Line data Source code
1 : // SPDX-License-Identifier: GPL-2.0-only
2 : /*
3 : * linux/kernel/ptrace.c
4 : *
5 : * (C) Copyright 1999 Linus Torvalds
6 : *
7 : * Common interfaces for "ptrace()" which we do not want
8 : * to continually duplicate across every architecture.
9 : */
10 :
11 : #include <linux/capability.h>
12 : #include <linux/export.h>
13 : #include <linux/sched.h>
14 : #include <linux/sched/mm.h>
15 : #include <linux/sched/coredump.h>
16 : #include <linux/sched/task.h>
17 : #include <linux/errno.h>
18 : #include <linux/mm.h>
19 : #include <linux/highmem.h>
20 : #include <linux/pagemap.h>
21 : #include <linux/ptrace.h>
22 : #include <linux/security.h>
23 : #include <linux/signal.h>
24 : #include <linux/uio.h>
25 : #include <linux/audit.h>
26 : #include <linux/pid_namespace.h>
27 : #include <linux/syscalls.h>
28 : #include <linux/uaccess.h>
29 : #include <linux/regset.h>
30 : #include <linux/hw_breakpoint.h>
31 : #include <linux/cn_proc.h>
32 : #include <linux/compat.h>
33 : #include <linux/sched/signal.h>
34 :
35 : #include <asm/syscall.h> /* for syscall_get_* */
36 :
37 : /*
38 : * Access another process' address space via ptrace.
39 : * Source/target buffer must be kernel space,
40 : * Do not walk the page table directly, use get_user_pages
41 : */
42 0 : int ptrace_access_vm(struct task_struct *tsk, unsigned long addr,
43 : void *buf, int len, unsigned int gup_flags)
44 : {
45 0 : struct mm_struct *mm;
46 0 : int ret;
47 :
48 0 : mm = get_task_mm(tsk);
49 0 : if (!mm)
50 : return 0;
51 :
52 0 : if (!tsk->ptrace ||
53 0 : (current != tsk->parent) ||
54 0 : ((get_dumpable(mm) != SUID_DUMP_USER) &&
55 0 : !ptracer_capable(tsk, mm->user_ns))) {
56 0 : mmput(mm);
57 0 : return 0;
58 : }
59 :
60 0 : ret = __access_remote_vm(mm, addr, buf, len, gup_flags);
61 0 : mmput(mm);
62 :
63 0 : return ret;
64 : }
65 :
66 :
67 12 : void __ptrace_link(struct task_struct *child, struct task_struct *new_parent,
68 : const struct cred *ptracer_cred)
69 : {
70 12 : BUG_ON(!list_empty(&child->ptrace_entry));
71 12 : list_add(&child->ptrace_entry, &new_parent->ptraced);
72 12 : child->parent = new_parent;
73 12 : child->ptracer_cred = get_cred(ptracer_cred);
74 12 : }
75 :
76 : /*
77 : * ptrace a task: make the debugger its new parent and
78 : * move it to the ptrace list.
79 : *
80 : * Must be called with the tasklist lock write-held.
81 : */
82 12 : static void ptrace_link(struct task_struct *child, struct task_struct *new_parent)
83 : {
84 12 : __ptrace_link(child, new_parent, current_cred());
85 12 : }
86 :
87 : /**
88 : * __ptrace_unlink - unlink ptracee and restore its execution state
89 : * @child: ptracee to be unlinked
90 : *
91 : * Remove @child from the ptrace list, move it back to the original parent,
92 : * and restore the execution state so that it conforms to the group stop
93 : * state.
94 : *
95 : * Unlinking can happen via two paths - explicit PTRACE_DETACH or ptracer
96 : * exiting. For PTRACE_DETACH, unless the ptracee has been killed between
97 : * ptrace_check_attach() and here, it's guaranteed to be in TASK_TRACED.
98 : * If the ptracer is exiting, the ptracee can be in any state.
99 : *
100 : * After detach, the ptracee should be in a state which conforms to the
101 : * group stop. If the group is stopped or in the process of stopping, the
102 : * ptracee should be put into TASK_STOPPED; otherwise, it should be woken
103 : * up from TASK_TRACED.
104 : *
105 : * If the ptracee is in TASK_TRACED and needs to be moved to TASK_STOPPED,
106 : * it goes through TRACED -> RUNNING -> STOPPED transition which is similar
107 : * to but in the opposite direction of what happens while attaching to a
108 : * stopped task. However, in this direction, the intermediate RUNNING
109 : * state is not hidden even from the current ptracer and if it immediately
110 : * re-attaches and performs a WNOHANG wait(2), it may fail.
111 : *
112 : * CONTEXT:
113 : * write_lock_irq(tasklist_lock)
114 : */
115 12 : void __ptrace_unlink(struct task_struct *child)
116 : {
117 12 : const struct cred *old_cred;
118 12 : BUG_ON(!child->ptrace);
119 :
120 12 : clear_task_syscall_work(child, SYSCALL_TRACE);
121 : #if defined(CONFIG_GENERIC_ENTRY) || defined(TIF_SYSCALL_EMU)
122 12 : clear_task_syscall_work(child, SYSCALL_EMU);
123 : #endif
124 :
125 12 : child->parent = child->real_parent;
126 12 : list_del_init(&child->ptrace_entry);
127 12 : old_cred = child->ptracer_cred;
128 12 : child->ptracer_cred = NULL;
129 12 : put_cred(old_cred);
130 :
131 12 : spin_lock(&child->sighand->siglock);
132 12 : child->ptrace = 0;
133 : /*
134 : * Clear all pending traps and TRAPPING. TRAPPING should be
135 : * cleared regardless of JOBCTL_STOP_PENDING. Do it explicitly.
136 : */
137 12 : task_clear_jobctl_pending(child, JOBCTL_TRAP_MASK);
138 12 : task_clear_jobctl_trapping(child);
139 :
140 : /*
141 : * Reinstate JOBCTL_STOP_PENDING if group stop is in effect and
142 : * @child isn't dead.
143 : */
144 12 : if (!(child->flags & PF_EXITING) &&
145 12 : (child->signal->flags & SIGNAL_STOP_STOPPED ||
146 : child->signal->group_stop_count)) {
147 0 : child->jobctl |= JOBCTL_STOP_PENDING;
148 :
149 : /*
150 : * This is only possible if this thread was cloned by the
151 : * traced task running in the stopped group, set the signal
152 : * for the future reports.
153 : * FIXME: we should change ptrace_init_task() to handle this
154 : * case.
155 : */
156 0 : if (!(child->jobctl & JOBCTL_STOP_SIGMASK))
157 0 : child->jobctl |= SIGSTOP;
158 : }
159 :
160 : /*
161 : * If transition to TASK_STOPPED is pending or in TASK_TRACED, kick
162 : * @child in the butt. Note that @resume should be used iff @child
163 : * is in TASK_TRACED; otherwise, we might unduly disrupt
164 : * TASK_KILLABLE sleeps.
165 : */
166 12 : if (child->jobctl & JOBCTL_STOP_PENDING || task_is_traced(child))
167 12 : ptrace_signal_wake_up(child, true);
168 :
169 12 : spin_unlock(&child->sighand->siglock);
170 12 : }
171 :
172 : /* Ensure that nothing can wake it up, even SIGKILL */
173 12 : static bool ptrace_freeze_traced(struct task_struct *task)
174 : {
175 12 : bool ret = false;
176 :
177 : /* Lockless, nobody but us can set this flag */
178 12 : if (task->jobctl & JOBCTL_LISTENING)
179 : return ret;
180 :
181 12 : spin_lock_irq(&task->sighand->siglock);
182 12 : if (task_is_traced(task) && !__fatal_signal_pending(task)) {
183 12 : task->state = __TASK_TRACED;
184 12 : ret = true;
185 : }
186 12 : spin_unlock_irq(&task->sighand->siglock);
187 :
188 12 : return ret;
189 : }
190 :
191 0 : static void ptrace_unfreeze_traced(struct task_struct *task)
192 : {
193 0 : if (task->state != __TASK_TRACED)
194 : return;
195 :
196 0 : WARN_ON(!task->ptrace || task->parent != current);
197 :
198 : /*
199 : * PTRACE_LISTEN can allow ptrace_trap_notify to wake us up remotely.
200 : * Recheck state under the lock to close this race.
201 : */
202 0 : spin_lock_irq(&task->sighand->siglock);
203 0 : if (task->state == __TASK_TRACED) {
204 0 : if (__fatal_signal_pending(task))
205 0 : wake_up_state(task, __TASK_TRACED);
206 : else
207 0 : task->state = TASK_TRACED;
208 : }
209 0 : spin_unlock_irq(&task->sighand->siglock);
210 : }
211 :
212 : /**
213 : * ptrace_check_attach - check whether ptracee is ready for ptrace operation
214 : * @child: ptracee to check for
215 : * @ignore_state: don't check whether @child is currently %TASK_TRACED
216 : *
217 : * Check whether @child is being ptraced by %current and ready for further
218 : * ptrace operations. If @ignore_state is %false, @child also should be in
219 : * %TASK_TRACED state and on return the child is guaranteed to be traced
220 : * and not executing. If @ignore_state is %true, @child can be in any
221 : * state.
222 : *
223 : * CONTEXT:
224 : * Grabs and releases tasklist_lock and @child->sighand->siglock.
225 : *
226 : * RETURNS:
227 : * 0 on success, -ESRCH if %child is not ready.
228 : */
229 16 : static int ptrace_check_attach(struct task_struct *child, bool ignore_state)
230 : {
231 16 : int ret = -ESRCH;
232 :
233 : /*
234 : * We take the read lock around doing both checks to close a
235 : * possible race where someone else was tracing our child and
236 : * detached between these two checks. After this locked check,
237 : * we are sure that this is our traced child and that can only
238 : * be changed by us so it's not changing right after this.
239 : */
240 16 : read_lock(&tasklist_lock);
241 16 : if (child->ptrace && child->parent == current) {
242 12 : WARN_ON(child->state == __TASK_TRACED);
243 : /*
244 : * child->sighand can't be NULL, release_task()
245 : * does ptrace_unlink() before __exit_signal().
246 : */
247 12 : if (ignore_state || ptrace_freeze_traced(child))
248 : ret = 0;
249 : }
250 16 : read_unlock(&tasklist_lock);
251 :
252 16 : if (!ret && !ignore_state) {
253 12 : if (!wait_task_inactive(child, __TASK_TRACED)) {
254 : /*
255 : * This can only happen if may_ptrace_stop() fails and
256 : * ptrace_stop() changes ->state back to TASK_RUNNING,
257 : * so we should not worry about leaking __TASK_TRACED.
258 : */
259 0 : WARN_ON(child->state == __TASK_TRACED);
260 : ret = -ESRCH;
261 : }
262 : }
263 :
264 16 : return ret;
265 : }
266 :
267 2 : static bool ptrace_has_cap(struct user_namespace *ns, unsigned int mode)
268 : {
269 2 : if (mode & PTRACE_MODE_NOAUDIT)
270 0 : return ns_capable_noaudit(ns, CAP_SYS_PTRACE);
271 2 : return ns_capable(ns, CAP_SYS_PTRACE);
272 : }
273 :
274 : /* Returns 0 on success, -errno on denial. */
275 387 : static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
276 : {
277 387 : const struct cred *cred = current_cred(), *tcred;
278 387 : struct mm_struct *mm;
279 387 : kuid_t caller_uid;
280 387 : kgid_t caller_gid;
281 :
282 387 : if (!(mode & PTRACE_MODE_FSCREDS) == !(mode & PTRACE_MODE_REALCREDS)) {
283 0 : WARN(1, "denying ptrace access check without PTRACE_MODE_*CREDS\n");
284 0 : return -EPERM;
285 : }
286 :
287 : /* May we inspect the given task?
288 : * This check is used both for attaching with ptrace
289 : * and for allowing access to sensitive information in /proc.
290 : *
291 : * ptrace_attach denies several cases that /proc allows
292 : * because setting up the necessary parent/child relationship
293 : * or halting the specified task is impossible.
294 : */
295 :
296 : /* Don't let security modules deny introspection */
297 387 : if (same_thread_group(task, current))
298 : return 0;
299 224 : rcu_read_lock();
300 224 : if (mode & PTRACE_MODE_FSCREDS) {
301 208 : caller_uid = cred->fsuid;
302 208 : caller_gid = cred->fsgid;
303 : } else {
304 : /*
305 : * Using the euid would make more sense here, but something
306 : * in userland might rely on the old behavior, and this
307 : * shouldn't be a security problem since
308 : * PTRACE_MODE_REALCREDS implies that the caller explicitly
309 : * used a syscall that requests access to another process
310 : * (and not a filesystem syscall to procfs).
311 : */
312 16 : caller_uid = cred->uid;
313 16 : caller_gid = cred->gid;
314 : }
315 224 : tcred = __task_cred(task);
316 224 : if (uid_eq(caller_uid, tcred->euid) &&
317 223 : uid_eq(caller_uid, tcred->suid) &&
318 223 : uid_eq(caller_uid, tcred->uid) &&
319 223 : gid_eq(caller_gid, tcred->egid) &&
320 223 : gid_eq(caller_gid, tcred->sgid) &&
321 223 : gid_eq(caller_gid, tcred->gid))
322 223 : goto ok;
323 1 : if (ptrace_has_cap(tcred->user_ns, mode))
324 1 : goto ok;
325 0 : rcu_read_unlock();
326 0 : return -EPERM;
327 224 : ok:
328 224 : rcu_read_unlock();
329 : /*
330 : * If a task drops privileges and becomes nondumpable (through a syscall
331 : * like setresuid()) while we are trying to access it, we must ensure
332 : * that the dumpability is read after the credentials; otherwise,
333 : * we may be able to attach to a task that we shouldn't be able to
334 : * attach to (as if the task had dropped privileges without becoming
335 : * nondumpable).
336 : * Pairs with a write barrier in commit_creds().
337 : */
338 224 : smp_rmb();
339 224 : mm = task->mm;
340 224 : if (mm &&
341 180 : ((get_dumpable(mm) != SUID_DUMP_USER) &&
342 1 : !ptrace_has_cap(mm->user_ns, mode)))
343 : return -EPERM;
344 :
345 224 : return security_ptrace_access_check(task, mode);
346 : }
347 :
348 371 : bool ptrace_may_access(struct task_struct *task, unsigned int mode)
349 : {
350 371 : int err;
351 371 : task_lock(task);
352 371 : err = __ptrace_may_access(task, mode);
353 371 : task_unlock(task);
354 371 : return !err;
355 : }
356 :
357 16 : static int ptrace_attach(struct task_struct *task, long request,
358 : unsigned long addr,
359 : unsigned long flags)
360 : {
361 16 : bool seize = (request == PTRACE_SEIZE);
362 16 : int retval;
363 :
364 16 : retval = -EIO;
365 16 : if (seize) {
366 0 : if (addr != 0)
367 0 : goto out;
368 0 : if (flags & ~(unsigned long)PTRACE_O_MASK)
369 0 : goto out;
370 0 : flags = PT_PTRACED | PT_SEIZED | (flags << PT_OPT_FLAG_SHIFT);
371 : } else {
372 : flags = PT_PTRACED;
373 : }
374 :
375 16 : audit_ptrace(task);
376 :
377 16 : retval = -EPERM;
378 16 : if (unlikely(task->flags & (PF_KTHREAD | PF_IO_WORKER)))
379 0 : goto out;
380 16 : if (same_thread_group(task, current))
381 0 : goto out;
382 :
383 : /*
384 : * Protect exec's credential calculations against our interference;
385 : * SUID, SGID and LSM creds get determined differently
386 : * under ptrace.
387 : */
388 16 : retval = -ERESTARTNOINTR;
389 16 : if (mutex_lock_interruptible(&task->signal->cred_guard_mutex))
390 0 : goto out;
391 :
392 16 : task_lock(task);
393 16 : retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS);
394 16 : task_unlock(task);
395 16 : if (retval)
396 8 : goto unlock_creds;
397 :
398 8 : write_lock_irq(&tasklist_lock);
399 8 : retval = -EPERM;
400 8 : if (unlikely(task->exit_state))
401 0 : goto unlock_tasklist;
402 8 : if (task->ptrace)
403 0 : goto unlock_tasklist;
404 :
405 8 : if (seize)
406 0 : flags |= PT_SEIZED;
407 8 : task->ptrace = flags;
408 :
409 8 : ptrace_link(task, current);
410 :
411 : /* SEIZE doesn't trap tracee on attach */
412 8 : if (!seize)
413 8 : send_sig_info(SIGSTOP, SEND_SIG_PRIV, task);
414 :
415 8 : spin_lock(&task->sighand->siglock);
416 :
417 : /*
418 : * If the task is already STOPPED, set JOBCTL_TRAP_STOP and
419 : * TRAPPING, and kick it so that it transits to TRACED. TRAPPING
420 : * will be cleared if the child completes the transition or any
421 : * event which clears the group stop states happens. We'll wait
422 : * for the transition to complete before returning from this
423 : * function.
424 : *
425 : * This hides STOPPED -> RUNNING -> TRACED transition from the
426 : * attaching thread but a different thread in the same group can
427 : * still observe the transient RUNNING state. IOW, if another
428 : * thread's WNOHANG wait(2) on the stopped tracee races against
429 : * ATTACH, the wait(2) may fail due to the transient RUNNING.
430 : *
431 : * The following task_is_stopped() test is safe as both transitions
432 : * in and out of STOPPED are protected by siglock.
433 : */
434 8 : if (task_is_stopped(task) &&
435 0 : task_set_jobctl_pending(task, JOBCTL_TRAP_STOP | JOBCTL_TRAPPING))
436 0 : signal_wake_up_state(task, __TASK_STOPPED);
437 :
438 8 : spin_unlock(&task->sighand->siglock);
439 :
440 8 : retval = 0;
441 8 : unlock_tasklist:
442 8 : write_unlock_irq(&tasklist_lock);
443 16 : unlock_creds:
444 16 : mutex_unlock(&task->signal->cred_guard_mutex);
445 16 : out:
446 16 : if (!retval) {
447 : /*
448 : * We do not bother to change retval or clear JOBCTL_TRAPPING
449 : * if wait_on_bit() was interrupted by SIGKILL. The tracer will
450 : * not return to user-mode, it will exit and clear this bit in
451 : * __ptrace_unlink() if it wasn't already cleared by the tracee;
452 : * and until then nobody can ptrace this task.
453 : */
454 8 : wait_on_bit(&task->jobctl, JOBCTL_TRAPPING_BIT, TASK_KILLABLE);
455 8 : proc_ptrace_connector(task, PTRACE_ATTACH);
456 : }
457 :
458 16 : return retval;
459 : }
460 :
461 : /**
462 : * ptrace_traceme -- helper for PTRACE_TRACEME
463 : *
464 : * Performs checks and sets PT_PTRACED.
465 : * Should be used by all ptrace implementations for PTRACE_TRACEME.
466 : */
467 8 : static int ptrace_traceme(void)
468 : {
469 8 : int ret = -EPERM;
470 :
471 8 : write_lock_irq(&tasklist_lock);
472 : /* Are we already being traced? */
473 8 : if (!current->ptrace) {
474 8 : ret = security_ptrace_traceme(current->parent);
475 : /*
476 : * Check PF_EXITING to ensure ->real_parent has not passed
477 : * exit_ptrace(). Otherwise we don't report the error but
478 : * pretend ->real_parent untraces us right after return.
479 : */
480 8 : if (!ret && !(current->real_parent->flags & PF_EXITING)) {
481 4 : current->ptrace = PT_PTRACED;
482 4 : ptrace_link(current, current->real_parent);
483 : }
484 : }
485 8 : write_unlock_irq(&tasklist_lock);
486 :
487 8 : return ret;
488 : }
489 :
490 : /*
491 : * Called with irqs disabled, returns true if childs should reap themselves.
492 : */
493 0 : static int ignoring_children(struct sighand_struct *sigh)
494 : {
495 0 : int ret;
496 0 : spin_lock(&sigh->siglock);
497 0 : ret = (sigh->action[SIGCHLD-1].sa.sa_handler == SIG_IGN) ||
498 0 : (sigh->action[SIGCHLD-1].sa.sa_flags & SA_NOCLDWAIT);
499 0 : spin_unlock(&sigh->siglock);
500 0 : return ret;
501 : }
502 :
503 : /*
504 : * Called with tasklist_lock held for writing.
505 : * Unlink a traced task, and clean it up if it was a traced zombie.
506 : * Return true if it needs to be reaped with release_task().
507 : * (We can't call release_task() here because we already hold tasklist_lock.)
508 : *
509 : * If it's a zombie, our attachedness prevented normal parent notification
510 : * or self-reaping. Do notification now if it would have happened earlier.
511 : * If it should reap itself, return true.
512 : *
513 : * If it's our own child, there is no notification to do. But if our normal
514 : * children self-reap, then this child was prevented by ptrace and we must
515 : * reap it now, in that case we must also wake up sub-threads sleeping in
516 : * do_wait().
517 : */
518 12 : static bool __ptrace_detach(struct task_struct *tracer, struct task_struct *p)
519 : {
520 12 : bool dead;
521 :
522 12 : __ptrace_unlink(p);
523 :
524 12 : if (p->exit_state != EXIT_ZOMBIE)
525 : return false;
526 :
527 0 : dead = !thread_group_leader(p);
528 :
529 0 : if (!dead && thread_group_empty(p)) {
530 0 : if (!same_thread_group(p->real_parent, tracer))
531 0 : dead = do_notify_parent(p, p->exit_signal);
532 0 : else if (ignoring_children(tracer->sighand)) {
533 0 : __wake_up_parent(p, tracer);
534 0 : dead = true;
535 : }
536 : }
537 : /* Mark it as in the process of being reaped. */
538 0 : if (dead)
539 0 : p->exit_state = EXIT_DEAD;
540 : return dead;
541 : }
542 :
543 12 : static int ptrace_detach(struct task_struct *child, unsigned int data)
544 : {
545 12 : if (!valid_signal(data))
546 : return -EIO;
547 :
548 : /* Architecture-specific hardware disable .. */
549 12 : ptrace_disable(child);
550 :
551 12 : write_lock_irq(&tasklist_lock);
552 : /*
553 : * We rely on ptrace_freeze_traced(). It can't be killed and
554 : * untraced by another thread, it can't be a zombie.
555 : */
556 24 : WARN_ON(!child->ptrace || child->exit_state);
557 : /*
558 : * tasklist_lock avoids the race with wait_task_stopped(), see
559 : * the comment in ptrace_resume().
560 : */
561 12 : child->exit_code = data;
562 12 : __ptrace_detach(current, child);
563 12 : write_unlock_irq(&tasklist_lock);
564 :
565 12 : proc_ptrace_connector(child, PTRACE_DETACH);
566 :
567 12 : return 0;
568 : }
569 :
570 : /*
571 : * Detach all tasks we were using ptrace on. Called with tasklist held
572 : * for writing.
573 : */
574 0 : void exit_ptrace(struct task_struct *tracer, struct list_head *dead)
575 : {
576 0 : struct task_struct *p, *n;
577 :
578 0 : list_for_each_entry_safe(p, n, &tracer->ptraced, ptrace_entry) {
579 0 : if (unlikely(p->ptrace & PT_EXITKILL))
580 0 : send_sig_info(SIGKILL, SEND_SIG_PRIV, p);
581 :
582 0 : if (__ptrace_detach(tracer, p))
583 0 : list_add(&p->ptrace_entry, dead);
584 : }
585 0 : }
586 :
587 0 : int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst, int len)
588 : {
589 0 : int copied = 0;
590 :
591 0 : while (len > 0) {
592 0 : char buf[128];
593 0 : int this_len, retval;
594 :
595 0 : this_len = (len > sizeof(buf)) ? sizeof(buf) : len;
596 0 : retval = ptrace_access_vm(tsk, src, buf, this_len, FOLL_FORCE);
597 :
598 0 : if (!retval) {
599 0 : if (copied)
600 : break;
601 0 : return -EIO;
602 : }
603 0 : if (copy_to_user(dst, buf, retval))
604 : return -EFAULT;
605 0 : copied += retval;
606 0 : src += retval;
607 0 : dst += retval;
608 0 : len -= retval;
609 : }
610 : return copied;
611 : }
612 :
613 0 : int ptrace_writedata(struct task_struct *tsk, char __user *src, unsigned long dst, int len)
614 : {
615 0 : int copied = 0;
616 :
617 0 : while (len > 0) {
618 0 : char buf[128];
619 0 : int this_len, retval;
620 :
621 0 : this_len = (len > sizeof(buf)) ? sizeof(buf) : len;
622 0 : if (copy_from_user(buf, src, this_len))
623 0 : return -EFAULT;
624 0 : retval = ptrace_access_vm(tsk, dst, buf, this_len,
625 : FOLL_FORCE | FOLL_WRITE);
626 0 : if (!retval) {
627 0 : if (copied)
628 : break;
629 : return -EIO;
630 : }
631 0 : copied += retval;
632 0 : src += retval;
633 0 : dst += retval;
634 0 : len -= retval;
635 : }
636 : return copied;
637 : }
638 :
639 0 : static int ptrace_setoptions(struct task_struct *child, unsigned long data)
640 : {
641 0 : unsigned flags;
642 :
643 0 : if (data & ~(unsigned long)PTRACE_O_MASK)
644 : return -EINVAL;
645 :
646 0 : if (unlikely(data & PTRACE_O_SUSPEND_SECCOMP)) {
647 : if (!IS_ENABLED(CONFIG_CHECKPOINT_RESTORE) ||
648 : !IS_ENABLED(CONFIG_SECCOMP))
649 : return -EINVAL;
650 :
651 : if (!capable(CAP_SYS_ADMIN))
652 : return -EPERM;
653 :
654 : if (seccomp_mode(¤t->seccomp) != SECCOMP_MODE_DISABLED ||
655 : current->ptrace & PT_SUSPEND_SECCOMP)
656 : return -EPERM;
657 : }
658 :
659 : /* Avoid intermediate state when all opts are cleared */
660 0 : flags = child->ptrace;
661 0 : flags &= ~(PTRACE_O_MASK << PT_OPT_FLAG_SHIFT);
662 0 : flags |= (data << PT_OPT_FLAG_SHIFT);
663 0 : child->ptrace = flags;
664 :
665 0 : return 0;
666 : }
667 :
668 0 : static int ptrace_getsiginfo(struct task_struct *child, kernel_siginfo_t *info)
669 : {
670 0 : unsigned long flags;
671 0 : int error = -ESRCH;
672 :
673 0 : if (lock_task_sighand(child, &flags)) {
674 0 : error = -EINVAL;
675 0 : if (likely(child->last_siginfo != NULL)) {
676 0 : copy_siginfo(info, child->last_siginfo);
677 0 : error = 0;
678 : }
679 0 : unlock_task_sighand(child, &flags);
680 : }
681 0 : return error;
682 : }
683 :
684 0 : static int ptrace_setsiginfo(struct task_struct *child, const kernel_siginfo_t *info)
685 : {
686 0 : unsigned long flags;
687 0 : int error = -ESRCH;
688 :
689 0 : if (lock_task_sighand(child, &flags)) {
690 0 : error = -EINVAL;
691 0 : if (likely(child->last_siginfo != NULL)) {
692 0 : copy_siginfo(child->last_siginfo, info);
693 0 : error = 0;
694 : }
695 0 : unlock_task_sighand(child, &flags);
696 : }
697 0 : return error;
698 : }
699 :
700 0 : static int ptrace_peek_siginfo(struct task_struct *child,
701 : unsigned long addr,
702 : unsigned long data)
703 : {
704 0 : struct ptrace_peeksiginfo_args arg;
705 0 : struct sigpending *pending;
706 0 : struct sigqueue *q;
707 0 : int ret, i;
708 :
709 0 : ret = copy_from_user(&arg, (void __user *) addr,
710 : sizeof(struct ptrace_peeksiginfo_args));
711 0 : if (ret)
712 : return -EFAULT;
713 :
714 0 : if (arg.flags & ~PTRACE_PEEKSIGINFO_SHARED)
715 : return -EINVAL; /* unknown flags */
716 :
717 0 : if (arg.nr < 0)
718 : return -EINVAL;
719 :
720 : /* Ensure arg.off fits in an unsigned long */
721 0 : if (arg.off > ULONG_MAX)
722 : return 0;
723 :
724 0 : if (arg.flags & PTRACE_PEEKSIGINFO_SHARED)
725 0 : pending = &child->signal->shared_pending;
726 : else
727 0 : pending = &child->pending;
728 :
729 0 : for (i = 0; i < arg.nr; ) {
730 0 : kernel_siginfo_t info;
731 0 : unsigned long off = arg.off + i;
732 0 : bool found = false;
733 :
734 0 : spin_lock_irq(&child->sighand->siglock);
735 0 : list_for_each_entry(q, &pending->list, list) {
736 0 : if (!off--) {
737 0 : found = true;
738 0 : copy_siginfo(&info, &q->info);
739 : break;
740 : }
741 : }
742 0 : spin_unlock_irq(&child->sighand->siglock);
743 :
744 0 : if (!found) /* beyond the end of the list */
745 : break;
746 :
747 : #ifdef CONFIG_COMPAT
748 0 : if (unlikely(in_compat_syscall())) {
749 0 : compat_siginfo_t __user *uinfo = compat_ptr(data);
750 :
751 0 : if (copy_siginfo_to_user32(uinfo, &info)) {
752 : ret = -EFAULT;
753 : break;
754 : }
755 :
756 : } else
757 : #endif
758 : {
759 0 : siginfo_t __user *uinfo = (siginfo_t __user *) data;
760 :
761 0 : if (copy_siginfo_to_user(uinfo, &info)) {
762 : ret = -EFAULT;
763 : break;
764 : }
765 : }
766 :
767 0 : data += sizeof(siginfo_t);
768 0 : i++;
769 :
770 0 : if (signal_pending(current))
771 : break;
772 :
773 0 : cond_resched();
774 : }
775 :
776 0 : if (i > 0)
777 0 : return i;
778 :
779 : return ret;
780 : }
781 :
782 : #ifdef PTRACE_SINGLESTEP
783 : #define is_singlestep(request) ((request) == PTRACE_SINGLESTEP)
784 : #else
785 : #define is_singlestep(request) 0
786 : #endif
787 :
788 : #ifdef PTRACE_SINGLEBLOCK
789 : #define is_singleblock(request) ((request) == PTRACE_SINGLEBLOCK)
790 : #else
791 : #define is_singleblock(request) 0
792 : #endif
793 :
794 : #ifdef PTRACE_SYSEMU
795 : #define is_sysemu_singlestep(request) ((request) == PTRACE_SYSEMU_SINGLESTEP)
796 : #else
797 : #define is_sysemu_singlestep(request) 0
798 : #endif
799 :
800 0 : static int ptrace_resume(struct task_struct *child, long request,
801 : unsigned long data)
802 : {
803 0 : bool need_siglock;
804 :
805 0 : if (!valid_signal(data))
806 : return -EIO;
807 :
808 0 : if (request == PTRACE_SYSCALL)
809 0 : set_task_syscall_work(child, SYSCALL_TRACE);
810 : else
811 0 : clear_task_syscall_work(child, SYSCALL_TRACE);
812 :
813 : #if defined(CONFIG_GENERIC_ENTRY) || defined(TIF_SYSCALL_EMU)
814 0 : if (request == PTRACE_SYSEMU || request == PTRACE_SYSEMU_SINGLESTEP)
815 0 : set_task_syscall_work(child, SYSCALL_EMU);
816 : else
817 0 : clear_task_syscall_work(child, SYSCALL_EMU);
818 : #endif
819 :
820 0 : if (is_singleblock(request)) {
821 0 : if (unlikely(!arch_has_block_step()))
822 : return -EIO;
823 0 : user_enable_block_step(child);
824 0 : } else if (is_singlestep(request) || is_sysemu_singlestep(request)) {
825 0 : if (unlikely(!arch_has_single_step()))
826 : return -EIO;
827 0 : user_enable_single_step(child);
828 : } else {
829 0 : user_disable_single_step(child);
830 : }
831 :
832 : /*
833 : * Change ->exit_code and ->state under siglock to avoid the race
834 : * with wait_task_stopped() in between; a non-zero ->exit_code will
835 : * wrongly look like another report from tracee.
836 : *
837 : * Note that we need siglock even if ->exit_code == data and/or this
838 : * status was not reported yet, the new status must not be cleared by
839 : * wait_task_stopped() after resume.
840 : *
841 : * If data == 0 we do not care if wait_task_stopped() reports the old
842 : * status and clears the code too; this can't race with the tracee, it
843 : * takes siglock after resume.
844 : */
845 0 : need_siglock = data && !thread_group_empty(current);
846 0 : if (need_siglock)
847 0 : spin_lock_irq(&child->sighand->siglock);
848 0 : child->exit_code = data;
849 0 : wake_up_state(child, __TASK_TRACED);
850 0 : if (need_siglock)
851 0 : spin_unlock_irq(&child->sighand->siglock);
852 :
853 : return 0;
854 : }
855 :
856 : #ifdef CONFIG_HAVE_ARCH_TRACEHOOK
857 :
858 : static const struct user_regset *
859 0 : find_regset(const struct user_regset_view *view, unsigned int type)
860 : {
861 0 : const struct user_regset *regset;
862 0 : int n;
863 :
864 0 : for (n = 0; n < view->n; ++n) {
865 0 : regset = view->regsets + n;
866 0 : if (regset->core_note_type == type)
867 : return regset;
868 : }
869 :
870 : return NULL;
871 : }
872 :
873 0 : static int ptrace_regset(struct task_struct *task, int req, unsigned int type,
874 : struct iovec *kiov)
875 : {
876 0 : const struct user_regset_view *view = task_user_regset_view(task);
877 0 : const struct user_regset *regset = find_regset(view, type);
878 0 : int regset_no;
879 :
880 0 : if (!regset || (kiov->iov_len % regset->size) != 0)
881 : return -EINVAL;
882 :
883 0 : regset_no = regset - view->regsets;
884 0 : kiov->iov_len = min(kiov->iov_len,
885 : (__kernel_size_t) (regset->n * regset->size));
886 :
887 0 : if (req == PTRACE_GETREGSET)
888 0 : return copy_regset_to_user(task, view, regset_no, 0,
889 : kiov->iov_len, kiov->iov_base);
890 : else
891 0 : return copy_regset_from_user(task, view, regset_no, 0,
892 0 : kiov->iov_len, kiov->iov_base);
893 : }
894 :
895 : /*
896 : * This is declared in linux/regset.h and defined in machine-dependent
897 : * code. We put the export here, near the primary machine-neutral use,
898 : * to ensure no machine forgets it.
899 : */
900 : EXPORT_SYMBOL_GPL(task_user_regset_view);
901 :
902 : static unsigned long
903 0 : ptrace_get_syscall_info_entry(struct task_struct *child, struct pt_regs *regs,
904 : struct ptrace_syscall_info *info)
905 : {
906 0 : unsigned long args[ARRAY_SIZE(info->entry.args)];
907 0 : int i;
908 :
909 0 : info->op = PTRACE_SYSCALL_INFO_ENTRY;
910 0 : info->entry.nr = syscall_get_nr(child, regs);
911 0 : syscall_get_arguments(child, regs, args);
912 0 : for (i = 0; i < ARRAY_SIZE(args); i++)
913 0 : info->entry.args[i] = args[i];
914 :
915 : /* args is the last field in struct ptrace_syscall_info.entry */
916 0 : return offsetofend(struct ptrace_syscall_info, entry.args);
917 : }
918 :
919 : static unsigned long
920 0 : ptrace_get_syscall_info_seccomp(struct task_struct *child, struct pt_regs *regs,
921 : struct ptrace_syscall_info *info)
922 : {
923 : /*
924 : * As struct ptrace_syscall_info.entry is currently a subset
925 : * of struct ptrace_syscall_info.seccomp, it makes sense to
926 : * initialize that subset using ptrace_get_syscall_info_entry().
927 : * This can be reconsidered in the future if these structures
928 : * diverge significantly enough.
929 : */
930 0 : ptrace_get_syscall_info_entry(child, regs, info);
931 0 : info->op = PTRACE_SYSCALL_INFO_SECCOMP;
932 0 : info->seccomp.ret_data = child->ptrace_message;
933 :
934 : /* ret_data is the last field in struct ptrace_syscall_info.seccomp */
935 0 : return offsetofend(struct ptrace_syscall_info, seccomp.ret_data);
936 : }
937 :
938 : static unsigned long
939 0 : ptrace_get_syscall_info_exit(struct task_struct *child, struct pt_regs *regs,
940 : struct ptrace_syscall_info *info)
941 : {
942 0 : info->op = PTRACE_SYSCALL_INFO_EXIT;
943 0 : info->exit.rval = syscall_get_error(child, regs);
944 0 : info->exit.is_error = !!info->exit.rval;
945 0 : if (!info->exit.is_error)
946 0 : info->exit.rval = syscall_get_return_value(child, regs);
947 :
948 : /* is_error is the last field in struct ptrace_syscall_info.exit */
949 0 : return offsetofend(struct ptrace_syscall_info, exit.is_error);
950 : }
951 :
952 : static int
953 0 : ptrace_get_syscall_info(struct task_struct *child, unsigned long user_size,
954 : void __user *datavp)
955 : {
956 0 : struct pt_regs *regs = task_pt_regs(child);
957 0 : struct ptrace_syscall_info info = {
958 : .op = PTRACE_SYSCALL_INFO_NONE,
959 0 : .arch = syscall_get_arch(child),
960 0 : .instruction_pointer = instruction_pointer(regs),
961 0 : .stack_pointer = user_stack_pointer(regs),
962 : };
963 0 : unsigned long actual_size = offsetof(struct ptrace_syscall_info, entry);
964 0 : unsigned long write_size;
965 :
966 : /*
967 : * This does not need lock_task_sighand() to access
968 : * child->last_siginfo because ptrace_freeze_traced()
969 : * called earlier by ptrace_check_attach() ensures that
970 : * the tracee cannot go away and clear its last_siginfo.
971 : */
972 0 : switch (child->last_siginfo ? child->last_siginfo->si_code : 0) {
973 0 : case SIGTRAP | 0x80:
974 0 : switch (child->ptrace_message) {
975 0 : case PTRACE_EVENTMSG_SYSCALL_ENTRY:
976 0 : actual_size = ptrace_get_syscall_info_entry(child, regs,
977 : &info);
978 0 : break;
979 0 : case PTRACE_EVENTMSG_SYSCALL_EXIT:
980 0 : actual_size = ptrace_get_syscall_info_exit(child, regs,
981 : &info);
982 0 : break;
983 : }
984 : break;
985 : case SIGTRAP | (PTRACE_EVENT_SECCOMP << 8):
986 0 : actual_size = ptrace_get_syscall_info_seccomp(child, regs,
987 : &info);
988 0 : break;
989 : }
990 :
991 0 : write_size = min(actual_size, user_size);
992 0 : return copy_to_user(datavp, &info, write_size) ? -EFAULT : actual_size;
993 : }
994 : #endif /* CONFIG_HAVE_ARCH_TRACEHOOK */
995 :
996 12 : int ptrace_request(struct task_struct *child, long request,
997 : unsigned long addr, unsigned long data)
998 : {
999 12 : bool seized = child->ptrace & PT_SEIZED;
1000 12 : int ret = -EIO;
1001 12 : kernel_siginfo_t siginfo, *si;
1002 12 : void __user *datavp = (void __user *) data;
1003 12 : unsigned long __user *datalp = datavp;
1004 12 : unsigned long flags;
1005 :
1006 12 : switch (request) {
1007 0 : case PTRACE_PEEKTEXT:
1008 : case PTRACE_PEEKDATA:
1009 0 : return generic_ptrace_peekdata(child, addr, data);
1010 0 : case PTRACE_POKETEXT:
1011 : case PTRACE_POKEDATA:
1012 0 : return generic_ptrace_pokedata(child, addr, data);
1013 :
1014 : #ifdef PTRACE_OLDSETOPTIONS
1015 : case PTRACE_OLDSETOPTIONS:
1016 : #endif
1017 : case PTRACE_SETOPTIONS:
1018 0 : ret = ptrace_setoptions(child, data);
1019 : break;
1020 0 : case PTRACE_GETEVENTMSG:
1021 0 : ret = put_user(child->ptrace_message, datalp);
1022 0 : break;
1023 :
1024 0 : case PTRACE_PEEKSIGINFO:
1025 0 : ret = ptrace_peek_siginfo(child, addr, data);
1026 0 : break;
1027 :
1028 0 : case PTRACE_GETSIGINFO:
1029 0 : ret = ptrace_getsiginfo(child, &siginfo);
1030 0 : if (!ret)
1031 0 : ret = copy_siginfo_to_user(datavp, &siginfo);
1032 : break;
1033 :
1034 0 : case PTRACE_SETSIGINFO:
1035 0 : ret = copy_siginfo_from_user(&siginfo, datavp);
1036 0 : if (!ret)
1037 0 : ret = ptrace_setsiginfo(child, &siginfo);
1038 : break;
1039 :
1040 0 : case PTRACE_GETSIGMASK: {
1041 0 : sigset_t *mask;
1042 :
1043 0 : if (addr != sizeof(sigset_t)) {
1044 : ret = -EINVAL;
1045 : break;
1046 : }
1047 :
1048 0 : if (test_tsk_restore_sigmask(child))
1049 0 : mask = &child->saved_sigmask;
1050 : else
1051 0 : mask = &child->blocked;
1052 :
1053 0 : if (copy_to_user(datavp, mask, sizeof(sigset_t)))
1054 : ret = -EFAULT;
1055 : else
1056 0 : ret = 0;
1057 :
1058 : break;
1059 : }
1060 :
1061 0 : case PTRACE_SETSIGMASK: {
1062 0 : sigset_t new_set;
1063 :
1064 0 : if (addr != sizeof(sigset_t)) {
1065 : ret = -EINVAL;
1066 : break;
1067 : }
1068 :
1069 0 : if (copy_from_user(&new_set, datavp, sizeof(sigset_t))) {
1070 : ret = -EFAULT;
1071 : break;
1072 : }
1073 :
1074 0 : sigdelsetmask(&new_set, sigmask(SIGKILL)|sigmask(SIGSTOP));
1075 :
1076 : /*
1077 : * Every thread does recalc_sigpending() after resume, so
1078 : * retarget_shared_pending() and recalc_sigpending() are not
1079 : * called here.
1080 : */
1081 0 : spin_lock_irq(&child->sighand->siglock);
1082 0 : child->blocked = new_set;
1083 0 : spin_unlock_irq(&child->sighand->siglock);
1084 :
1085 0 : clear_tsk_restore_sigmask(child);
1086 :
1087 0 : ret = 0;
1088 0 : break;
1089 : }
1090 :
1091 0 : case PTRACE_INTERRUPT:
1092 : /*
1093 : * Stop tracee without any side-effect on signal or job
1094 : * control. At least one trap is guaranteed to happen
1095 : * after this request. If @child is already trapped, the
1096 : * current trap is not disturbed and another trap will
1097 : * happen after the current trap is ended with PTRACE_CONT.
1098 : *
1099 : * The actual trap might not be PTRACE_EVENT_STOP trap but
1100 : * the pending condition is cleared regardless.
1101 : */
1102 0 : if (unlikely(!seized || !lock_task_sighand(child, &flags)))
1103 : break;
1104 :
1105 : /*
1106 : * INTERRUPT doesn't disturb existing trap sans one
1107 : * exception. If ptracer issued LISTEN for the current
1108 : * STOP, this INTERRUPT should clear LISTEN and re-trap
1109 : * tracee into STOP.
1110 : */
1111 0 : if (likely(task_set_jobctl_pending(child, JOBCTL_TRAP_STOP)))
1112 0 : ptrace_signal_wake_up(child, child->jobctl & JOBCTL_LISTENING);
1113 :
1114 0 : unlock_task_sighand(child, &flags);
1115 0 : ret = 0;
1116 0 : break;
1117 :
1118 0 : case PTRACE_LISTEN:
1119 : /*
1120 : * Listen for events. Tracee must be in STOP. It's not
1121 : * resumed per-se but is not considered to be in TRACED by
1122 : * wait(2) or ptrace(2). If an async event (e.g. group
1123 : * stop state change) happens, tracee will enter STOP trap
1124 : * again. Alternatively, ptracer can issue INTERRUPT to
1125 : * finish listening and re-trap tracee into STOP.
1126 : */
1127 0 : if (unlikely(!seized || !lock_task_sighand(child, &flags)))
1128 : break;
1129 :
1130 0 : si = child->last_siginfo;
1131 0 : if (likely(si && (si->si_code >> 8) == PTRACE_EVENT_STOP)) {
1132 0 : child->jobctl |= JOBCTL_LISTENING;
1133 : /*
1134 : * If NOTIFY is set, it means event happened between
1135 : * start of this trap and now. Trigger re-trap.
1136 : */
1137 0 : if (child->jobctl & JOBCTL_TRAP_NOTIFY)
1138 0 : ptrace_signal_wake_up(child, true);
1139 : ret = 0;
1140 : }
1141 0 : unlock_task_sighand(child, &flags);
1142 : break;
1143 :
1144 12 : case PTRACE_DETACH: /* detach a process that was attached. */
1145 12 : ret = ptrace_detach(child, data);
1146 12 : break;
1147 :
1148 : #ifdef CONFIG_BINFMT_ELF_FDPIC
1149 : case PTRACE_GETFDPIC: {
1150 : struct mm_struct *mm = get_task_mm(child);
1151 : unsigned long tmp = 0;
1152 :
1153 : ret = -ESRCH;
1154 : if (!mm)
1155 : break;
1156 :
1157 : switch (addr) {
1158 : case PTRACE_GETFDPIC_EXEC:
1159 : tmp = mm->context.exec_fdpic_loadmap;
1160 : break;
1161 : case PTRACE_GETFDPIC_INTERP:
1162 : tmp = mm->context.interp_fdpic_loadmap;
1163 : break;
1164 : default:
1165 : break;
1166 : }
1167 : mmput(mm);
1168 :
1169 : ret = put_user(tmp, datalp);
1170 : break;
1171 : }
1172 : #endif
1173 :
1174 : #ifdef PTRACE_SINGLESTEP
1175 0 : case PTRACE_SINGLESTEP:
1176 : #endif
1177 : #ifdef PTRACE_SINGLEBLOCK
1178 : case PTRACE_SINGLEBLOCK:
1179 : #endif
1180 : #ifdef PTRACE_SYSEMU
1181 : case PTRACE_SYSEMU:
1182 : case PTRACE_SYSEMU_SINGLESTEP:
1183 : #endif
1184 : case PTRACE_SYSCALL:
1185 : case PTRACE_CONT:
1186 0 : return ptrace_resume(child, request, data);
1187 :
1188 0 : case PTRACE_KILL:
1189 0 : if (child->exit_state) /* already dead */
1190 : return 0;
1191 0 : return ptrace_resume(child, request, SIGKILL);
1192 :
1193 : #ifdef CONFIG_HAVE_ARCH_TRACEHOOK
1194 0 : case PTRACE_GETREGSET:
1195 : case PTRACE_SETREGSET: {
1196 0 : struct iovec kiov;
1197 0 : struct iovec __user *uiov = datavp;
1198 :
1199 0 : if (!access_ok(uiov, sizeof(*uiov)))
1200 0 : return -EFAULT;
1201 :
1202 0 : if (__get_user(kiov.iov_base, &uiov->iov_base) ||
1203 0 : __get_user(kiov.iov_len, &uiov->iov_len))
1204 0 : return -EFAULT;
1205 :
1206 0 : ret = ptrace_regset(child, request, addr, &kiov);
1207 0 : if (!ret)
1208 0 : ret = __put_user(kiov.iov_len, &uiov->iov_len);
1209 0 : break;
1210 : }
1211 :
1212 0 : case PTRACE_GET_SYSCALL_INFO:
1213 0 : ret = ptrace_get_syscall_info(child, addr, datavp);
1214 0 : break;
1215 : #endif
1216 :
1217 : case PTRACE_SECCOMP_GET_FILTER:
1218 0 : ret = seccomp_get_filter(child, addr, datavp);
1219 0 : break;
1220 :
1221 : case PTRACE_SECCOMP_GET_METADATA:
1222 0 : ret = seccomp_get_metadata(child, addr, datavp);
1223 0 : break;
1224 :
1225 : default:
1226 : break;
1227 : }
1228 :
1229 0 : return ret;
1230 : }
1231 :
1232 : #ifndef arch_ptrace_attach
1233 : #define arch_ptrace_attach(child) do { } while (0)
1234 : #endif
1235 :
1236 80 : SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
1237 : unsigned long, data)
1238 : {
1239 40 : struct task_struct *child;
1240 40 : long ret;
1241 :
1242 40 : if (request == PTRACE_TRACEME) {
1243 8 : ret = ptrace_traceme();
1244 8 : if (!ret)
1245 8 : arch_ptrace_attach(current);
1246 8 : goto out;
1247 : }
1248 :
1249 32 : child = find_get_task_by_vpid(pid);
1250 32 : if (!child) {
1251 0 : ret = -ESRCH;
1252 0 : goto out;
1253 : }
1254 :
1255 32 : if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) {
1256 16 : ret = ptrace_attach(child, request, addr, data);
1257 : /*
1258 : * Some architectures need to do book-keeping after
1259 : * a ptrace attach.
1260 : */
1261 16 : if (!ret)
1262 16 : arch_ptrace_attach(child);
1263 16 : goto out_put_task_struct;
1264 : }
1265 :
1266 32 : ret = ptrace_check_attach(child, request == PTRACE_KILL ||
1267 16 : request == PTRACE_INTERRUPT);
1268 16 : if (ret < 0)
1269 4 : goto out_put_task_struct;
1270 :
1271 12 : ret = arch_ptrace(child, request, addr, data);
1272 12 : if (ret || request != PTRACE_DETACH)
1273 0 : ptrace_unfreeze_traced(child);
1274 :
1275 12 : out_put_task_struct:
1276 32 : put_task_struct(child);
1277 40 : out:
1278 40 : return ret;
1279 : }
1280 :
1281 0 : int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
1282 : unsigned long data)
1283 : {
1284 0 : unsigned long tmp;
1285 0 : int copied;
1286 :
1287 0 : copied = ptrace_access_vm(tsk, addr, &tmp, sizeof(tmp), FOLL_FORCE);
1288 0 : if (copied != sizeof(tmp))
1289 : return -EIO;
1290 0 : return put_user(tmp, (unsigned long __user *)data);
1291 : }
1292 :
1293 0 : int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr,
1294 : unsigned long data)
1295 : {
1296 0 : int copied;
1297 :
1298 0 : copied = ptrace_access_vm(tsk, addr, &data, sizeof(data),
1299 : FOLL_FORCE | FOLL_WRITE);
1300 0 : return (copied == sizeof(data)) ? 0 : -EIO;
1301 : }
1302 :
1303 : #if defined CONFIG_COMPAT
1304 :
1305 0 : int compat_ptrace_request(struct task_struct *child, compat_long_t request,
1306 : compat_ulong_t addr, compat_ulong_t data)
1307 : {
1308 0 : compat_ulong_t __user *datap = compat_ptr(data);
1309 0 : compat_ulong_t word;
1310 0 : kernel_siginfo_t siginfo;
1311 0 : int ret;
1312 :
1313 0 : switch (request) {
1314 0 : case PTRACE_PEEKTEXT:
1315 : case PTRACE_PEEKDATA:
1316 0 : ret = ptrace_access_vm(child, addr, &word, sizeof(word),
1317 : FOLL_FORCE);
1318 0 : if (ret != sizeof(word))
1319 : ret = -EIO;
1320 : else
1321 0 : ret = put_user(word, datap);
1322 : break;
1323 :
1324 0 : case PTRACE_POKETEXT:
1325 : case PTRACE_POKEDATA:
1326 0 : ret = ptrace_access_vm(child, addr, &data, sizeof(data),
1327 : FOLL_FORCE | FOLL_WRITE);
1328 0 : ret = (ret != sizeof(data) ? -EIO : 0);
1329 : break;
1330 :
1331 0 : case PTRACE_GETEVENTMSG:
1332 0 : ret = put_user((compat_ulong_t) child->ptrace_message, datap);
1333 0 : break;
1334 :
1335 0 : case PTRACE_GETSIGINFO:
1336 0 : ret = ptrace_getsiginfo(child, &siginfo);
1337 0 : if (!ret)
1338 0 : ret = copy_siginfo_to_user32(
1339 : (struct compat_siginfo __user *) datap,
1340 : &siginfo);
1341 : break;
1342 :
1343 0 : case PTRACE_SETSIGINFO:
1344 0 : ret = copy_siginfo_from_user32(
1345 : &siginfo, (struct compat_siginfo __user *) datap);
1346 0 : if (!ret)
1347 0 : ret = ptrace_setsiginfo(child, &siginfo);
1348 : break;
1349 : #ifdef CONFIG_HAVE_ARCH_TRACEHOOK
1350 0 : case PTRACE_GETREGSET:
1351 : case PTRACE_SETREGSET:
1352 : {
1353 0 : struct iovec kiov;
1354 0 : struct compat_iovec __user *uiov =
1355 : (struct compat_iovec __user *) datap;
1356 0 : compat_uptr_t ptr;
1357 0 : compat_size_t len;
1358 :
1359 0 : if (!access_ok(uiov, sizeof(*uiov)))
1360 0 : return -EFAULT;
1361 :
1362 0 : if (__get_user(ptr, &uiov->iov_base) ||
1363 0 : __get_user(len, &uiov->iov_len))
1364 0 : return -EFAULT;
1365 :
1366 0 : kiov.iov_base = compat_ptr(ptr);
1367 0 : kiov.iov_len = len;
1368 :
1369 0 : ret = ptrace_regset(child, request, addr, &kiov);
1370 0 : if (!ret)
1371 0 : ret = __put_user(kiov.iov_len, &uiov->iov_len);
1372 0 : break;
1373 : }
1374 : #endif
1375 :
1376 0 : default:
1377 0 : ret = ptrace_request(child, request, addr, data);
1378 : }
1379 :
1380 : return ret;
1381 : }
1382 :
1383 0 : COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid,
1384 : compat_long_t, addr, compat_long_t, data)
1385 : {
1386 0 : struct task_struct *child;
1387 0 : long ret;
1388 :
1389 0 : if (request == PTRACE_TRACEME) {
1390 0 : ret = ptrace_traceme();
1391 0 : goto out;
1392 : }
1393 :
1394 0 : child = find_get_task_by_vpid(pid);
1395 0 : if (!child) {
1396 0 : ret = -ESRCH;
1397 0 : goto out;
1398 : }
1399 :
1400 0 : if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) {
1401 0 : ret = ptrace_attach(child, request, addr, data);
1402 : /*
1403 : * Some architectures need to do book-keeping after
1404 : * a ptrace attach.
1405 : */
1406 0 : if (!ret)
1407 0 : arch_ptrace_attach(child);
1408 0 : goto out_put_task_struct;
1409 : }
1410 :
1411 0 : ret = ptrace_check_attach(child, request == PTRACE_KILL ||
1412 0 : request == PTRACE_INTERRUPT);
1413 0 : if (!ret) {
1414 0 : ret = compat_arch_ptrace(child, request, addr, data);
1415 0 : if (ret || request != PTRACE_DETACH)
1416 0 : ptrace_unfreeze_traced(child);
1417 : }
1418 :
1419 0 : out_put_task_struct:
1420 0 : put_task_struct(child);
1421 0 : out:
1422 0 : return ret;
1423 : }
1424 : #endif /* CONFIG_COMPAT */
|
