Index: head/sys/fs/procfs/procfs.h =================================================================== --- head/sys/fs/procfs/procfs.h (revision 28085) +++ head/sys/fs/procfs/procfs.h (revision 28086) @@ -1,159 +1,171 @@ /* * Copyright (c) 1993 Jan-Simon Pendry * Copyright (c) 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Jan-Simon Pendry. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)procfs.h 8.9 (Berkeley) 5/14/95 * * From: - * $Id$ + * $Id: procfs.h,v 1.15 1997/02/22 09:40:26 peter Exp $ */ /* * The different types of node in a procfs filesystem */ typedef enum { Proot, /* the filesystem root */ Pcurproc, /* symbolic link for curproc */ Pproc, /* a process-specific sub-directory */ Pfile, /* the executable file */ Pmem, /* the process's memory image */ Pregs, /* the process's register set */ Pfpregs, /* the process's FP register set */ Pctl, /* process control */ Pstatus, /* process status */ Pnote, /* process notifier */ Pnotepg, /* process group notifier */ Pmap, /* memory map */ Ptype /* executable type */ } pfstype; /* * control data for the proc file system. */ struct pfsnode { struct pfsnode *pfs_next; /* next on list */ struct vnode *pfs_vnode; /* vnode associated with this pfsnode */ pfstype pfs_type; /* type of procfs node */ pid_t pfs_pid; /* associated process */ u_short pfs_mode; /* mode bits for stat() */ u_long pfs_flags; /* open flags */ u_long pfs_fileno; /* unique file id */ pid_t pfs_lockowner; /* pfs lock owner */ }; #define PROCFS_NOTELEN 64 /* max length of a note (/proc/$pid/note) */ #define PROCFS_CTLLEN 8 /* max length of a ctl msg (/proc/$pid/ctl */ /* * Kernel stuff follows */ #ifdef KERNEL #define CNEQ(cnp, s, len) \ ((cnp)->cn_namelen == (len) && \ (bcmp((s), (cnp)->cn_nameptr, (len)) == 0)) #define KMEM_GROUP 2 + +/* + * Check to see whether access to target process is allowed + * Evaluates to 1 if access is allowed. + */ +#define CHECKIO(p1, p2) \ + ((((p1)->p_cred->pc_ucred->cr_uid == (p2)->p_cred->p_ruid) && \ + ((p1)->p_cred->p_ruid == (p2)->p_cred->p_ruid) && \ + ((p1)->p_cred->p_svuid == (p2)->p_cred->p_ruid) && \ + ((p2)->p_flag & P_SUGID) == 0) || \ + (suser((p1)->p_cred->pc_ucred, &(p1)->p_acflag) == 0)) + /* * Format of a directory entry in /proc, ... * This must map onto struct dirent (see ) */ #define PROCFS_NAMELEN 8 struct pfsdent { u_long d_fileno; u_short d_reclen; u_char d_type; u_char d_namlen; char d_name[PROCFS_NAMELEN]; }; #define UIO_MX sizeof(struct pfsdent) #define PROCFS_FILENO(pid, type) \ (((type) < Pproc) ? \ ((type) + 2) : \ ((((pid)+1) << 4) + ((int) (type)))) /* * Convert between pfsnode vnode */ #define VTOPFS(vp) ((struct pfsnode *)(vp)->v_data) #define PFSTOV(pfs) ((pfs)->pfs_vnode) typedef struct vfs_namemap vfs_namemap_t; struct vfs_namemap { const char *nm_name; int nm_val; }; int vfs_getuserstr __P((struct uio *, char *, int *)); vfs_namemap_t *vfs_findname __P((vfs_namemap_t *, char *, int)); /* */ struct reg; struct fpreg; #define PFIND(pid) ((pid) ? pfind(pid) : &proc0) int procfs_freevp __P((struct vnode *)); int procfs_allocvp __P((struct mount *, struct vnode **, long, pfstype)); struct vnode *procfs_findtextvp __P((struct proc *)); int procfs_sstep __P((struct proc *)); void procfs_fix_sstep __P((struct proc *)); int procfs_read_regs __P((struct proc *, struct reg *)); int procfs_write_regs __P((struct proc *, struct reg *)); int procfs_read_fpregs __P((struct proc *, struct fpreg *)); int procfs_write_fpregs __P((struct proc *, struct fpreg *)); int procfs_donote __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio)); int procfs_doregs __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio)); int procfs_dofpregs __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio)); int procfs_domem __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio)); int procfs_doctl __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio)); int procfs_dostatus __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio)); int procfs_domap __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio)); int procfs_dotype __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio)); /* functions to check whether or not files should be displayed */ int procfs_validfile __P((struct proc *)); int procfs_validfpregs __P((struct proc *)); int procfs_validregs __P((struct proc *)); int procfs_validmap __P((struct proc *)); int procfs_validtype __P((struct proc *)); #define PROCFS_LOCKED 0x01 #define PROCFS_WANT 0x02 extern vop_t **procfs_vnodeop_p; extern struct vfsops procfs_vfsops; int procfs_root __P((struct mount *, struct vnode **)); int procfs_rw __P((struct vop_read_args *)); #endif /* KERNEL */ Index: head/sys/fs/procfs/procfs_mem.c =================================================================== --- head/sys/fs/procfs/procfs_mem.c (revision 28085) +++ head/sys/fs/procfs/procfs_mem.c (revision 28086) @@ -1,300 +1,317 @@ /* * Copyright (c) 1993 Jan-Simon Pendry * Copyright (c) 1993 Sean Eric Fagan * Copyright (c) 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Jan-Simon Pendry and Sean Eric Fagan. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)procfs_mem.c 8.5 (Berkeley) 6/15/94 * - * $Id: procfs_mem.c,v 1.25 1997/04/20 17:12:11 dyson Exp $ + * $Id: procfs_mem.c,v 1.26 1997/08/02 14:32:14 bde Exp $ */ /* * This is a lightly hacked and merged version * of sef's pread/pwrite functions */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static int procfs_rwmem __P((struct proc *p, struct uio *uio)); static int procfs_rwmem(p, uio) struct proc *p; struct uio *uio; { int error; int writing; struct vmspace *vm; vm_map_t map; vm_object_t object = NULL; vm_offset_t pageno = 0; /* page number */ vm_prot_t reqprot; vm_offset_t kva; /* * if the vmspace is in the midst of being deallocated or the * process is exiting, don't try to grab anything. The page table * usage in that process can be messed up. */ vm = p->p_vmspace; if ((p->p_flag & P_WEXIT) || (vm->vm_refcnt < 1)) return EFAULT; ++vm->vm_refcnt; /* * The map we want... */ map = &vm->vm_map; writing = uio->uio_rw == UIO_WRITE; reqprot = writing ? (VM_PROT_WRITE | VM_PROT_OVERRIDE_WRITE) : VM_PROT_READ; kva = kmem_alloc_pageable(kernel_map, PAGE_SIZE); /* * Only map in one page at a time. We don't have to, but it * makes things easier. This way is trivial - right? */ do { vm_map_t tmap; vm_offset_t uva; int page_offset; /* offset into page */ vm_map_entry_t out_entry; vm_prot_t out_prot; boolean_t wired, single_use; vm_pindex_t pindex; u_int len; vm_page_t m; object = NULL; uva = (vm_offset_t) uio->uio_offset; /* * Get the page number of this segment. */ pageno = trunc_page(uva); page_offset = uva - pageno; /* * How many bytes to copy */ len = min(PAGE_SIZE - page_offset, uio->uio_resid); if (uva >= VM_MAXUSER_ADDRESS) { vm_offset_t tkva; if (writing || (uva >= (VM_MAXUSER_ADDRESS + UPAGES * PAGE_SIZE))) { error = 0; break; } /* we are reading the "U area", force it into core */ PHOLD(p); /* sanity check */ if (!(p->p_flag & P_INMEM)) { /* aiee! */ PRELE(p); error = EFAULT; break; } /* populate the ptrace/procfs area */ p->p_addr->u_kproc.kp_proc = *p; fill_eproc (p, &p->p_addr->u_kproc.kp_eproc); /* locate the in-core address */ tkva = (u_int)p->p_addr + uva - VM_MAXUSER_ADDRESS; /* transfer it */ error = uiomove((caddr_t)tkva, len, uio); /* let the pages go */ PRELE(p); continue; } /* * Fault the page on behalf of the process */ error = vm_fault(map, pageno, reqprot, FALSE); if (error) { error = EFAULT; break; } /* * Now we need to get the page. out_entry, out_prot, wired, * and single_use aren't used. One would think the vm code * would be a *bit* nicer... We use tmap because * vm_map_lookup() can change the map argument. */ tmap = map; error = vm_map_lookup(&tmap, pageno, reqprot, &out_entry, &object, &pindex, &out_prot, &wired, &single_use); if (error) { error = EFAULT; /* * Make sure that there is no residue in 'object' from * an error return on vm_map_lookup. */ object = NULL; break; } m = vm_page_lookup(object, pindex); /* Allow fallback to backing objects if we are reading */ while (m == NULL && !writing && object->backing_object) { pindex += OFF_TO_IDX(object->backing_object_offset); object = object->backing_object; m = vm_page_lookup(object, pindex); } if (m == NULL) { error = EFAULT; /* * Make sure that there is no residue in 'object' from * an error return on vm_map_lookup. */ object = NULL; vm_map_lookup_done(tmap, out_entry); break; } /* * Wire the page into memory */ vm_page_wire(m); /* * We're done with tmap now. * But reference the object first, so that we won't loose * it. */ vm_object_reference(object); vm_map_lookup_done(tmap, out_entry); pmap_kenter(kva, VM_PAGE_TO_PHYS(m)); /* * Now do the i/o move. */ error = uiomove((caddr_t)(kva + page_offset), len, uio); pmap_kremove(kva); /* * release the page and the object */ vm_page_unwire(m); vm_object_deallocate(object); object = NULL; } while (error == 0 && uio->uio_resid > 0); if (object) vm_object_deallocate(object); kmem_free(kernel_map, kva, PAGE_SIZE); vmspace_free(vm); return (error); } /* * Copy data in and out of the target process. * We do this by mapping the process's page into * the kernel and then doing a uiomove direct * from the kernel address space. */ int procfs_domem(curp, p, pfs, uio) struct proc *curp; struct proc *p; struct pfsnode *pfs; struct uio *uio; { if (uio->uio_resid == 0) return (0); + + /* + * XXX + * We need to check for KMEM_GROUP because ps is sgid kmem; + * not allowing it here causes ps to not work properly. Arguably, + * this is a bug with what ps does. We only need to do this + * for Pmem nodes, and only if it's reading. This is still not + * good, as it may still be possible to grab illicit data if + * a process somehow gets to be KMEM_GROUP. Note that this also + * means that KMEM_GROUP can't change without editing procfs.h! + * All in all, quite yucky. + */ + + if (!CHECKIO(curp, p) && + !(curp->p_cred->pc_ucred->cr_gid == KMEM_GROUP && + uio->uio_rw == UIO_READ)) + return EPERM; return (procfs_rwmem(p, uio)); } /* * Given process (p), find the vnode from which * it's text segment is being executed. * * It would be nice to grab this information from * the VM system, however, there is no sure-fire * way of doing that. Instead, fork(), exec() and * wait() all maintain the p_textvp field in the * process proc structure which contains a held * reference to the exec'ed vnode. */ struct vnode * procfs_findtextvp(p) struct proc *p; { return (p->p_textvp); } Index: head/sys/fs/procfs/procfs_regs.c =================================================================== --- head/sys/fs/procfs/procfs_regs.c (revision 28085) +++ head/sys/fs/procfs/procfs_regs.c (revision 28086) @@ -1,96 +1,98 @@ /* * Copyright (c) 1993 Jan-Simon Pendry * Copyright (c) 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Jan-Simon Pendry. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)procfs_regs.c 8.4 (Berkeley) 6/15/94 * * From: - * $Id: procfs_regs.c,v 1.6 1997/02/22 09:40:29 peter Exp $ + * $Id: procfs_regs.c,v 1.7 1997/08/02 14:32:16 bde Exp $ */ #include #include #include #include #include #include #include int procfs_doregs(curp, p, pfs, uio) struct proc *curp; struct proc *p; struct pfsnode *pfs; struct uio *uio; { int error; struct reg r; char *kv; int kl; + if (!CHECKIO(curp, p)) + return EPERM; kl = sizeof(r); kv = (char *) &r; kv += uio->uio_offset; kl -= uio->uio_offset; if (kl > uio->uio_resid) kl = uio->uio_resid; PHOLD(p); if (kl < 0) error = EINVAL; else error = procfs_read_regs(p, &r); if (error == 0) error = uiomove(kv, kl, uio); if (error == 0 && uio->uio_rw == UIO_WRITE) { if (p->p_stat != SSTOP) error = EBUSY; else error = procfs_write_regs(p, &r); } PRELE(p); uio->uio_offset = 0; return (error); } int procfs_validregs(p) struct proc *p; { return ((p->p_flag & P_SYSTEM) == 0); } Index: head/sys/fs/procfs/procfs_vnops.c =================================================================== --- head/sys/fs/procfs/procfs_vnops.c (revision 28085) +++ head/sys/fs/procfs/procfs_vnops.c (revision 28086) @@ -1,1013 +1,1017 @@ /* * Copyright (c) 1993, 1995 Jan-Simon Pendry * Copyright (c) 1993, 1995 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Jan-Simon Pendry. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)procfs_vnops.c 8.18 (Berkeley) 5/21/95 * - * $Id: procfs_vnops.c,v 1.29 1997/02/24 16:44:11 bde Exp $ + * $Id: procfs_vnops.c,v 1.30 1997/08/02 14:32:20 bde Exp $ */ /* * procfs vnode interface */ #include #include #include #include #include #include #include #include #include #include #include #include #include static int procfs_abortop __P((struct vop_abortop_args *)); static int procfs_access __P((struct vop_access_args *)); static int procfs_badop __P((void)); static int procfs_bmap __P((struct vop_bmap_args *)); static int procfs_close __P((struct vop_close_args *)); static int procfs_getattr __P((struct vop_getattr_args *)); static int procfs_inactive __P((struct vop_inactive_args *)); static int procfs_ioctl __P((struct vop_ioctl_args *)); static int procfs_lookup __P((struct vop_lookup_args *)); static int procfs_open __P((struct vop_open_args *)); static int procfs_pathconf __P((struct vop_pathconf_args *ap)); static int procfs_print __P((struct vop_print_args *)); static int procfs_readdir __P((struct vop_readdir_args *)); static int procfs_readlink __P((struct vop_readlink_args *)); static int procfs_reclaim __P((struct vop_reclaim_args *)); static int procfs_setattr __P((struct vop_setattr_args *)); /* * This is a list of the valid names in the * process-specific sub-directories. It is * used in procfs_lookup and procfs_readdir */ struct proc_target { u_char pt_type; u_char pt_namlen; char *pt_name; pfstype pt_pfstype; int (*pt_valid) __P((struct proc *p)); } proc_targets[] = { #define N(s) sizeof(s)-1, s /* name type validp */ { DT_DIR, N("."), Pproc, NULL }, { DT_DIR, N(".."), Proot, NULL }, { DT_REG, N("file"), Pfile, procfs_validfile }, { DT_REG, N("mem"), Pmem, NULL }, { DT_REG, N("regs"), Pregs, procfs_validregs }, { DT_REG, N("fpregs"), Pfpregs, procfs_validfpregs }, { DT_REG, N("ctl"), Pctl, NULL }, { DT_REG, N("status"), Pstatus, NULL }, { DT_REG, N("note"), Pnote, NULL }, { DT_REG, N("notepg"), Pnotepg, NULL }, { DT_REG, N("map"), Pmap, procfs_validmap }, { DT_REG, N("etype"), Ptype, procfs_validtype }, #undef N }; static const int nproc_targets = sizeof(proc_targets) / sizeof(proc_targets[0]); static pid_t atopid __P((const char *, u_int)); /* * set things up for doing i/o on * the pfsnode (vp). (vp) is locked * on entry, and should be left locked * on exit. * * for procfs we don't need to do anything * in particular for i/o. all that is done * is to support exclusive open on process * memory images. */ static int procfs_open(ap) struct vop_open_args /* { struct vnode *a_vp; int a_mode; struct ucred *a_cred; struct proc *a_p; } */ *ap; { struct pfsnode *pfs = VTOPFS(ap->a_vp); + struct proc *p1 = ap->a_p, *p2 = PFIND(pfs->pfs_pid); + if (p2 == NULL) + return ENOENT; + switch (pfs->pfs_type) { case Pmem: - if (PFIND(pfs->pfs_pid) == 0) - return (ENOENT); /* was ESRCH, jsp */ - if ((pfs->pfs_flags & FWRITE) && (ap->a_mode & O_EXCL) || (pfs->pfs_flags & O_EXCL) && (ap->a_mode & FWRITE)) return (EBUSY); + if (!CHECKIO(p1, p2) && + (p1->p_cred->pc_ucred->cr_gid != KMEM_GROUP)) + return EPERM; + if (ap->a_mode & FWRITE) pfs->pfs_flags = ap->a_mode & (FWRITE|O_EXCL); return (0); default: break; } return (0); } /* * close the pfsnode (vp) after doing i/o. * (vp) is not locked on entry or exit. * * nothing to do for procfs other than undo * any exclusive open flag (see _open above). */ static int procfs_close(ap) struct vop_close_args /* { struct vnode *a_vp; int a_fflag; struct ucred *a_cred; struct proc *a_p; } */ *ap; { struct pfsnode *pfs = VTOPFS(ap->a_vp); switch (pfs->pfs_type) { case Pmem: if ((ap->a_fflag & FWRITE) && (pfs->pfs_flags & O_EXCL)) pfs->pfs_flags &= ~(FWRITE|O_EXCL); break; default: break; } return (0); } /* * do an ioctl operation on pfsnode (vp). * (vp) is not locked on entry or exit. */ static int procfs_ioctl(ap) struct vop_ioctl_args /* { struct vnode *a_vp; int a_command; caddr_t a_data; int a_fflag; struct ucred *a_cred; struct proc *a_p; } */ *ap; { - return (ENOTTY); } /* * do block mapping for pfsnode (vp). * since we don't use the buffer cache * for procfs this function should never * be called. in any case, it's not clear * what part of the kernel ever makes use * of this function. for sanity, this is the * usual no-op bmap, although returning * (EIO) would be a reasonable alternative. */ static int procfs_bmap(ap) struct vop_bmap_args /* { struct vnode *a_vp; daddr_t a_bn; struct vnode **a_vpp; daddr_t *a_bnp; int *a_runp; } */ *ap; { if (ap->a_vpp != NULL) *ap->a_vpp = ap->a_vp; if (ap->a_bnp != NULL) *ap->a_bnp = ap->a_bn; if (ap->a_runp != NULL) *ap->a_runp = 0; return (0); } /* * procfs_inactive is called when the pfsnode * is vrele'd and the reference count goes * to zero. (vp) will be on the vnode free * list, so to get it back vget() must be * used. * * for procfs, check if the process is still * alive and if it isn't then just throw away * the vnode by calling vgone(). this may * be overkill and a waste of time since the * chances are that the process will still be * there and PFIND is not free. * * (vp) is locked on entry, but must be unlocked on exit. */ static int procfs_inactive(ap) struct vop_inactive_args /* { struct vnode *a_vp; } */ *ap; { struct vnode *vp = ap->a_vp; struct pfsnode *pfs = VTOPFS(vp); VOP_UNLOCK(vp, 0, ap->a_p); if (PFIND(pfs->pfs_pid) == 0) vgone(vp); return (0); } /* * _reclaim is called when getnewvnode() * wants to make use of an entry on the vnode * free list. at this time the filesystem needs * to free any private data and remove the node * from any private lists. */ static int procfs_reclaim(ap) struct vop_reclaim_args /* { struct vnode *a_vp; } */ *ap; { return (procfs_freevp(ap->a_vp)); } /* * Return POSIX pathconf information applicable to special devices. */ static int procfs_pathconf(ap) struct vop_pathconf_args /* { struct vnode *a_vp; int a_name; int *a_retval; } */ *ap; { switch (ap->a_name) { case _PC_LINK_MAX: *ap->a_retval = LINK_MAX; return (0); case _PC_MAX_CANON: *ap->a_retval = MAX_CANON; return (0); case _PC_MAX_INPUT: *ap->a_retval = MAX_INPUT; return (0); case _PC_PIPE_BUF: *ap->a_retval = PIPE_BUF; return (0); case _PC_CHOWN_RESTRICTED: *ap->a_retval = 1; return (0); case _PC_VDISABLE: *ap->a_retval = _POSIX_VDISABLE; return (0); default: return (EINVAL); } /* NOTREACHED */ } /* * _print is used for debugging. * just print a readable description * of (vp). */ static int procfs_print(ap) struct vop_print_args /* { struct vnode *a_vp; } */ *ap; { struct pfsnode *pfs = VTOPFS(ap->a_vp); printf("tag VT_PROCFS, type %s, pid %d, mode %x, flags %x\n", pfs->pfs_type, pfs->pfs_pid, pfs->pfs_mode, pfs->pfs_flags); return (0); } /* * _abortop is called when operations such as * rename and create fail. this entry is responsible * for undoing any side-effects caused by the lookup. * this will always include freeing the pathname buffer. */ static int procfs_abortop(ap) struct vop_abortop_args /* { struct vnode *a_dvp; struct componentname *a_cnp; } */ *ap; { if ((ap->a_cnp->cn_flags & (HASBUF | SAVESTART)) == HASBUF) FREE(ap->a_cnp->cn_pnbuf, M_NAMEI); return (0); } /* * generic entry point for unsupported operations */ static int procfs_badop() { return (EIO); } /* * Invent attributes for pfsnode (vp) and store * them in (vap). * Directories lengths are returned as zero since * any real length would require the genuine size * to be computed, and nothing cares anyway. * * this is relatively minimal for procfs. */ static int procfs_getattr(ap) struct vop_getattr_args /* { struct vnode *a_vp; struct vattr *a_vap; struct ucred *a_cred; struct proc *a_p; } */ *ap; { struct pfsnode *pfs = VTOPFS(ap->a_vp); struct vattr *vap = ap->a_vap; struct proc *procp; int error; /* * First make sure that the process and its credentials * still exist. */ switch (pfs->pfs_type) { case Proot: case Pcurproc: procp = 0; break; default: procp = PFIND(pfs->pfs_pid); if (procp == 0 || procp->p_cred == NULL || procp->p_ucred == NULL) return (ENOENT); } error = 0; /* start by zeroing out the attributes */ VATTR_NULL(vap); /* next do all the common fields */ vap->va_type = ap->a_vp->v_type; vap->va_mode = pfs->pfs_mode; vap->va_fileid = pfs->pfs_fileno; vap->va_flags = 0; vap->va_blocksize = PAGE_SIZE; vap->va_bytes = vap->va_size = 0; /* * Make all times be current TOD. * It would be possible to get the process start * time from the p_stat structure, but there's * no "file creation" time stamp anyway, and the * p_stat structure is not addressible if u. gets * swapped out for that process. */ { struct timeval tv; microtime(&tv); TIMEVAL_TO_TIMESPEC(&tv, &vap->va_ctime); } vap->va_atime = vap->va_mtime = vap->va_ctime; /* * If the process has exercised some setuid or setgid * privilege, then rip away read/write permission so * that only root can gain access. */ switch (pfs->pfs_type) { case Pctl: case Pregs: case Pfpregs: if (procp->p_flag & P_SUGID) vap->va_mode &= ~((VREAD|VWRITE)| ((VREAD|VWRITE)>>3)| ((VREAD|VWRITE)>>6)); break; case Pmem: /* Retain group kmem readablity. */ if (procp->p_flag & P_SUGID) vap->va_mode &= ~(VREAD|VWRITE); break; default: break; } /* * now do the object specific fields * * The size could be set from struct reg, but it's hardly * worth the trouble, and it puts some (potentially) machine * dependent data into this machine-independent code. If it * becomes important then this function should break out into * a per-file stat function in the corresponding .c file. */ switch (pfs->pfs_type) { case Proot: /* * Set nlink to 1 to tell fts(3) we don't actually know. */ vap->va_nlink = 1; vap->va_uid = 0; vap->va_gid = 0; vap->va_size = vap->va_bytes = DEV_BSIZE; break; case Pcurproc: { char buf[16]; /* should be enough */ vap->va_nlink = 1; vap->va_uid = 0; vap->va_gid = 0; vap->va_size = vap->va_bytes = sprintf(buf, "%ld", (long)curproc->p_pid); break; } case Pproc: vap->va_nlink = nproc_targets; vap->va_uid = procp->p_ucred->cr_uid; vap->va_gid = procp->p_ucred->cr_gid; vap->va_size = vap->va_bytes = DEV_BSIZE; break; case Pfile: error = EOPNOTSUPP; break; case Pmem: vap->va_nlink = 1; /* * If we denied owner access earlier, then we have to * change the owner to root - otherwise 'ps' and friends * will break even though they are setgid kmem. *SIGH* */ if (procp->p_flag & P_SUGID) vap->va_uid = 0; else vap->va_uid = procp->p_ucred->cr_uid; vap->va_gid = KMEM_GROUP; break; case Ptype: case Pmap: case Pregs: vap->va_bytes = vap->va_size = sizeof(struct reg); vap->va_nlink = 1; vap->va_uid = procp->p_ucred->cr_uid; vap->va_gid = procp->p_ucred->cr_gid; break; case Pfpregs: vap->va_bytes = vap->va_size = sizeof(struct fpreg); case Pctl: case Pstatus: case Pnote: case Pnotepg: vap->va_nlink = 1; vap->va_uid = procp->p_ucred->cr_uid; vap->va_gid = procp->p_ucred->cr_gid; break; default: panic("procfs_getattr"); } return (error); } static int procfs_setattr(ap) struct vop_setattr_args /* { struct vnode *a_vp; struct vattr *a_vap; struct ucred *a_cred; struct proc *a_p; } */ *ap; { /* * just fake out attribute setting * it's not good to generate an error * return, otherwise things like creat() * will fail when they try to set the * file length to 0. worse, this means * that echo $note > /proc/$pid/note will fail. */ return (0); } /* * implement access checking. * * something very similar to this code is duplicated * throughout the 4bsd kernel and should be moved * into kern/vfs_subr.c sometime. * * actually, the check for super-user is slightly * broken since it will allow read access to write-only * objects. this doesn't cause any particular trouble * but does mean that the i/o entry points need to check * that the operation really does make sense. */ static int procfs_access(ap) struct vop_access_args /* { struct vnode *a_vp; int a_mode; struct ucred *a_cred; struct proc *a_p; } */ *ap; { struct vattr *vap; struct vattr vattr; int error; /* * If you're the super-user, * you always get access. */ if (ap->a_cred->cr_uid == 0) return (0); vap = &vattr; error = VOP_GETATTR(ap->a_vp, vap, ap->a_cred, ap->a_p); if (error) return (error); /* * Access check is based on only one of owner, group, public. * If not owner, then check group. If not a member of the * group, then check public access. */ if (ap->a_cred->cr_uid != vap->va_uid) { gid_t *gp; int i; ap->a_mode >>= 3; gp = ap->a_cred->cr_groups; for (i = 0; i < ap->a_cred->cr_ngroups; i++, gp++) if (vap->va_gid == *gp) goto found; ap->a_mode >>= 3; found: ; } if ((vap->va_mode & ap->a_mode) == ap->a_mode) return (0); return (EACCES); } /* * lookup. this is incredibly complicated in the * general case, however for most pseudo-filesystems * very little needs to be done. * * unless you want to get a migraine, just make sure your * filesystem doesn't do any locking of its own. otherwise * read and inwardly digest ufs_lookup(). */ static int procfs_lookup(ap) struct vop_lookup_args /* { struct vnode * a_dvp; struct vnode ** a_vpp; struct componentname * a_cnp; } */ *ap; { struct componentname *cnp = ap->a_cnp; struct vnode **vpp = ap->a_vpp; struct vnode *dvp = ap->a_dvp; char *pname = cnp->cn_nameptr; struct proc *curp = cnp->cn_proc; int error = 0; struct proc_target *pt; struct vnode *fvp; pid_t pid; struct pfsnode *pfs; struct proc *p; int i; *vpp = NULL; if (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME) return (EROFS); if (cnp->cn_namelen == 1 && *pname == '.') { *vpp = dvp; VREF(dvp); /* vn_lock(dvp, LK_EXCLUSIVE | LK_RETRY, curp); */ return (0); } pfs = VTOPFS(dvp); switch (pfs->pfs_type) { case Proot: if (cnp->cn_flags & ISDOTDOT) return (EIO); if (CNEQ(cnp, "curproc", 7)) return (procfs_allocvp(dvp->v_mount, vpp, 0, Pcurproc)); pid = atopid(pname, cnp->cn_namelen); if (pid == NO_PID) break; p = PFIND(pid); if (p == 0) break; return (procfs_allocvp(dvp->v_mount, vpp, pid, Pproc)); case Pproc: if (cnp->cn_flags & ISDOTDOT) return (procfs_root(dvp->v_mount, vpp)); p = PFIND(pfs->pfs_pid); if (p == 0) break; for (pt = proc_targets, i = 0; i < nproc_targets; pt++, i++) { if (cnp->cn_namelen == pt->pt_namlen && bcmp(pt->pt_name, pname, cnp->cn_namelen) == 0 && (pt->pt_valid == NULL || (*pt->pt_valid)(p))) goto found; } break; found: if (pt->pt_pfstype == Pfile) { fvp = procfs_findtextvp(p); /* We already checked that it exists. */ VREF(fvp); vn_lock(fvp, LK_EXCLUSIVE | LK_RETRY, curp); *vpp = fvp; return (0); } return (procfs_allocvp(dvp->v_mount, vpp, pfs->pfs_pid, pt->pt_pfstype)); default: return (ENOTDIR); } return (cnp->cn_nameiop == LOOKUP ? ENOENT : EROFS); } /* * Does this process have a text file? */ int procfs_validfile(p) struct proc *p; { return (procfs_findtextvp(p) != NULLVP); } /* * readdir returns directory entries from pfsnode (vp). * * the strategy here with procfs is to generate a single * directory entry at a time (struct pfsdent) and then * copy that out to userland using uiomove. a more efficent * though more complex implementation, would try to minimize * the number of calls to uiomove(). for procfs, this is * hardly worth the added code complexity. * * this should just be done through read() */ static int procfs_readdir(ap) struct vop_readdir_args /* { struct vnode *a_vp; struct uio *a_uio; struct ucred *a_cred; int *a_eofflag; u_long *a_cookies; int a_ncookies; } */ *ap; { struct uio *uio = ap->a_uio; struct pfsdent d; struct pfsdent *dp = &d; struct pfsnode *pfs; int error; int count; int i; /* * We don't allow exporting procfs mounts, and currently local * requests do not need cookies. */ if (ap->a_ncookies) panic("procfs_readdir: not hungry"); pfs = VTOPFS(ap->a_vp); if (uio->uio_resid < UIO_MX) return (EINVAL); if (uio->uio_offset & (UIO_MX-1)) return (EINVAL); if (uio->uio_offset < 0) return (EINVAL); error = 0; count = 0; i = uio->uio_offset / UIO_MX; switch (pfs->pfs_type) { /* * this is for the process-specific sub-directories. * all that is needed to is copy out all the entries * from the procent[] table (top of this file). */ case Pproc: { struct proc *p; struct proc_target *pt; p = PFIND(pfs->pfs_pid); if (p == NULL) break; for (pt = &proc_targets[i]; uio->uio_resid >= UIO_MX && i < nproc_targets; pt++, i++) { if (pt->pt_valid && (*pt->pt_valid)(p) == 0) continue; dp->d_reclen = UIO_MX; dp->d_fileno = PROCFS_FILENO(pfs->pfs_pid, pt->pt_pfstype); dp->d_namlen = pt->pt_namlen; bcopy(pt->pt_name, dp->d_name, pt->pt_namlen + 1); dp->d_type = pt->pt_type; if (error = uiomove((caddr_t)dp, UIO_MX, uio)) break; } break; } /* * this is for the root of the procfs filesystem * what is needed is a special entry for "curproc" * followed by an entry for each process on allproc #ifdef PROCFS_ZOMBIE * and zombproc. #endif */ case Proot: { #ifdef PROCFS_ZOMBIE int doingzomb = 0; #endif int pcnt = 0; volatile struct proc *p = allproc.lh_first; again: for (; p && uio->uio_resid >= UIO_MX; i++, pcnt++) { bzero((char *) dp, UIO_MX); dp->d_reclen = UIO_MX; switch (i) { case 0: /* `.' */ case 1: /* `..' */ dp->d_fileno = PROCFS_FILENO(0, Proot); dp->d_namlen = i + 1; bcopy("..", dp->d_name, dp->d_namlen); dp->d_name[i + 1] = '\0'; dp->d_type = DT_DIR; break; case 2: dp->d_fileno = PROCFS_FILENO(0, Pcurproc); dp->d_namlen = 7; bcopy("curproc", dp->d_name, 8); dp->d_type = DT_LNK; break; default: while (pcnt < i) { pcnt++; p = p->p_list.le_next; if (!p) goto done; } dp->d_fileno = PROCFS_FILENO(p->p_pid, Pproc); dp->d_namlen = sprintf(dp->d_name, "%ld", (long)p->p_pid); dp->d_type = DT_REG; p = p->p_list.le_next; break; } if (error = uiomove((caddr_t)dp, UIO_MX, uio)) break; } done: #ifdef PROCFS_ZOMBIE if (p == 0 && doingzomb == 0) { doingzomb = 1; p = zombproc.lh_first; goto again; } #endif break; } default: error = ENOTDIR; break; } uio->uio_offset = i * UIO_MX; return (error); } /* * readlink reads the link of `curproc' */ static int procfs_readlink(ap) struct vop_readlink_args *ap; { struct uio *uio = ap->a_uio; char buf[16]; /* should be enough */ int len; if (VTOPFS(ap->a_vp)->pfs_fileno != PROCFS_FILENO(0, Pcurproc)) return (EINVAL); len = sprintf(buf, "%ld", (long)curproc->p_pid); return (uiomove((caddr_t)buf, len, ap->a_uio)); } /* * convert decimal ascii to pid_t */ static pid_t atopid(b, len) const char *b; u_int len; { pid_t p = 0; while (len--) { char c = *b++; if (c < '0' || c > '9') return (NO_PID); p = 10 * p + (c - '0'); if (p > PID_MAX) return (NO_PID); } return (p); } #define procfs_create ((int (*) __P((struct vop_create_args *))) procfs_badop) #define procfs_mknod ((int (*) __P((struct vop_mknod_args *))) procfs_badop) #define procfs_read procfs_rw #define procfs_write procfs_rw #define procfs_select ((int (*) __P((struct vop_select_args *))) procfs_badop) #define procfs_mmap ((int (*) __P((struct vop_mmap_args *))) procfs_badop) #define procfs_revoke vop_revoke #define procfs_fsync ((int (*) __P((struct vop_fsync_args *))) procfs_badop) #define procfs_seek ((int (*) __P((struct vop_seek_args *))) procfs_badop) #define procfs_remove ((int (*) __P((struct vop_remove_args *))) procfs_badop) #define procfs_link ((int (*) __P((struct vop_link_args *))) procfs_badop) #define procfs_rename ((int (*) __P((struct vop_rename_args *))) procfs_badop) #define procfs_mkdir ((int (*) __P((struct vop_mkdir_args *))) procfs_badop) #define procfs_rmdir ((int (*) __P((struct vop_rmdir_args *))) procfs_badop) #define procfs_symlink ((int (*) __P((struct vop_symlink_args *))) procfs_badop) #define procfs_lock ((int (*) __P((struct vop_lock_args *)))vop_nolock) #define procfs_unlock ((int (*) __P((struct vop_unlock_args *)))vop_nounlock) #define procfs_strategy ((int (*) __P((struct vop_strategy_args *))) procfs_badop) #define procfs_islocked \ ((int (*) __P((struct vop_islocked_args *)))vop_noislocked) #define procfs_advlock ((int (*) __P((struct vop_advlock_args *))) procfs_badop) #define procfs_blkatoff ((int (*) __P((struct vop_blkatoff_args *))) procfs_badop) #define procfs_valloc ((int (*) __P((struct vop_valloc_args *))) procfs_badop) #define procfs_vfree ((int (*) __P((struct vop_vfree_args *))) nullop) #define procfs_truncate ((int (*) __P((struct vop_truncate_args *))) procfs_badop) #define procfs_update ((int (*) __P((struct vop_update_args *))) nullop) /* * procfs vnode operations. */ vop_t **procfs_vnodeop_p; static struct vnodeopv_entry_desc procfs_vnodeop_entries[] = { { &vop_default_desc, (vop_t *)vn_default_error }, { &vop_lookup_desc, (vop_t *)procfs_lookup }, /* lookup */ { &vop_create_desc, (vop_t *)procfs_create }, /* create */ { &vop_mknod_desc, (vop_t *)procfs_mknod }, /* mknod */ { &vop_open_desc, (vop_t *)procfs_open }, /* open */ { &vop_close_desc, (vop_t *)procfs_close }, /* close */ { &vop_access_desc, (vop_t *)procfs_access }, /* access */ { &vop_getattr_desc, (vop_t *)procfs_getattr }, /* getattr */ { &vop_setattr_desc, (vop_t *)procfs_setattr }, /* setattr */ { &vop_read_desc, (vop_t *)procfs_read }, /* read */ { &vop_write_desc, (vop_t *)procfs_write }, /* write */ { &vop_ioctl_desc, (vop_t *)procfs_ioctl }, /* ioctl */ { &vop_select_desc, (vop_t *)procfs_select }, /* select */ { &vop_mmap_desc, (vop_t *)procfs_mmap }, /* mmap */ { &vop_revoke_desc, (vop_t *)procfs_revoke }, /* revoke */ { &vop_fsync_desc, (vop_t *)procfs_fsync }, /* fsync */ { &vop_seek_desc, (vop_t *)procfs_seek }, /* seek */ { &vop_remove_desc, (vop_t *)procfs_remove }, /* remove */ { &vop_link_desc, (vop_t *)procfs_link }, /* link */ { &vop_rename_desc, (vop_t *)procfs_rename }, /* rename */ { &vop_mkdir_desc, (vop_t *)procfs_mkdir }, /* mkdir */ { &vop_rmdir_desc, (vop_t *)procfs_rmdir }, /* rmdir */ { &vop_symlink_desc, (vop_t *)procfs_symlink }, /* symlink */ { &vop_readdir_desc, (vop_t *)procfs_readdir }, /* readdir */ { &vop_readlink_desc, (vop_t *)procfs_readlink }, /* readlink */ { &vop_abortop_desc, (vop_t *)procfs_abortop }, /* abortop */ { &vop_inactive_desc, (vop_t *)procfs_inactive }, /* inactive */ { &vop_reclaim_desc, (vop_t *)procfs_reclaim }, /* reclaim */ { &vop_lock_desc, (vop_t *)procfs_lock }, /* lock */ { &vop_unlock_desc, (vop_t *)procfs_unlock }, /* unlock */ { &vop_bmap_desc, (vop_t *)procfs_bmap }, /* bmap */ { &vop_strategy_desc, (vop_t *)procfs_strategy }, /* strategy */ { &vop_print_desc, (vop_t *)procfs_print }, /* print */ { &vop_islocked_desc, (vop_t *)procfs_islocked }, /* islocked */ { &vop_pathconf_desc, (vop_t *)procfs_pathconf }, /* pathconf */ { &vop_advlock_desc, (vop_t *)procfs_advlock }, /* advlock */ { &vop_blkatoff_desc, (vop_t *)procfs_blkatoff }, /* blkatoff */ { &vop_valloc_desc, (vop_t *)procfs_valloc }, /* valloc */ { &vop_vfree_desc, (vop_t *)procfs_vfree }, /* vfree */ { &vop_truncate_desc, (vop_t *)procfs_truncate }, /* truncate */ { &vop_update_desc, (vop_t *)procfs_update }, /* update */ { NULL, NULL } }; static struct vnodeopv_desc procfs_vnodeop_opv_desc = { &procfs_vnodeop_p, procfs_vnodeop_entries }; VNODEOP_SET(procfs_vnodeop_opv_desc); Index: head/sys/miscfs/procfs/procfs.h =================================================================== --- head/sys/miscfs/procfs/procfs.h (revision 28085) +++ head/sys/miscfs/procfs/procfs.h (revision 28086) @@ -1,159 +1,171 @@ /* * Copyright (c) 1993 Jan-Simon Pendry * Copyright (c) 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Jan-Simon Pendry. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)procfs.h 8.9 (Berkeley) 5/14/95 * * From: - * $Id$ + * $Id: procfs.h,v 1.15 1997/02/22 09:40:26 peter Exp $ */ /* * The different types of node in a procfs filesystem */ typedef enum { Proot, /* the filesystem root */ Pcurproc, /* symbolic link for curproc */ Pproc, /* a process-specific sub-directory */ Pfile, /* the executable file */ Pmem, /* the process's memory image */ Pregs, /* the process's register set */ Pfpregs, /* the process's FP register set */ Pctl, /* process control */ Pstatus, /* process status */ Pnote, /* process notifier */ Pnotepg, /* process group notifier */ Pmap, /* memory map */ Ptype /* executable type */ } pfstype; /* * control data for the proc file system. */ struct pfsnode { struct pfsnode *pfs_next; /* next on list */ struct vnode *pfs_vnode; /* vnode associated with this pfsnode */ pfstype pfs_type; /* type of procfs node */ pid_t pfs_pid; /* associated process */ u_short pfs_mode; /* mode bits for stat() */ u_long pfs_flags; /* open flags */ u_long pfs_fileno; /* unique file id */ pid_t pfs_lockowner; /* pfs lock owner */ }; #define PROCFS_NOTELEN 64 /* max length of a note (/proc/$pid/note) */ #define PROCFS_CTLLEN 8 /* max length of a ctl msg (/proc/$pid/ctl */ /* * Kernel stuff follows */ #ifdef KERNEL #define CNEQ(cnp, s, len) \ ((cnp)->cn_namelen == (len) && \ (bcmp((s), (cnp)->cn_nameptr, (len)) == 0)) #define KMEM_GROUP 2 + +/* + * Check to see whether access to target process is allowed + * Evaluates to 1 if access is allowed. + */ +#define CHECKIO(p1, p2) \ + ((((p1)->p_cred->pc_ucred->cr_uid == (p2)->p_cred->p_ruid) && \ + ((p1)->p_cred->p_ruid == (p2)->p_cred->p_ruid) && \ + ((p1)->p_cred->p_svuid == (p2)->p_cred->p_ruid) && \ + ((p2)->p_flag & P_SUGID) == 0) || \ + (suser((p1)->p_cred->pc_ucred, &(p1)->p_acflag) == 0)) + /* * Format of a directory entry in /proc, ... * This must map onto struct dirent (see ) */ #define PROCFS_NAMELEN 8 struct pfsdent { u_long d_fileno; u_short d_reclen; u_char d_type; u_char d_namlen; char d_name[PROCFS_NAMELEN]; }; #define UIO_MX sizeof(struct pfsdent) #define PROCFS_FILENO(pid, type) \ (((type) < Pproc) ? \ ((type) + 2) : \ ((((pid)+1) << 4) + ((int) (type)))) /* * Convert between pfsnode vnode */ #define VTOPFS(vp) ((struct pfsnode *)(vp)->v_data) #define PFSTOV(pfs) ((pfs)->pfs_vnode) typedef struct vfs_namemap vfs_namemap_t; struct vfs_namemap { const char *nm_name; int nm_val; }; int vfs_getuserstr __P((struct uio *, char *, int *)); vfs_namemap_t *vfs_findname __P((vfs_namemap_t *, char *, int)); /* */ struct reg; struct fpreg; #define PFIND(pid) ((pid) ? pfind(pid) : &proc0) int procfs_freevp __P((struct vnode *)); int procfs_allocvp __P((struct mount *, struct vnode **, long, pfstype)); struct vnode *procfs_findtextvp __P((struct proc *)); int procfs_sstep __P((struct proc *)); void procfs_fix_sstep __P((struct proc *)); int procfs_read_regs __P((struct proc *, struct reg *)); int procfs_write_regs __P((struct proc *, struct reg *)); int procfs_read_fpregs __P((struct proc *, struct fpreg *)); int procfs_write_fpregs __P((struct proc *, struct fpreg *)); int procfs_donote __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio)); int procfs_doregs __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio)); int procfs_dofpregs __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio)); int procfs_domem __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio)); int procfs_doctl __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio)); int procfs_dostatus __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio)); int procfs_domap __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio)); int procfs_dotype __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio)); /* functions to check whether or not files should be displayed */ int procfs_validfile __P((struct proc *)); int procfs_validfpregs __P((struct proc *)); int procfs_validregs __P((struct proc *)); int procfs_validmap __P((struct proc *)); int procfs_validtype __P((struct proc *)); #define PROCFS_LOCKED 0x01 #define PROCFS_WANT 0x02 extern vop_t **procfs_vnodeop_p; extern struct vfsops procfs_vfsops; int procfs_root __P((struct mount *, struct vnode **)); int procfs_rw __P((struct vop_read_args *)); #endif /* KERNEL */ Index: head/sys/miscfs/procfs/procfs_mem.c =================================================================== --- head/sys/miscfs/procfs/procfs_mem.c (revision 28085) +++ head/sys/miscfs/procfs/procfs_mem.c (revision 28086) @@ -1,300 +1,317 @@ /* * Copyright (c) 1993 Jan-Simon Pendry * Copyright (c) 1993 Sean Eric Fagan * Copyright (c) 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Jan-Simon Pendry and Sean Eric Fagan. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)procfs_mem.c 8.5 (Berkeley) 6/15/94 * - * $Id: procfs_mem.c,v 1.25 1997/04/20 17:12:11 dyson Exp $ + * $Id: procfs_mem.c,v 1.26 1997/08/02 14:32:14 bde Exp $ */ /* * This is a lightly hacked and merged version * of sef's pread/pwrite functions */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static int procfs_rwmem __P((struct proc *p, struct uio *uio)); static int procfs_rwmem(p, uio) struct proc *p; struct uio *uio; { int error; int writing; struct vmspace *vm; vm_map_t map; vm_object_t object = NULL; vm_offset_t pageno = 0; /* page number */ vm_prot_t reqprot; vm_offset_t kva; /* * if the vmspace is in the midst of being deallocated or the * process is exiting, don't try to grab anything. The page table * usage in that process can be messed up. */ vm = p->p_vmspace; if ((p->p_flag & P_WEXIT) || (vm->vm_refcnt < 1)) return EFAULT; ++vm->vm_refcnt; /* * The map we want... */ map = &vm->vm_map; writing = uio->uio_rw == UIO_WRITE; reqprot = writing ? (VM_PROT_WRITE | VM_PROT_OVERRIDE_WRITE) : VM_PROT_READ; kva = kmem_alloc_pageable(kernel_map, PAGE_SIZE); /* * Only map in one page at a time. We don't have to, but it * makes things easier. This way is trivial - right? */ do { vm_map_t tmap; vm_offset_t uva; int page_offset; /* offset into page */ vm_map_entry_t out_entry; vm_prot_t out_prot; boolean_t wired, single_use; vm_pindex_t pindex; u_int len; vm_page_t m; object = NULL; uva = (vm_offset_t) uio->uio_offset; /* * Get the page number of this segment. */ pageno = trunc_page(uva); page_offset = uva - pageno; /* * How many bytes to copy */ len = min(PAGE_SIZE - page_offset, uio->uio_resid); if (uva >= VM_MAXUSER_ADDRESS) { vm_offset_t tkva; if (writing || (uva >= (VM_MAXUSER_ADDRESS + UPAGES * PAGE_SIZE))) { error = 0; break; } /* we are reading the "U area", force it into core */ PHOLD(p); /* sanity check */ if (!(p->p_flag & P_INMEM)) { /* aiee! */ PRELE(p); error = EFAULT; break; } /* populate the ptrace/procfs area */ p->p_addr->u_kproc.kp_proc = *p; fill_eproc (p, &p->p_addr->u_kproc.kp_eproc); /* locate the in-core address */ tkva = (u_int)p->p_addr + uva - VM_MAXUSER_ADDRESS; /* transfer it */ error = uiomove((caddr_t)tkva, len, uio); /* let the pages go */ PRELE(p); continue; } /* * Fault the page on behalf of the process */ error = vm_fault(map, pageno, reqprot, FALSE); if (error) { error = EFAULT; break; } /* * Now we need to get the page. out_entry, out_prot, wired, * and single_use aren't used. One would think the vm code * would be a *bit* nicer... We use tmap because * vm_map_lookup() can change the map argument. */ tmap = map; error = vm_map_lookup(&tmap, pageno, reqprot, &out_entry, &object, &pindex, &out_prot, &wired, &single_use); if (error) { error = EFAULT; /* * Make sure that there is no residue in 'object' from * an error return on vm_map_lookup. */ object = NULL; break; } m = vm_page_lookup(object, pindex); /* Allow fallback to backing objects if we are reading */ while (m == NULL && !writing && object->backing_object) { pindex += OFF_TO_IDX(object->backing_object_offset); object = object->backing_object; m = vm_page_lookup(object, pindex); } if (m == NULL) { error = EFAULT; /* * Make sure that there is no residue in 'object' from * an error return on vm_map_lookup. */ object = NULL; vm_map_lookup_done(tmap, out_entry); break; } /* * Wire the page into memory */ vm_page_wire(m); /* * We're done with tmap now. * But reference the object first, so that we won't loose * it. */ vm_object_reference(object); vm_map_lookup_done(tmap, out_entry); pmap_kenter(kva, VM_PAGE_TO_PHYS(m)); /* * Now do the i/o move. */ error = uiomove((caddr_t)(kva + page_offset), len, uio); pmap_kremove(kva); /* * release the page and the object */ vm_page_unwire(m); vm_object_deallocate(object); object = NULL; } while (error == 0 && uio->uio_resid > 0); if (object) vm_object_deallocate(object); kmem_free(kernel_map, kva, PAGE_SIZE); vmspace_free(vm); return (error); } /* * Copy data in and out of the target process. * We do this by mapping the process's page into * the kernel and then doing a uiomove direct * from the kernel address space. */ int procfs_domem(curp, p, pfs, uio) struct proc *curp; struct proc *p; struct pfsnode *pfs; struct uio *uio; { if (uio->uio_resid == 0) return (0); + + /* + * XXX + * We need to check for KMEM_GROUP because ps is sgid kmem; + * not allowing it here causes ps to not work properly. Arguably, + * this is a bug with what ps does. We only need to do this + * for Pmem nodes, and only if it's reading. This is still not + * good, as it may still be possible to grab illicit data if + * a process somehow gets to be KMEM_GROUP. Note that this also + * means that KMEM_GROUP can't change without editing procfs.h! + * All in all, quite yucky. + */ + + if (!CHECKIO(curp, p) && + !(curp->p_cred->pc_ucred->cr_gid == KMEM_GROUP && + uio->uio_rw == UIO_READ)) + return EPERM; return (procfs_rwmem(p, uio)); } /* * Given process (p), find the vnode from which * it's text segment is being executed. * * It would be nice to grab this information from * the VM system, however, there is no sure-fire * way of doing that. Instead, fork(), exec() and * wait() all maintain the p_textvp field in the * process proc structure which contains a held * reference to the exec'ed vnode. */ struct vnode * procfs_findtextvp(p) struct proc *p; { return (p->p_textvp); } Index: head/sys/miscfs/procfs/procfs_regs.c =================================================================== --- head/sys/miscfs/procfs/procfs_regs.c (revision 28085) +++ head/sys/miscfs/procfs/procfs_regs.c (revision 28086) @@ -1,96 +1,98 @@ /* * Copyright (c) 1993 Jan-Simon Pendry * Copyright (c) 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Jan-Simon Pendry. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)procfs_regs.c 8.4 (Berkeley) 6/15/94 * * From: - * $Id: procfs_regs.c,v 1.6 1997/02/22 09:40:29 peter Exp $ + * $Id: procfs_regs.c,v 1.7 1997/08/02 14:32:16 bde Exp $ */ #include #include #include #include #include #include #include int procfs_doregs(curp, p, pfs, uio) struct proc *curp; struct proc *p; struct pfsnode *pfs; struct uio *uio; { int error; struct reg r; char *kv; int kl; + if (!CHECKIO(curp, p)) + return EPERM; kl = sizeof(r); kv = (char *) &r; kv += uio->uio_offset; kl -= uio->uio_offset; if (kl > uio->uio_resid) kl = uio->uio_resid; PHOLD(p); if (kl < 0) error = EINVAL; else error = procfs_read_regs(p, &r); if (error == 0) error = uiomove(kv, kl, uio); if (error == 0 && uio->uio_rw == UIO_WRITE) { if (p->p_stat != SSTOP) error = EBUSY; else error = procfs_write_regs(p, &r); } PRELE(p); uio->uio_offset = 0; return (error); } int procfs_validregs(p) struct proc *p; { return ((p->p_flag & P_SYSTEM) == 0); } Index: head/sys/miscfs/procfs/procfs_vnops.c =================================================================== --- head/sys/miscfs/procfs/procfs_vnops.c (revision 28085) +++ head/sys/miscfs/procfs/procfs_vnops.c (revision 28086) @@ -1,1013 +1,1017 @@ /* * Copyright (c) 1993, 1995 Jan-Simon Pendry * Copyright (c) 1993, 1995 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Jan-Simon Pendry. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)procfs_vnops.c 8.18 (Berkeley) 5/21/95 * - * $Id: procfs_vnops.c,v 1.29 1997/02/24 16:44:11 bde Exp $ + * $Id: procfs_vnops.c,v 1.30 1997/08/02 14:32:20 bde Exp $ */ /* * procfs vnode interface */ #include #include #include #include #include #include #include #include #include #include #include #include #include static int procfs_abortop __P((struct vop_abortop_args *)); static int procfs_access __P((struct vop_access_args *)); static int procfs_badop __P((void)); static int procfs_bmap __P((struct vop_bmap_args *)); static int procfs_close __P((struct vop_close_args *)); static int procfs_getattr __P((struct vop_getattr_args *)); static int procfs_inactive __P((struct vop_inactive_args *)); static int procfs_ioctl __P((struct vop_ioctl_args *)); static int procfs_lookup __P((struct vop_lookup_args *)); static int procfs_open __P((struct vop_open_args *)); static int procfs_pathconf __P((struct vop_pathconf_args *ap)); static int procfs_print __P((struct vop_print_args *)); static int procfs_readdir __P((struct vop_readdir_args *)); static int procfs_readlink __P((struct vop_readlink_args *)); static int procfs_reclaim __P((struct vop_reclaim_args *)); static int procfs_setattr __P((struct vop_setattr_args *)); /* * This is a list of the valid names in the * process-specific sub-directories. It is * used in procfs_lookup and procfs_readdir */ struct proc_target { u_char pt_type; u_char pt_namlen; char *pt_name; pfstype pt_pfstype; int (*pt_valid) __P((struct proc *p)); } proc_targets[] = { #define N(s) sizeof(s)-1, s /* name type validp */ { DT_DIR, N("."), Pproc, NULL }, { DT_DIR, N(".."), Proot, NULL }, { DT_REG, N("file"), Pfile, procfs_validfile }, { DT_REG, N("mem"), Pmem, NULL }, { DT_REG, N("regs"), Pregs, procfs_validregs }, { DT_REG, N("fpregs"), Pfpregs, procfs_validfpregs }, { DT_REG, N("ctl"), Pctl, NULL }, { DT_REG, N("status"), Pstatus, NULL }, { DT_REG, N("note"), Pnote, NULL }, { DT_REG, N("notepg"), Pnotepg, NULL }, { DT_REG, N("map"), Pmap, procfs_validmap }, { DT_REG, N("etype"), Ptype, procfs_validtype }, #undef N }; static const int nproc_targets = sizeof(proc_targets) / sizeof(proc_targets[0]); static pid_t atopid __P((const char *, u_int)); /* * set things up for doing i/o on * the pfsnode (vp). (vp) is locked * on entry, and should be left locked * on exit. * * for procfs we don't need to do anything * in particular for i/o. all that is done * is to support exclusive open on process * memory images. */ static int procfs_open(ap) struct vop_open_args /* { struct vnode *a_vp; int a_mode; struct ucred *a_cred; struct proc *a_p; } */ *ap; { struct pfsnode *pfs = VTOPFS(ap->a_vp); + struct proc *p1 = ap->a_p, *p2 = PFIND(pfs->pfs_pid); + if (p2 == NULL) + return ENOENT; + switch (pfs->pfs_type) { case Pmem: - if (PFIND(pfs->pfs_pid) == 0) - return (ENOENT); /* was ESRCH, jsp */ - if ((pfs->pfs_flags & FWRITE) && (ap->a_mode & O_EXCL) || (pfs->pfs_flags & O_EXCL) && (ap->a_mode & FWRITE)) return (EBUSY); + if (!CHECKIO(p1, p2) && + (p1->p_cred->pc_ucred->cr_gid != KMEM_GROUP)) + return EPERM; + if (ap->a_mode & FWRITE) pfs->pfs_flags = ap->a_mode & (FWRITE|O_EXCL); return (0); default: break; } return (0); } /* * close the pfsnode (vp) after doing i/o. * (vp) is not locked on entry or exit. * * nothing to do for procfs other than undo * any exclusive open flag (see _open above). */ static int procfs_close(ap) struct vop_close_args /* { struct vnode *a_vp; int a_fflag; struct ucred *a_cred; struct proc *a_p; } */ *ap; { struct pfsnode *pfs = VTOPFS(ap->a_vp); switch (pfs->pfs_type) { case Pmem: if ((ap->a_fflag & FWRITE) && (pfs->pfs_flags & O_EXCL)) pfs->pfs_flags &= ~(FWRITE|O_EXCL); break; default: break; } return (0); } /* * do an ioctl operation on pfsnode (vp). * (vp) is not locked on entry or exit. */ static int procfs_ioctl(ap) struct vop_ioctl_args /* { struct vnode *a_vp; int a_command; caddr_t a_data; int a_fflag; struct ucred *a_cred; struct proc *a_p; } */ *ap; { - return (ENOTTY); } /* * do block mapping for pfsnode (vp). * since we don't use the buffer cache * for procfs this function should never * be called. in any case, it's not clear * what part of the kernel ever makes use * of this function. for sanity, this is the * usual no-op bmap, although returning * (EIO) would be a reasonable alternative. */ static int procfs_bmap(ap) struct vop_bmap_args /* { struct vnode *a_vp; daddr_t a_bn; struct vnode **a_vpp; daddr_t *a_bnp; int *a_runp; } */ *ap; { if (ap->a_vpp != NULL) *ap->a_vpp = ap->a_vp; if (ap->a_bnp != NULL) *ap->a_bnp = ap->a_bn; if (ap->a_runp != NULL) *ap->a_runp = 0; return (0); } /* * procfs_inactive is called when the pfsnode * is vrele'd and the reference count goes * to zero. (vp) will be on the vnode free * list, so to get it back vget() must be * used. * * for procfs, check if the process is still * alive and if it isn't then just throw away * the vnode by calling vgone(). this may * be overkill and a waste of time since the * chances are that the process will still be * there and PFIND is not free. * * (vp) is locked on entry, but must be unlocked on exit. */ static int procfs_inactive(ap) struct vop_inactive_args /* { struct vnode *a_vp; } */ *ap; { struct vnode *vp = ap->a_vp; struct pfsnode *pfs = VTOPFS(vp); VOP_UNLOCK(vp, 0, ap->a_p); if (PFIND(pfs->pfs_pid) == 0) vgone(vp); return (0); } /* * _reclaim is called when getnewvnode() * wants to make use of an entry on the vnode * free list. at this time the filesystem needs * to free any private data and remove the node * from any private lists. */ static int procfs_reclaim(ap) struct vop_reclaim_args /* { struct vnode *a_vp; } */ *ap; { return (procfs_freevp(ap->a_vp)); } /* * Return POSIX pathconf information applicable to special devices. */ static int procfs_pathconf(ap) struct vop_pathconf_args /* { struct vnode *a_vp; int a_name; int *a_retval; } */ *ap; { switch (ap->a_name) { case _PC_LINK_MAX: *ap->a_retval = LINK_MAX; return (0); case _PC_MAX_CANON: *ap->a_retval = MAX_CANON; return (0); case _PC_MAX_INPUT: *ap->a_retval = MAX_INPUT; return (0); case _PC_PIPE_BUF: *ap->a_retval = PIPE_BUF; return (0); case _PC_CHOWN_RESTRICTED: *ap->a_retval = 1; return (0); case _PC_VDISABLE: *ap->a_retval = _POSIX_VDISABLE; return (0); default: return (EINVAL); } /* NOTREACHED */ } /* * _print is used for debugging. * just print a readable description * of (vp). */ static int procfs_print(ap) struct vop_print_args /* { struct vnode *a_vp; } */ *ap; { struct pfsnode *pfs = VTOPFS(ap->a_vp); printf("tag VT_PROCFS, type %s, pid %d, mode %x, flags %x\n", pfs->pfs_type, pfs->pfs_pid, pfs->pfs_mode, pfs->pfs_flags); return (0); } /* * _abortop is called when operations such as * rename and create fail. this entry is responsible * for undoing any side-effects caused by the lookup. * this will always include freeing the pathname buffer. */ static int procfs_abortop(ap) struct vop_abortop_args /* { struct vnode *a_dvp; struct componentname *a_cnp; } */ *ap; { if ((ap->a_cnp->cn_flags & (HASBUF | SAVESTART)) == HASBUF) FREE(ap->a_cnp->cn_pnbuf, M_NAMEI); return (0); } /* * generic entry point for unsupported operations */ static int procfs_badop() { return (EIO); } /* * Invent attributes for pfsnode (vp) and store * them in (vap). * Directories lengths are returned as zero since * any real length would require the genuine size * to be computed, and nothing cares anyway. * * this is relatively minimal for procfs. */ static int procfs_getattr(ap) struct vop_getattr_args /* { struct vnode *a_vp; struct vattr *a_vap; struct ucred *a_cred; struct proc *a_p; } */ *ap; { struct pfsnode *pfs = VTOPFS(ap->a_vp); struct vattr *vap = ap->a_vap; struct proc *procp; int error; /* * First make sure that the process and its credentials * still exist. */ switch (pfs->pfs_type) { case Proot: case Pcurproc: procp = 0; break; default: procp = PFIND(pfs->pfs_pid); if (procp == 0 || procp->p_cred == NULL || procp->p_ucred == NULL) return (ENOENT); } error = 0; /* start by zeroing out the attributes */ VATTR_NULL(vap); /* next do all the common fields */ vap->va_type = ap->a_vp->v_type; vap->va_mode = pfs->pfs_mode; vap->va_fileid = pfs->pfs_fileno; vap->va_flags = 0; vap->va_blocksize = PAGE_SIZE; vap->va_bytes = vap->va_size = 0; /* * Make all times be current TOD. * It would be possible to get the process start * time from the p_stat structure, but there's * no "file creation" time stamp anyway, and the * p_stat structure is not addressible if u. gets * swapped out for that process. */ { struct timeval tv; microtime(&tv); TIMEVAL_TO_TIMESPEC(&tv, &vap->va_ctime); } vap->va_atime = vap->va_mtime = vap->va_ctime; /* * If the process has exercised some setuid or setgid * privilege, then rip away read/write permission so * that only root can gain access. */ switch (pfs->pfs_type) { case Pctl: case Pregs: case Pfpregs: if (procp->p_flag & P_SUGID) vap->va_mode &= ~((VREAD|VWRITE)| ((VREAD|VWRITE)>>3)| ((VREAD|VWRITE)>>6)); break; case Pmem: /* Retain group kmem readablity. */ if (procp->p_flag & P_SUGID) vap->va_mode &= ~(VREAD|VWRITE); break; default: break; } /* * now do the object specific fields * * The size could be set from struct reg, but it's hardly * worth the trouble, and it puts some (potentially) machine * dependent data into this machine-independent code. If it * becomes important then this function should break out into * a per-file stat function in the corresponding .c file. */ switch (pfs->pfs_type) { case Proot: /* * Set nlink to 1 to tell fts(3) we don't actually know. */ vap->va_nlink = 1; vap->va_uid = 0; vap->va_gid = 0; vap->va_size = vap->va_bytes = DEV_BSIZE; break; case Pcurproc: { char buf[16]; /* should be enough */ vap->va_nlink = 1; vap->va_uid = 0; vap->va_gid = 0; vap->va_size = vap->va_bytes = sprintf(buf, "%ld", (long)curproc->p_pid); break; } case Pproc: vap->va_nlink = nproc_targets; vap->va_uid = procp->p_ucred->cr_uid; vap->va_gid = procp->p_ucred->cr_gid; vap->va_size = vap->va_bytes = DEV_BSIZE; break; case Pfile: error = EOPNOTSUPP; break; case Pmem: vap->va_nlink = 1; /* * If we denied owner access earlier, then we have to * change the owner to root - otherwise 'ps' and friends * will break even though they are setgid kmem. *SIGH* */ if (procp->p_flag & P_SUGID) vap->va_uid = 0; else vap->va_uid = procp->p_ucred->cr_uid; vap->va_gid = KMEM_GROUP; break; case Ptype: case Pmap: case Pregs: vap->va_bytes = vap->va_size = sizeof(struct reg); vap->va_nlink = 1; vap->va_uid = procp->p_ucred->cr_uid; vap->va_gid = procp->p_ucred->cr_gid; break; case Pfpregs: vap->va_bytes = vap->va_size = sizeof(struct fpreg); case Pctl: case Pstatus: case Pnote: case Pnotepg: vap->va_nlink = 1; vap->va_uid = procp->p_ucred->cr_uid; vap->va_gid = procp->p_ucred->cr_gid; break; default: panic("procfs_getattr"); } return (error); } static int procfs_setattr(ap) struct vop_setattr_args /* { struct vnode *a_vp; struct vattr *a_vap; struct ucred *a_cred; struct proc *a_p; } */ *ap; { /* * just fake out attribute setting * it's not good to generate an error * return, otherwise things like creat() * will fail when they try to set the * file length to 0. worse, this means * that echo $note > /proc/$pid/note will fail. */ return (0); } /* * implement access checking. * * something very similar to this code is duplicated * throughout the 4bsd kernel and should be moved * into kern/vfs_subr.c sometime. * * actually, the check for super-user is slightly * broken since it will allow read access to write-only * objects. this doesn't cause any particular trouble * but does mean that the i/o entry points need to check * that the operation really does make sense. */ static int procfs_access(ap) struct vop_access_args /* { struct vnode *a_vp; int a_mode; struct ucred *a_cred; struct proc *a_p; } */ *ap; { struct vattr *vap; struct vattr vattr; int error; /* * If you're the super-user, * you always get access. */ if (ap->a_cred->cr_uid == 0) return (0); vap = &vattr; error = VOP_GETATTR(ap->a_vp, vap, ap->a_cred, ap->a_p); if (error) return (error); /* * Access check is based on only one of owner, group, public. * If not owner, then check group. If not a member of the * group, then check public access. */ if (ap->a_cred->cr_uid != vap->va_uid) { gid_t *gp; int i; ap->a_mode >>= 3; gp = ap->a_cred->cr_groups; for (i = 0; i < ap->a_cred->cr_ngroups; i++, gp++) if (vap->va_gid == *gp) goto found; ap->a_mode >>= 3; found: ; } if ((vap->va_mode & ap->a_mode) == ap->a_mode) return (0); return (EACCES); } /* * lookup. this is incredibly complicated in the * general case, however for most pseudo-filesystems * very little needs to be done. * * unless you want to get a migraine, just make sure your * filesystem doesn't do any locking of its own. otherwise * read and inwardly digest ufs_lookup(). */ static int procfs_lookup(ap) struct vop_lookup_args /* { struct vnode * a_dvp; struct vnode ** a_vpp; struct componentname * a_cnp; } */ *ap; { struct componentname *cnp = ap->a_cnp; struct vnode **vpp = ap->a_vpp; struct vnode *dvp = ap->a_dvp; char *pname = cnp->cn_nameptr; struct proc *curp = cnp->cn_proc; int error = 0; struct proc_target *pt; struct vnode *fvp; pid_t pid; struct pfsnode *pfs; struct proc *p; int i; *vpp = NULL; if (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME) return (EROFS); if (cnp->cn_namelen == 1 && *pname == '.') { *vpp = dvp; VREF(dvp); /* vn_lock(dvp, LK_EXCLUSIVE | LK_RETRY, curp); */ return (0); } pfs = VTOPFS(dvp); switch (pfs->pfs_type) { case Proot: if (cnp->cn_flags & ISDOTDOT) return (EIO); if (CNEQ(cnp, "curproc", 7)) return (procfs_allocvp(dvp->v_mount, vpp, 0, Pcurproc)); pid = atopid(pname, cnp->cn_namelen); if (pid == NO_PID) break; p = PFIND(pid); if (p == 0) break; return (procfs_allocvp(dvp->v_mount, vpp, pid, Pproc)); case Pproc: if (cnp->cn_flags & ISDOTDOT) return (procfs_root(dvp->v_mount, vpp)); p = PFIND(pfs->pfs_pid); if (p == 0) break; for (pt = proc_targets, i = 0; i < nproc_targets; pt++, i++) { if (cnp->cn_namelen == pt->pt_namlen && bcmp(pt->pt_name, pname, cnp->cn_namelen) == 0 && (pt->pt_valid == NULL || (*pt->pt_valid)(p))) goto found; } break; found: if (pt->pt_pfstype == Pfile) { fvp = procfs_findtextvp(p); /* We already checked that it exists. */ VREF(fvp); vn_lock(fvp, LK_EXCLUSIVE | LK_RETRY, curp); *vpp = fvp; return (0); } return (procfs_allocvp(dvp->v_mount, vpp, pfs->pfs_pid, pt->pt_pfstype)); default: return (ENOTDIR); } return (cnp->cn_nameiop == LOOKUP ? ENOENT : EROFS); } /* * Does this process have a text file? */ int procfs_validfile(p) struct proc *p; { return (procfs_findtextvp(p) != NULLVP); } /* * readdir returns directory entries from pfsnode (vp). * * the strategy here with procfs is to generate a single * directory entry at a time (struct pfsdent) and then * copy that out to userland using uiomove. a more efficent * though more complex implementation, would try to minimize * the number of calls to uiomove(). for procfs, this is * hardly worth the added code complexity. * * this should just be done through read() */ static int procfs_readdir(ap) struct vop_readdir_args /* { struct vnode *a_vp; struct uio *a_uio; struct ucred *a_cred; int *a_eofflag; u_long *a_cookies; int a_ncookies; } */ *ap; { struct uio *uio = ap->a_uio; struct pfsdent d; struct pfsdent *dp = &d; struct pfsnode *pfs; int error; int count; int i; /* * We don't allow exporting procfs mounts, and currently local * requests do not need cookies. */ if (ap->a_ncookies) panic("procfs_readdir: not hungry"); pfs = VTOPFS(ap->a_vp); if (uio->uio_resid < UIO_MX) return (EINVAL); if (uio->uio_offset & (UIO_MX-1)) return (EINVAL); if (uio->uio_offset < 0) return (EINVAL); error = 0; count = 0; i = uio->uio_offset / UIO_MX; switch (pfs->pfs_type) { /* * this is for the process-specific sub-directories. * all that is needed to is copy out all the entries * from the procent[] table (top of this file). */ case Pproc: { struct proc *p; struct proc_target *pt; p = PFIND(pfs->pfs_pid); if (p == NULL) break; for (pt = &proc_targets[i]; uio->uio_resid >= UIO_MX && i < nproc_targets; pt++, i++) { if (pt->pt_valid && (*pt->pt_valid)(p) == 0) continue; dp->d_reclen = UIO_MX; dp->d_fileno = PROCFS_FILENO(pfs->pfs_pid, pt->pt_pfstype); dp->d_namlen = pt->pt_namlen; bcopy(pt->pt_name, dp->d_name, pt->pt_namlen + 1); dp->d_type = pt->pt_type; if (error = uiomove((caddr_t)dp, UIO_MX, uio)) break; } break; } /* * this is for the root of the procfs filesystem * what is needed is a special entry for "curproc" * followed by an entry for each process on allproc #ifdef PROCFS_ZOMBIE * and zombproc. #endif */ case Proot: { #ifdef PROCFS_ZOMBIE int doingzomb = 0; #endif int pcnt = 0; volatile struct proc *p = allproc.lh_first; again: for (; p && uio->uio_resid >= UIO_MX; i++, pcnt++) { bzero((char *) dp, UIO_MX); dp->d_reclen = UIO_MX; switch (i) { case 0: /* `.' */ case 1: /* `..' */ dp->d_fileno = PROCFS_FILENO(0, Proot); dp->d_namlen = i + 1; bcopy("..", dp->d_name, dp->d_namlen); dp->d_name[i + 1] = '\0'; dp->d_type = DT_DIR; break; case 2: dp->d_fileno = PROCFS_FILENO(0, Pcurproc); dp->d_namlen = 7; bcopy("curproc", dp->d_name, 8); dp->d_type = DT_LNK; break; default: while (pcnt < i) { pcnt++; p = p->p_list.le_next; if (!p) goto done; } dp->d_fileno = PROCFS_FILENO(p->p_pid, Pproc); dp->d_namlen = sprintf(dp->d_name, "%ld", (long)p->p_pid); dp->d_type = DT_REG; p = p->p_list.le_next; break; } if (error = uiomove((caddr_t)dp, UIO_MX, uio)) break; } done: #ifdef PROCFS_ZOMBIE if (p == 0 && doingzomb == 0) { doingzomb = 1; p = zombproc.lh_first; goto again; } #endif break; } default: error = ENOTDIR; break; } uio->uio_offset = i * UIO_MX; return (error); } /* * readlink reads the link of `curproc' */ static int procfs_readlink(ap) struct vop_readlink_args *ap; { struct uio *uio = ap->a_uio; char buf[16]; /* should be enough */ int len; if (VTOPFS(ap->a_vp)->pfs_fileno != PROCFS_FILENO(0, Pcurproc)) return (EINVAL); len = sprintf(buf, "%ld", (long)curproc->p_pid); return (uiomove((caddr_t)buf, len, ap->a_uio)); } /* * convert decimal ascii to pid_t */ static pid_t atopid(b, len) const char *b; u_int len; { pid_t p = 0; while (len--) { char c = *b++; if (c < '0' || c > '9') return (NO_PID); p = 10 * p + (c - '0'); if (p > PID_MAX) return (NO_PID); } return (p); } #define procfs_create ((int (*) __P((struct vop_create_args *))) procfs_badop) #define procfs_mknod ((int (*) __P((struct vop_mknod_args *))) procfs_badop) #define procfs_read procfs_rw #define procfs_write procfs_rw #define procfs_select ((int (*) __P((struct vop_select_args *))) procfs_badop) #define procfs_mmap ((int (*) __P((struct vop_mmap_args *))) procfs_badop) #define procfs_revoke vop_revoke #define procfs_fsync ((int (*) __P((struct vop_fsync_args *))) procfs_badop) #define procfs_seek ((int (*) __P((struct vop_seek_args *))) procfs_badop) #define procfs_remove ((int (*) __P((struct vop_remove_args *))) procfs_badop) #define procfs_link ((int (*) __P((struct vop_link_args *))) procfs_badop) #define procfs_rename ((int (*) __P((struct vop_rename_args *))) procfs_badop) #define procfs_mkdir ((int (*) __P((struct vop_mkdir_args *))) procfs_badop) #define procfs_rmdir ((int (*) __P((struct vop_rmdir_args *))) procfs_badop) #define procfs_symlink ((int (*) __P((struct vop_symlink_args *))) procfs_badop) #define procfs_lock ((int (*) __P((struct vop_lock_args *)))vop_nolock) #define procfs_unlock ((int (*) __P((struct vop_unlock_args *)))vop_nounlock) #define procfs_strategy ((int (*) __P((struct vop_strategy_args *))) procfs_badop) #define procfs_islocked \ ((int (*) __P((struct vop_islocked_args *)))vop_noislocked) #define procfs_advlock ((int (*) __P((struct vop_advlock_args *))) procfs_badop) #define procfs_blkatoff ((int (*) __P((struct vop_blkatoff_args *))) procfs_badop) #define procfs_valloc ((int (*) __P((struct vop_valloc_args *))) procfs_badop) #define procfs_vfree ((int (*) __P((struct vop_vfree_args *))) nullop) #define procfs_truncate ((int (*) __P((struct vop_truncate_args *))) procfs_badop) #define procfs_update ((int (*) __P((struct vop_update_args *))) nullop) /* * procfs vnode operations. */ vop_t **procfs_vnodeop_p; static struct vnodeopv_entry_desc procfs_vnodeop_entries[] = { { &vop_default_desc, (vop_t *)vn_default_error }, { &vop_lookup_desc, (vop_t *)procfs_lookup }, /* lookup */ { &vop_create_desc, (vop_t *)procfs_create }, /* create */ { &vop_mknod_desc, (vop_t *)procfs_mknod }, /* mknod */ { &vop_open_desc, (vop_t *)procfs_open }, /* open */ { &vop_close_desc, (vop_t *)procfs_close }, /* close */ { &vop_access_desc, (vop_t *)procfs_access }, /* access */ { &vop_getattr_desc, (vop_t *)procfs_getattr }, /* getattr */ { &vop_setattr_desc, (vop_t *)procfs_setattr }, /* setattr */ { &vop_read_desc, (vop_t *)procfs_read }, /* read */ { &vop_write_desc, (vop_t *)procfs_write }, /* write */ { &vop_ioctl_desc, (vop_t *)procfs_ioctl }, /* ioctl */ { &vop_select_desc, (vop_t *)procfs_select }, /* select */ { &vop_mmap_desc, (vop_t *)procfs_mmap }, /* mmap */ { &vop_revoke_desc, (vop_t *)procfs_revoke }, /* revoke */ { &vop_fsync_desc, (vop_t *)procfs_fsync }, /* fsync */ { &vop_seek_desc, (vop_t *)procfs_seek }, /* seek */ { &vop_remove_desc, (vop_t *)procfs_remove }, /* remove */ { &vop_link_desc, (vop_t *)procfs_link }, /* link */ { &vop_rename_desc, (vop_t *)procfs_rename }, /* rename */ { &vop_mkdir_desc, (vop_t *)procfs_mkdir }, /* mkdir */ { &vop_rmdir_desc, (vop_t *)procfs_rmdir }, /* rmdir */ { &vop_symlink_desc, (vop_t *)procfs_symlink }, /* symlink */ { &vop_readdir_desc, (vop_t *)procfs_readdir }, /* readdir */ { &vop_readlink_desc, (vop_t *)procfs_readlink }, /* readlink */ { &vop_abortop_desc, (vop_t *)procfs_abortop }, /* abortop */ { &vop_inactive_desc, (vop_t *)procfs_inactive }, /* inactive */ { &vop_reclaim_desc, (vop_t *)procfs_reclaim }, /* reclaim */ { &vop_lock_desc, (vop_t *)procfs_lock }, /* lock */ { &vop_unlock_desc, (vop_t *)procfs_unlock }, /* unlock */ { &vop_bmap_desc, (vop_t *)procfs_bmap }, /* bmap */ { &vop_strategy_desc, (vop_t *)procfs_strategy }, /* strategy */ { &vop_print_desc, (vop_t *)procfs_print }, /* print */ { &vop_islocked_desc, (vop_t *)procfs_islocked }, /* islocked */ { &vop_pathconf_desc, (vop_t *)procfs_pathconf }, /* pathconf */ { &vop_advlock_desc, (vop_t *)procfs_advlock }, /* advlock */ { &vop_blkatoff_desc, (vop_t *)procfs_blkatoff }, /* blkatoff */ { &vop_valloc_desc, (vop_t *)procfs_valloc }, /* valloc */ { &vop_vfree_desc, (vop_t *)procfs_vfree }, /* vfree */ { &vop_truncate_desc, (vop_t *)procfs_truncate }, /* truncate */ { &vop_update_desc, (vop_t *)procfs_update }, /* update */ { NULL, NULL } }; static struct vnodeopv_desc procfs_vnodeop_opv_desc = { &procfs_vnodeop_p, procfs_vnodeop_entries }; VNODEOP_SET(procfs_vnodeop_opv_desc);