71 BUG_ON(!list_empty(&child->ptrace_entry)); 72 list_add(&child->ptrace_entry, &new_parent->ptraced); 73 child->parent = new_parent; 74 rcu_read_lock(); 75 child->ptracer_cred = get_cred(__task_cred(new_parent)); 76 rcu_read_unlock(); 77 } 78 79 /** 80 * __ptrace_unlink - unlink ptracee and restore its execution state 81 * @child: ptracee to be unlinked 82 * 83 * Remove @child from the ptrace list, move it back to the original parent, 84 * and restore the execution state so that it conforms to the group stop 85 * state. 86 * 87 * Unlinking can happen via two paths - explicit PTRACE_DETACH or ptracer 88 * exiting. For PTRACE_DETACH, unless the ptracee has been killed between 89 * ptrace_check_attach() and here, it's guaranteed to be in TASK_TRACED. 90 * If the ptracer is exiting, the ptracee can be in any state. 91 * 92 * After detach, the ptracee should be in a state which conforms to the 93 * group stop. If the group is stopped or in the process of stopping, the 94 * ptracee should be put into TASK_STOPPED; otherwise, it should be woken 95 * up from TASK_TRACED. 96 * 97 * If the ptracee is in TASK_TRACED and needs to be moved to TASK_STOPPED, 98 * it goes through TRACED -> RUNNING -> STOPPED transition which is similar 99 * to but in the opposite direction of what happens while attaching to a 100 * stopped task. However, in this direction, the intermediate RUNNING 101 * state is not hidden even from the current ptracer and if it immediately 102 * re-attaches and performs a WNOHANG wait(2), it may fail. 103 * 104 * CONTEXT: 105 * write_lock_irq(tasklist_lock) 106 */ 107 void __ptrace_unlink(struct task_struct *child) 108 { 109 const struct cred *old_cred; 110 BUG_ON(!child->ptrace); 111 112 clear_tsk_thread_flag(child, TIF_SYSCALL_TRACE); 113 114 child->parent = child->real_parent; 115 list_del_init(&child->ptrace_entry); 116 old_cred = child->ptracer_cred; 117 child->ptracer_cred = NULL; 118 put_cred(old_cred); 119 120 spin_lock(&child->sighand->siglock); 121 child->ptrace = 0; 122 /* 123 * Clear all pending traps and TRAPPING. TRAPPING should be 124 * cleared regardless of JOBCTL_STOP_PENDING. Do it explicitly. 125 */ 126 task_clear_jobctl_pending(child, JOBCTL_TRAP_MASK); 127 task_clear_jobctl_trapping(child); 128 129 /* 130 * Reinstate JOBCTL_STOP_PENDING if group stop is in effect and 131 * @child isn't dead. 132 */ 133 if (!(child->flags & PF_EXITING) && 134 (child->signal->flags & SIGNAL_STOP_STOPPED || 135 child->signal->group_stop_count)) { 136 child->jobctl |= JOBCTL_STOP_PENDING; 137 138 /* 139 * This is only possible if this thread was cloned by the 140 * traced task running in the stopped group, set the signal 141 * for the future reports. 142 * FIXME: we should change ptrace_init_task() to handle this 143 * case. 144 */ 145 if (!(child->jobctl & JOBCTL_STOP_SIGMASK)) 146 child->jobctl |= SIGSTOP; 147 } 148 149 /* 150 * If transition to TASK_STOPPED is pending or in TASK_TRACED, kick 151 * @child in the butt. Note that @resume should be used iff @child 152 * is in TASK_TRACED; otherwise, we might unduly disrupt 153 * TASK_KILLABLE sleeps. 154 */ 155 if (child->jobctl & JOBCTL_STOP_PENDING || task_is_traced(child)) 156 ptrace_signal_wake_up(child, true); 157 158 spin_unlock(&child->sighand->siglock); 159 } 160 161 /* Ensure that nothing can wake it up, even SIGKILL */ 162 static bool ptrace_freeze_traced(struct task_struct *task) 163 { 164 bool ret = false; 165 166 /* Lockless, nobody but us can set this flag */ 167 if (task->jobctl & JOBCTL_LISTENING) 168 return ret; 169 170 spin_lock_irq(&task->sighand->siglock); 171 if (task_is_traced(task) && !__fatal_signal_pending(task)) { 172 task->state = __TASK_TRACED; 173 ret = true; 174 } 175 spin_unlock_irq(&task->sighand->siglock); 176 177 return ret; 178 } 179 180 static void ptrace_unfreeze_traced(struct task_struct *task) 181 { 182 if (task->state != __TASK_TRACED) 183 return; 184 185 WARN_ON(!task->ptrace || task->parent != current); 186 187 /* 188 * PTRACE_LISTEN can allow ptrace_trap_notify to wake us up remotely. 189 * Recheck state under the lock to close this race. 190 */ 191 spin_lock_irq(&task->sighand->siglock); 192 if (task->state == __TASK_TRACED) { 193 if (__fatal_signal_pending(task)) 194 wake_up_state(task, __TASK_TRACED); 195 else 196 task->state = TASK_TRACED; 197 } 198 spin_unlock_irq(&task->sighand->siglock); 199 } 200 201 /** 202 * ptrace_check_attach - check whether ptracee is ready for ptrace operation 203 * @child: ptracee to check for 204 * @ignore_state: don't check whether @child is currently %TASK_TRACED 205 * 206 * Check whether @child is being ptraced by %current and ready for further 207 * ptrace operations. If @ignore_state is %false, @child also should be in 208 * %TASK_TRACED state and on return the child is guaranteed to be traced 209 * and not executing. If @ignore_state is %true, @child can be in any 210 * state. 211 * 212 * CONTEXT: 213 * Grabs and releases tasklist_lock and @child->sighand->siglock. 214 * 215 * RETURNS: 216 * 0 on success, -ESRCH if %child is not ready. 217 */ 218 static int ptrace_check_attach(struct task_struct *child, bool ignore_state) 219 { 220 int ret = -ESRCH; 221 222 /* 223 * We take the read lock around doing both checks to close a 224 * possible race where someone else was tracing our child and 225 * detached between these two checks. After this locked check, 226 * we are sure that this is our traced child and that can only 227 * be changed by us so it's not changing right after this. 228 */ 229 read_lock(&tasklist_lock); 230 if (child->ptrace && child->parent == current) { 231 WARN_ON(child->state == __TASK_TRACED); 232 /* 233 * child->sighand can't be NULL, release_task() 234 * does ptrace_unlink() before __exit_signal(). 235 */ 236 if (ignore_state || ptrace_freeze_traced(child)) 237 ret = 0; 238 } 239 read_unlock(&tasklist_lock); 240 241 if (!ret && !ignore_state) { 242 if (!wait_task_inactive(child, __TASK_TRACED)) { 243 /* 244 * This can only happen if may_ptrace_stop() fails and 245 * ptrace_stop() changes ->state back to TASK_RUNNING, 246 * so we should not worry about leaking __TASK_TRACED. 247 */ 248 WARN_ON(child->state == __TASK_TRACED); 249 ret = -ESRCH; 250 } 251 } 252 253 return ret; 254 } 255 256 static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode) 257 { 258 if (mode & PTRACE_MODE_NOAUDIT) 259 return has_ns_capability_noaudit(current, ns, CAP_SYS_PTRACE); 260 else 261 return has_ns_capability(current, ns, CAP_SYS_PTRACE); 262 } 263 264 /* Returns 0 on success, -errno on denial. */ 265 static int __ptrace_may_access(struct task_struct *task, unsigned int mode) 266 { 267 const struct cred *cred = current_cred(), *tcred; 268 struct mm_struct *mm; 269 kuid_t caller_uid; 270 kgid_t caller_gid; 271 272 if (!(mode & PTRACE_MODE_FSCREDS) == !(mode & PTRACE_MODE_REALCREDS)) { 273 WARN(1, "denying ptrace access check without PTRACE_MODE_*CREDS\n"); 274 return -EPERM; 275 } 276 277 /* May we inspect the given task? 278 * This check is used both for attaching with ptrace 279 * and for allowing access to sensitive information in /proc. 280 * 281 * ptrace_attach denies several cases that /proc allows 282 * because setting up the necessary parent/child relationship 283 * or halting the specified task is impossible. 284 */ 285 286 /* Don't let security modules deny introspection */ 287 if (same_thread_group(task, current)) 288 return 0; 289 rcu_read_lock(); 290 if (mode & PTRACE_MODE_FSCREDS) { 291 caller_uid = cred->fsuid; 292 caller_gid = cred->fsgid; 293 } else { 294 /* 295 * Using the euid would make more sense here, but something 296 * in userland might rely on the old behavior, and this 297 * shouldn't be a security problem since 298 * PTRACE_MODE_REALCREDS implies that the caller explicitly 299 * used a syscall that requests access to another process 300 * (and not a filesystem syscall to procfs). 301 */ 302 caller_uid = cred->uid; 303 caller_gid = cred->gid; 304 } 305 tcred = __task_cred(task); 306 if (uid_eq(caller_uid, tcred->euid) && 307 uid_eq(caller_uid, tcred->suid) && 308 uid_eq(caller_uid, tcred->uid) && 309 gid_eq(caller_gid, tcred->egid) && 310 gid_eq(caller_gid, tcred->sgid) && 311 gid_eq(caller_gid, tcred->gid)) 312 goto ok; 313 if (ptrace_has_cap(tcred->user_ns, mode)) 314 goto ok; 315 rcu_read_unlock(); 316 return -EPERM; 317 ok: 318 rcu_read_unlock(); 319 mm = task->mm; 320 if (mm && 321 ((get_dumpable(mm) != SUID_DUMP_USER) && 322 !ptrace_has_cap(mm->user_ns, mode))) 323 return -EPERM; 324 325 return security_ptrace_access_check(task, mode); 326 } 327 328 bool ptrace_may_access(struct task_struct *task, unsigned int mode) 329 { 330 int err; 331 task_lock(task); 332 err = __ptrace_may_access(task, mode); 333 task_unlock(task); 334 return !err; 335 } 336 337 static int ptrace_attach(struct task_struct *task, long request, 338 unsigned long addr, 339 unsigned long flags) 340 { 341 bool seize = (request == PTRACE_SEIZE); 342 int retval; 343 344 retval = -EIO; 345 if (seize) { 346 if (addr != 0) 347 goto out; 348 if (flags & ~(unsigned long)PTRACE_O_MASK) 349 goto out; 350 flags = PT_PTRACED | PT_SEIZED | (flags << PT_OPT_FLAG_SHIFT); 351 } else { 352 flags = PT_PTRACED; 353 } 354 355 audit_ptrace(task); 356 357 retval = -EPERM; 358 if (unlikely(task->flags & PF_KTHREAD)) 359 goto out; 360 if (same_thread_group(task, current)) 361 goto out; 362 363 /* 364 * Protect exec's credential calculations against our interference; 365 * SUID, SGID and LSM creds get determined differently 366 * under ptrace. 367 */ 368 retval = -ERESTARTNOINTR; 369 if (mutex_lock_interruptible(&task->signal->cred_guard_mutex)) 370 goto out; 371 372 task_lock(task); 373 retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS); 374 task_unlock(task); 375 if (retval) 376 goto unlock_creds; 377 378 write_lock_irq(&tasklist_lock); 379 retval = -EPERM; 380 if (unlikely(task->exit_state)) 381 goto unlock_tasklist; 382 if (task->ptrace) 383 goto unlock_tasklist; 384 385 if (seize) 386 flags |= PT_SEIZED; 387 task->ptrace = flags; 388 389 __ptrace_link(task, current); 390 391 /* SEIZE doesn't trap tracee on attach */ 392 if (!seize) 393 send_sig_info(SIGSTOP, SEND_SIG_FORCED, task); 394 395 spin_lock(&task->sighand->siglock); 396 397 /* 398 * If the task is already STOPPED, set JOBCTL_TRAP_STOP and 399 * TRAPPING, and kick it so that it transits to TRACED. TRAPPING 400 * will be cleared if the child completes the transition or any 401 * event which clears the group stop states happens. We'll wait 402 * for the transition to complete before returning from this 403 * function. 404 * 405 * This hides STOPPED -> RUNNING -> TRACED transition from the 406 * attaching thread but a different thread in the same group can 407 * still observe the transient RUNNING state. IOW, if another 408 * thread's WNOHANG wait(2) on the stopped tracee races against 409 * ATTACH, the wait(2) may fail due to the transient RUNNING. 410 * 411 * The following task_is_stopped() test is safe as both transitions 412 * in and out of STOPPED are protected by siglock. 413 */ 414 if (task_is_stopped(task) && 415 task_set_jobctl_pending(task, JOBCTL_TRAP_STOP | JOBCTL_TRAPPING)) 416 signal_wake_up_state(task, __TASK_STOPPED); 417 418 spin_unlock(&task->sighand->siglock); 419 420 retval = 0; 421 unlock_tasklist: 422 write_unlock_irq(&tasklist_lock); 423 unlock_creds: 424 mutex_unlock(&task->signal->cred_guard_mutex); 425 out: 426 if (!retval) { 427 /* 428 * We do not bother to change retval or clear JOBCTL_TRAPPING 429 * if wait_on_bit() was interrupted by SIGKILL. The tracer will 430 * not return to user-mode, it will exit and clear this bit in 431 * __ptrace_unlink() if it wasn't already cleared by the tracee; 432 * and until then nobody can ptrace this task. 433 */ 434 wait_on_bit(&task->jobctl, JOBCTL_TRAPPING_BIT, TASK_KILLABLE); 435 proc_ptrace_connector(task, PTRACE_ATTACH); 436 } 437 438 return retval; 439 } 440 441 /** 442 * ptrace_traceme -- helper for PTRACE_TRACEME 443 * 444 * Performs checks and sets PT_PTRACED. 445 * Should be used by all ptrace implementations for PTRACE_TRACEME. 446 */ 447 static int ptrace_traceme(void) 448 { 449 int ret = -EPERM; 450 451 write_lock_irq(&tasklist_lock); 452 /* Are we already being traced? */ 453 if (!current->ptrace) { 454 ret = security_ptrace_traceme(current->parent); 455 /* 456 * Check PF_EXITING to ensure ->real_parent has not passed 457 * exit_ptrace(). Otherwise we don't report the error but 458 * pretend ->real_parent untraces us right after return. 459 */ 460 if (!ret && !(current->real_parent->flags & PF_EXITING)) { 461 current->ptrace = PT_PTRACED; 462 __ptrace_link(current, current->real_parent); 463 } 464 } 465 write_unlock_irq(&tasklist_lock); 466 467 return ret; 468 } 469 470 /* 471 * Called with irqs disabled, returns true if childs should reap themselves. 472 */ 473 static int ignoring_children(struct sighand_struct *sigh) 474 { 475 int ret; 476 spin_lock(&sigh->siglock); 477 ret = (sigh->action[SIGCHLD-1].sa.sa_handler == SIG_IGN) || 478 (sigh->action[SIGCHLD-1].sa.sa_flags & SA_NOCLDWAIT); 479 spin_unlock(&sigh->siglock); 480 return ret; 481 } 482 483 /* 484 * Called with tasklist_lock held for writing. 485 * Unlink a traced task, and clean it up if it was a traced zombie. 486 * Return true if it needs to be reaped with release_task(). 487 * (We can't call release_task() here because we already hold tasklist_lock.) 488 * 489 * If it's a zombie, our attachedness prevented normal parent notification 490 * or self-reaping. Do notification now if it would have happened earlier. 491 * If it should reap itself, return true. 492 * 493 * If it's our own child, there is no notification to do. But if our normal 494 * children self-reap, then this child was prevented by ptrace and we must 495 * reap it now, in that case we must also wake up sub-threads sleeping in 496 * do_wait(). 497 */ 498 static bool __ptrace_detach(struct task_struct *tracer, struct task_struct *p) 499 { 500 bool dead; 501 502 __ptrace_unlink(p); 503 504 if (p->exit_state != EXIT_ZOMBIE) 505 return false; 506 507 dead = !thread_group_leader(p); 508 509 if (!dead && thread_group_empty(p)) { 510 if (!same_thread_group(p->real_parent, tracer)) 511 dead = do_notify_parent(p, p->exit_signal); 512 else if (ignoring_children(tracer->sighand)) { 513 __wake_up_parent(p, tracer); 514 dead = true; 515 } 516 } 517 /* Mark it as in the process of being reaped. */ 518 if (dead) 519 p->exit_state = EXIT_DEAD; 520 return dead; 521 } 522 523 static int ptrace_detach(struct task_struct *child, unsigned int data) 524 { 525 if (!valid_signal(data)) 526 return -EIO; 527 528 /* Architecture-specific hardware disable .. */ 529 ptrace_disable(child); 530 531 write_lock_irq(&tasklist_lock); 532 /* 533 * We rely on ptrace_freeze_traced(). It can't be killed and 534 * untraced by another thread, it can't be a zombie. 535 */ 536 WARN_ON(!child->ptrace || child->exit_state); 537 /* 538 * tasklist_lock avoids the race with wait_task_stopped(), see 539 * the comment in ptrace_resume(). 540 */ 541 child->exit_code = data; 542 __ptrace_detach(current, child); 543 write_unlock_irq(&tasklist_lock); 544 545 proc_ptrace_connector(child, PTRACE_DETACH); 546 547 return 0; 548 } 549 550 /* 551 * Detach all tasks we were using ptrace on. Called with tasklist held 552 * for writing. 553 */ 554 void exit_ptrace(struct task_struct *tracer, struct list_head *dead) 555 { 556 struct task_struct *p, *n; 557 558 list_for_each_entry_safe(p, n, &tracer->ptraced, ptrace_entry) { 559 if (unlikely(p->ptrace & PT_EXITKILL)) 560 send_sig_info(SIGKILL, SEND_SIG_FORCED, p); 561 562 if (__ptrace_detach(tracer, p)) 563 list_add(&p->ptrace_entry, dead); 564 } 565 } 566 567 int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst, int len) 568 { 569 int copied = 0; 570 571 while (len > 0) { 572 char buf[128]; 573 int this_len, retval; 574 575 this_len = (len > sizeof(buf)) ? sizeof(buf) : len; 576 retval = ptrace_access_vm(tsk, src, buf, this_len, FOLL_FORCE); 577 578 if (!retval) { 579 if (copied) 580 break; 581 return -EIO; 582 } 583 if (copy_to_user(dst, buf, retval)) 584 return -EFAULT; 585 copied += retval; 586 src += retval; 587 dst += retval; 588 len -= retval; 589 } 590 return copied; 591 } 592 593 int ptrace_writedata(struct task_struct *tsk, char __user *src, unsigned long dst, int len) 594 { 595 int copied = 0; 596 597 while (len > 0) { 598 char buf[128]; 599 int this_len, retval; 600 601 this_len = (len > sizeof(buf)) ? sizeof(buf) : len; 602 if (copy_from_user(buf, src, this_len)) 603 return -EFAULT; 604 retval = ptrace_access_vm(tsk, dst, buf, this_len, 605 FOLL_FORCE | FOLL_WRITE); 606 if (!retval) { 607 if (copied) 608 break; 609 return -EIO; 610 } 611 copied += retval; 612 src += retval; 613 dst += retval; 614 len -= retval; 615 } 616 return copied; 617 } 618 619 static int ptrace_setoptions(struct task_struct *child, unsigned long data) 620 { 621 unsigned flags; 622 623 if (data & ~(unsigned long)PTRACE_O_MASK) 624 return -EINVAL; 625 626 if (unlikely(data & PTRACE_O_SUSPEND_SECCOMP)) { 627 if (!IS_ENABLED(CONFIG_CHECKPOINT_RESTORE) || 628 !IS_ENABLED(CONFIG_SECCOMP)) 629 return -EINVAL; 630 631 if (!capable(CAP_SYS_ADMIN)) 632 return -EPERM; 633 634 if (seccomp_mode(¤t->seccomp) != SECCOMP_MODE_DISABLED || 635 current->ptrace & PT_SUSPEND_SECCOMP) 636 return -EPERM; 637 } 638 639 /* Avoid intermediate state when all opts are cleared */ 640 flags = child->ptrace; 641 flags &= ~(PTRACE_O_MASK << PT_OPT_FLAG_SHIFT); 642 flags |= (data << PT_OPT_FLAG_SHIFT); 643 child->ptrace = flags; 644 645 return 0; 646 } 647 648 static int ptrace_getsiginfo(struct task_struct *child, siginfo_t *info) 649 { 650 unsigned long flags; 651 int error = -ESRCH; 652 653 if (lock_task_sighand(child, &flags)) { 654 error = -EINVAL; 655 if (likely(child->last_siginfo != NULL)) { 656 *info = *child->last_siginfo; 657 error = 0; 658 } 659 unlock_task_sighand(child, &flags); 660 } 661 return error; 662 } 663 664 static int ptrace_setsiginfo(struct task_struct *child, const siginfo_t *info) 665 { 666 unsigned long flags; 667 int error = -ESRCH; 668 669 if (lock_task_sighand(child, &flags)) { 670 error = -EINVAL; 671 if (likely(child->last_siginfo != NULL)) { 672 *child->last_siginfo = *info; 673 error = 0; 674 } 675 unlock_task_sighand(child, &flags); 676 } 677 return error; 678 } 679 680 static int ptrace_peek_siginfo(struct task_struct *child, 681 unsigned long addr, 682 unsigned long data) 683 { 684 struct ptrace_peeksiginfo_args arg; 685 struct sigpending *pending; 686 struct sigqueue *q; 687 int ret, i; 688 689 ret = copy_from_user(&arg, (void __user *) addr, 690 sizeof(struct ptrace_peeksiginfo_args)); 691 if (ret) 692 return -EFAULT; 693 694 if (arg.flags & ~PTRACE_PEEKSIGINFO_SHARED) 695 return -EINVAL; /* unknown flags */ 696 697 if (arg.nr < 0) 698 return -EINVAL; 699 700 if (arg.flags & PTRACE_PEEKSIGINFO_SHARED) 701 pending = &child->signal->shared_pending; 702 else 703 pending = &child->pending; 704 705 for (i = 0; i < arg.nr; ) { 706 siginfo_t info; 707 s32 off = arg.off + i; 708 709 spin_lock_irq(&child->sighand->siglock); 710 list_for_each_entry(q, &pending->list, list) { 711 if (!off--) { 712 copy_siginfo(&info, &q->info); 713 break; 714 } 715 } 716 spin_unlock_irq(&child->sighand->siglock); 717 718 if (off >= 0) /* beyond the end of the list */ 719 break; 720 721 #ifdef CONFIG_COMPAT 722 if (unlikely(in_compat_syscall())) { 723 compat_siginfo_t __user *uinfo = compat_ptr(data); 724 725 if (copy_siginfo_to_user32(uinfo, &info) || 726 __put_user(info.si_code, &uinfo->si_code)) { 727 ret = -EFAULT; 728 break; 729 } 730 731 } else 732 #endif 733 { 734 siginfo_t __user *uinfo = (siginfo_t __user *) data; 735 736 if (copy_siginfo_to_user(uinfo, &info) || 737 __put_user(info.si_code, &uinfo->si_code)) { 738 ret = -EFAULT; 739 break; 740 } 741 } 742 743 data += sizeof(siginfo_t); 744 i++; 745 746 if (signal_pending(current)) 747 break; 748 749 cond_resched(); 750 } 751 752 if (i > 0) 753 return i; 754 755 return ret; 756 } 757 758 #ifdef PTRACE_SINGLESTEP 759 #define is_singlestep(request) ((request) == PTRACE_SINGLESTEP) 760 #else 761 #define is_singlestep(request) 0 762 #endif 763 764 #ifdef PTRACE_SINGLEBLOCK 765 #define is_singleblock(request) ((request) == PTRACE_SINGLEBLOCK) 766 #else 767 #define is_singleblock(request) 0 768 #endif 769 770 #ifdef PTRACE_SYSEMU 771 #define is_sysemu_singlestep(request) ((request) == PTRACE_SYSEMU_SINGLESTEP) 772 #else 773 #define is_sysemu_singlestep(request) 0 774 #endif 775 776 static int ptrace_resume(struct task_struct *child, long request, 777 unsigned long data) 778 { 779 bool need_siglock; 780 781 if (!valid_signal(data)) 782 return -EIO; 783 784 if (request == PTRACE_SYSCALL) 785 set_tsk_thread_flag(child, TIF_SYSCALL_TRACE); 786 else 787 clear_tsk_thread_flag(child, TIF_SYSCALL_TRACE); 788 789 #ifdef TIF_SYSCALL_EMU 790 if (request == PTRACE_SYSEMU || request == PTRACE_SYSEMU_SINGLESTEP) 791 set_tsk_thread_flag(child, TIF_SYSCALL_EMU); 792 else 793 clear_tsk_thread_flag(child, TIF_SYSCALL_EMU); 794 #endif 795 796 if (is_singleblock(request)) { 797 if (unlikely(!arch_has_block_step())) 798 return -EIO; 799 user_enable_block_step(child); 800 } else if (is_singlestep(request) || is_sysemu_singlestep(request)) { 801 if (unlikely(!arch_has_single_step())) 802 return -EIO; 803 user_enable_single_step(child); 804 } else { 805 user_disable_single_step(child); 806 } 807 808 /* 809 * Change ->exit_code and ->state under siglock to avoid the race 810 * with wait_task_stopped() in between; a non-zero ->exit_code will 811 * wrongly look like another report from tracee. 812 * 813 * Note that we need siglock even if ->exit_code == data and/or this 814 * status was not reported yet, the new status must not be cleared by 815 * wait_task_stopped() after resume. 816 * 817 * If data == 0 we do not care if wait_task_stopped() reports the old 818 * status and clears the code too; this can't race with the tracee, it 819 * takes siglock after resume. 820 */ 821 need_siglock = data && !thread_group_empty(current); 822 if (need_siglock) 823 spin_lock_irq(&child->sighand->siglock); 824 child->exit_code = data; 825 wake_up_state(child, __TASK_TRACED); 826 if (need_siglock) 827 spin_unlock_irq(&child->sighand->siglock); 828 829 return 0; 830 } 831 832 #ifdef CONFIG_HAVE_ARCH_TRACEHOOK 833 834 static const struct user_regset * 835 find_regset(const struct user_regset_view *view, unsigned int type) 836 { 837 const struct user_regset *regset; 838 int n; 839 840 for (n = 0; n < view->n; ++n) { 841 regset = view->regsets + n; 842 if (regset->core_note_type == type) 843 return regset; 844 } 845 846 return NULL; 847 } 848 849 static int ptrace_regset(struct task_struct *task, int req, unsigned int type, 850 struct iovec *kiov) 851 { 852 const struct user_regset_view *view = task_user_regset_view(task); 853 const struct user_regset *regset = find_regset(view, type); 854 int regset_no; 855 856 if (!regset || (kiov->iov_len % regset->size) != 0) 857 return -EINVAL; 858 859 regset_no = regset - view->regsets; 860 kiov->iov_len = min(kiov->iov_len, 861 (__kernel_size_t) (regset->n * regset->size)); 862 863 if (req == PTRACE_GETREGSET) 864 return copy_regset_to_user(task, view, regset_no, 0, 865 kiov->iov_len, kiov->iov_base); 866 else 867 return copy_regset_from_user(task, view, regset_no, 0, 868 kiov->iov_len, kiov->iov_base); 869 } 870 871 /* 872 * This is declared in linux/regset.h and defined in machine-dependent 873 * code. We put the export here, near the primary machine-neutral use, 874 * to ensure no machine forgets it. 875 */ 876 EXPORT_SYMBOL_GPL(task_user_regset_view); 877 #endif 878 879 int ptrace_request(struct task_struct *child, long request, 880 unsigned long addr, unsigned long data) 881 { 882 bool seized = child->ptrace & PT_SEIZED; 883 int ret = -EIO; 884 siginfo_t siginfo, *si; 885 void __user *datavp = (void __user *) data; 886 unsigned long __user *datalp = datavp; 887 unsigned long flags; 888 889 switch (request) { 890 case PTRACE_PEEKTEXT: 891 case PTRACE_PEEKDATA: 892 return generic_ptrace_peekdata(child, addr, data); 893 case PTRACE_POKETEXT: 894 case PTRACE_POKEDATA: 895 return generic_ptrace_pokedata(child, addr, data); 896 897 #ifdef PTRACE_OLDSETOPTIONS 898 case PTRACE_OLDSETOPTIONS: 899 #endif 900 case PTRACE_SETOPTIONS: 901 ret = ptrace_setoptions(child, data); 902 break; 903 case PTRACE_GETEVENTMSG: 904 ret = put_user(child->ptrace_message, datalp); 905 break; 906 907 case PTRACE_PEEKSIGINFO: 908 ret = ptrace_peek_siginfo(child, addr, data); 909 break; 910 911 case PTRACE_GETSIGINFO: 912 ret = ptrace_getsiginfo(child, &siginfo); 913 if (!ret) 914 ret = copy_siginfo_to_user(datavp, &siginfo); 915 break; 916 917 case PTRACE_SETSIGINFO: 918 if (copy_from_user(&siginfo, datavp, sizeof siginfo)) 919 ret = -EFAULT; 920 else 921 ret = ptrace_setsiginfo(child, &siginfo); 922 break; 923 924 case PTRACE_GETSIGMASK: 925 if (addr != sizeof(sigset_t)) { 926 ret = -EINVAL; 927 break; 928 } 929 930 if (copy_to_user(datavp, &child->blocked, sizeof(sigset_t))) 931 ret = -EFAULT; 932 else 933 ret = 0; 934 935 break; 936 937 case PTRACE_SETSIGMASK: { 938 sigset_t new_set; 939 940 if (addr != sizeof(sigset_t)) { 941 ret = -EINVAL; 942 break; 943 } 944 945 if (copy_from_user(&new_set, datavp, sizeof(sigset_t))) { 946 ret = -EFAULT; 947 break; 948 } 949 950 sigdelsetmask(&new_set, sigmask(SIGKILL)|sigmask(SIGSTOP)); 951 952 /* 953 * Every thread does recalc_sigpending() after resume, so 954 * retarget_shared_pending() and recalc_sigpending() are not 955 * called here. 956 */ 957 spin_lock_irq(&child->sighand->siglock); 958 child->blocked = new_set; 959 spin_unlock_irq(&child->sighand->siglock); 960 961 ret = 0; 962 break; 963 } 964 965 case PTRACE_INTERRUPT: 966 /* 967 * Stop tracee without any side-effect on signal or job 968 * control. At least one trap is guaranteed to happen 969 * after this request. If @child is already trapped, the 970 * current trap is not disturbed and another trap will 971 * happen after the current trap is ended with PTRACE_CONT. 972 * 973 * The actual trap might not be PTRACE_EVENT_STOP trap but 974 * the pending condition is cleared regardless. 975 */ 976 if (unlikely(!seized || !lock_task_sighand(child, &flags))) 977 break; 978 979 /* 980 * INTERRUPT doesn't disturb existing trap sans one 981 * exception. If ptracer issued LISTEN for the current 982 * STOP, this INTERRUPT should clear LISTEN and re-trap 983 * tracee into STOP. 984 */ 985 if (likely(task_set_jobctl_pending(child, JOBCTL_TRAP_STOP))) 986 ptrace_signal_wake_up(child, child->jobctl & JOBCTL_LISTENING); 987 988 unlock_task_sighand(child, &flags); 989 ret = 0; 990 break; 991 992 case PTRACE_LISTEN: 993 /* 994 * Listen for events. Tracee must be in STOP. It's not 995 * resumed per-se but is not considered to be in TRACED by 996 * wait(2) or ptrace(2). If an async event (e.g. group 997 * stop state change) happens, tracee will enter STOP trap 998 * again. Alternatively, ptracer can issue INTERRUPT to 999 * finish listening and re-trap tracee into STOP. 1000 */ 1001 if (unlikely(!seized || !lock_task_sighand(child, &flags))) 1002 break; 1003 1004 si = child->last_siginfo; 1005 if (likely(si && (si->si_code >> 8) == PTRACE_EVENT_STOP)) { 1006 child->jobctl |= JOBCTL_LISTENING; 1007 /* 1008 * If NOTIFY is set, it means event happened between 1009 * start of this trap and now. Trigger re-trap. 1010 */ 1011 if (child->jobctl & JOBCTL_TRAP_NOTIFY) 1012 ptrace_signal_wake_up(child, true); 1013 ret = 0; 1014 } 1015 unlock_task_sighand(child, &flags); 1016 break; 1017 1018 case PTRACE_DETACH: /* detach a process that was attached. */ 1019 ret = ptrace_detach(child, data); 1020 break; 1021 1022 #ifdef CONFIG_BINFMT_ELF_FDPIC 1023 case PTRACE_GETFDPIC: { 1024 struct mm_struct *mm = get_task_mm(child); 1025 unsigned long tmp = 0; 1026 1027 ret = -ESRCH; 1028 if (!mm) 1029 break; 1030 1031 switch (addr) { 1032 case PTRACE_GETFDPIC_EXEC: 1033 tmp = mm->context.exec_fdpic_loadmap; 1034 break; 1035 case PTRACE_GETFDPIC_INTERP: 1036 tmp = mm->context.interp_fdpic_loadmap; 1037 break; 1038 default: 1039 break; 1040 } 1041 mmput(mm); 1042 1043 ret = put_user(tmp, datalp); 1044 break; 1045 } 1046 #endif 1047 1048 #ifdef PTRACE_SINGLESTEP 1049 case PTRACE_SINGLESTEP: 1050 #endif 1051 #ifdef PTRACE_SINGLEBLOCK 1052 case PTRACE_SINGLEBLOCK: 1053 #endif 1054 #ifdef PTRACE_SYSEMU 1055 case PTRACE_SYSEMU: 1056 case PTRACE_SYSEMU_SINGLESTEP: 1057 #endif 1058 case PTRACE_SYSCALL: 1059 case PTRACE_CONT: 1060 return ptrace_resume(child, request, data); 1061 1062 case PTRACE_KILL: 1063 if (child->exit_state) /* already dead */ 1064 return 0; 1065 return ptrace_resume(child, request, SIGKILL); 1066 1067 #ifdef CONFIG_HAVE_ARCH_TRACEHOOK 1068 case PTRACE_GETREGSET: 1069 case PTRACE_SETREGSET: { 1070 struct iovec kiov; 1071 struct iovec __user *uiov = datavp; 1072 1073 if (!access_ok(VERIFY_WRITE, uiov, sizeof(*uiov))) 1074 return -EFAULT; 1075 1076 if (__get_user(kiov.iov_base, &uiov->iov_base) || 1077 __get_user(kiov.iov_len, &uiov->iov_len)) 1078 return -EFAULT; 1079 1080 ret = ptrace_regset(child, request, addr, &kiov); 1081 if (!ret) 1082 ret = __put_user(kiov.iov_len, &uiov->iov_len); 1083 break; 1084 } 1085 #endif 1086 1087 case PTRACE_SECCOMP_GET_FILTER: 1088 ret = seccomp_get_filter(child, addr, datavp); 1089 break; 1090 1091 default: 1092 break; 1093 } 1094 1095 return ret; 1096 } 1097 1098 static struct task_struct *ptrace_get_task_struct(pid_t pid) 1099 { 1100 struct task_struct *child; 1101 1102 rcu_read_lock(); 1103 child = find_task_by_vpid(pid); 1104 if (child) 1105 get_task_struct(child); 1106 rcu_read_unlock(); 1107 1108 if (!child) 1109 return ERR_PTR(-ESRCH); 1110 return child; 1111 } 1112 1113 #ifndef arch_ptrace_attach 1114 #define arch_ptrace_attach(child) do { } while (0) 1115 #endif 1116 1117 SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, 1118 unsigned long, data) 1119 { 1120 struct task_struct *child; 1121 long ret; 1122 1123 if (request == PTRACE_TRACEME) { 1124 ret = ptrace_traceme(); 1125 if (!ret) 1126 arch_ptrace_attach(current); 1127 goto out; 1128 } 1129 1130 child = ptrace_get_task_struct(pid); 1131 if (IS_ERR(child)) { 1132 ret = PTR_ERR(child); 1133 goto out; 1134 } 1135 1136 if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) { 1137 ret = ptrace_attach(child, request, addr, data); 1138 /* 1139 * Some architectures need to do book-keeping after 1140 * a ptrace attach. 1141 */ 1142 if (!ret) 1143 arch_ptrace_attach(child); 1144 goto out_put_task_struct; 1145 } 1146 1147 ret = ptrace_check_attach(child, request == PTRACE_KILL || 1148 request == PTRACE_INTERRUPT); 1149 if (ret < 0) 1150 goto out_put_task_struct; 1151 1152 ret = arch_ptrace(child, request, addr, data); 1153 if (ret || request != PTRACE_DETACH) 1154 ptrace_unfreeze_traced(child); 1155 1156 out_put_task_struct: 1157 put_task_struct(child); 1158 out: 1159 return ret; 1160 } 1161 1162 int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, 1163 unsigned long data) 1164 { 1165 unsigned long tmp; 1166 int copied; 1167 1168 copied = ptrace_access_vm(tsk, addr, &tmp, sizeof(tmp), FOLL_FORCE); 1169 if (copied != sizeof(tmp)) 1170 return -EIO; 1171 return put_user(tmp, (unsigned long __user *)data); 1172 } 1173 1174 int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, 1175 unsigned long data) 1176 { 1177 int copied; 1178 1179 copied = ptrace_access_vm(tsk, addr, &data, sizeof(data), 1180 FOLL_FORCE | FOLL_WRITE); 1181 return (copied == sizeof(data)) ? 0 : -EIO; 1182 } 1183 1184 #if defined CONFIG_COMPAT 1185 1186 int compat_ptrace_request(struct task_struct *child, compat_long_t request, 1187 compat_ulong_t addr, compat_ulong_t data) 1188 { 1189 compat_ulong_t __user *datap = compat_ptr(data); 1190 compat_ulong_t word; 1191 siginfo_t siginfo; 1192 int ret; 1193 1194 switch (request) { 1195 case PTRACE_PEEKTEXT: 1196 case PTRACE_PEEKDATA: 1197 ret = ptrace_access_vm(child, addr, &word, sizeof(word), 1198 FOLL_FORCE); 1199 if (ret != sizeof(word)) 1200 ret = -EIO; 1201 else 1202 ret = put_user(word, datap); 1203 break; 1204 1205 case PTRACE_POKETEXT: 1206 case PTRACE_POKEDATA: 1207 ret = ptrace_access_vm(child, addr, &data, sizeof(data), 1208 FOLL_FORCE | FOLL_WRITE); 1209 ret = (ret != sizeof(data) ? -EIO : 0); 1210 break; 1211 1212 case PTRACE_GETEVENTMSG: 1213 ret = put_user((compat_ulong_t) child->ptrace_message, datap); 1214 break; 1215 1216 case PTRACE_GETSIGINFO: 1217 ret = ptrace_getsiginfo(child, &siginfo); 1218 if (!ret) 1219 ret = copy_siginfo_to_user32( 1220 (struct compat_siginfo __user *) datap, 1221 &siginfo); 1222 break; 1223 1224 case PTRACE_SETSIGINFO: 1225 memset(&siginfo, 0, sizeof siginfo); 1226 if (copy_siginfo_from_user32( 1227 &siginfo, (struct compat_siginfo __user *) datap)) 1228 ret = -EFAULT; 1229 else 1230 ret = ptrace_setsiginfo(child, &siginfo); 1231 break; 1232 #ifdef CONFIG_HAVE_ARCH_TRACEHOOK 1233 case PTRACE_GETREGSET: 1234 case PTRACE_SETREGSET: 1235 { 1236 struct iovec kiov; 1237 struct compat_iovec __user *uiov = 1238 (struct compat_iovec __user *) datap; 1239 compat_uptr_t ptr; 1240 compat_size_t len; 1241 1242 if (!access_ok(VERIFY_WRITE, uiov, sizeof(*uiov))) 1243 return -EFAULT; 1244 1245 if (__get_user(ptr, &uiov->iov_base) || 1246 __get_user(len, &uiov->iov_len)) 1247 return -EFAULT; 1248 1249 kiov.iov_base = compat_ptr(ptr); 1250 kiov.iov_len = len; 1251 1252 ret = ptrace_regset(child, request, addr, &kiov); 1253 if (!ret) 1254 ret = __put_user(kiov.iov_len, &uiov->iov_len); 1255 break; 1256 } 1257 #endif 1258 1259 default: 1260 ret = ptrace_request(child, request, addr, data); 1261 } 1262 1263 return ret; 1264 } 1265 1266 COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid, 1267 compat_long_t, addr, compat_long_t, data) 1268 { 1269 struct task_struct *child; 1270 long ret; 1271 1272 if (request == PTRACE_TRACEME) { 1273 ret = ptrace_traceme(); 1274 goto out; 1275 } 1276 1277 child = ptrace_get_task_struct(pid); 1278 if (IS_ERR(child)) { 1279 ret = PTR_ERR(child); 1280 goto out; 1281 } 1282 1283 if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) { 1284 ret = ptrace_attach(child, request, addr, data); 1285 /* 1286 * Some architectures need to do book-keeping after 1287 * a ptrace attach. 1288 */ 1289 if (!ret) 1290 arch_ptrace_attach(child); 1291 goto out_put_task_struct; 1292 } 1293 1294 ret = ptrace_check_attach(child, request == PTRACE_KILL || 1295 request == PTRACE_INTERRUPT); 1296 if (!ret) { 1297 ret = compat_arch_ptrace(child, request, addr, data); 1298 if (ret || request != PTRACE_DETACH) 1299 ptrace_unfreeze_traced(child); 1300 } 1301 1302 out_put_task_struct: 1303 put_task_struct(child); 1304 out: 1305 return ret; 1306 } 1307 #endif /* CONFIG_COMPAT */ 1308