1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * linux/kernel/ptrace.c 4 * 5 * (C) Copyright 1999 Linus Torvalds 6 * 7 * Common interfaces for "ptrace()" which we do not want 8 * to continually duplicate across every architecture. 9 */ 10 11 #include <linux/capability.h> 12 #include <linux/export.h> 13 #include <linux/sched.h> 14 #include <linux/sched/mm.h> 15 #include <linux/sched/coredump.h> 16 #include <linux/sched/task.h> 17 #include <linux/errno.h> 18 #include <linux/mm.h> 19 #include <linux/highmem.h> 20 #include <linux/pagemap.h> 21 #include <linux/ptrace.h> 22 #include <linux/security.h> 23 #include <linux/signal.h> 24 #include <linux/uio.h> 25 #include <linux/audit.h> 26 #include <linux/pid_namespace.h> 27 #include <linux/syscalls.h> 28 #include <linux/uaccess.h> 29 #include <linux/regset.h> 30 #include <linux/hw_breakpoint.h> 31 #include <linux/cn_proc.h> 32 #include <linux/compat.h> 33 #include <linux/sched/signal.h> 34 35 /* 36 * Access another process' address space via ptrace. 37 * Source/target buffer must be kernel space, 38 * Do not walk the page table directly, use get_user_pages 39 */ 40 int ptrace_access_vm(struct task_struct *tsk, unsigned long addr, 41 void *buf, int len, unsigned int gup_flags) 42 { 43 struct mm_struct *mm; 44 int ret; 45 46 mm = get_task_mm(tsk); 47 if (!mm) 48 return 0; 49 50 if (!tsk->ptrace || 51 (current != tsk->parent) || 52 ((get_dumpable(mm) != SUID_DUMP_USER) && 53 !ptracer_capable(tsk, mm->user_ns))) { 54 mmput(mm); 55 return 0; 56 } 57 58 ret = __access_remote_vm(tsk, mm, addr, buf, len, gup_flags); 59 mmput(mm); 60 61 return ret; 62 } 63 64 65 void __ptrace_link(struct task_struct *child, struct task_struct *new_parent, 66 const struct cred *ptracer_cred) 67 { 68 BUG_ON(!list_empty(&child->ptrace_entry)); 69 list_add(&child->ptrace_entry, &new_parent->ptraced); 70 child->parent = new_parent; 71 child->ptracer_cred = get_cred(ptracer_cred); 72 } 73 74 /* 75 * ptrace a task: make the debugger its new parent and 76 * move it to the ptrace list. 77 * 78 * Must be called with the tasklist lock write-held. 79 */ 80 static void ptrace_link(struct task_struct *child, struct task_struct *new_parent) 81 { 82 rcu_read_lock(); 83 __ptrace_link(child, new_parent, __task_cred(new_parent)); 84 rcu_read_unlock(); 85 } 86 87 /** 88 * __ptrace_unlink - unlink ptracee and restore its execution state 89 * @child: ptracee to be unlinked 90 * 91 * Remove @child from the ptrace list, move it back to the original parent, 92 * and restore the execution state so that it conforms to the group stop 93 * state. 94 * 95 * Unlinking can happen via two paths - explicit PTRACE_DETACH or ptracer 96 * exiting. For PTRACE_DETACH, unless the ptracee has been killed between 97 * ptrace_check_attach() and here, it's guaranteed to be in TASK_TRACED. 98 * If the ptracer is exiting, the ptracee can be in any state. 99 * 100 * After detach, the ptracee should be in a state which conforms to the 101 * group stop. If the group is stopped or in the process of stopping, the 102 * ptracee should be put into TASK_STOPPED; otherwise, it should be woken 103 * up from TASK_TRACED. 104 * 105 * If the ptracee is in TASK_TRACED and needs to be moved to TASK_STOPPED, 106 * it goes through TRACED -> RUNNING -> STOPPED transition which is similar 107 * to but in the opposite direction of what happens while attaching to a 108 * stopped task. However, in this direction, the intermediate RUNNING 109 * state is not hidden even from the current ptracer and if it immediately 110 * re-attaches and performs a WNOHANG wait(2), it may fail. 111 * 112 * CONTEXT: 113 * write_lock_irq(tasklist_lock) 114 */ 115 void __ptrace_unlink(struct task_struct *child) 116 { 117 const struct cred *old_cred; 118 BUG_ON(!child->ptrace); 119 120 clear_tsk_thread_flag(child, TIF_SYSCALL_TRACE); 121 122 child->parent = child->real_parent; 123 list_del_init(&child->ptrace_entry); 124 old_cred = child->ptracer_cred; 125 child->ptracer_cred = NULL; 126 put_cred(old_cred); 127 128 spin_lock(&child->sighand->siglock); 129 child->ptrace = 0; 130 /* 131 * Clear all pending traps and TRAPPING. TRAPPING should be 132 * cleared regardless of JOBCTL_STOP_PENDING. Do it explicitly. 133 */ 134 task_clear_jobctl_pending(child, JOBCTL_TRAP_MASK); 135 task_clear_jobctl_trapping(child); 136 137 /* 138 * Reinstate JOBCTL_STOP_PENDING if group stop is in effect and 139 * @child isn't dead. 140 */ 141 if (!(child->flags & PF_EXITING) && 142 (child->signal->flags & SIGNAL_STOP_STOPPED || 143 child->signal->group_stop_count)) { 144 child->jobctl |= JOBCTL_STOP_PENDING; 145 146 /* 147 * This is only possible if this thread was cloned by the 148 * traced task running in the stopped group, set the signal 149 * for the future reports. 150 * FIXME: we should change ptrace_init_task() to handle this 151 * case. 152 */ 153 if (!(child->jobctl & JOBCTL_STOP_SIGMASK)) 154 child->jobctl |= SIGSTOP; 155 } 156 157 /* 158 * If transition to TASK_STOPPED is pending or in TASK_TRACED, kick 159 * @child in the butt. Note that @resume should be used iff @child 160 * is in TASK_TRACED; otherwise, we might unduly disrupt 161 * TASK_KILLABLE sleeps. 162 */ 163 if (child->jobctl & JOBCTL_STOP_PENDING || task_is_traced(child)) 164 ptrace_signal_wake_up(child, true); 165 166 spin_unlock(&child->sighand->siglock); 167 } 168 169 /* Ensure that nothing can wake it up, even SIGKILL */ 170 static bool ptrace_freeze_traced(struct task_struct *task) 171 { 172 bool ret = false; 173 174 /* Lockless, nobody but us can set this flag */ 175 if (task->jobctl & JOBCTL_LISTENING) 176 return ret; 177 178 spin_lock_irq(&task->sighand->siglock); 179 if (task_is_traced(task) && !__fatal_signal_pending(task)) { 180 task->state = __TASK_TRACED; 181 ret = true; 182 } 183 spin_unlock_irq(&task->sighand->siglock); 184 185 return ret; 186 } 187 188 static void ptrace_unfreeze_traced(struct task_struct *task) 189 { 190 if (task->state != __TASK_TRACED) 191 return; 192 193 WARN_ON(!task->ptrace || task->parent != current); 194 195 /* 196 * PTRACE_LISTEN can allow ptrace_trap_notify to wake us up remotely. 197 * Recheck state under the lock to close this race. 198 */ 199 spin_lock_irq(&task->sighand->siglock); 200 if (task->state == __TASK_TRACED) { 201 if (__fatal_signal_pending(task)) 202 wake_up_state(task, __TASK_TRACED); 203 else 204 task->state = TASK_TRACED; 205 } 206 spin_unlock_irq(&task->sighand->siglock); 207 } 208 209 /** 210 * ptrace_check_attach - check whether ptracee is ready for ptrace operation 211 * @child: ptracee to check for 212 * @ignore_state: don't check whether @child is currently %TASK_TRACED 213 * 214 * Check whether @child is being ptraced by %current and ready for further 215 * ptrace operations. If @ignore_state is %false, @child also should be in 216 * %TASK_TRACED state and on return the child is guaranteed to be traced 217 * and not executing. If @ignore_state is %true, @child can be in any 218 * state. 219 * 220 * CONTEXT: 221 * Grabs and releases tasklist_lock and @child->sighand->siglock. 222 * 223 * RETURNS: 224 * 0 on success, -ESRCH if %child is not ready. 225 */ 226 static int ptrace_check_attach(struct task_struct *child, bool ignore_state) 227 { 228 int ret = -ESRCH; 229 230 /* 231 * We take the read lock around doing both checks to close a 232 * possible race where someone else was tracing our child and 233 * detached between these two checks. After this locked check, 234 * we are sure that this is our traced child and that can only 235 * be changed by us so it's not changing right after this. 236 */ 237 read_lock(&tasklist_lock); 238 if (child->ptrace && child->parent == current) { 239 WARN_ON(child->state == __TASK_TRACED); 240 /* 241 * child->sighand can't be NULL, release_task() 242 * does ptrace_unlink() before __exit_signal(). 243 */ 244 if (ignore_state || ptrace_freeze_traced(child)) 245 ret = 0; 246 } 247 read_unlock(&tasklist_lock); 248 249 if (!ret && !ignore_state) { 250 if (!wait_task_inactive(child, __TASK_TRACED)) { 251 /* 252 * This can only happen if may_ptrace_stop() fails and 253 * ptrace_stop() changes ->state back to TASK_RUNNING, 254 * so we should not worry about leaking __TASK_TRACED. 255 */ 256 WARN_ON(child->state == __TASK_TRACED); 257 ret = -ESRCH; 258 } 259 } 260 261 return ret; 262 } 263 264 static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode) 265 { 266 if (mode & PTRACE_MODE_NOAUDIT) 267 return has_ns_capability_noaudit(current, ns, CAP_SYS_PTRACE); 268 else 269 return has_ns_capability(current, ns, CAP_SYS_PTRACE); 270 } 271 272 /* Returns 0 on success, -errno on denial. */ 273 static int __ptrace_may_access(struct task_struct *task, unsigned int mode) 274 { 275 const struct cred *cred = current_cred(), *tcred; 276 struct mm_struct *mm; 277 kuid_t caller_uid; 278 kgid_t caller_gid; 279 280 if (!(mode & PTRACE_MODE_FSCREDS) == !(mode & PTRACE_MODE_REALCREDS)) { 281 WARN(1, "denying ptrace access check without PTRACE_MODE_*CREDS\n"); 282 return -EPERM; 283 } 284 285 /* May we inspect the given task? 286 * This check is used both for attaching with ptrace 287 * and for allowing access to sensitive information in /proc. 288 * 289 * ptrace_attach denies several cases that /proc allows 290 * because setting up the necessary parent/child relationship 291 * or halting the specified task is impossible. 292 */ 293 294 /* Don't let security modules deny introspection */ 295 if (same_thread_group(task, current)) 296 return 0; 297 rcu_read_lock(); 298 if (mode & PTRACE_MODE_FSCREDS) { 299 caller_uid = cred->fsuid; 300 caller_gid = cred->fsgid; 301 } else { 302 /* 303 * Using the euid would make more sense here, but something 304 * in userland might rely on the old behavior, and this 305 * shouldn't be a security problem since 306 * PTRACE_MODE_REALCREDS implies that the caller explicitly 307 * used a syscall that requests access to another process 308 * (and not a filesystem syscall to procfs). 309 */ 310 caller_uid = cred->uid; 311 caller_gid = cred->gid; 312 } 313 tcred = __task_cred(task); 314 if (uid_eq(caller_uid, tcred->euid) && 315 uid_eq(caller_uid, tcred->suid) && 316 uid_eq(caller_uid, tcred->uid) && 317 gid_eq(caller_gid, tcred->egid) && 318 gid_eq(caller_gid, tcred->sgid) && 319 gid_eq(caller_gid, tcred->gid)) 320 goto ok; 321 if (ptrace_has_cap(tcred->user_ns, mode)) 322 goto ok; 323 rcu_read_unlock(); 324 return -EPERM; 325 ok: 326 rcu_read_unlock(); 327 /* 328 * If a task drops privileges and becomes nondumpable (through a syscall 329 * like setresuid()) while we are trying to access it, we must ensure 330 * that the dumpability is read after the credentials; otherwise, 331 * we may be able to attach to a task that we shouldn't be able to 332 * attach to (as if the task had dropped privileges without becoming 333 * nondumpable). 334 * Pairs with a write barrier in commit_creds(). 335 */ 336 smp_rmb(); 337 mm = task->mm; 338 if (mm && 339 ((get_dumpable(mm) != SUID_DUMP_USER) && 340 !ptrace_has_cap(mm->user_ns, mode))) 341 return -EPERM; 342 343 return security_ptrace_access_check(task, mode); 344 } 345 346 bool ptrace_may_access(struct task_struct *task, unsigned int mode) 347 { 348 int err; 349 task_lock(task); 350 err = __ptrace_may_access(task, mode); 351 task_unlock(task); 352 return !err; 353 } 354 355 static int ptrace_attach(struct task_struct *task, long request, 356 unsigned long addr, 357 unsigned long flags) 358 { 359 bool seize = (request == PTRACE_SEIZE); 360 int retval; 361 362 retval = -EIO; 363 if (seize) { 364 if (addr != 0) 365 goto out; 366 if (flags & ~(unsigned long)PTRACE_O_MASK) 367 goto out; 368 flags = PT_PTRACED | PT_SEIZED | (flags << PT_OPT_FLAG_SHIFT); 369 } else { 370 flags = PT_PTRACED; 371 } 372 373 audit_ptrace(task); 374 375 retval = -EPERM; 376 if (unlikely(task->flags & PF_KTHREAD)) 377 goto out; 378 if (same_thread_group(task, current)) 379 goto out; 380 381 /* 382 * Protect exec's credential calculations against our interference; 383 * SUID, SGID and LSM creds get determined differently 384 * under ptrace. 385 */ 386 retval = -ERESTARTNOINTR; 387 if (mutex_lock_interruptible(&task->signal->cred_guard_mutex)) 388 goto out; 389 390 task_lock(task); 391 retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS); 392 task_unlock(task); 393 if (retval) 394 goto unlock_creds; 395 396 write_lock_irq(&tasklist_lock); 397 retval = -EPERM; 398 if (unlikely(task->exit_state)) 399 goto unlock_tasklist; 400 if (task->ptrace) 401 goto unlock_tasklist; 402 403 if (seize) 404 flags |= PT_SEIZED; 405 task->ptrace = flags; 406 407 ptrace_link(task, current); 408 409 /* SEIZE doesn't trap tracee on attach */ 410 if (!seize) 411 send_sig_info(SIGSTOP, SEND_SIG_PRIV, task); 412 413 spin_lock(&task->sighand->siglock); 414 415 /* 416 * If the task is already STOPPED, set JOBCTL_TRAP_STOP and 417 * TRAPPING, and kick it so that it transits to TRACED. TRAPPING 418 * will be cleared if the child completes the transition or any 419 * event which clears the group stop states happens. We'll wait 420 * for the transition to complete before returning from this 421 * function. 422 * 423 * This hides STOPPED -> RUNNING -> TRACED transition from the 424 * attaching thread but a different thread in the same group can 425 * still observe the transient RUNNING state. IOW, if another 426 * thread's WNOHANG wait(2) on the stopped tracee races against 427 * ATTACH, the wait(2) may fail due to the transient RUNNING. 428 * 429 * The following task_is_stopped() test is safe as both transitions 430 * in and out of STOPPED are protected by siglock. 431 */ 432 if (task_is_stopped(task) && 433 task_set_jobctl_pending(task, JOBCTL_TRAP_STOP | JOBCTL_TRAPPING)) 434 signal_wake_up_state(task, __TASK_STOPPED); 435 436 spin_unlock(&task->sighand->siglock); 437 438 retval = 0; 439 unlock_tasklist: 440 write_unlock_irq(&tasklist_lock); 441 unlock_creds: 442 mutex_unlock(&task->signal->cred_guard_mutex); 443 out: 444 if (!retval) { 445 /* 446 * We do not bother to change retval or clear JOBCTL_TRAPPING 447 * if wait_on_bit() was interrupted by SIGKILL. The tracer will 448 * not return to user-mode, it will exit and clear this bit in 449 * __ptrace_unlink() if it wasn't already cleared by the tracee; 450 * and until then nobody can ptrace this task. 451 */ 452 wait_on_bit(&task->jobctl, JOBCTL_TRAPPING_BIT, TASK_KILLABLE); 453 proc_ptrace_connector(task, PTRACE_ATTACH); 454 } 455 456 return retval; 457 } 458 459 /** 460 * ptrace_traceme -- helper for PTRACE_TRACEME 461 * 462 * Performs checks and sets PT_PTRACED. 463 * Should be used by all ptrace implementations for PTRACE_TRACEME. 464 */ 465 static int ptrace_traceme(void) 466 { 467 int ret = -EPERM; 468 469 write_lock_irq(&tasklist_lock); 470 /* Are we already being traced? */ 471 if (!current->ptrace) { 472 ret = security_ptrace_traceme(current->parent); 473 /* 474 * Check PF_EXITING to ensure ->real_parent has not passed 475 * exit_ptrace(). Otherwise we don't report the error but 476 * pretend ->real_parent untraces us right after return. 477 */ 478 if (!ret && !(current->real_parent->flags & PF_EXITING)) { 479 current->ptrace = PT_PTRACED; 480 ptrace_link(current, current->real_parent); 481 } 482 } 483 write_unlock_irq(&tasklist_lock); 484 485 return ret; 486 } 487 488 /* 489 * Called with irqs disabled, returns true if childs should reap themselves. 490 */ 491 static int ignoring_children(struct sighand_struct *sigh) 492 { 493 int ret; 494 spin_lock(&sigh->siglock); 495 ret = (sigh->action[SIGCHLD-1].sa.sa_handler == SIG_IGN) || 496 (sigh->action[SIGCHLD-1].sa.sa_flags & SA_NOCLDWAIT); 497 spin_unlock(&sigh->siglock); 498 return ret; 499 } 500 501 /* 502 * Called with tasklist_lock held for writing. 503 * Unlink a traced task, and clean it up if it was a traced zombie. 504 * Return true if it needs to be reaped with release_task(). 505 * (We can't call release_task() here because we already hold tasklist_lock.) 506 * 507 * If it's a zombie, our attachedness prevented normal parent notification 508 * or self-reaping. Do notification now if it would have happened earlier. 509 * If it should reap itself, return true. 510 * 511 * If it's our own child, there is no notification to do. But if our normal 512 * children self-reap, then this child was prevented by ptrace and we must 513 * reap it now, in that case we must also wake up sub-threads sleeping in 514 * do_wait(). 515 */ 516 static bool __ptrace_detach(struct task_struct *tracer, struct task_struct *p) 517 { 518 bool dead; 519 520 __ptrace_unlink(p); 521 522 if (p->exit_state != EXIT_ZOMBIE) 523 return false; 524 525 dead = !thread_group_leader(p); 526 527 if (!dead && thread_group_empty(p)) { 528 if (!same_thread_group(p->real_parent, tracer)) 529 dead = do_notify_parent(p, p->exit_signal); 530 else if (ignoring_children(tracer->sighand)) { 531 __wake_up_parent(p, tracer); 532 dead = true; 533 } 534 } 535 /* Mark it as in the process of being reaped. */ 536 if (dead) 537 p->exit_state = EXIT_DEAD; 538 return dead; 539 } 540 541 static int ptrace_detach(struct task_struct *child, unsigned int data) 542 { 543 if (!valid_signal(data)) 544 return -EIO; 545 546 /* Architecture-specific hardware disable .. */ 547 ptrace_disable(child); 548 549 write_lock_irq(&tasklist_lock); 550 /* 551 * We rely on ptrace_freeze_traced(). It can't be killed and 552 * untraced by another thread, it can't be a zombie. 553 */ 554 WARN_ON(!child->ptrace || child->exit_state); 555 /* 556 * tasklist_lock avoids the race with wait_task_stopped(), see 557 * the comment in ptrace_resume(). 558 */ 559 child->exit_code = data; 560 __ptrace_detach(current, child); 561 write_unlock_irq(&tasklist_lock); 562 563 proc_ptrace_connector(child, PTRACE_DETACH); 564 565 return 0; 566 } 567 568 /* 569 * Detach all tasks we were using ptrace on. Called with tasklist held 570 * for writing. 571 */ 572 void exit_ptrace(struct task_struct *tracer, struct list_head *dead) 573 { 574 struct task_struct *p, *n; 575 576 list_for_each_entry_safe(p, n, &tracer->ptraced, ptrace_entry) { 577 if (unlikely(p->ptrace & PT_EXITKILL)) 578 send_sig_info(SIGKILL, SEND_SIG_PRIV, p); 579 580 if (__ptrace_detach(tracer, p)) 581 list_add(&p->ptrace_entry, dead); 582 } 583 } 584 585 int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst, int len) 586 { 587 int copied = 0; 588 589 while (len > 0) { 590 char buf[128]; 591 int this_len, retval; 592 593 this_len = (len > sizeof(buf)) ? sizeof(buf) : len; 594 retval = ptrace_access_vm(tsk, src, buf, this_len, FOLL_FORCE); 595 596 if (!retval) { 597 if (copied) 598 break; 599 return -EIO; 600 } 601 if (copy_to_user(dst, buf, retval)) 602 return -EFAULT; 603 copied += retval; 604 src += retval; 605 dst += retval; 606 len -= retval; 607 } 608 return copied; 609 } 610 611 int ptrace_writedata(struct task_struct *tsk, char __user *src, unsigned long dst, int len) 612 { 613 int copied = 0; 614 615 while (len > 0) { 616 char buf[128]; 617 int this_len, retval; 618 619 this_len = (len > sizeof(buf)) ? sizeof(buf) : len; 620 if (copy_from_user(buf, src, this_len)) 621 return -EFAULT; 622 retval = ptrace_access_vm(tsk, dst, buf, this_len, 623 FOLL_FORCE | FOLL_WRITE); 624 if (!retval) { 625 if (copied) 626 break; 627 return -EIO; 628 } 629 copied += retval; 630 src += retval; 631 dst += retval; 632 len -= retval; 633 } 634 return copied; 635 } 636 637 static int ptrace_setoptions(struct task_struct *child, unsigned long data) 638 { 639 unsigned flags; 640 641 if (data & ~(unsigned long)PTRACE_O_MASK) 642 return -EINVAL; 643 644 if (unlikely(data & PTRACE_O_SUSPEND_SECCOMP)) { 645 if (!IS_ENABLED(CONFIG_CHECKPOINT_RESTORE) || 646 !IS_ENABLED(CONFIG_SECCOMP)) 647 return -EINVAL; 648 649 if (!capable(CAP_SYS_ADMIN)) 650 return -EPERM; 651 652 if (seccomp_mode(¤t->seccomp) != SECCOMP_MODE_DISABLED || 653 current->ptrace & PT_SUSPEND_SECCOMP) 654 return -EPERM; 655 } 656 657 /* Avoid intermediate state when all opts are cleared */ 658 flags = child->ptrace; 659 flags &= ~(PTRACE_O_MASK << PT_OPT_FLAG_SHIFT); 660 flags |= (data << PT_OPT_FLAG_SHIFT); 661 child->ptrace = flags; 662 663 return 0; 664 } 665 666 static int ptrace_getsiginfo(struct task_struct *child, kernel_siginfo_t *info) 667 { 668 unsigned long flags; 669 int error = -ESRCH; 670 671 if (lock_task_sighand(child, &flags)) { 672 error = -EINVAL; 673 if (likely(child->last_siginfo != NULL)) { 674 copy_siginfo(info, child->last_siginfo); 675 error = 0; 676 } 677 unlock_task_sighand(child, &flags); 678 } 679 return error; 680 } 681 682 static int ptrace_setsiginfo(struct task_struct *child, const kernel_siginfo_t *info) 683 { 684 unsigned long flags; 685 int error = -ESRCH; 686 687 if (lock_task_sighand(child, &flags)) { 688 error = -EINVAL; 689 if (likely(child->last_siginfo != NULL)) { 690 copy_siginfo(child->last_siginfo, info); 691 error = 0; 692 } 693 unlock_task_sighand(child, &flags); 694 } 695 return error; 696 } 697 698 static int ptrace_peek_siginfo(struct task_struct *child, 699 unsigned long addr, 700 unsigned long data) 701 { 702 struct ptrace_peeksiginfo_args arg; 703 struct sigpending *pending; 704 struct sigqueue *q; 705 int ret, i; 706 707 ret = copy_from_user(&arg, (void __user *) addr, 708 sizeof(struct ptrace_peeksiginfo_args)); 709 if (ret) 710 return -EFAULT; 711 712 if (arg.flags & ~PTRACE_PEEKSIGINFO_SHARED) 713 return -EINVAL; /* unknown flags */ 714 715 if (arg.nr < 0) 716 return -EINVAL; 717 718 /* Ensure arg.off fits in an unsigned long */ 719 if (arg.off > ULONG_MAX) 720 return 0; 721 722 if (arg.flags & PTRACE_PEEKSIGINFO_SHARED) 723 pending = &child->signal->shared_pending; 724 else 725 pending = &child->pending; 726 727 for (i = 0; i < arg.nr; ) { 728 kernel_siginfo_t info; 729 unsigned long off = arg.off + i; 730 bool found = false; 731 732 spin_lock_irq(&child->sighand->siglock); 733 list_for_each_entry(q, &pending->list, list) { 734 if (!off--) { 735 found = true; 736 copy_siginfo(&info, &q->info); 737 break; 738 } 739 } 740 spin_unlock_irq(&child->sighand->siglock); 741 742 if (!found) /* beyond the end of the list */ 743 break; 744 745 #ifdef CONFIG_COMPAT 746 if (unlikely(in_compat_syscall())) { 747 compat_siginfo_t __user *uinfo = compat_ptr(data); 748 749 if (copy_siginfo_to_user32(uinfo, &info)) { 750 ret = -EFAULT; 751 break; 752 } 753 754 } else 755 #endif 756 { 757 siginfo_t __user *uinfo = (siginfo_t __user *) data; 758 759 if (copy_siginfo_to_user(uinfo, &info)) { 760 ret = -EFAULT; 761 break; 762 } 763 } 764 765 data += sizeof(siginfo_t); 766 i++; 767 768 if (signal_pending(current)) 769 break; 770 771 cond_resched(); 772 } 773 774 if (i > 0) 775 return i; 776 777 return ret; 778 } 779 780 #ifdef PTRACE_SINGLESTEP 781 #define is_singlestep(request) ((request) == PTRACE_SINGLESTEP) 782 #else 783 #define is_singlestep(request) 0 784 #endif 785 786 #ifdef PTRACE_SINGLEBLOCK 787 #define is_singleblock(request) ((request) == PTRACE_SINGLEBLOCK) 788 #else 789 #define is_singleblock(request) 0 790 #endif 791 792 #ifdef PTRACE_SYSEMU 793 #define is_sysemu_singlestep(request) ((request) == PTRACE_SYSEMU_SINGLESTEP) 794 #else 795 #define is_sysemu_singlestep(request) 0 796 #endif 797 798 static int ptrace_resume(struct task_struct *child, long request, 799 unsigned long data) 800 { 801 bool need_siglock; 802 803 if (!valid_signal(data)) 804 return -EIO; 805 806 if (request == PTRACE_SYSCALL) 807 set_tsk_thread_flag(child, TIF_SYSCALL_TRACE); 808 else 809 clear_tsk_thread_flag(child, TIF_SYSCALL_TRACE); 810 811 #ifdef TIF_SYSCALL_EMU 812 if (request == PTRACE_SYSEMU || request == PTRACE_SYSEMU_SINGLESTEP) 813 set_tsk_thread_flag(child, TIF_SYSCALL_EMU); 814 else 815 clear_tsk_thread_flag(child, TIF_SYSCALL_EMU); 816 #endif 817 818 if (is_singleblock(request)) { 819 if (unlikely(!arch_has_block_step())) 820 return -EIO; 821 user_enable_block_step(child); 822 } else if (is_singlestep(request) || is_sysemu_singlestep(request)) { 823 if (unlikely(!arch_has_single_step())) 824 return -EIO; 825 user_enable_single_step(child); 826 } else { 827 user_disable_single_step(child); 828 } 829 830 /* 831 * Change ->exit_code and ->state under siglock to avoid the race 832 * with wait_task_stopped() in between; a non-zero ->exit_code will 833 * wrongly look like another report from tracee. 834 * 835 * Note that we need siglock even if ->exit_code == data and/or this 836 * status was not reported yet, the new status must not be cleared by 837 * wait_task_stopped() after resume. 838 * 839 * If data == 0 we do not care if wait_task_stopped() reports the old 840 * status and clears the code too; this can't race with the tracee, it 841 * takes siglock after resume. 842 */ 843 need_siglock = data && !thread_group_empty(current); 844 if (need_siglock) 845 spin_lock_irq(&child->sighand->siglock); 846 child->exit_code = data; 847 wake_up_state(child, __TASK_TRACED); 848 if (need_siglock) 849 spin_unlock_irq(&child->sighand->siglock); 850 851 return 0; 852 } 853 854 #ifdef CONFIG_HAVE_ARCH_TRACEHOOK 855 856 static const struct user_regset * 857 find_regset(const struct user_regset_view *view, unsigned int type) 858 { 859 const struct user_regset *regset; 860 int n; 861 862 for (n = 0; n < view->n; ++n) { 863 regset = view->regsets + n; 864 if (regset->core_note_type == type) 865 return regset; 866 } 867 868 return NULL; 869 } 870 871 static int ptrace_regset(struct task_struct *task, int req, unsigned int type, 872 struct iovec *kiov) 873 { 874 const struct user_regset_view *view = task_user_regset_view(task); 875 const struct user_regset *regset = find_regset(view, type); 876 int regset_no; 877 878 if (!regset || (kiov->iov_len % regset->size) != 0) 879 return -EINVAL; 880 881 regset_no = regset - view->regsets; 882 kiov->iov_len = min(kiov->iov_len, 883 (__kernel_size_t) (regset->n * regset->size)); 884 885 if (req == PTRACE_GETREGSET) 886 return copy_regset_to_user(task, view, regset_no, 0, 887 kiov->iov_len, kiov->iov_base); 888 else 889 return copy_regset_from_user(task, view, regset_no, 0, 890 kiov->iov_len, kiov->iov_base); 891 } 892 893 /* 894 * This is declared in linux/regset.h and defined in machine-dependent 895 * code. We put the export here, near the primary machine-neutral use, 896 * to ensure no machine forgets it. 897 */ 898 EXPORT_SYMBOL_GPL(task_user_regset_view); 899 #endif 900 901 int ptrace_request(struct task_struct *child, long request, 902 unsigned long addr, unsigned long data) 903 { 904 bool seized = child->ptrace & PT_SEIZED; 905 int ret = -EIO; 906 kernel_siginfo_t siginfo, *si; 907 void __user *datavp = (void __user *) data; 908 unsigned long __user *datalp = datavp; 909 unsigned long flags; 910 911 switch (request) { 912 case PTRACE_PEEKTEXT: 913 case PTRACE_PEEKDATA: 914 return generic_ptrace_peekdata(child, addr, data); 915 case PTRACE_POKETEXT: 916 case PTRACE_POKEDATA: 917 return generic_ptrace_pokedata(child, addr, data); 918 919 #ifdef PTRACE_OLDSETOPTIONS 920 case PTRACE_OLDSETOPTIONS: 921 #endif 922 case PTRACE_SETOPTIONS: 923 ret = ptrace_setoptions(child, data); 924 break; 925 case PTRACE_GETEVENTMSG: 926 ret = put_user(child->ptrace_message, datalp); 927 break; 928 929 case PTRACE_PEEKSIGINFO: 930 ret = ptrace_peek_siginfo(child, addr, data); 931 break; 932 933 case PTRACE_GETSIGINFO: 934 ret = ptrace_getsiginfo(child, &siginfo); 935 if (!ret) 936 ret = copy_siginfo_to_user(datavp, &siginfo); 937 break; 938 939 case PTRACE_SETSIGINFO: 940 ret = copy_siginfo_from_user(&siginfo, datavp); 941 if (!ret) 942 ret = ptrace_setsiginfo(child, &siginfo); 943 break; 944 945 case PTRACE_GETSIGMASK: { 946 sigset_t *mask; 947 948 if (addr != sizeof(sigset_t)) { 949 ret = -EINVAL; 950 break; 951 } 952 953 if (test_tsk_restore_sigmask(child)) 954 mask = &child->saved_sigmask; 955 else 956 mask = &child->blocked; 957 958 if (copy_to_user(datavp, mask, sizeof(sigset_t))) 959 ret = -EFAULT; 960 else 961 ret = 0; 962 963 break; 964 } 965 966 case PTRACE_SETSIGMASK: { 967 sigset_t new_set; 968 969 if (addr != sizeof(sigset_t)) { 970 ret = -EINVAL; 971 break; 972 } 973 974 if (copy_from_user(&new_set, datavp, sizeof(sigset_t))) { 975 ret = -EFAULT; 976 break; 977 } 978 979 sigdelsetmask(&new_set, sigmask(SIGKILL)|sigmask(SIGSTOP)); 980 981 /* 982 * Every thread does recalc_sigpending() after resume, so 983 * retarget_shared_pending() and recalc_sigpending() are not 984 * called here. 985 */ 986 spin_lock_irq(&child->sighand->siglock); 987 child->blocked = new_set; 988 spin_unlock_irq(&child->sighand->siglock); 989 990 clear_tsk_restore_sigmask(child); 991 992 ret = 0; 993 break; 994 } 995 996 case PTRACE_INTERRUPT: 997 /* 998 * Stop tracee without any side-effect on signal or job 999 * control. At least one trap is guaranteed to happen 1000 * after this request. If @child is already trapped, the 1001 * current trap is not disturbed and another trap will 1002 * happen after the current trap is ended with PTRACE_CONT. 1003 * 1004 * The actual trap might not be PTRACE_EVENT_STOP trap but 1005 * the pending condition is cleared regardless. 1006 */ 1007 if (unlikely(!seized || !lock_task_sighand(child, &flags))) 1008 break; 1009 1010 /* 1011 * INTERRUPT doesn't disturb existing trap sans one 1012 * exception. If ptracer issued LISTEN for the current 1013 * STOP, this INTERRUPT should clear LISTEN and re-trap 1014 * tracee into STOP. 1015 */ 1016 if (likely(task_set_jobctl_pending(child, JOBCTL_TRAP_STOP))) 1017 ptrace_signal_wake_up(child, child->jobctl & JOBCTL_LISTENING); 1018 1019 unlock_task_sighand(child, &flags); 1020 ret = 0; 1021 break; 1022 1023 case PTRACE_LISTEN: 1024 /* 1025 * Listen for events. Tracee must be in STOP. It's not 1026 * resumed per-se but is not considered to be in TRACED by 1027 * wait(2) or ptrace(2). If an async event (e.g. group 1028 * stop state change) happens, tracee will enter STOP trap 1029 * again. Alternatively, ptracer can issue INTERRUPT to 1030 * finish listening and re-trap tracee into STOP. 1031 */ 1032 if (unlikely(!seized || !lock_task_sighand(child, &flags))) 1033 break; 1034 1035 si = child->last_siginfo; 1036 if (likely(si && (si->si_code >> 8) == PTRACE_EVENT_STOP)) { 1037 child->jobctl |= JOBCTL_LISTENING; 1038 /* 1039 * If NOTIFY is set, it means event happened between 1040 * start of this trap and now. Trigger re-trap. 1041 */ 1042 if (child->jobctl & JOBCTL_TRAP_NOTIFY) 1043 ptrace_signal_wake_up(child, true); 1044 ret = 0; 1045 } 1046 unlock_task_sighand(child, &flags); 1047 break; 1048 1049 case PTRACE_DETACH: /* detach a process that was attached. */ 1050 ret = ptrace_detach(child, data); 1051 break; 1052 1053 #ifdef CONFIG_BINFMT_ELF_FDPIC 1054 case PTRACE_GETFDPIC: { 1055 struct mm_struct *mm = get_task_mm(child); 1056 unsigned long tmp = 0; 1057 1058 ret = -ESRCH; 1059 if (!mm) 1060 break; 1061 1062 switch (addr) { 1063 case PTRACE_GETFDPIC_EXEC: 1064 tmp = mm->context.exec_fdpic_loadmap; 1065 break; 1066 case PTRACE_GETFDPIC_INTERP: 1067 tmp = mm->context.interp_fdpic_loadmap; 1068 break; 1069 default: 1070 break; 1071 } 1072 mmput(mm); 1073 1074 ret = put_user(tmp, datalp); 1075 break; 1076 } 1077 #endif 1078 1079 #ifdef PTRACE_SINGLESTEP 1080 case PTRACE_SINGLESTEP: 1081 #endif 1082 #ifdef PTRACE_SINGLEBLOCK 1083 case PTRACE_SINGLEBLOCK: 1084 #endif 1085 #ifdef PTRACE_SYSEMU 1086 case PTRACE_SYSEMU: 1087 case PTRACE_SYSEMU_SINGLESTEP: 1088 #endif 1089 case PTRACE_SYSCALL: 1090 case PTRACE_CONT: 1091 return ptrace_resume(child, request, data); 1092 1093 case PTRACE_KILL: 1094 if (child->exit_state) /* already dead */ 1095 return 0; 1096 return ptrace_resume(child, request, SIGKILL); 1097 1098 #ifdef CONFIG_HAVE_ARCH_TRACEHOOK 1099 case PTRACE_GETREGSET: 1100 case PTRACE_SETREGSET: { 1101 struct iovec kiov; 1102 struct iovec __user *uiov = datavp; 1103 1104 if (!access_ok(uiov, sizeof(*uiov))) 1105 return -EFAULT; 1106 1107 if (__get_user(kiov.iov_base, &uiov->iov_base) || 1108 __get_user(kiov.iov_len, &uiov->iov_len)) 1109 return -EFAULT; 1110 1111 ret = ptrace_regset(child, request, addr, &kiov); 1112 if (!ret) 1113 ret = __put_user(kiov.iov_len, &uiov->iov_len); 1114 break; 1115 } 1116 #endif 1117 1118 case PTRACE_SECCOMP_GET_FILTER: 1119 ret = seccomp_get_filter(child, addr, datavp); 1120 break; 1121 1122 case PTRACE_SECCOMP_GET_METADATA: 1123 ret = seccomp_get_metadata(child, addr, datavp); 1124 break; 1125 1126 default: 1127 break; 1128 } 1129 1130 return ret; 1131 } 1132 1133 #ifndef arch_ptrace_attach 1134 #define arch_ptrace_attach(child) do { } while (0) 1135 #endif 1136 1137 SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, 1138 unsigned long, data) 1139 { 1140 struct task_struct *child; 1141 long ret; 1142 1143 if (request == PTRACE_TRACEME) { 1144 ret = ptrace_traceme(); 1145 if (!ret) 1146 arch_ptrace_attach(current); 1147 goto out; 1148 } 1149 1150 child = find_get_task_by_vpid(pid); 1151 if (!child) { 1152 ret = -ESRCH; 1153 goto out; 1154 } 1155 1156 if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) { 1157 ret = ptrace_attach(child, request, addr, data); 1158 /* 1159 * Some architectures need to do book-keeping after 1160 * a ptrace attach. 1161 */ 1162 if (!ret) 1163 arch_ptrace_attach(child); 1164 goto out_put_task_struct; 1165 } 1166 1167 ret = ptrace_check_attach(child, request == PTRACE_KILL || 1168 request == PTRACE_INTERRUPT); 1169 if (ret < 0) 1170 goto out_put_task_struct; 1171 1172 ret = arch_ptrace(child, request, addr, data); 1173 if (ret || request != PTRACE_DETACH) 1174 ptrace_unfreeze_traced(child); 1175 1176 out_put_task_struct: 1177 put_task_struct(child); 1178 out: 1179 return ret; 1180 } 1181 1182 int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, 1183 unsigned long data) 1184 { 1185 unsigned long tmp; 1186 int copied; 1187 1188 copied = ptrace_access_vm(tsk, addr, &tmp, sizeof(tmp), FOLL_FORCE); 1189 if (copied != sizeof(tmp)) 1190 return -EIO; 1191 return put_user(tmp, (unsigned long __user *)data); 1192 } 1193 1194 int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, 1195 unsigned long data) 1196 { 1197 int copied; 1198 1199 copied = ptrace_access_vm(tsk, addr, &data, sizeof(data), 1200 FOLL_FORCE | FOLL_WRITE); 1201 return (copied == sizeof(data)) ? 0 : -EIO; 1202 } 1203 1204 #if defined CONFIG_COMPAT 1205 1206 int compat_ptrace_request(struct task_struct *child, compat_long_t request, 1207 compat_ulong_t addr, compat_ulong_t data) 1208 { 1209 compat_ulong_t __user *datap = compat_ptr(data); 1210 compat_ulong_t word; 1211 kernel_siginfo_t siginfo; 1212 int ret; 1213 1214 switch (request) { 1215 case PTRACE_PEEKTEXT: 1216 case PTRACE_PEEKDATA: 1217 ret = ptrace_access_vm(child, addr, &word, sizeof(word), 1218 FOLL_FORCE); 1219 if (ret != sizeof(word)) 1220 ret = -EIO; 1221 else 1222 ret = put_user(word, datap); 1223 break; 1224 1225 case PTRACE_POKETEXT: 1226 case PTRACE_POKEDATA: 1227 ret = ptrace_access_vm(child, addr, &data, sizeof(data), 1228 FOLL_FORCE | FOLL_WRITE); 1229 ret = (ret != sizeof(data) ? -EIO : 0); 1230 break; 1231 1232 case PTRACE_GETEVENTMSG: 1233 ret = put_user((compat_ulong_t) child->ptrace_message, datap); 1234 break; 1235 1236 case PTRACE_GETSIGINFO: 1237 ret = ptrace_getsiginfo(child, &siginfo); 1238 if (!ret) 1239 ret = copy_siginfo_to_user32( 1240 (struct compat_siginfo __user *) datap, 1241 &siginfo); 1242 break; 1243 1244 case PTRACE_SETSIGINFO: 1245 ret = copy_siginfo_from_user32( 1246 &siginfo, (struct compat_siginfo __user *) datap); 1247 if (!ret) 1248 ret = ptrace_setsiginfo(child, &siginfo); 1249 break; 1250 #ifdef CONFIG_HAVE_ARCH_TRACEHOOK 1251 case PTRACE_GETREGSET: 1252 case PTRACE_SETREGSET: 1253 { 1254 struct iovec kiov; 1255 struct compat_iovec __user *uiov = 1256 (struct compat_iovec __user *) datap; 1257 compat_uptr_t ptr; 1258 compat_size_t len; 1259 1260 if (!access_ok(uiov, sizeof(*uiov))) 1261 return -EFAULT; 1262 1263 if (__get_user(ptr, &uiov->iov_base) || 1264 __get_user(len, &uiov->iov_len)) 1265 return -EFAULT; 1266 1267 kiov.iov_base = compat_ptr(ptr); 1268 kiov.iov_len = len; 1269 1270 ret = ptrace_regset(child, request, addr, &kiov); 1271 if (!ret) 1272 ret = __put_user(kiov.iov_len, &uiov->iov_len); 1273 break; 1274 } 1275 #endif 1276 1277 default: 1278 ret = ptrace_request(child, request, addr, data); 1279 } 1280 1281 return ret; 1282 } 1283 1284 COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid, 1285 compat_long_t, addr, compat_long_t, data) 1286 { 1287 struct task_struct *child; 1288 long ret; 1289 1290 if (request == PTRACE_TRACEME) { 1291 ret = ptrace_traceme(); 1292 goto out; 1293 } 1294 1295 child = find_get_task_by_vpid(pid); 1296 if (!child) { 1297 ret = -ESRCH; 1298 goto out; 1299 } 1300 1301 if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) { 1302 ret = ptrace_attach(child, request, addr, data); 1303 /* 1304 * Some architectures need to do book-keeping after 1305 * a ptrace attach. 1306 */ 1307 if (!ret) 1308 arch_ptrace_attach(child); 1309 goto out_put_task_struct; 1310 } 1311 1312 ret = ptrace_check_attach(child, request == PTRACE_KILL || 1313 request == PTRACE_INTERRUPT); 1314 if (!ret) { 1315 ret = compat_arch_ptrace(child, request, addr, data); 1316 if (ret || request != PTRACE_DETACH) 1317 ptrace_unfreeze_traced(child); 1318 } 1319 1320 out_put_task_struct: 1321 put_task_struct(child); 1322 out: 1323 return ret; 1324 } 1325 #endif /* CONFIG_COMPAT */ 1326