2 * Copyright (c) 1989, 1992, 1993
3 * The Regents of the University of California. All rights reserved.
5 * This code is derived from software developed by the Computer Systems
6 * Engineering group at Lawrence Berkeley Laboratory under DARPA contract
7 * BG 91-66 and contributed to Berkeley.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * $FreeBSD: src/lib/libkvm/kvm_proc.c,v 1.25.2.3 2002/08/24 07:27:46 kris Exp $
35 * @(#)kvm_proc.c 8.3 (Berkeley) 9/23/93
39 * Proc traversal interface for kvm. ps and w are (probably) the exclusive
40 * users of this code, so we've factored it out into a separate module.
41 * Thus, we keep this grunge out of the other kvm applications (i.e.,
42 * most other applications are interested only in open/close/read/nlist).
45 #include <sys/user.h> /* MUST BE FIRST */
47 #include <sys/param.h>
51 #include <sys/globaldata.h>
52 #include <sys/ioctl.h>
64 #include <vm/vm_param.h>
65 #include <vm/swap_pager.h>
67 #include <sys/sysctl.h>
73 #include "kvm_private.h"
77 kvm_readswap(kvm_t *kd, const struct proc *p, u_long va, u_long *cnt)
79 #if defined(__FreeBSD__) || defined(__DragonFly__)
80 /* XXX Stubbed out, our vm system is differnet */
81 _kvm_err(kd, kd->program, "kvm_readswap not implemented");
87 #define KREAD(kd, addr, obj) \
88 (kvm_read(kd, addr, (char *)(obj), sizeof(*obj)) != sizeof(*obj))
89 #define KREADSTR(kd, addr) \
90 kvm_readstr(kd, (u_long)addr, NULL, NULL)
92 static struct kinfo_proc *
93 kinfo_resize_proc(kvm_t *kd, struct kinfo_proc *bp)
98 size_t pos = bp - kd->procend;
99 size_t size = kd->procend - kd->procbase;
105 kd->procbase = _kvm_realloc(kd, kd->procbase, sizeof(*bp) * size);
106 if (kd->procbase == NULL)
108 kd->procend = kd->procbase + size;
109 bp = kd->procbase + pos;
114 * note: this function is also used by /usr/src/sys/kern/kern_kinfo.c as
115 * compiled by userland.
122 if ((dev->si_umajor & 0xffffff00) ||
123 (dev->si_uminor & 0x0000ff00)) {
126 return((dev->si_umajor << 8) | dev->si_uminor);
130 * Helper routine which traverses the left hand side of a red-black sub-tree.
133 kvm_lwptraverse(kvm_t *kd, struct lwp *lwp, uintptr_t lwppos)
136 if (KREAD(kd, lwppos, lwp)) {
137 _kvm_err(kd, kd->program, "can't read lwp at %p",
139 return ((uintptr_t)-1);
141 if (lwp->u.lwp_rbnode.rbe_left == NULL)
143 lwppos = (uintptr_t)lwp->u.lwp_rbnode.rbe_left;
149 * Iterate LWPs in a process.
151 * The first lwp in a red-black tree is a left-side traversal of the tree.
154 kvm_firstlwp(kvm_t *kd, struct lwp *lwp, struct proc *proc)
156 return(kvm_lwptraverse(kd, lwp, (uintptr_t)proc->p_lwp_tree.rbh_root));
160 * If the current element is the left side of the parent the next element
161 * will be a left side traversal of the parent's right side. If the parent
162 * has no right side the next element will be the parent.
164 * If the current element is the right side of the parent the next element
167 * If the parent is NULL we are done.
170 kvm_nextlwp(kvm_t *kd, uintptr_t lwppos, struct lwp *lwp, struct proc *proc)
174 nextpos = (uintptr_t)lwp->u.lwp_rbnode.rbe_parent;
176 if (KREAD(kd, nextpos, lwp)) {
177 _kvm_err(kd, kd->program, "can't read lwp at %p",
179 return ((uintptr_t)-1);
181 if (lwppos == (uintptr_t)lwp->u.lwp_rbnode.rbe_left) {
183 * If we had gone down the left side the next element
184 * is a left hand traversal of the parent's right
185 * side, or the parent itself if there is no right
188 lwppos = (uintptr_t)lwp->u.lwp_rbnode.rbe_right;
190 nextpos = kvm_lwptraverse(kd, lwp, lwppos);
193 * If we had gone down the right side the next
194 * element is the parent.
196 /* nextpos = nextpos */
203 * Read proc's from memory file into buffer bp, which has space to hold
204 * at most maxcnt procs.
207 kvm_proclist(kvm_t *kd, int what, int arg, struct proc *p,
208 struct kinfo_proc *bp)
212 struct globaldata gdata;
214 struct session tsess;
218 struct thread thread;
221 struct vmspace vmspace;
222 struct prison prison;
223 struct sigacts sigacts;
231 for (; p != NULL; p = proc.p_list.le_next) {
232 if (KREAD(kd, (u_long)p, &proc)) {
233 _kvm_err(kd, kd->program, "can't read proc at %p", p);
236 if (KREAD(kd, (u_long)proc.p_ucred, &ucred)) {
237 _kvm_err(kd, kd->program, "can't read ucred at %p",
241 proc.p_ucred = &ucred;
243 switch(what & ~KERN_PROC_FLAGMASK) {
246 if (proc.p_pid != (pid_t)arg)
251 if (ucred.cr_uid != (uid_t)arg)
256 if (ucred.cr_ruid != (uid_t)arg)
261 if (KREAD(kd, (u_long)proc.p_pgrp, &pgrp)) {
262 _kvm_err(kd, kd->program, "can't read pgrp at %p",
268 if (KREAD(kd, (u_long)proc.p_pptr, &pproc)) {
269 _kvm_err(kd, kd->program, "can't read pproc at %p",
273 proc.p_pptr = &pproc;
276 if (proc.p_sigacts) {
277 if (KREAD(kd, (u_long)proc.p_sigacts, &sigacts)) {
278 _kvm_err(kd, kd->program,
279 "can't read sigacts at %p",
283 proc.p_sigacts = &sigacts;
286 if (KREAD(kd, (u_long)pgrp.pg_session, &sess)) {
287 _kvm_err(kd, kd->program, "can't read session at %p",
291 pgrp.pg_session = &sess;
293 if ((proc.p_flags & P_CONTROLT) && sess.s_ttyp != NULL) {
294 if (KREAD(kd, (u_long)sess.s_ttyp, &tty)) {
295 _kvm_err(kd, kd->program,
296 "can't read tty at %p", sess.s_ttyp);
300 if (tty.t_dev != NULL) {
301 if (KREAD(kd, (u_long)tty.t_dev, &cdev))
306 if (tty.t_pgrp != NULL) {
307 if (KREAD(kd, (u_long)tty.t_pgrp, &tpgrp)) {
308 _kvm_err(kd, kd->program,
309 "can't read tpgrp at %p",
315 if (tty.t_session != NULL) {
316 if (KREAD(kd, (u_long)tty.t_session, &tsess)) {
317 _kvm_err(kd, kd->program,
318 "can't read tsess at %p",
322 tty.t_session = &tsess;
326 if (KREAD(kd, (u_long)proc.p_vmspace, &vmspace)) {
327 _kvm_err(kd, kd->program, "can't read vmspace at %p",
331 proc.p_vmspace = &vmspace;
333 if (ucred.cr_prison != NULL) {
334 if (KREAD(kd, (u_long)ucred.cr_prison, &prison)) {
335 _kvm_err(kd, kd->program, "can't read prison at %p",
339 ucred.cr_prison = &prison;
342 switch (what & ~KERN_PROC_FLAGMASK) {
345 if (proc.p_pgrp->pg_id != (pid_t)arg)
350 if ((proc.p_flags & P_CONTROLT) == 0 ||
351 dev2udev(proc.p_pgrp->pg_session->s_ttyp->t_dev)
357 if ((bp = kinfo_resize_proc(kd, bp)) == NULL)
359 fill_kinfo_proc(&proc, bp);
360 bp->kp_paddr = (uintptr_t)p;
362 lwppos = kvm_firstlwp(kd, &lwp, &proc);
364 bp++; /* Just export the proc then */
367 while (lwppos && lwppos != (uintptr_t)-1) {
368 if (p != lwp.lwp_proc) {
369 _kvm_err(kd, kd->program, "lwp has wrong parent");
372 lwp.lwp_proc = &proc;
373 if (KREAD(kd, (u_long)lwp.lwp_thread, &thread)) {
374 _kvm_err(kd, kd->program, "can't read thread at %p",
378 lwp.lwp_thread = &thread;
381 if (KREAD(kd, (u_long)thread.td_gd, &gdata)) {
382 _kvm_err(kd, kd->program, "can't read"
387 thread.td_gd = &gdata;
389 if (thread.td_wmesg) {
390 wmesg = (void *)KREADSTR(kd, thread.td_wmesg);
392 _kvm_err(kd, kd->program, "can't read"
397 thread.td_wmesg = wmesg;
402 if ((bp = kinfo_resize_proc(kd, bp)) == NULL)
404 fill_kinfo_proc(&proc, bp);
405 fill_kinfo_lwp(&lwp, &bp->kp_lwp);
406 bp->kp_paddr = (uintptr_t)p;
411 if ((what & KERN_PROC_FLAG_LWP) == 0)
413 lwppos = kvm_nextlwp(kd, lwppos, &lwp, &proc);
415 if (lwppos == (uintptr_t)-1)
422 * Build proc info array by reading in proc list from a crash dump.
423 * We reallocate kd->procbase as necessary.
426 kvm_deadprocs(kvm_t *kd, int what, int arg, u_long a_procglob,
429 struct kinfo_proc *bp;
431 struct proclist **pl;
440 * Dynamically allocate space for all the elements of the
441 * allprocs array and KREAD() them.
443 pl = _kvm_malloc(kd, allproc_hsize * sizeof(struct proclist *));
444 for (n = 0; n < allproc_hsize; n++) {
445 pl[n] = _kvm_malloc(kd, sizeof(struct proclist));
446 a_allproc = sizeof(struct procglob) * n +
447 offsetof(struct procglob, allproc);
449 if (KREAD(kd, (u_long)nextoff, pl[n])) {
450 _kvm_err(kd, kd->program, "can't read proclist at 0x%lx",
455 /* Ignore empty proclists */
456 if (LIST_EMPTY(pl[n]))
459 bp = kd->procbase + cnt;
461 partcnt = kvm_proclist(kd, what, arg, p, bp);
475 kvm_getprocs(kvm_t *kd, int op, int arg, int *cnt)
477 int mib[4], st, nprocs, allproc_hsize;
478 int miblen = ((op & ~KERN_PROC_FLAGMASK) == KERN_PROC_ALL) ? 3 : 4;
481 if (kd->procbase != 0) {
482 free((void *)kd->procbase);
484 * Clear this pointer in case this call fails. Otherwise,
485 * kvm_close() will free it again.
489 if (kvm_ishost(kd)) {
495 st = sysctl(mib, miblen, NULL, &size, NULL, 0);
497 _kvm_syserr(kd, kd->program, "kvm_getprocs");
502 kd->procbase = (struct kinfo_proc *)
503 _kvm_realloc(kd, kd->procbase, size);
504 if (kd->procbase == 0)
506 st = sysctl(mib, miblen, kd->procbase, &size, NULL, 0);
507 } while (st == -1 && errno == ENOMEM);
509 _kvm_syserr(kd, kd->program, "kvm_getprocs");
512 if (size % sizeof(struct kinfo_proc) != 0) {
513 _kvm_err(kd, kd->program,
514 "proc size mismatch (%zd total, %zd chunks)",
515 size, sizeof(struct kinfo_proc));
518 nprocs = size / sizeof(struct kinfo_proc);
520 struct nlist nl[4], *p;
522 nl[0].n_name = "_nprocs";
523 nl[1].n_name = "_procglob";
524 nl[2].n_name = "_allproc_hsize";
527 if (kvm_nlist(kd, nl) != 0) {
528 for (p = nl; p->n_type != 0; ++p)
530 _kvm_err(kd, kd->program,
531 "%s: no such symbol", p->n_name);
534 if (KREAD(kd, nl[0].n_value, &nprocs)) {
535 _kvm_err(kd, kd->program, "can't read nprocs");
538 if (KREAD(kd, nl[2].n_value, &allproc_hsize)) {
539 _kvm_err(kd, kd->program, "can't read allproc_hsize");
542 nprocs = kvm_deadprocs(kd, op, arg, nl[1].n_value,
545 size = nprocs * sizeof(struct kinfo_proc);
546 (void)realloc(kd->procbase, size);
550 return (kd->procbase);
554 _kvm_freeprocs(kvm_t *kd)
563 _kvm_realloc(kvm_t *kd, void *p, size_t n)
565 void *np = (void *)realloc(p, n);
569 _kvm_err(kd, kd->program, "out of memory");
575 #define MAX(a, b) ((a) > (b) ? (a) : (b))
579 * Read in an argument vector from the user address space of process pid.
580 * addr if the user-space base address of narg null-terminated contiguous
581 * strings. This is used to read in both the command arguments and
582 * environment strings. Read at most maxcnt characters of strings.
585 kvm_argv(kvm_t *kd, pid_t pid, u_long addr, int narg, int maxcnt)
587 char *np, *cp, *ep, *ap;
593 * Check that there aren't an unreasonable number of agruments,
594 * and that the address is in user space.
597 addr < VM_MIN_USER_ADDRESS || addr >= VM_MAX_USER_ADDRESS) {
602 * kd->argv : work space for fetching the strings from the target
603 * process's space, and is converted for returning to caller
607 * Try to avoid reallocs.
609 kd->argc = MAX(narg + 1, 32);
610 kd->argv = (char **)_kvm_malloc(kd, kd->argc *
614 } else if (narg + 1 > kd->argc) {
615 kd->argc = MAX(2 * kd->argc, narg + 1);
616 kd->argv = (char **)_kvm_realloc(kd, kd->argv, kd->argc *
622 * kd->argspc : returned to user, this is where the kd->argv
623 * arrays are left pointing to the collected strings.
625 if (kd->argspc == 0) {
626 kd->argspc = (char *)_kvm_malloc(kd, PAGE_SIZE);
629 kd->arglen = PAGE_SIZE;
632 * kd->argbuf : used to pull in pages from the target process.
633 * the strings are copied out of here.
635 if (kd->argbuf == 0) {
636 kd->argbuf = (char *)_kvm_malloc(kd, PAGE_SIZE);
641 /* Pull in the target process'es argv vector */
642 cc = sizeof(char *) * narg;
643 if (kvm_uread(kd, pid, addr, (char *)kd->argv, cc) != cc)
646 * ap : saved start address of string we're working on in kd->argspc
647 * np : pointer to next place to write in kd->argspc
648 * len: length of data in kd->argspc
649 * argv: pointer to the argv vector that we are hunting around the
650 * target process space for, and converting to addresses in
651 * our address space (kd->argspc).
653 ap = np = kd->argspc;
657 * Loop over pages, filling in the argument vector.
658 * Note that the argv strings could be pointing *anywhere* in
659 * the user address space and are no longer contiguous.
660 * Note that *argv is modified when we are going to fetch a string
661 * that crosses a page boundary. We copy the next part of the string
662 * into to "np" and eventually convert the pointer.
664 while (argv < kd->argv + narg && *argv != NULL) {
666 /* get the address that the current argv string is on */
667 addr = (u_long)*argv & ~(PAGE_SIZE - 1);
669 /* is it the same page as the last one? */
671 if (kvm_uread(kd, pid, addr, kd->argbuf, PAGE_SIZE) !=
677 /* offset within the page... kd->argbuf */
678 addr = (u_long)*argv & (PAGE_SIZE - 1);
680 /* cp = start of string, cc = count of chars in this chunk */
681 cp = kd->argbuf + addr;
682 cc = PAGE_SIZE - addr;
684 /* dont get more than asked for by user process */
685 if (maxcnt > 0 && cc > maxcnt - len)
688 /* pointer to end of string if we found it in this page */
689 ep = memchr(cp, '\0', cc);
693 * at this point, cc is the count of the chars that we are
694 * going to retrieve this time. we may or may not have found
695 * the end of it. (ep points to the null if the end is known)
698 /* will we exceed the malloc/realloced buffer? */
699 if (len + cc > kd->arglen) {
702 char *op = kd->argspc;
705 kd->argspc = (char *)_kvm_realloc(kd, kd->argspc,
710 * Adjust argv pointers in case realloc moved
713 off = kd->argspc - op;
714 for (pp = kd->argv; pp < argv; pp++)
719 /* np = where to put the next part of the string in kd->argspc*/
720 /* np is kinda redundant.. could use "kd->argspc + len" */
722 np += cc; /* inc counters */
726 * if end of string found, set the *argv pointer to the
727 * saved beginning of string, and advance. argv points to
728 * somewhere in kd->argv.. This is initially relative
729 * to the target process, but when we close it off, we set
730 * it to point in our address space.
736 /* update the address relative to the target process */
740 if (maxcnt > 0 && len >= maxcnt) {
742 * We're stopping prematurely. Terminate the
752 /* Make sure argv is terminated. */
758 ps_str_a(struct ps_strings *p, u_long *addr, int *n)
760 *addr = (u_long)p->ps_argvstr;
765 ps_str_e(struct ps_strings *p, u_long *addr, int *n)
767 *addr = (u_long)p->ps_envstr;
772 * Determine if the proc indicated by p is still active.
773 * This test is not 100% foolproof in theory, but chances of
774 * being wrong are very low.
777 proc_verify(kvm_t *kd, const struct kinfo_proc *p)
779 struct kinfo_proc kp;
786 mib[2] = KERN_PROC_PID;
790 error = sysctl(mib, 4, &kp, &len, NULL, 0);
794 error = (p->kp_pid == kp.kp_pid &&
795 (kp.kp_stat != SZOMB || p->kp_stat == SZOMB));
800 kvm_doargv(kvm_t *kd, const struct kinfo_proc *kp, int nchr,
801 void (*info)(struct ps_strings *, u_long *, int *))
806 static struct ps_strings arginfo;
807 static u_long ps_strings;
810 if (ps_strings == 0) {
811 len = sizeof(ps_strings);
812 if (sysctlbyname("kern.ps_strings", &ps_strings, &len, NULL,
814 ps_strings = PS_STRINGS;
818 * Pointers are stored at the top of the user stack.
820 if (kp->kp_stat == SZOMB ||
821 kvm_uread(kd, kp->kp_pid, ps_strings, (char *)&arginfo,
822 sizeof(arginfo)) != sizeof(arginfo))
825 (*info)(&arginfo, &addr, &cnt);
828 ap = kvm_argv(kd, kp->kp_pid, addr, cnt, nchr);
830 * For live kernels, make sure this process didn't go away.
832 if (ap != NULL && (kvm_ishost(kd) || kvm_isvkernel(kd)) &&
833 !proc_verify(kd, kp))
839 * Get the command args. This code is now machine independent.
842 kvm_getargv(kvm_t *kd, const struct kinfo_proc *kp, int nchr)
847 static unsigned long buflen;
848 static char *buf, *p;
852 if (!kvm_ishost(kd)) { /* XXX: vkernels */
853 _kvm_err(kd, kd->program,
854 "cannot read user space from dead kernel");
859 bufsz = sizeof(buflen);
860 i = sysctlbyname("kern.ps_arg_cache_limit",
861 &buflen, &bufsz, NULL, 0);
865 buf = malloc(buflen);
869 bufp = malloc(sizeof(char *) * argc);
875 oid[2] = KERN_PROC_ARGS;
878 i = sysctl(oid, 4, buf, &bufsz, 0, 0);
879 if (i == 0 && bufsz > 0) {
888 sizeof(char *) * argc);
890 } while (p < buf + bufsz);
895 if (kp->kp_flags & P_SYSTEM)
897 return (kvm_doargv(kd, kp, nchr, ps_str_a));
901 kvm_getenvv(kvm_t *kd, const struct kinfo_proc *kp, int nchr)
903 return (kvm_doargv(kd, kp, nchr, ps_str_e));
907 * Read from user space. The user context is given by pid.
910 kvm_uread(kvm_t *kd, pid_t pid, u_long uva, char *buf, size_t len)
913 char procfile[MAXPATHLEN];
917 if (!kvm_ishost(kd)) { /* XXX: vkernels */
918 _kvm_err(kd, kd->program,
919 "cannot read user space from dead kernel");
923 sprintf(procfile, "/proc/%d/mem", pid);
924 fd = open(procfile, O_RDONLY, 0);
926 _kvm_err(kd, kd->program, "cannot open %s", procfile);
934 if (lseek(fd, (off_t)uva, 0) == -1 && errno != 0) {
935 _kvm_err(kd, kd->program, "invalid address (%lx) in %s",
939 amount = read(fd, cp, len);
941 _kvm_syserr(kd, kd->program, "error reading %s",
946 _kvm_err(kd, kd->program, "EOF reading %s", procfile);
955 return ((ssize_t)(cp - buf));