| 1 | /*- |
| 2 | * Copyright (c) 1989, 1992, 1993 |
| 3 | * The Regents of the University of California. All rights reserved. |
| 4 | * |
| 5 | * This code is derived from software developed by the Computer Systems |
| 6 | * Engineering group at Lawrence Berkeley Laboratory under DARPA contract |
| 7 | * BG 91-66 and contributed to Berkeley. |
| 8 | * |
| 9 | * Redistribution and use in source and binary forms, with or without |
| 10 | * modification, are permitted provided that the following conditions |
| 11 | * are met: |
| 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. |
| 14 | * 2. Redistributions in binary form must reproduce the above copyright |
| 15 | * notice, this list of conditions and the following disclaimer in the |
| 16 | * documentation and/or other materials provided with the distribution. |
| 17 | * 3. All advertising materials mentioning features or use of this software |
| 18 | * must display the following acknowledgement: |
| 19 | * This product includes software developed by the University of |
| 20 | * California, Berkeley and its contributors. |
| 21 | * 4. Neither the name of the University nor the names of its contributors |
| 22 | * may be used to endorse or promote products derived from this software |
| 23 | * without specific prior written permission. |
| 24 | * |
| 25 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
| 26 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 27 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 28 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
| 29 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 30 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 31 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 32 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 33 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 34 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 35 | * SUCH DAMAGE. |
| 36 | * |
| 37 | * $FreeBSD: src/lib/libkvm/kvm_proc.c,v 1.25.2.3 2002/08/24 07:27:46 kris Exp $ |
| 38 | * $DragonFly: src/lib/libkvm/kvm_proc.c,v 1.7 2004/10/25 19:38:45 drhodus Exp $ |
| 39 | * |
| 40 | * @(#)kvm_proc.c 8.3 (Berkeley) 9/23/93 |
| 41 | */ |
| 42 | |
| 43 | /* |
| 44 | * Proc traversal interface for kvm. ps and w are (probably) the exclusive |
| 45 | * users of this code, so we've factored it out into a separate module. |
| 46 | * Thus, we keep this grunge out of the other kvm applications (i.e., |
| 47 | * most other applications are interested only in open/close/read/nlist). |
| 48 | */ |
| 49 | |
| 50 | #include <sys/param.h> |
| 51 | #include <sys/user.h> |
| 52 | #include <sys/proc.h> |
| 53 | #include <sys/exec.h> |
| 54 | #include <sys/stat.h> |
| 55 | #include <sys/ioctl.h> |
| 56 | #include <sys/tty.h> |
| 57 | #include <sys/file.h> |
| 58 | #include <stdio.h> |
| 59 | #include <stdlib.h> |
| 60 | #include <unistd.h> |
| 61 | #include <nlist.h> |
| 62 | #include <kvm.h> |
| 63 | |
| 64 | #include <vm/vm.h> |
| 65 | #include <vm/vm_param.h> |
| 66 | #include <vm/swap_pager.h> |
| 67 | |
| 68 | #include <sys/sysctl.h> |
| 69 | |
| 70 | #include <limits.h> |
| 71 | #include <memory.h> |
| 72 | #include <paths.h> |
| 73 | |
| 74 | #include "kvm_private.h" |
| 75 | |
| 76 | #if used |
| 77 | static char * |
| 78 | kvm_readswap(kvm_t *kd, const struct proc *p, u_long va, u_long *cnt) |
| 79 | { |
| 80 | #if defined(__FreeBSD__) || defined(__DragonFly__) |
| 81 | /* XXX Stubbed out, our vm system is differnet */ |
| 82 | _kvm_err(kd, kd->program, "kvm_readswap not implemented"); |
| 83 | return(0); |
| 84 | #endif |
| 85 | } |
| 86 | #endif |
| 87 | |
| 88 | #define KREAD(kd, addr, obj) \ |
| 89 | (kvm_read(kd, addr, (char *)(obj), sizeof(*obj)) != sizeof(*obj)) |
| 90 | |
| 91 | /* |
| 92 | * Read proc's from memory file into buffer bp, which has space to hold |
| 93 | * at most maxcnt procs. |
| 94 | */ |
| 95 | static int |
| 96 | kvm_proclist(kvm_t *kd, int what, int arg, struct proc *p, |
| 97 | struct kinfo_proc *bp, int maxcnt) |
| 98 | { |
| 99 | int cnt = 0; |
| 100 | struct eproc eproc; |
| 101 | struct pgrp pgrp; |
| 102 | struct session sess; |
| 103 | struct tty tty; |
| 104 | struct proc proc; |
| 105 | struct thread thread; |
| 106 | struct proc pproc; |
| 107 | |
| 108 | for (; cnt < maxcnt && p != NULL; p = proc.p_list.le_next) { |
| 109 | if (KREAD(kd, (u_long)p, &proc)) { |
| 110 | _kvm_err(kd, kd->program, "can't read proc at %x", p); |
| 111 | return (-1); |
| 112 | } |
| 113 | if (KREAD(kd, (u_long)proc.p_thread, &thread)) { |
| 114 | _kvm_err(kd, kd->program, "can't read thread at %x", |
| 115 | proc.p_thread); |
| 116 | return (-1); |
| 117 | } |
| 118 | KREAD(kd, (u_long)proc.p_ucred, &eproc.e_ucred); |
| 119 | |
| 120 | switch(what) { |
| 121 | |
| 122 | case KERN_PROC_PID: |
| 123 | if (proc.p_pid != (pid_t)arg) |
| 124 | continue; |
| 125 | break; |
| 126 | |
| 127 | case KERN_PROC_UID: |
| 128 | if (eproc.e_ucred.cr_uid != (uid_t)arg) |
| 129 | continue; |
| 130 | break; |
| 131 | |
| 132 | case KERN_PROC_RUID: |
| 133 | if (eproc.e_ucred.cr_ruid != (uid_t)arg) |
| 134 | continue; |
| 135 | break; |
| 136 | } |
| 137 | /* |
| 138 | * We're going to add another proc to the set. If this |
| 139 | * will overflow the buffer, assume the reason is because |
| 140 | * nprocs (or the proc list) is corrupt and declare an error. |
| 141 | */ |
| 142 | if (cnt >= maxcnt) { |
| 143 | _kvm_err(kd, kd->program, "nprocs corrupt"); |
| 144 | return (-1); |
| 145 | } |
| 146 | /* |
| 147 | * gather eproc |
| 148 | */ |
| 149 | eproc.e_paddr = p; |
| 150 | if (KREAD(kd, (u_long)proc.p_pgrp, &pgrp)) { |
| 151 | _kvm_err(kd, kd->program, "can't read pgrp at %x", |
| 152 | proc.p_pgrp); |
| 153 | return (-1); |
| 154 | } |
| 155 | if (proc.p_oppid) |
| 156 | eproc.e_ppid = proc.p_oppid; |
| 157 | else if (proc.p_pptr) { |
| 158 | if (KREAD(kd, (u_long)proc.p_pptr, &pproc)) { |
| 159 | _kvm_err(kd, kd->program, "can't read pproc at %x", |
| 160 | proc.p_pptr); |
| 161 | return (-1); |
| 162 | } |
| 163 | eproc.e_ppid = pproc.p_pid; |
| 164 | } else |
| 165 | eproc.e_ppid = 0; |
| 166 | eproc.e_sess = pgrp.pg_session; |
| 167 | eproc.e_pgid = pgrp.pg_id; |
| 168 | eproc.e_jobc = pgrp.pg_jobc; |
| 169 | if (KREAD(kd, (u_long)pgrp.pg_session, &sess)) { |
| 170 | _kvm_err(kd, kd->program, "can't read session at %x", |
| 171 | pgrp.pg_session); |
| 172 | return (-1); |
| 173 | } |
| 174 | (void)memcpy(eproc.e_login, sess.s_login, |
| 175 | sizeof(eproc.e_login)); |
| 176 | if ((proc.p_flag & P_CONTROLT) && sess.s_ttyp != NULL) { |
| 177 | if (KREAD(kd, (u_long)sess.s_ttyp, &tty)) { |
| 178 | _kvm_err(kd, kd->program, |
| 179 | "can't read tty at %x", sess.s_ttyp); |
| 180 | return (-1); |
| 181 | } |
| 182 | eproc.e_tdev = tty.t_dev; |
| 183 | eproc.e_tsess = tty.t_session; |
| 184 | if (tty.t_pgrp != NULL) { |
| 185 | if (KREAD(kd, (u_long)tty.t_pgrp, &pgrp)) { |
| 186 | _kvm_err(kd, kd->program, |
| 187 | "can't read tpgrp at %x", |
| 188 | tty.t_pgrp); |
| 189 | return (-1); |
| 190 | } |
| 191 | eproc.e_tpgid = pgrp.pg_id; |
| 192 | } else |
| 193 | eproc.e_tpgid = -1; |
| 194 | } else |
| 195 | eproc.e_tdev = NODEV; |
| 196 | eproc.e_flag = sess.s_ttyvp ? EPROC_CTTY : 0; |
| 197 | if (sess.s_leader == p) |
| 198 | eproc.e_flag |= EPROC_SLEADER; |
| 199 | if (thread.td_wmesg) |
| 200 | (void)kvm_read(kd, (u_long)thread.td_wmesg, |
| 201 | eproc.e_wmesg, WMESGLEN); |
| 202 | |
| 203 | #ifdef sparc |
| 204 | (void)kvm_read(kd, (u_long)&proc.p_vmspace->vm_rssize, |
| 205 | (char *)&eproc.e_vm.vm_rssize, |
| 206 | sizeof(eproc.e_vm.vm_rssize)); |
| 207 | (void)kvm_read(kd, (u_long)&proc.p_vmspace->vm_tsize, |
| 208 | (char *)&eproc.e_vm.vm_tsize, |
| 209 | 3 * sizeof(eproc.e_vm.vm_rssize)); /* XXX */ |
| 210 | #else |
| 211 | (void)kvm_read(kd, (u_long)proc.p_vmspace, |
| 212 | (char *)&eproc.e_vm, sizeof(eproc.e_vm)); |
| 213 | #endif |
| 214 | eproc.e_xsize = eproc.e_xrssize = 0; |
| 215 | eproc.e_xccount = eproc.e_xswrss = 0; |
| 216 | |
| 217 | switch (what) { |
| 218 | |
| 219 | case KERN_PROC_PGRP: |
| 220 | if (eproc.e_pgid != (pid_t)arg) |
| 221 | continue; |
| 222 | break; |
| 223 | |
| 224 | case KERN_PROC_TTY: |
| 225 | if ((proc.p_flag & P_CONTROLT) == 0 || |
| 226 | eproc.e_tdev != (dev_t)arg) |
| 227 | continue; |
| 228 | break; |
| 229 | } |
| 230 | bcopy(&proc, &bp->kp_proc, sizeof(proc)); |
| 231 | bcopy(&eproc, &bp->kp_eproc, sizeof(eproc)); |
| 232 | ++bp; |
| 233 | ++cnt; |
| 234 | } |
| 235 | return (cnt); |
| 236 | } |
| 237 | |
| 238 | /* |
| 239 | * Build proc info array by reading in proc list from a crash dump. |
| 240 | * Return number of procs read. maxcnt is the max we will read. |
| 241 | */ |
| 242 | static int |
| 243 | kvm_deadprocs(kvm_t *kd, int what, int arg, u_long a_allproc, |
| 244 | u_long a_zombproc, int maxcnt) |
| 245 | { |
| 246 | struct kinfo_proc *bp = kd->procbase; |
| 247 | int acnt, zcnt; |
| 248 | struct proc *p; |
| 249 | |
| 250 | if (KREAD(kd, a_allproc, &p)) { |
| 251 | _kvm_err(kd, kd->program, "cannot read allproc"); |
| 252 | return (-1); |
| 253 | } |
| 254 | acnt = kvm_proclist(kd, what, arg, p, bp, maxcnt); |
| 255 | if (acnt < 0) |
| 256 | return (acnt); |
| 257 | |
| 258 | if (KREAD(kd, a_zombproc, &p)) { |
| 259 | _kvm_err(kd, kd->program, "cannot read zombproc"); |
| 260 | return (-1); |
| 261 | } |
| 262 | zcnt = kvm_proclist(kd, what, arg, p, bp + acnt, maxcnt - acnt); |
| 263 | if (zcnt < 0) |
| 264 | zcnt = 0; |
| 265 | |
| 266 | return (acnt + zcnt); |
| 267 | } |
| 268 | |
| 269 | struct kinfo_proc * |
| 270 | kvm_getprocs(kvm_t *kd, int op, int arg, int *cnt) |
| 271 | { |
| 272 | int mib[4], st, nprocs; |
| 273 | size_t size; |
| 274 | |
| 275 | if (kd->procbase != 0) { |
| 276 | free((void *)kd->procbase); |
| 277 | /* |
| 278 | * Clear this pointer in case this call fails. Otherwise, |
| 279 | * kvm_close() will free it again. |
| 280 | */ |
| 281 | kd->procbase = 0; |
| 282 | } |
| 283 | if (ISALIVE(kd)) { |
| 284 | size = 0; |
| 285 | mib[0] = CTL_KERN; |
| 286 | mib[1] = KERN_PROC; |
| 287 | mib[2] = op; |
| 288 | mib[3] = arg; |
| 289 | st = sysctl(mib, op == KERN_PROC_ALL ? 3 : 4, NULL, &size, NULL, 0); |
| 290 | if (st == -1) { |
| 291 | _kvm_syserr(kd, kd->program, "kvm_getprocs"); |
| 292 | return (0); |
| 293 | } |
| 294 | do { |
| 295 | size += size / 10; |
| 296 | kd->procbase = (struct kinfo_proc *) |
| 297 | _kvm_realloc(kd, kd->procbase, size); |
| 298 | if (kd->procbase == 0) |
| 299 | return (0); |
| 300 | st = sysctl(mib, op == KERN_PROC_ALL ? 3 : 4, |
| 301 | kd->procbase, &size, NULL, 0); |
| 302 | } while (st == -1 && errno == ENOMEM); |
| 303 | if (st == -1) { |
| 304 | _kvm_syserr(kd, kd->program, "kvm_getprocs"); |
| 305 | return (0); |
| 306 | } |
| 307 | if (size % sizeof(struct kinfo_proc) != 0) { |
| 308 | _kvm_err(kd, kd->program, |
| 309 | "proc size mismatch (%d total, %d chunks)", |
| 310 | size, sizeof(struct kinfo_proc)); |
| 311 | return (0); |
| 312 | } |
| 313 | nprocs = size / sizeof(struct kinfo_proc); |
| 314 | } else { |
| 315 | struct nlist nl[4], *p; |
| 316 | |
| 317 | nl[0].n_name = "_nprocs"; |
| 318 | nl[1].n_name = "_allproc"; |
| 319 | nl[2].n_name = "_zombproc"; |
| 320 | nl[3].n_name = 0; |
| 321 | |
| 322 | if (kvm_nlist(kd, nl) != 0) { |
| 323 | for (p = nl; p->n_type != 0; ++p) |
| 324 | ; |
| 325 | _kvm_err(kd, kd->program, |
| 326 | "%s: no such symbol", p->n_name); |
| 327 | return (0); |
| 328 | } |
| 329 | if (KREAD(kd, nl[0].n_value, &nprocs)) { |
| 330 | _kvm_err(kd, kd->program, "can't read nprocs"); |
| 331 | return (0); |
| 332 | } |
| 333 | size = nprocs * sizeof(struct kinfo_proc); |
| 334 | kd->procbase = (struct kinfo_proc *)_kvm_malloc(kd, size); |
| 335 | if (kd->procbase == 0) |
| 336 | return (0); |
| 337 | |
| 338 | nprocs = kvm_deadprocs(kd, op, arg, nl[1].n_value, |
| 339 | nl[2].n_value, nprocs); |
| 340 | #ifdef notdef |
| 341 | size = nprocs * sizeof(struct kinfo_proc); |
| 342 | (void)realloc(kd->procbase, size); |
| 343 | #endif |
| 344 | } |
| 345 | *cnt = nprocs; |
| 346 | return (kd->procbase); |
| 347 | } |
| 348 | |
| 349 | void |
| 350 | _kvm_freeprocs(kvm_t *kd) |
| 351 | { |
| 352 | if (kd->procbase) { |
| 353 | free(kd->procbase); |
| 354 | kd->procbase = 0; |
| 355 | } |
| 356 | } |
| 357 | |
| 358 | void * |
| 359 | _kvm_realloc(kvm_t *kd, void *p, size_t n) |
| 360 | { |
| 361 | void *np = (void *)realloc(p, n); |
| 362 | |
| 363 | if (np == 0) { |
| 364 | free(p); |
| 365 | _kvm_err(kd, kd->program, "out of memory"); |
| 366 | } |
| 367 | return (np); |
| 368 | } |
| 369 | |
| 370 | #ifndef MAX |
| 371 | #define MAX(a, b) ((a) > (b) ? (a) : (b)) |
| 372 | #endif |
| 373 | |
| 374 | /* |
| 375 | * Read in an argument vector from the user address space of process p. |
| 376 | * addr if the user-space base address of narg null-terminated contiguous |
| 377 | * strings. This is used to read in both the command arguments and |
| 378 | * environment strings. Read at most maxcnt characters of strings. |
| 379 | */ |
| 380 | static char ** |
| 381 | kvm_argv(kvm_t *kd, const struct proc *p, u_long addr, int narg, int maxcnt) |
| 382 | { |
| 383 | char *np, *cp, *ep, *ap; |
| 384 | u_long oaddr = -1; |
| 385 | int len, cc; |
| 386 | char **argv; |
| 387 | |
| 388 | /* |
| 389 | * Check that there aren't an unreasonable number of agruments, |
| 390 | * and that the address is in user space. |
| 391 | */ |
| 392 | if (narg > 512 || addr < VM_MIN_ADDRESS || addr >= VM_MAXUSER_ADDRESS) |
| 393 | return (0); |
| 394 | |
| 395 | /* |
| 396 | * kd->argv : work space for fetching the strings from the target |
| 397 | * process's space, and is converted for returning to caller |
| 398 | */ |
| 399 | if (kd->argv == 0) { |
| 400 | /* |
| 401 | * Try to avoid reallocs. |
| 402 | */ |
| 403 | kd->argc = MAX(narg + 1, 32); |
| 404 | kd->argv = (char **)_kvm_malloc(kd, kd->argc * |
| 405 | sizeof(*kd->argv)); |
| 406 | if (kd->argv == 0) |
| 407 | return (0); |
| 408 | } else if (narg + 1 > kd->argc) { |
| 409 | kd->argc = MAX(2 * kd->argc, narg + 1); |
| 410 | kd->argv = (char **)_kvm_realloc(kd, kd->argv, kd->argc * |
| 411 | sizeof(*kd->argv)); |
| 412 | if (kd->argv == 0) |
| 413 | return (0); |
| 414 | } |
| 415 | /* |
| 416 | * kd->argspc : returned to user, this is where the kd->argv |
| 417 | * arrays are left pointing to the collected strings. |
| 418 | */ |
| 419 | if (kd->argspc == 0) { |
| 420 | kd->argspc = (char *)_kvm_malloc(kd, PAGE_SIZE); |
| 421 | if (kd->argspc == 0) |
| 422 | return (0); |
| 423 | kd->arglen = PAGE_SIZE; |
| 424 | } |
| 425 | /* |
| 426 | * kd->argbuf : used to pull in pages from the target process. |
| 427 | * the strings are copied out of here. |
| 428 | */ |
| 429 | if (kd->argbuf == 0) { |
| 430 | kd->argbuf = (char *)_kvm_malloc(kd, PAGE_SIZE); |
| 431 | if (kd->argbuf == 0) |
| 432 | return (0); |
| 433 | } |
| 434 | |
| 435 | /* Pull in the target process'es argv vector */ |
| 436 | cc = sizeof(char *) * narg; |
| 437 | if (kvm_uread(kd, p, addr, (char *)kd->argv, cc) != cc) |
| 438 | return (0); |
| 439 | /* |
| 440 | * ap : saved start address of string we're working on in kd->argspc |
| 441 | * np : pointer to next place to write in kd->argspc |
| 442 | * len: length of data in kd->argspc |
| 443 | * argv: pointer to the argv vector that we are hunting around the |
| 444 | * target process space for, and converting to addresses in |
| 445 | * our address space (kd->argspc). |
| 446 | */ |
| 447 | ap = np = kd->argspc; |
| 448 | argv = kd->argv; |
| 449 | len = 0; |
| 450 | /* |
| 451 | * Loop over pages, filling in the argument vector. |
| 452 | * Note that the argv strings could be pointing *anywhere* in |
| 453 | * the user address space and are no longer contiguous. |
| 454 | * Note that *argv is modified when we are going to fetch a string |
| 455 | * that crosses a page boundary. We copy the next part of the string |
| 456 | * into to "np" and eventually convert the pointer. |
| 457 | */ |
| 458 | while (argv < kd->argv + narg && *argv != 0) { |
| 459 | |
| 460 | /* get the address that the current argv string is on */ |
| 461 | addr = (u_long)*argv & ~(PAGE_SIZE - 1); |
| 462 | |
| 463 | /* is it the same page as the last one? */ |
| 464 | if (addr != oaddr) { |
| 465 | if (kvm_uread(kd, p, addr, kd->argbuf, PAGE_SIZE) != |
| 466 | PAGE_SIZE) |
| 467 | return (0); |
| 468 | oaddr = addr; |
| 469 | } |
| 470 | |
| 471 | /* offset within the page... kd->argbuf */ |
| 472 | addr = (u_long)*argv & (PAGE_SIZE - 1); |
| 473 | |
| 474 | /* cp = start of string, cc = count of chars in this chunk */ |
| 475 | cp = kd->argbuf + addr; |
| 476 | cc = PAGE_SIZE - addr; |
| 477 | |
| 478 | /* dont get more than asked for by user process */ |
| 479 | if (maxcnt > 0 && cc > maxcnt - len) |
| 480 | cc = maxcnt - len; |
| 481 | |
| 482 | /* pointer to end of string if we found it in this page */ |
| 483 | ep = memchr(cp, '\0', cc); |
| 484 | if (ep != 0) |
| 485 | cc = ep - cp + 1; |
| 486 | /* |
| 487 | * at this point, cc is the count of the chars that we are |
| 488 | * going to retrieve this time. we may or may not have found |
| 489 | * the end of it. (ep points to the null if the end is known) |
| 490 | */ |
| 491 | |
| 492 | /* will we exceed the malloc/realloced buffer? */ |
| 493 | if (len + cc > kd->arglen) { |
| 494 | int off; |
| 495 | char **pp; |
| 496 | char *op = kd->argspc; |
| 497 | |
| 498 | kd->arglen *= 2; |
| 499 | kd->argspc = (char *)_kvm_realloc(kd, kd->argspc, |
| 500 | kd->arglen); |
| 501 | if (kd->argspc == 0) |
| 502 | return (0); |
| 503 | /* |
| 504 | * Adjust argv pointers in case realloc moved |
| 505 | * the string space. |
| 506 | */ |
| 507 | off = kd->argspc - op; |
| 508 | for (pp = kd->argv; pp < argv; pp++) |
| 509 | *pp += off; |
| 510 | ap += off; |
| 511 | np += off; |
| 512 | } |
| 513 | /* np = where to put the next part of the string in kd->argspc*/ |
| 514 | /* np is kinda redundant.. could use "kd->argspc + len" */ |
| 515 | memcpy(np, cp, cc); |
| 516 | np += cc; /* inc counters */ |
| 517 | len += cc; |
| 518 | |
| 519 | /* |
| 520 | * if end of string found, set the *argv pointer to the |
| 521 | * saved beginning of string, and advance. argv points to |
| 522 | * somewhere in kd->argv.. This is initially relative |
| 523 | * to the target process, but when we close it off, we set |
| 524 | * it to point in our address space. |
| 525 | */ |
| 526 | if (ep != 0) { |
| 527 | *argv++ = ap; |
| 528 | ap = np; |
| 529 | } else { |
| 530 | /* update the address relative to the target process */ |
| 531 | *argv += cc; |
| 532 | } |
| 533 | |
| 534 | if (maxcnt > 0 && len >= maxcnt) { |
| 535 | /* |
| 536 | * We're stopping prematurely. Terminate the |
| 537 | * current string. |
| 538 | */ |
| 539 | if (ep == 0) { |
| 540 | *np = '\0'; |
| 541 | *argv++ = ap; |
| 542 | } |
| 543 | break; |
| 544 | } |
| 545 | } |
| 546 | /* Make sure argv is terminated. */ |
| 547 | *argv = 0; |
| 548 | return (kd->argv); |
| 549 | } |
| 550 | |
| 551 | static void |
| 552 | ps_str_a(struct ps_strings *p, u_long *addr, int *n) |
| 553 | { |
| 554 | *addr = (u_long)p->ps_argvstr; |
| 555 | *n = p->ps_nargvstr; |
| 556 | } |
| 557 | |
| 558 | static void |
| 559 | ps_str_e(struct ps_strings *p, u_long *addr, int *n) |
| 560 | { |
| 561 | *addr = (u_long)p->ps_envstr; |
| 562 | *n = p->ps_nenvstr; |
| 563 | } |
| 564 | |
| 565 | /* |
| 566 | * Determine if the proc indicated by p is still active. |
| 567 | * This test is not 100% foolproof in theory, but chances of |
| 568 | * being wrong are very low. |
| 569 | */ |
| 570 | static int |
| 571 | proc_verify(kvm_t *kd, u_long kernp, const struct proc *p) |
| 572 | { |
| 573 | struct kinfo_proc kp; |
| 574 | int mib[4]; |
| 575 | size_t len; |
| 576 | |
| 577 | mib[0] = CTL_KERN; |
| 578 | mib[1] = KERN_PROC; |
| 579 | mib[2] = KERN_PROC_PID; |
| 580 | mib[3] = p->p_pid; |
| 581 | len = sizeof(kp); |
| 582 | if (sysctl(mib, 4, &kp, &len, NULL, 0) == -1) |
| 583 | return (0); |
| 584 | return (p->p_pid == kp.kp_proc.p_pid && |
| 585 | (kp.kp_proc.p_stat != SZOMB || p->p_stat == SZOMB)); |
| 586 | } |
| 587 | |
| 588 | static char ** |
| 589 | kvm_doargv(kvm_t *kd, const struct kinfo_proc *kp, int nchr, |
| 590 | void (*info)(struct ps_strings *, u_long *, int *)) |
| 591 | { |
| 592 | const struct proc *p = &kp->kp_proc; |
| 593 | char **ap; |
| 594 | u_long addr; |
| 595 | int cnt; |
| 596 | static struct ps_strings arginfo; |
| 597 | static u_long ps_strings; |
| 598 | size_t len; |
| 599 | |
| 600 | if (ps_strings == NULL) { |
| 601 | len = sizeof(ps_strings); |
| 602 | if (sysctlbyname("kern.ps_strings", &ps_strings, &len, NULL, |
| 603 | 0) == -1) |
| 604 | ps_strings = PS_STRINGS; |
| 605 | } |
| 606 | |
| 607 | /* |
| 608 | * Pointers are stored at the top of the user stack. |
| 609 | */ |
| 610 | if (p->p_stat == SZOMB || |
| 611 | kvm_uread(kd, p, ps_strings, (char *)&arginfo, |
| 612 | sizeof(arginfo)) != sizeof(arginfo)) |
| 613 | return (0); |
| 614 | |
| 615 | (*info)(&arginfo, &addr, &cnt); |
| 616 | if (cnt == 0) |
| 617 | return (0); |
| 618 | ap = kvm_argv(kd, p, addr, cnt, nchr); |
| 619 | /* |
| 620 | * For live kernels, make sure this process didn't go away. |
| 621 | */ |
| 622 | if (ap != 0 && ISALIVE(kd) && |
| 623 | !proc_verify(kd, (u_long)kp->kp_eproc.e_paddr, p)) |
| 624 | ap = 0; |
| 625 | return (ap); |
| 626 | } |
| 627 | |
| 628 | /* |
| 629 | * Get the command args. This code is now machine independent. |
| 630 | */ |
| 631 | char ** |
| 632 | kvm_getargv(kvm_t *kd, const struct kinfo_proc *kp, int nchr) |
| 633 | { |
| 634 | int oid[4]; |
| 635 | int i; |
| 636 | size_t bufsz; |
| 637 | static unsigned long buflen; |
| 638 | static char *buf, *p; |
| 639 | static char **bufp; |
| 640 | static int argc; |
| 641 | |
| 642 | if (!ISALIVE(kd)) { |
| 643 | _kvm_err(kd, kd->program, |
| 644 | "cannot read user space from dead kernel"); |
| 645 | return (0); |
| 646 | } |
| 647 | |
| 648 | if (!buflen) { |
| 649 | bufsz = sizeof(buflen); |
| 650 | i = sysctlbyname("kern.ps_arg_cache_limit", |
| 651 | &buflen, &bufsz, NULL, 0); |
| 652 | if (i == -1) { |
| 653 | buflen = 0; |
| 654 | } else { |
| 655 | buf = malloc(buflen); |
| 656 | if (buf == NULL) |
| 657 | buflen = 0; |
| 658 | argc = 32; |
| 659 | bufp = malloc(sizeof(char *) * argc); |
| 660 | } |
| 661 | } |
| 662 | if (buf != NULL) { |
| 663 | oid[0] = CTL_KERN; |
| 664 | oid[1] = KERN_PROC; |
| 665 | oid[2] = KERN_PROC_ARGS; |
| 666 | oid[3] = kp->kp_proc.p_pid; |
| 667 | bufsz = buflen; |
| 668 | i = sysctl(oid, 4, buf, &bufsz, 0, 0); |
| 669 | if (i == 0 && bufsz > 0) { |
| 670 | i = 0; |
| 671 | p = buf; |
| 672 | do { |
| 673 | bufp[i++] = p; |
| 674 | p += strlen(p) + 1; |
| 675 | if (i >= argc) { |
| 676 | argc += argc; |
| 677 | bufp = realloc(bufp, |
| 678 | sizeof(char *) * argc); |
| 679 | } |
| 680 | } while (p < buf + bufsz); |
| 681 | bufp[i++] = 0; |
| 682 | return (bufp); |
| 683 | } |
| 684 | } |
| 685 | if (kp->kp_proc.p_flag & P_SYSTEM) |
| 686 | return (NULL); |
| 687 | return (kvm_doargv(kd, kp, nchr, ps_str_a)); |
| 688 | } |
| 689 | |
| 690 | char ** |
| 691 | kvm_getenvv(kvm_t *kd, const struct kinfo_proc *kp, int nchr) |
| 692 | { |
| 693 | return (kvm_doargv(kd, kp, nchr, ps_str_e)); |
| 694 | } |
| 695 | |
| 696 | /* |
| 697 | * Read from user space. The user context is given by p. |
| 698 | */ |
| 699 | ssize_t |
| 700 | kvm_uread(kvm_t *kd, const struct proc *p, u_long uva, char *buf, size_t len) |
| 701 | { |
| 702 | char *cp; |
| 703 | char procfile[MAXPATHLEN]; |
| 704 | ssize_t amount; |
| 705 | int fd; |
| 706 | |
| 707 | if (!ISALIVE(kd)) { |
| 708 | _kvm_err(kd, kd->program, |
| 709 | "cannot read user space from dead kernel"); |
| 710 | return (0); |
| 711 | } |
| 712 | |
| 713 | sprintf(procfile, "/proc/%d/mem", p->p_pid); |
| 714 | fd = open(procfile, O_RDONLY, 0); |
| 715 | if (fd < 0) { |
| 716 | _kvm_err(kd, kd->program, "cannot open %s", procfile); |
| 717 | close(fd); |
| 718 | return (0); |
| 719 | } |
| 720 | |
| 721 | cp = buf; |
| 722 | while (len > 0) { |
| 723 | errno = 0; |
| 724 | if (lseek(fd, (off_t)uva, 0) == -1 && errno != 0) { |
| 725 | _kvm_err(kd, kd->program, "invalid address (%x) in %s", |
| 726 | uva, procfile); |
| 727 | break; |
| 728 | } |
| 729 | amount = read(fd, cp, len); |
| 730 | if (amount < 0) { |
| 731 | _kvm_syserr(kd, kd->program, "error reading %s", |
| 732 | procfile); |
| 733 | break; |
| 734 | } |
| 735 | if (amount == 0) { |
| 736 | _kvm_err(kd, kd->program, "EOF reading %s", procfile); |
| 737 | break; |
| 738 | } |
| 739 | cp += amount; |
| 740 | uva += amount; |
| 741 | len -= amount; |
| 742 | } |
| 743 | |
| 744 | close(fd); |
| 745 | return ((ssize_t)(cp - buf)); |
| 746 | } |