xref: /openbmc/linux/kernel/ptrace.c (revision 6f4eaea2)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * linux/kernel/ptrace.c
4  *
5  * (C) Copyright 1999 Linus Torvalds
6  *
7  * Common interfaces for "ptrace()" which we do not want
8  * to continually duplicate across every architecture.
9  */
10 
11 #include <linux/capability.h>
12 #include <linux/export.h>
13 #include <linux/sched.h>
14 #include <linux/sched/mm.h>
15 #include <linux/sched/coredump.h>
16 #include <linux/sched/task.h>
17 #include <linux/errno.h>
18 #include <linux/mm.h>
19 #include <linux/highmem.h>
20 #include <linux/pagemap.h>
21 #include <linux/ptrace.h>
22 #include <linux/security.h>
23 #include <linux/signal.h>
24 #include <linux/uio.h>
25 #include <linux/audit.h>
26 #include <linux/pid_namespace.h>
27 #include <linux/syscalls.h>
28 #include <linux/uaccess.h>
29 #include <linux/regset.h>
30 #include <linux/hw_breakpoint.h>
31 #include <linux/cn_proc.h>
32 #include <linux/compat.h>
33 #include <linux/sched/signal.h>
34 
35 #include <asm/syscall.h>	/* for syscall_get_* */
36 
37 /*
38  * Access another process' address space via ptrace.
39  * Source/target buffer must be kernel space,
40  * Do not walk the page table directly, use get_user_pages
41  */
42 int ptrace_access_vm(struct task_struct *tsk, unsigned long addr,
43 		     void *buf, int len, unsigned int gup_flags)
44 {
45 	struct mm_struct *mm;
46 	int ret;
47 
48 	mm = get_task_mm(tsk);
49 	if (!mm)
50 		return 0;
51 
52 	if (!tsk->ptrace ||
53 	    (current != tsk->parent) ||
54 	    ((get_dumpable(mm) != SUID_DUMP_USER) &&
55 	     !ptracer_capable(tsk, mm->user_ns))) {
56 		mmput(mm);
57 		return 0;
58 	}
59 
60 	ret = __access_remote_vm(mm, addr, buf, len, gup_flags);
61 	mmput(mm);
62 
63 	return ret;
64 }
65 
66 
67 void __ptrace_link(struct task_struct *child, struct task_struct *new_parent,
68 		   const struct cred *ptracer_cred)
69 {
70 	BUG_ON(!list_empty(&child->ptrace_entry));
71 	list_add(&child->ptrace_entry, &new_parent->ptraced);
72 	child->parent = new_parent;
73 	child->ptracer_cred = get_cred(ptracer_cred);
74 }
75 
76 /*
77  * ptrace a task: make the debugger its new parent and
78  * move it to the ptrace list.
79  *
80  * Must be called with the tasklist lock write-held.
81  */
82 static void ptrace_link(struct task_struct *child, struct task_struct *new_parent)
83 {
84 	__ptrace_link(child, new_parent, current_cred());
85 }
86 
87 /**
88  * __ptrace_unlink - unlink ptracee and restore its execution state
89  * @child: ptracee to be unlinked
90  *
91  * Remove @child from the ptrace list, move it back to the original parent,
92  * and restore the execution state so that it conforms to the group stop
93  * state.
94  *
95  * Unlinking can happen via two paths - explicit PTRACE_DETACH or ptracer
96  * exiting.  For PTRACE_DETACH, unless the ptracee has been killed between
97  * ptrace_check_attach() and here, it's guaranteed to be in TASK_TRACED.
98  * If the ptracer is exiting, the ptracee can be in any state.
99  *
100  * After detach, the ptracee should be in a state which conforms to the
101  * group stop.  If the group is stopped or in the process of stopping, the
102  * ptracee should be put into TASK_STOPPED; otherwise, it should be woken
103  * up from TASK_TRACED.
104  *
105  * If the ptracee is in TASK_TRACED and needs to be moved to TASK_STOPPED,
106  * it goes through TRACED -> RUNNING -> STOPPED transition which is similar
107  * to but in the opposite direction of what happens while attaching to a
108  * stopped task.  However, in this direction, the intermediate RUNNING
109  * state is not hidden even from the current ptracer and if it immediately
110  * re-attaches and performs a WNOHANG wait(2), it may fail.
111  *
112  * CONTEXT:
113  * write_lock_irq(tasklist_lock)
114  */
115 void __ptrace_unlink(struct task_struct *child)
116 {
117 	const struct cred *old_cred;
118 	BUG_ON(!child->ptrace);
119 
120 	clear_task_syscall_work(child, SYSCALL_TRACE);
121 #if defined(CONFIG_GENERIC_ENTRY) || defined(TIF_SYSCALL_EMU)
122 	clear_task_syscall_work(child, SYSCALL_EMU);
123 #endif
124 
125 	child->parent = child->real_parent;
126 	list_del_init(&child->ptrace_entry);
127 	old_cred = child->ptracer_cred;
128 	child->ptracer_cred = NULL;
129 	put_cred(old_cred);
130 
131 	spin_lock(&child->sighand->siglock);
132 	child->ptrace = 0;
133 	/*
134 	 * Clear all pending traps and TRAPPING.  TRAPPING should be
135 	 * cleared regardless of JOBCTL_STOP_PENDING.  Do it explicitly.
136 	 */
137 	task_clear_jobctl_pending(child, JOBCTL_TRAP_MASK);
138 	task_clear_jobctl_trapping(child);
139 
140 	/*
141 	 * Reinstate JOBCTL_STOP_PENDING if group stop is in effect and
142 	 * @child isn't dead.
143 	 */
144 	if (!(child->flags & PF_EXITING) &&
145 	    (child->signal->flags & SIGNAL_STOP_STOPPED ||
146 	     child->signal->group_stop_count)) {
147 		child->jobctl |= JOBCTL_STOP_PENDING;
148 
149 		/*
150 		 * This is only possible if this thread was cloned by the
151 		 * traced task running in the stopped group, set the signal
152 		 * for the future reports.
153 		 * FIXME: we should change ptrace_init_task() to handle this
154 		 * case.
155 		 */
156 		if (!(child->jobctl & JOBCTL_STOP_SIGMASK))
157 			child->jobctl |= SIGSTOP;
158 	}
159 
160 	/*
161 	 * If transition to TASK_STOPPED is pending or in TASK_TRACED, kick
162 	 * @child in the butt.  Note that @resume should be used iff @child
163 	 * is in TASK_TRACED; otherwise, we might unduly disrupt
164 	 * TASK_KILLABLE sleeps.
165 	 */
166 	if (child->jobctl & JOBCTL_STOP_PENDING || task_is_traced(child))
167 		ptrace_signal_wake_up(child, true);
168 
169 	spin_unlock(&child->sighand->siglock);
170 }
171 
172 /* Ensure that nothing can wake it up, even SIGKILL */
173 static bool ptrace_freeze_traced(struct task_struct *task)
174 {
175 	bool ret = false;
176 
177 	/* Lockless, nobody but us can set this flag */
178 	if (task->jobctl & JOBCTL_LISTENING)
179 		return ret;
180 
181 	spin_lock_irq(&task->sighand->siglock);
182 	if (task_is_traced(task) && !__fatal_signal_pending(task)) {
183 		task->state = __TASK_TRACED;
184 		ret = true;
185 	}
186 	spin_unlock_irq(&task->sighand->siglock);
187 
188 	return ret;
189 }
190 
191 static void ptrace_unfreeze_traced(struct task_struct *task)
192 {
193 	if (task->state != __TASK_TRACED)
194 		return;
195 
196 	WARN_ON(!task->ptrace || task->parent != current);
197 
198 	/*
199 	 * PTRACE_LISTEN can allow ptrace_trap_notify to wake us up remotely.
200 	 * Recheck state under the lock to close this race.
201 	 */
202 	spin_lock_irq(&task->sighand->siglock);
203 	if (task->state == __TASK_TRACED) {
204 		if (__fatal_signal_pending(task))
205 			wake_up_state(task, __TASK_TRACED);
206 		else
207 			task->state = TASK_TRACED;
208 	}
209 	spin_unlock_irq(&task->sighand->siglock);
210 }
211 
212 /**
213  * ptrace_check_attach - check whether ptracee is ready for ptrace operation
214  * @child: ptracee to check for
215  * @ignore_state: don't check whether @child is currently %TASK_TRACED
216  *
217  * Check whether @child is being ptraced by %current and ready for further
218  * ptrace operations.  If @ignore_state is %false, @child also should be in
219  * %TASK_TRACED state and on return the child is guaranteed to be traced
220  * and not executing.  If @ignore_state is %true, @child can be in any
221  * state.
222  *
223  * CONTEXT:
224  * Grabs and releases tasklist_lock and @child->sighand->siglock.
225  *
226  * RETURNS:
227  * 0 on success, -ESRCH if %child is not ready.
228  */
229 static int ptrace_check_attach(struct task_struct *child, bool ignore_state)
230 {
231 	int ret = -ESRCH;
232 
233 	/*
234 	 * We take the read lock around doing both checks to close a
235 	 * possible race where someone else was tracing our child and
236 	 * detached between these two checks.  After this locked check,
237 	 * we are sure that this is our traced child and that can only
238 	 * be changed by us so it's not changing right after this.
239 	 */
240 	read_lock(&tasklist_lock);
241 	if (child->ptrace && child->parent == current) {
242 		WARN_ON(child->state == __TASK_TRACED);
243 		/*
244 		 * child->sighand can't be NULL, release_task()
245 		 * does ptrace_unlink() before __exit_signal().
246 		 */
247 		if (ignore_state || ptrace_freeze_traced(child))
248 			ret = 0;
249 	}
250 	read_unlock(&tasklist_lock);
251 
252 	if (!ret && !ignore_state) {
253 		if (!wait_task_inactive(child, __TASK_TRACED)) {
254 			/*
255 			 * This can only happen if may_ptrace_stop() fails and
256 			 * ptrace_stop() changes ->state back to TASK_RUNNING,
257 			 * so we should not worry about leaking __TASK_TRACED.
258 			 */
259 			WARN_ON(child->state == __TASK_TRACED);
260 			ret = -ESRCH;
261 		}
262 	}
263 
264 	return ret;
265 }
266 
267 static bool ptrace_has_cap(struct user_namespace *ns, unsigned int mode)
268 {
269 	if (mode & PTRACE_MODE_NOAUDIT)
270 		return ns_capable_noaudit(ns, CAP_SYS_PTRACE);
271 	return ns_capable(ns, CAP_SYS_PTRACE);
272 }
273 
274 /* Returns 0 on success, -errno on denial. */
275 static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
276 {
277 	const struct cred *cred = current_cred(), *tcred;
278 	struct mm_struct *mm;
279 	kuid_t caller_uid;
280 	kgid_t caller_gid;
281 
282 	if (!(mode & PTRACE_MODE_FSCREDS) == !(mode & PTRACE_MODE_REALCREDS)) {
283 		WARN(1, "denying ptrace access check without PTRACE_MODE_*CREDS\n");
284 		return -EPERM;
285 	}
286 
287 	/* May we inspect the given task?
288 	 * This check is used both for attaching with ptrace
289 	 * and for allowing access to sensitive information in /proc.
290 	 *
291 	 * ptrace_attach denies several cases that /proc allows
292 	 * because setting up the necessary parent/child relationship
293 	 * or halting the specified task is impossible.
294 	 */
295 
296 	/* Don't let security modules deny introspection */
297 	if (same_thread_group(task, current))
298 		return 0;
299 	rcu_read_lock();
300 	if (mode & PTRACE_MODE_FSCREDS) {
301 		caller_uid = cred->fsuid;
302 		caller_gid = cred->fsgid;
303 	} else {
304 		/*
305 		 * Using the euid would make more sense here, but something
306 		 * in userland might rely on the old behavior, and this
307 		 * shouldn't be a security problem since
308 		 * PTRACE_MODE_REALCREDS implies that the caller explicitly
309 		 * used a syscall that requests access to another process
310 		 * (and not a filesystem syscall to procfs).
311 		 */
312 		caller_uid = cred->uid;
313 		caller_gid = cred->gid;
314 	}
315 	tcred = __task_cred(task);
316 	if (uid_eq(caller_uid, tcred->euid) &&
317 	    uid_eq(caller_uid, tcred->suid) &&
318 	    uid_eq(caller_uid, tcred->uid)  &&
319 	    gid_eq(caller_gid, tcred->egid) &&
320 	    gid_eq(caller_gid, tcred->sgid) &&
321 	    gid_eq(caller_gid, tcred->gid))
322 		goto ok;
323 	if (ptrace_has_cap(tcred->user_ns, mode))
324 		goto ok;
325 	rcu_read_unlock();
326 	return -EPERM;
327 ok:
328 	rcu_read_unlock();
329 	/*
330 	 * If a task drops privileges and becomes nondumpable (through a syscall
331 	 * like setresuid()) while we are trying to access it, we must ensure
332 	 * that the dumpability is read after the credentials; otherwise,
333 	 * we may be able to attach to a task that we shouldn't be able to
334 	 * attach to (as if the task had dropped privileges without becoming
335 	 * nondumpable).
336 	 * Pairs with a write barrier in commit_creds().
337 	 */
338 	smp_rmb();
339 	mm = task->mm;
340 	if (mm &&
341 	    ((get_dumpable(mm) != SUID_DUMP_USER) &&
342 	     !ptrace_has_cap(mm->user_ns, mode)))
343 	    return -EPERM;
344 
345 	return security_ptrace_access_check(task, mode);
346 }
347 
348 bool ptrace_may_access(struct task_struct *task, unsigned int mode)
349 {
350 	int err;
351 	task_lock(task);
352 	err = __ptrace_may_access(task, mode);
353 	task_unlock(task);
354 	return !err;
355 }
356 
357 static int ptrace_attach(struct task_struct *task, long request,
358 			 unsigned long addr,
359 			 unsigned long flags)
360 {
361 	bool seize = (request == PTRACE_SEIZE);
362 	int retval;
363 
364 	retval = -EIO;
365 	if (seize) {
366 		if (addr != 0)
367 			goto out;
368 		if (flags & ~(unsigned long)PTRACE_O_MASK)
369 			goto out;
370 		flags = PT_PTRACED | PT_SEIZED | (flags << PT_OPT_FLAG_SHIFT);
371 	} else {
372 		flags = PT_PTRACED;
373 	}
374 
375 	audit_ptrace(task);
376 
377 	retval = -EPERM;
378 	if (unlikely(task->flags & (PF_KTHREAD | PF_IO_WORKER)))
379 		goto out;
380 	if (same_thread_group(task, current))
381 		goto out;
382 
383 	/*
384 	 * Protect exec's credential calculations against our interference;
385 	 * SUID, SGID and LSM creds get determined differently
386 	 * under ptrace.
387 	 */
388 	retval = -ERESTARTNOINTR;
389 	if (mutex_lock_interruptible(&task->signal->cred_guard_mutex))
390 		goto out;
391 
392 	task_lock(task);
393 	retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS);
394 	task_unlock(task);
395 	if (retval)
396 		goto unlock_creds;
397 
398 	write_lock_irq(&tasklist_lock);
399 	retval = -EPERM;
400 	if (unlikely(task->exit_state))
401 		goto unlock_tasklist;
402 	if (task->ptrace)
403 		goto unlock_tasklist;
404 
405 	if (seize)
406 		flags |= PT_SEIZED;
407 	task->ptrace = flags;
408 
409 	ptrace_link(task, current);
410 
411 	/* SEIZE doesn't trap tracee on attach */
412 	if (!seize)
413 		send_sig_info(SIGSTOP, SEND_SIG_PRIV, task);
414 
415 	spin_lock(&task->sighand->siglock);
416 
417 	/*
418 	 * If the task is already STOPPED, set JOBCTL_TRAP_STOP and
419 	 * TRAPPING, and kick it so that it transits to TRACED.  TRAPPING
420 	 * will be cleared if the child completes the transition or any
421 	 * event which clears the group stop states happens.  We'll wait
422 	 * for the transition to complete before returning from this
423 	 * function.
424 	 *
425 	 * This hides STOPPED -> RUNNING -> TRACED transition from the
426 	 * attaching thread but a different thread in the same group can
427 	 * still observe the transient RUNNING state.  IOW, if another
428 	 * thread's WNOHANG wait(2) on the stopped tracee races against
429 	 * ATTACH, the wait(2) may fail due to the transient RUNNING.
430 	 *
431 	 * The following task_is_stopped() test is safe as both transitions
432 	 * in and out of STOPPED are protected by siglock.
433 	 */
434 	if (task_is_stopped(task) &&
435 	    task_set_jobctl_pending(task, JOBCTL_TRAP_STOP | JOBCTL_TRAPPING))
436 		signal_wake_up_state(task, __TASK_STOPPED);
437 
438 	spin_unlock(&task->sighand->siglock);
439 
440 	retval = 0;
441 unlock_tasklist:
442 	write_unlock_irq(&tasklist_lock);
443 unlock_creds:
444 	mutex_unlock(&task->signal->cred_guard_mutex);
445 out:
446 	if (!retval) {
447 		/*
448 		 * We do not bother to change retval or clear JOBCTL_TRAPPING
449 		 * if wait_on_bit() was interrupted by SIGKILL. The tracer will
450 		 * not return to user-mode, it will exit and clear this bit in
451 		 * __ptrace_unlink() if it wasn't already cleared by the tracee;
452 		 * and until then nobody can ptrace this task.
453 		 */
454 		wait_on_bit(&task->jobctl, JOBCTL_TRAPPING_BIT, TASK_KILLABLE);
455 		proc_ptrace_connector(task, PTRACE_ATTACH);
456 	}
457 
458 	return retval;
459 }
460 
461 /**
462  * ptrace_traceme  --  helper for PTRACE_TRACEME
463  *
464  * Performs checks and sets PT_PTRACED.
465  * Should be used by all ptrace implementations for PTRACE_TRACEME.
466  */
467 static int ptrace_traceme(void)
468 {
469 	int ret = -EPERM;
470 
471 	write_lock_irq(&tasklist_lock);
472 	/* Are we already being traced? */
473 	if (!current->ptrace) {
474 		ret = security_ptrace_traceme(current->parent);
475 		/*
476 		 * Check PF_EXITING to ensure ->real_parent has not passed
477 		 * exit_ptrace(). Otherwise we don't report the error but
478 		 * pretend ->real_parent untraces us right after return.
479 		 */
480 		if (!ret && !(current->real_parent->flags & PF_EXITING)) {
481 			current->ptrace = PT_PTRACED;
482 			ptrace_link(current, current->real_parent);
483 		}
484 	}
485 	write_unlock_irq(&tasklist_lock);
486 
487 	return ret;
488 }
489 
490 /*
491  * Called with irqs disabled, returns true if childs should reap themselves.
492  */
493 static int ignoring_children(struct sighand_struct *sigh)
494 {
495 	int ret;
496 	spin_lock(&sigh->siglock);
497 	ret = (sigh->action[SIGCHLD-1].sa.sa_handler == SIG_IGN) ||
498 	      (sigh->action[SIGCHLD-1].sa.sa_flags & SA_NOCLDWAIT);
499 	spin_unlock(&sigh->siglock);
500 	return ret;
501 }
502 
503 /*
504  * Called with tasklist_lock held for writing.
505  * Unlink a traced task, and clean it up if it was a traced zombie.
506  * Return true if it needs to be reaped with release_task().
507  * (We can't call release_task() here because we already hold tasklist_lock.)
508  *
509  * If it's a zombie, our attachedness prevented normal parent notification
510  * or self-reaping.  Do notification now if it would have happened earlier.
511  * If it should reap itself, return true.
512  *
513  * If it's our own child, there is no notification to do. But if our normal
514  * children self-reap, then this child was prevented by ptrace and we must
515  * reap it now, in that case we must also wake up sub-threads sleeping in
516  * do_wait().
517  */
518 static bool __ptrace_detach(struct task_struct *tracer, struct task_struct *p)
519 {
520 	bool dead;
521 
522 	__ptrace_unlink(p);
523 
524 	if (p->exit_state != EXIT_ZOMBIE)
525 		return false;
526 
527 	dead = !thread_group_leader(p);
528 
529 	if (!dead && thread_group_empty(p)) {
530 		if (!same_thread_group(p->real_parent, tracer))
531 			dead = do_notify_parent(p, p->exit_signal);
532 		else if (ignoring_children(tracer->sighand)) {
533 			__wake_up_parent(p, tracer);
534 			dead = true;
535 		}
536 	}
537 	/* Mark it as in the process of being reaped. */
538 	if (dead)
539 		p->exit_state = EXIT_DEAD;
540 	return dead;
541 }
542 
543 static int ptrace_detach(struct task_struct *child, unsigned int data)
544 {
545 	if (!valid_signal(data))
546 		return -EIO;
547 
548 	/* Architecture-specific hardware disable .. */
549 	ptrace_disable(child);
550 
551 	write_lock_irq(&tasklist_lock);
552 	/*
553 	 * We rely on ptrace_freeze_traced(). It can't be killed and
554 	 * untraced by another thread, it can't be a zombie.
555 	 */
556 	WARN_ON(!child->ptrace || child->exit_state);
557 	/*
558 	 * tasklist_lock avoids the race with wait_task_stopped(), see
559 	 * the comment in ptrace_resume().
560 	 */
561 	child->exit_code = data;
562 	__ptrace_detach(current, child);
563 	write_unlock_irq(&tasklist_lock);
564 
565 	proc_ptrace_connector(child, PTRACE_DETACH);
566 
567 	return 0;
568 }
569 
570 /*
571  * Detach all tasks we were using ptrace on. Called with tasklist held
572  * for writing.
573  */
574 void exit_ptrace(struct task_struct *tracer, struct list_head *dead)
575 {
576 	struct task_struct *p, *n;
577 
578 	list_for_each_entry_safe(p, n, &tracer->ptraced, ptrace_entry) {
579 		if (unlikely(p->ptrace & PT_EXITKILL))
580 			send_sig_info(SIGKILL, SEND_SIG_PRIV, p);
581 
582 		if (__ptrace_detach(tracer, p))
583 			list_add(&p->ptrace_entry, dead);
584 	}
585 }
586 
587 int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst, int len)
588 {
589 	int copied = 0;
590 
591 	while (len > 0) {
592 		char buf[128];
593 		int this_len, retval;
594 
595 		this_len = (len > sizeof(buf)) ? sizeof(buf) : len;
596 		retval = ptrace_access_vm(tsk, src, buf, this_len, FOLL_FORCE);
597 
598 		if (!retval) {
599 			if (copied)
600 				break;
601 			return -EIO;
602 		}
603 		if (copy_to_user(dst, buf, retval))
604 			return -EFAULT;
605 		copied += retval;
606 		src += retval;
607 		dst += retval;
608 		len -= retval;
609 	}
610 	return copied;
611 }
612 
613 int ptrace_writedata(struct task_struct *tsk, char __user *src, unsigned long dst, int len)
614 {
615 	int copied = 0;
616 
617 	while (len > 0) {
618 		char buf[128];
619 		int this_len, retval;
620 
621 		this_len = (len > sizeof(buf)) ? sizeof(buf) : len;
622 		if (copy_from_user(buf, src, this_len))
623 			return -EFAULT;
624 		retval = ptrace_access_vm(tsk, dst, buf, this_len,
625 				FOLL_FORCE | FOLL_WRITE);
626 		if (!retval) {
627 			if (copied)
628 				break;
629 			return -EIO;
630 		}
631 		copied += retval;
632 		src += retval;
633 		dst += retval;
634 		len -= retval;
635 	}
636 	return copied;
637 }
638 
639 static int ptrace_setoptions(struct task_struct *child, unsigned long data)
640 {
641 	unsigned flags;
642 
643 	if (data & ~(unsigned long)PTRACE_O_MASK)
644 		return -EINVAL;
645 
646 	if (unlikely(data & PTRACE_O_SUSPEND_SECCOMP)) {
647 		if (!IS_ENABLED(CONFIG_CHECKPOINT_RESTORE) ||
648 		    !IS_ENABLED(CONFIG_SECCOMP))
649 			return -EINVAL;
650 
651 		if (!capable(CAP_SYS_ADMIN))
652 			return -EPERM;
653 
654 		if (seccomp_mode(&current->seccomp) != SECCOMP_MODE_DISABLED ||
655 		    current->ptrace & PT_SUSPEND_SECCOMP)
656 			return -EPERM;
657 	}
658 
659 	/* Avoid intermediate state when all opts are cleared */
660 	flags = child->ptrace;
661 	flags &= ~(PTRACE_O_MASK << PT_OPT_FLAG_SHIFT);
662 	flags |= (data << PT_OPT_FLAG_SHIFT);
663 	child->ptrace = flags;
664 
665 	return 0;
666 }
667 
668 static int ptrace_getsiginfo(struct task_struct *child, kernel_siginfo_t *info)
669 {
670 	unsigned long flags;
671 	int error = -ESRCH;
672 
673 	if (lock_task_sighand(child, &flags)) {
674 		error = -EINVAL;
675 		if (likely(child->last_siginfo != NULL)) {
676 			copy_siginfo(info, child->last_siginfo);
677 			error = 0;
678 		}
679 		unlock_task_sighand(child, &flags);
680 	}
681 	return error;
682 }
683 
684 static int ptrace_setsiginfo(struct task_struct *child, const kernel_siginfo_t *info)
685 {
686 	unsigned long flags;
687 	int error = -ESRCH;
688 
689 	if (lock_task_sighand(child, &flags)) {
690 		error = -EINVAL;
691 		if (likely(child->last_siginfo != NULL)) {
692 			copy_siginfo(child->last_siginfo, info);
693 			error = 0;
694 		}
695 		unlock_task_sighand(child, &flags);
696 	}
697 	return error;
698 }
699 
700 static int ptrace_peek_siginfo(struct task_struct *child,
701 				unsigned long addr,
702 				unsigned long data)
703 {
704 	struct ptrace_peeksiginfo_args arg;
705 	struct sigpending *pending;
706 	struct sigqueue *q;
707 	int ret, i;
708 
709 	ret = copy_from_user(&arg, (void __user *) addr,
710 				sizeof(struct ptrace_peeksiginfo_args));
711 	if (ret)
712 		return -EFAULT;
713 
714 	if (arg.flags & ~PTRACE_PEEKSIGINFO_SHARED)
715 		return -EINVAL; /* unknown flags */
716 
717 	if (arg.nr < 0)
718 		return -EINVAL;
719 
720 	/* Ensure arg.off fits in an unsigned long */
721 	if (arg.off > ULONG_MAX)
722 		return 0;
723 
724 	if (arg.flags & PTRACE_PEEKSIGINFO_SHARED)
725 		pending = &child->signal->shared_pending;
726 	else
727 		pending = &child->pending;
728 
729 	for (i = 0; i < arg.nr; ) {
730 		kernel_siginfo_t info;
731 		unsigned long off = arg.off + i;
732 		bool found = false;
733 
734 		spin_lock_irq(&child->sighand->siglock);
735 		list_for_each_entry(q, &pending->list, list) {
736 			if (!off--) {
737 				found = true;
738 				copy_siginfo(&info, &q->info);
739 				break;
740 			}
741 		}
742 		spin_unlock_irq(&child->sighand->siglock);
743 
744 		if (!found) /* beyond the end of the list */
745 			break;
746 
747 #ifdef CONFIG_COMPAT
748 		if (unlikely(in_compat_syscall())) {
749 			compat_siginfo_t __user *uinfo = compat_ptr(data);
750 
751 			if (copy_siginfo_to_user32(uinfo, &info)) {
752 				ret = -EFAULT;
753 				break;
754 			}
755 
756 		} else
757 #endif
758 		{
759 			siginfo_t __user *uinfo = (siginfo_t __user *) data;
760 
761 			if (copy_siginfo_to_user(uinfo, &info)) {
762 				ret = -EFAULT;
763 				break;
764 			}
765 		}
766 
767 		data += sizeof(siginfo_t);
768 		i++;
769 
770 		if (signal_pending(current))
771 			break;
772 
773 		cond_resched();
774 	}
775 
776 	if (i > 0)
777 		return i;
778 
779 	return ret;
780 }
781 
782 #ifdef PTRACE_SINGLESTEP
783 #define is_singlestep(request)		((request) == PTRACE_SINGLESTEP)
784 #else
785 #define is_singlestep(request)		0
786 #endif
787 
788 #ifdef PTRACE_SINGLEBLOCK
789 #define is_singleblock(request)		((request) == PTRACE_SINGLEBLOCK)
790 #else
791 #define is_singleblock(request)		0
792 #endif
793 
794 #ifdef PTRACE_SYSEMU
795 #define is_sysemu_singlestep(request)	((request) == PTRACE_SYSEMU_SINGLESTEP)
796 #else
797 #define is_sysemu_singlestep(request)	0
798 #endif
799 
800 static int ptrace_resume(struct task_struct *child, long request,
801 			 unsigned long data)
802 {
803 	bool need_siglock;
804 
805 	if (!valid_signal(data))
806 		return -EIO;
807 
808 	if (request == PTRACE_SYSCALL)
809 		set_task_syscall_work(child, SYSCALL_TRACE);
810 	else
811 		clear_task_syscall_work(child, SYSCALL_TRACE);
812 
813 #if defined(CONFIG_GENERIC_ENTRY) || defined(TIF_SYSCALL_EMU)
814 	if (request == PTRACE_SYSEMU || request == PTRACE_SYSEMU_SINGLESTEP)
815 		set_task_syscall_work(child, SYSCALL_EMU);
816 	else
817 		clear_task_syscall_work(child, SYSCALL_EMU);
818 #endif
819 
820 	if (is_singleblock(request)) {
821 		if (unlikely(!arch_has_block_step()))
822 			return -EIO;
823 		user_enable_block_step(child);
824 	} else if (is_singlestep(request) || is_sysemu_singlestep(request)) {
825 		if (unlikely(!arch_has_single_step()))
826 			return -EIO;
827 		user_enable_single_step(child);
828 	} else {
829 		user_disable_single_step(child);
830 	}
831 
832 	/*
833 	 * Change ->exit_code and ->state under siglock to avoid the race
834 	 * with wait_task_stopped() in between; a non-zero ->exit_code will
835 	 * wrongly look like another report from tracee.
836 	 *
837 	 * Note that we need siglock even if ->exit_code == data and/or this
838 	 * status was not reported yet, the new status must not be cleared by
839 	 * wait_task_stopped() after resume.
840 	 *
841 	 * If data == 0 we do not care if wait_task_stopped() reports the old
842 	 * status and clears the code too; this can't race with the tracee, it
843 	 * takes siglock after resume.
844 	 */
845 	need_siglock = data && !thread_group_empty(current);
846 	if (need_siglock)
847 		spin_lock_irq(&child->sighand->siglock);
848 	child->exit_code = data;
849 	wake_up_state(child, __TASK_TRACED);
850 	if (need_siglock)
851 		spin_unlock_irq(&child->sighand->siglock);
852 
853 	return 0;
854 }
855 
856 #ifdef CONFIG_HAVE_ARCH_TRACEHOOK
857 
858 static const struct user_regset *
859 find_regset(const struct user_regset_view *view, unsigned int type)
860 {
861 	const struct user_regset *regset;
862 	int n;
863 
864 	for (n = 0; n < view->n; ++n) {
865 		regset = view->regsets + n;
866 		if (regset->core_note_type == type)
867 			return regset;
868 	}
869 
870 	return NULL;
871 }
872 
873 static int ptrace_regset(struct task_struct *task, int req, unsigned int type,
874 			 struct iovec *kiov)
875 {
876 	const struct user_regset_view *view = task_user_regset_view(task);
877 	const struct user_regset *regset = find_regset(view, type);
878 	int regset_no;
879 
880 	if (!regset || (kiov->iov_len % regset->size) != 0)
881 		return -EINVAL;
882 
883 	regset_no = regset - view->regsets;
884 	kiov->iov_len = min(kiov->iov_len,
885 			    (__kernel_size_t) (regset->n * regset->size));
886 
887 	if (req == PTRACE_GETREGSET)
888 		return copy_regset_to_user(task, view, regset_no, 0,
889 					   kiov->iov_len, kiov->iov_base);
890 	else
891 		return copy_regset_from_user(task, view, regset_no, 0,
892 					     kiov->iov_len, kiov->iov_base);
893 }
894 
895 /*
896  * This is declared in linux/regset.h and defined in machine-dependent
897  * code.  We put the export here, near the primary machine-neutral use,
898  * to ensure no machine forgets it.
899  */
900 EXPORT_SYMBOL_GPL(task_user_regset_view);
901 
902 static unsigned long
903 ptrace_get_syscall_info_entry(struct task_struct *child, struct pt_regs *regs,
904 			      struct ptrace_syscall_info *info)
905 {
906 	unsigned long args[ARRAY_SIZE(info->entry.args)];
907 	int i;
908 
909 	info->op = PTRACE_SYSCALL_INFO_ENTRY;
910 	info->entry.nr = syscall_get_nr(child, regs);
911 	syscall_get_arguments(child, regs, args);
912 	for (i = 0; i < ARRAY_SIZE(args); i++)
913 		info->entry.args[i] = args[i];
914 
915 	/* args is the last field in struct ptrace_syscall_info.entry */
916 	return offsetofend(struct ptrace_syscall_info, entry.args);
917 }
918 
919 static unsigned long
920 ptrace_get_syscall_info_seccomp(struct task_struct *child, struct pt_regs *regs,
921 				struct ptrace_syscall_info *info)
922 {
923 	/*
924 	 * As struct ptrace_syscall_info.entry is currently a subset
925 	 * of struct ptrace_syscall_info.seccomp, it makes sense to
926 	 * initialize that subset using ptrace_get_syscall_info_entry().
927 	 * This can be reconsidered in the future if these structures
928 	 * diverge significantly enough.
929 	 */
930 	ptrace_get_syscall_info_entry(child, regs, info);
931 	info->op = PTRACE_SYSCALL_INFO_SECCOMP;
932 	info->seccomp.ret_data = child->ptrace_message;
933 
934 	/* ret_data is the last field in struct ptrace_syscall_info.seccomp */
935 	return offsetofend(struct ptrace_syscall_info, seccomp.ret_data);
936 }
937 
938 static unsigned long
939 ptrace_get_syscall_info_exit(struct task_struct *child, struct pt_regs *regs,
940 			     struct ptrace_syscall_info *info)
941 {
942 	info->op = PTRACE_SYSCALL_INFO_EXIT;
943 	info->exit.rval = syscall_get_error(child, regs);
944 	info->exit.is_error = !!info->exit.rval;
945 	if (!info->exit.is_error)
946 		info->exit.rval = syscall_get_return_value(child, regs);
947 
948 	/* is_error is the last field in struct ptrace_syscall_info.exit */
949 	return offsetofend(struct ptrace_syscall_info, exit.is_error);
950 }
951 
952 static int
953 ptrace_get_syscall_info(struct task_struct *child, unsigned long user_size,
954 			void __user *datavp)
955 {
956 	struct pt_regs *regs = task_pt_regs(child);
957 	struct ptrace_syscall_info info = {
958 		.op = PTRACE_SYSCALL_INFO_NONE,
959 		.arch = syscall_get_arch(child),
960 		.instruction_pointer = instruction_pointer(regs),
961 		.stack_pointer = user_stack_pointer(regs),
962 	};
963 	unsigned long actual_size = offsetof(struct ptrace_syscall_info, entry);
964 	unsigned long write_size;
965 
966 	/*
967 	 * This does not need lock_task_sighand() to access
968 	 * child->last_siginfo because ptrace_freeze_traced()
969 	 * called earlier by ptrace_check_attach() ensures that
970 	 * the tracee cannot go away and clear its last_siginfo.
971 	 */
972 	switch (child->last_siginfo ? child->last_siginfo->si_code : 0) {
973 	case SIGTRAP | 0x80:
974 		switch (child->ptrace_message) {
975 		case PTRACE_EVENTMSG_SYSCALL_ENTRY:
976 			actual_size = ptrace_get_syscall_info_entry(child, regs,
977 								    &info);
978 			break;
979 		case PTRACE_EVENTMSG_SYSCALL_EXIT:
980 			actual_size = ptrace_get_syscall_info_exit(child, regs,
981 								   &info);
982 			break;
983 		}
984 		break;
985 	case SIGTRAP | (PTRACE_EVENT_SECCOMP << 8):
986 		actual_size = ptrace_get_syscall_info_seccomp(child, regs,
987 							      &info);
988 		break;
989 	}
990 
991 	write_size = min(actual_size, user_size);
992 	return copy_to_user(datavp, &info, write_size) ? -EFAULT : actual_size;
993 }
994 #endif /* CONFIG_HAVE_ARCH_TRACEHOOK */
995 
996 int ptrace_request(struct task_struct *child, long request,
997 		   unsigned long addr, unsigned long data)
998 {
999 	bool seized = child->ptrace & PT_SEIZED;
1000 	int ret = -EIO;
1001 	kernel_siginfo_t siginfo, *si;
1002 	void __user *datavp = (void __user *) data;
1003 	unsigned long __user *datalp = datavp;
1004 	unsigned long flags;
1005 
1006 	switch (request) {
1007 	case PTRACE_PEEKTEXT:
1008 	case PTRACE_PEEKDATA:
1009 		return generic_ptrace_peekdata(child, addr, data);
1010 	case PTRACE_POKETEXT:
1011 	case PTRACE_POKEDATA:
1012 		return generic_ptrace_pokedata(child, addr, data);
1013 
1014 #ifdef PTRACE_OLDSETOPTIONS
1015 	case PTRACE_OLDSETOPTIONS:
1016 #endif
1017 	case PTRACE_SETOPTIONS:
1018 		ret = ptrace_setoptions(child, data);
1019 		break;
1020 	case PTRACE_GETEVENTMSG:
1021 		ret = put_user(child->ptrace_message, datalp);
1022 		break;
1023 
1024 	case PTRACE_PEEKSIGINFO:
1025 		ret = ptrace_peek_siginfo(child, addr, data);
1026 		break;
1027 
1028 	case PTRACE_GETSIGINFO:
1029 		ret = ptrace_getsiginfo(child, &siginfo);
1030 		if (!ret)
1031 			ret = copy_siginfo_to_user(datavp, &siginfo);
1032 		break;
1033 
1034 	case PTRACE_SETSIGINFO:
1035 		ret = copy_siginfo_from_user(&siginfo, datavp);
1036 		if (!ret)
1037 			ret = ptrace_setsiginfo(child, &siginfo);
1038 		break;
1039 
1040 	case PTRACE_GETSIGMASK: {
1041 		sigset_t *mask;
1042 
1043 		if (addr != sizeof(sigset_t)) {
1044 			ret = -EINVAL;
1045 			break;
1046 		}
1047 
1048 		if (test_tsk_restore_sigmask(child))
1049 			mask = &child->saved_sigmask;
1050 		else
1051 			mask = &child->blocked;
1052 
1053 		if (copy_to_user(datavp, mask, sizeof(sigset_t)))
1054 			ret = -EFAULT;
1055 		else
1056 			ret = 0;
1057 
1058 		break;
1059 	}
1060 
1061 	case PTRACE_SETSIGMASK: {
1062 		sigset_t new_set;
1063 
1064 		if (addr != sizeof(sigset_t)) {
1065 			ret = -EINVAL;
1066 			break;
1067 		}
1068 
1069 		if (copy_from_user(&new_set, datavp, sizeof(sigset_t))) {
1070 			ret = -EFAULT;
1071 			break;
1072 		}
1073 
1074 		sigdelsetmask(&new_set, sigmask(SIGKILL)|sigmask(SIGSTOP));
1075 
1076 		/*
1077 		 * Every thread does recalc_sigpending() after resume, so
1078 		 * retarget_shared_pending() and recalc_sigpending() are not
1079 		 * called here.
1080 		 */
1081 		spin_lock_irq(&child->sighand->siglock);
1082 		child->blocked = new_set;
1083 		spin_unlock_irq(&child->sighand->siglock);
1084 
1085 		clear_tsk_restore_sigmask(child);
1086 
1087 		ret = 0;
1088 		break;
1089 	}
1090 
1091 	case PTRACE_INTERRUPT:
1092 		/*
1093 		 * Stop tracee without any side-effect on signal or job
1094 		 * control.  At least one trap is guaranteed to happen
1095 		 * after this request.  If @child is already trapped, the
1096 		 * current trap is not disturbed and another trap will
1097 		 * happen after the current trap is ended with PTRACE_CONT.
1098 		 *
1099 		 * The actual trap might not be PTRACE_EVENT_STOP trap but
1100 		 * the pending condition is cleared regardless.
1101 		 */
1102 		if (unlikely(!seized || !lock_task_sighand(child, &flags)))
1103 			break;
1104 
1105 		/*
1106 		 * INTERRUPT doesn't disturb existing trap sans one
1107 		 * exception.  If ptracer issued LISTEN for the current
1108 		 * STOP, this INTERRUPT should clear LISTEN and re-trap
1109 		 * tracee into STOP.
1110 		 */
1111 		if (likely(task_set_jobctl_pending(child, JOBCTL_TRAP_STOP)))
1112 			ptrace_signal_wake_up(child, child->jobctl & JOBCTL_LISTENING);
1113 
1114 		unlock_task_sighand(child, &flags);
1115 		ret = 0;
1116 		break;
1117 
1118 	case PTRACE_LISTEN:
1119 		/*
1120 		 * Listen for events.  Tracee must be in STOP.  It's not
1121 		 * resumed per-se but is not considered to be in TRACED by
1122 		 * wait(2) or ptrace(2).  If an async event (e.g. group
1123 		 * stop state change) happens, tracee will enter STOP trap
1124 		 * again.  Alternatively, ptracer can issue INTERRUPT to
1125 		 * finish listening and re-trap tracee into STOP.
1126 		 */
1127 		if (unlikely(!seized || !lock_task_sighand(child, &flags)))
1128 			break;
1129 
1130 		si = child->last_siginfo;
1131 		if (likely(si && (si->si_code >> 8) == PTRACE_EVENT_STOP)) {
1132 			child->jobctl |= JOBCTL_LISTENING;
1133 			/*
1134 			 * If NOTIFY is set, it means event happened between
1135 			 * start of this trap and now.  Trigger re-trap.
1136 			 */
1137 			if (child->jobctl & JOBCTL_TRAP_NOTIFY)
1138 				ptrace_signal_wake_up(child, true);
1139 			ret = 0;
1140 		}
1141 		unlock_task_sighand(child, &flags);
1142 		break;
1143 
1144 	case PTRACE_DETACH:	 /* detach a process that was attached. */
1145 		ret = ptrace_detach(child, data);
1146 		break;
1147 
1148 #ifdef CONFIG_BINFMT_ELF_FDPIC
1149 	case PTRACE_GETFDPIC: {
1150 		struct mm_struct *mm = get_task_mm(child);
1151 		unsigned long tmp = 0;
1152 
1153 		ret = -ESRCH;
1154 		if (!mm)
1155 			break;
1156 
1157 		switch (addr) {
1158 		case PTRACE_GETFDPIC_EXEC:
1159 			tmp = mm->context.exec_fdpic_loadmap;
1160 			break;
1161 		case PTRACE_GETFDPIC_INTERP:
1162 			tmp = mm->context.interp_fdpic_loadmap;
1163 			break;
1164 		default:
1165 			break;
1166 		}
1167 		mmput(mm);
1168 
1169 		ret = put_user(tmp, datalp);
1170 		break;
1171 	}
1172 #endif
1173 
1174 #ifdef PTRACE_SINGLESTEP
1175 	case PTRACE_SINGLESTEP:
1176 #endif
1177 #ifdef PTRACE_SINGLEBLOCK
1178 	case PTRACE_SINGLEBLOCK:
1179 #endif
1180 #ifdef PTRACE_SYSEMU
1181 	case PTRACE_SYSEMU:
1182 	case PTRACE_SYSEMU_SINGLESTEP:
1183 #endif
1184 	case PTRACE_SYSCALL:
1185 	case PTRACE_CONT:
1186 		return ptrace_resume(child, request, data);
1187 
1188 	case PTRACE_KILL:
1189 		if (child->exit_state)	/* already dead */
1190 			return 0;
1191 		return ptrace_resume(child, request, SIGKILL);
1192 
1193 #ifdef CONFIG_HAVE_ARCH_TRACEHOOK
1194 	case PTRACE_GETREGSET:
1195 	case PTRACE_SETREGSET: {
1196 		struct iovec kiov;
1197 		struct iovec __user *uiov = datavp;
1198 
1199 		if (!access_ok(uiov, sizeof(*uiov)))
1200 			return -EFAULT;
1201 
1202 		if (__get_user(kiov.iov_base, &uiov->iov_base) ||
1203 		    __get_user(kiov.iov_len, &uiov->iov_len))
1204 			return -EFAULT;
1205 
1206 		ret = ptrace_regset(child, request, addr, &kiov);
1207 		if (!ret)
1208 			ret = __put_user(kiov.iov_len, &uiov->iov_len);
1209 		break;
1210 	}
1211 
1212 	case PTRACE_GET_SYSCALL_INFO:
1213 		ret = ptrace_get_syscall_info(child, addr, datavp);
1214 		break;
1215 #endif
1216 
1217 	case PTRACE_SECCOMP_GET_FILTER:
1218 		ret = seccomp_get_filter(child, addr, datavp);
1219 		break;
1220 
1221 	case PTRACE_SECCOMP_GET_METADATA:
1222 		ret = seccomp_get_metadata(child, addr, datavp);
1223 		break;
1224 
1225 	default:
1226 		break;
1227 	}
1228 
1229 	return ret;
1230 }
1231 
1232 #ifndef arch_ptrace_attach
1233 #define arch_ptrace_attach(child)	do { } while (0)
1234 #endif
1235 
1236 SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
1237 		unsigned long, data)
1238 {
1239 	struct task_struct *child;
1240 	long ret;
1241 
1242 	if (request == PTRACE_TRACEME) {
1243 		ret = ptrace_traceme();
1244 		if (!ret)
1245 			arch_ptrace_attach(current);
1246 		goto out;
1247 	}
1248 
1249 	child = find_get_task_by_vpid(pid);
1250 	if (!child) {
1251 		ret = -ESRCH;
1252 		goto out;
1253 	}
1254 
1255 	if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) {
1256 		ret = ptrace_attach(child, request, addr, data);
1257 		/*
1258 		 * Some architectures need to do book-keeping after
1259 		 * a ptrace attach.
1260 		 */
1261 		if (!ret)
1262 			arch_ptrace_attach(child);
1263 		goto out_put_task_struct;
1264 	}
1265 
1266 	ret = ptrace_check_attach(child, request == PTRACE_KILL ||
1267 				  request == PTRACE_INTERRUPT);
1268 	if (ret < 0)
1269 		goto out_put_task_struct;
1270 
1271 	ret = arch_ptrace(child, request, addr, data);
1272 	if (ret || request != PTRACE_DETACH)
1273 		ptrace_unfreeze_traced(child);
1274 
1275  out_put_task_struct:
1276 	put_task_struct(child);
1277  out:
1278 	return ret;
1279 }
1280 
1281 int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
1282 			    unsigned long data)
1283 {
1284 	unsigned long tmp;
1285 	int copied;
1286 
1287 	copied = ptrace_access_vm(tsk, addr, &tmp, sizeof(tmp), FOLL_FORCE);
1288 	if (copied != sizeof(tmp))
1289 		return -EIO;
1290 	return put_user(tmp, (unsigned long __user *)data);
1291 }
1292 
1293 int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr,
1294 			    unsigned long data)
1295 {
1296 	int copied;
1297 
1298 	copied = ptrace_access_vm(tsk, addr, &data, sizeof(data),
1299 			FOLL_FORCE | FOLL_WRITE);
1300 	return (copied == sizeof(data)) ? 0 : -EIO;
1301 }
1302 
1303 #if defined CONFIG_COMPAT
1304 
1305 int compat_ptrace_request(struct task_struct *child, compat_long_t request,
1306 			  compat_ulong_t addr, compat_ulong_t data)
1307 {
1308 	compat_ulong_t __user *datap = compat_ptr(data);
1309 	compat_ulong_t word;
1310 	kernel_siginfo_t siginfo;
1311 	int ret;
1312 
1313 	switch (request) {
1314 	case PTRACE_PEEKTEXT:
1315 	case PTRACE_PEEKDATA:
1316 		ret = ptrace_access_vm(child, addr, &word, sizeof(word),
1317 				FOLL_FORCE);
1318 		if (ret != sizeof(word))
1319 			ret = -EIO;
1320 		else
1321 			ret = put_user(word, datap);
1322 		break;
1323 
1324 	case PTRACE_POKETEXT:
1325 	case PTRACE_POKEDATA:
1326 		ret = ptrace_access_vm(child, addr, &data, sizeof(data),
1327 				FOLL_FORCE | FOLL_WRITE);
1328 		ret = (ret != sizeof(data) ? -EIO : 0);
1329 		break;
1330 
1331 	case PTRACE_GETEVENTMSG:
1332 		ret = put_user((compat_ulong_t) child->ptrace_message, datap);
1333 		break;
1334 
1335 	case PTRACE_GETSIGINFO:
1336 		ret = ptrace_getsiginfo(child, &siginfo);
1337 		if (!ret)
1338 			ret = copy_siginfo_to_user32(
1339 				(struct compat_siginfo __user *) datap,
1340 				&siginfo);
1341 		break;
1342 
1343 	case PTRACE_SETSIGINFO:
1344 		ret = copy_siginfo_from_user32(
1345 			&siginfo, (struct compat_siginfo __user *) datap);
1346 		if (!ret)
1347 			ret = ptrace_setsiginfo(child, &siginfo);
1348 		break;
1349 #ifdef CONFIG_HAVE_ARCH_TRACEHOOK
1350 	case PTRACE_GETREGSET:
1351 	case PTRACE_SETREGSET:
1352 	{
1353 		struct iovec kiov;
1354 		struct compat_iovec __user *uiov =
1355 			(struct compat_iovec __user *) datap;
1356 		compat_uptr_t ptr;
1357 		compat_size_t len;
1358 
1359 		if (!access_ok(uiov, sizeof(*uiov)))
1360 			return -EFAULT;
1361 
1362 		if (__get_user(ptr, &uiov->iov_base) ||
1363 		    __get_user(len, &uiov->iov_len))
1364 			return -EFAULT;
1365 
1366 		kiov.iov_base = compat_ptr(ptr);
1367 		kiov.iov_len = len;
1368 
1369 		ret = ptrace_regset(child, request, addr, &kiov);
1370 		if (!ret)
1371 			ret = __put_user(kiov.iov_len, &uiov->iov_len);
1372 		break;
1373 	}
1374 #endif
1375 
1376 	default:
1377 		ret = ptrace_request(child, request, addr, data);
1378 	}
1379 
1380 	return ret;
1381 }
1382 
1383 COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid,
1384 		       compat_long_t, addr, compat_long_t, data)
1385 {
1386 	struct task_struct *child;
1387 	long ret;
1388 
1389 	if (request == PTRACE_TRACEME) {
1390 		ret = ptrace_traceme();
1391 		goto out;
1392 	}
1393 
1394 	child = find_get_task_by_vpid(pid);
1395 	if (!child) {
1396 		ret = -ESRCH;
1397 		goto out;
1398 	}
1399 
1400 	if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) {
1401 		ret = ptrace_attach(child, request, addr, data);
1402 		/*
1403 		 * Some architectures need to do book-keeping after
1404 		 * a ptrace attach.
1405 		 */
1406 		if (!ret)
1407 			arch_ptrace_attach(child);
1408 		goto out_put_task_struct;
1409 	}
1410 
1411 	ret = ptrace_check_attach(child, request == PTRACE_KILL ||
1412 				  request == PTRACE_INTERRUPT);
1413 	if (!ret) {
1414 		ret = compat_arch_ptrace(child, request, addr, data);
1415 		if (ret || request != PTRACE_DETACH)
1416 			ptrace_unfreeze_traced(child);
1417 	}
1418 
1419  out_put_task_struct:
1420 	put_task_struct(child);
1421  out:
1422 	return ret;
1423 }
1424 #endif	/* CONFIG_COMPAT */
1425