1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  *
  26  * Portions Copyright 2007 Chad Mynhier
  27  * Copyright 2012 DEY Storage Systems, Inc.  All rights reserved.
  28  * Copyright (c) 2013 by Delphix. All rights reserved.
  29  */
  30 
  31 #include <assert.h>
  32 #include <stdio.h>
  33 #include <stdlib.h>
  34 #include <unistd.h>
  35 #include <ctype.h>
  36 #include <fcntl.h>
  37 #include <string.h>
  38 #include <strings.h>
  39 #include <memory.h>
  40 #include <errno.h>
  41 #include <dirent.h>
  42 #include <limits.h>
  43 #include <signal.h>
  44 #include <atomic.h>
  45 #include <zone.h>
  46 #include <sys/types.h>
  47 #include <sys/uio.h>
  48 #include <sys/stat.h>
  49 #include <sys/resource.h>
  50 #include <sys/param.h>
  51 #include <sys/stack.h>
  52 #include <sys/fault.h>
  53 #include <sys/syscall.h>
  54 #include <sys/sysmacros.h>
  55 #include <sys/systeminfo.h>
  56 
  57 #include "libproc.h"
  58 #include "Pcontrol.h"
  59 #include "Putil.h"
  60 #include "P32ton.h"
  61 
  62 int     _libproc_debug;         /* set non-zero to enable debugging printfs */
  63 int     _libproc_no_qsort;      /* set non-zero to inhibit sorting */
  64                                 /* of symbol tables */
  65 int     _libproc_incore_elf;    /* only use in-core elf data */
  66 
  67 sigset_t blockable_sigs;        /* signals to block when we need to be safe */
  68 static  int     minfd;  /* minimum file descriptor returned by dupfd(fd, 0) */
  69 char    procfs_path[PATH_MAX] = "/proc";
  70 
  71 /*
  72  * Function prototypes for static routines in this module.
  73  */
  74 static  void    deadcheck(struct ps_prochandle *);
  75 static  void    restore_tracing_flags(struct ps_prochandle *);
  76 static  void    Lfree_internal(struct ps_prochandle *, struct ps_lwphandle *);
  77 static  prheader_t *read_lfile(struct ps_prochandle *, const char *);
  78 
  79 /*
  80  * Ops vector functions for live processes.
  81  */
  82 
  83 /*ARGSUSED*/
  84 static ssize_t
  85 Pread_live(struct ps_prochandle *P, void *buf, size_t n, uintptr_t addr,
  86     void *data)
  87 {
  88         return (pread(P->asfd, buf, n, (off_t)addr));
  89 }
  90 
  91 /*ARGSUSED*/
  92 static ssize_t
  93 Pwrite_live(struct ps_prochandle *P, const void *buf, size_t n, uintptr_t addr,
  94     void *data)
  95 {
  96         return (pwrite(P->asfd, buf, n, (off_t)addr));
  97 }
  98 
  99 /*ARGSUSED*/
 100 static int
 101 Pread_maps_live(struct ps_prochandle *P, prmap_t **Pmapp, ssize_t *nmapp,
 102     void *data)
 103 {
 104         char mapfile[PATH_MAX];
 105         int mapfd;
 106         struct stat statb;
 107         ssize_t nmap;
 108         prmap_t *Pmap = NULL;
 109 
 110         (void) snprintf(mapfile, sizeof (mapfile), "%s/%d/map",
 111             procfs_path, (int)P->pid);
 112         if ((mapfd = open(mapfile, O_RDONLY)) < 0 ||
 113             fstat(mapfd, &statb) != 0 ||
 114             statb.st_size < sizeof (prmap_t) ||
 115             (Pmap = malloc(statb.st_size)) == NULL ||
 116             (nmap = pread(mapfd, Pmap, statb.st_size, 0L)) <= 0 ||
 117             (nmap /= sizeof (prmap_t)) == 0) {
 118                 if (Pmap != NULL)
 119                         free(Pmap);
 120                 if (mapfd >= 0)
 121                         (void) close(mapfd);
 122                 Preset_maps(P); /* utter failure; destroy tables */
 123                 return (-1);
 124         }
 125         (void) close(mapfd);
 126 
 127         *Pmapp = Pmap;
 128         *nmapp = nmap;
 129 
 130         return (0);
 131 }
 132 
 133 /*ARGSUSED*/
 134 static void
 135 Pread_aux_live(struct ps_prochandle *P, auxv_t **auxvp, int *nauxp, void *data)
 136 {
 137         char auxfile[64];
 138         int fd;
 139         struct stat statb;
 140         auxv_t *auxv;
 141         ssize_t naux;
 142 
 143         (void) snprintf(auxfile, sizeof (auxfile), "%s/%d/auxv",
 144             procfs_path, (int)P->pid);
 145         if ((fd = open(auxfile, O_RDONLY)) < 0) {
 146                 dprintf("%s: failed to open %s: %s\n",
 147                     __func__, auxfile, strerror(errno));
 148                 return;
 149         }
 150 
 151         if (fstat(fd, &statb) == 0 &&
 152             statb.st_size >= sizeof (auxv_t) &&
 153             (auxv = malloc(statb.st_size + sizeof (auxv_t))) != NULL) {
 154                 if ((naux = read(fd, auxv, statb.st_size)) < 0 ||
 155                     (naux /= sizeof (auxv_t)) < 1) {
 156                         dprintf("%s: read failed: %s\n",
 157                             __func__, strerror(errno));
 158                         free(auxv);
 159                 } else {
 160                         auxv[naux].a_type = AT_NULL;
 161                         auxv[naux].a_un.a_val = 0L;
 162 
 163                         *auxvp = auxv;
 164                         *nauxp = (int)naux;
 165                 }
 166         }
 167 
 168         (void) close(fd);
 169 }
 170 
 171 /*ARGSUSED*/
 172 static int
 173 Pcred_live(struct ps_prochandle *P, prcred_t *pcrp, int ngroups, void *data)
 174 {
 175         return (proc_get_cred(P->pid, pcrp, ngroups));
 176 }
 177 
 178 /*ARGSUSED*/
 179 static int
 180 Ppriv_live(struct ps_prochandle *P, prpriv_t **pprv, void *data)
 181 {
 182         prpriv_t *pp;
 183 
 184         pp = proc_get_priv(P->pid);
 185         if (pp == NULL) {
 186                 return (-1);
 187         }
 188 
 189         *pprv = pp;
 190         return (0);
 191 }
 192 
 193 /*ARGSUSED*/
 194 static const psinfo_t *
 195 Ppsinfo_live(struct ps_prochandle *P, psinfo_t *psinfo, void *data)
 196 {
 197         if (proc_get_psinfo(P->pid, psinfo) == -1)
 198                 return (NULL);
 199 
 200         return (psinfo);
 201 }
 202 
 203 /*ARGSUSED*/
 204 static prheader_t *
 205 Plstatus_live(struct ps_prochandle *P, void *data)
 206 {
 207         return (read_lfile(P, "lstatus"));
 208 }
 209 
 210 /*ARGSUSED*/
 211 static prheader_t *
 212 Plpsinfo_live(struct ps_prochandle *P, void *data)
 213 {
 214         return (read_lfile(P, "lpsinfo"));
 215 }
 216 
 217 /*ARGSUSED*/
 218 static char *
 219 Pplatform_live(struct ps_prochandle *P, char *s, size_t n, void *data)
 220 {
 221         if (sysinfo(SI_PLATFORM, s, n) == -1)
 222                 return (NULL);
 223         return (s);
 224 }
 225 
 226 /*ARGSUSED*/
 227 static int
 228 Puname_live(struct ps_prochandle *P, struct utsname *u, void *data)
 229 {
 230         return (uname(u));
 231 }
 232 
 233 /*ARGSUSED*/
 234 static char *
 235 Pzonename_live(struct ps_prochandle *P, char *s, size_t n, void *data)
 236 {
 237         if (getzonenamebyid(P->status.pr_zoneid, s, n) < 0)
 238                 return (NULL);
 239         s[n - 1] = '\0';
 240         return (s);
 241 }
 242 
 243 /*
 244  * Callback function for Pfindexec().  We return a match if we can stat the
 245  * suggested pathname and confirm its device and inode number match our
 246  * previous information about the /proc/<pid>/object/a.out file.
 247  */
 248 static int
 249 stat_exec(const char *path, void *arg)
 250 {
 251         struct stat64 *stp = arg;
 252         struct stat64 st;
 253 
 254         return (stat64(path, &st) == 0 && S_ISREG(st.st_mode) &&
 255             stp->st_dev == st.st_dev && stp->st_ino == st.st_ino);
 256 }
 257 
 258 /*ARGSUSED*/
 259 static char *
 260 Pexecname_live(struct ps_prochandle *P, char *buf, size_t buflen, void *data)
 261 {
 262         char exec_name[PATH_MAX];
 263         char cwd[PATH_MAX];
 264         char proc_cwd[64];
 265         struct stat64 st;
 266         int ret;
 267 
 268         /*
 269          * Try to get the path information first.
 270          */
 271         (void) snprintf(exec_name, sizeof (exec_name),
 272             "%s/%d/path/a.out", procfs_path, (int)P->pid);
 273         if ((ret = readlink(exec_name, buf, buflen - 1)) > 0) {
 274                 buf[ret] = '\0';
 275                 (void) Pfindobj(P, buf, buf, buflen);
 276                 return (buf);
 277         }
 278 
 279         /*
 280          * Stat the executable file so we can compare Pfindexec's
 281          * suggestions to the actual device and inode number.
 282          */
 283         (void) snprintf(exec_name, sizeof (exec_name),
 284             "%s/%d/object/a.out", procfs_path, (int)P->pid);
 285 
 286         if (stat64(exec_name, &st) != 0 || !S_ISREG(st.st_mode))
 287                 return (NULL);
 288 
 289         /*
 290          * Attempt to figure out the current working directory of the
 291          * target process.  This only works if the target process has
 292          * not changed its current directory since it was exec'd.
 293          */
 294         (void) snprintf(proc_cwd, sizeof (proc_cwd),
 295             "%s/%d/path/cwd", procfs_path, (int)P->pid);
 296 
 297         if ((ret = readlink(proc_cwd, cwd, PATH_MAX - 1)) > 0)
 298                 cwd[ret] = '\0';
 299 
 300         (void) Pfindexec(P, ret > 0 ? cwd : NULL, stat_exec, &st);
 301 
 302         return (NULL);
 303 }
 304 
 305 #if defined(__i386) || defined(__amd64)
 306 /*ARGSUSED*/
 307 static int
 308 Pldt_live(struct ps_prochandle *P, struct ssd *pldt, int nldt, void *data)
 309 {
 310         return (proc_get_ldt(P->pid, pldt, nldt));
 311 }
 312 #endif
 313 
 314 static const ps_ops_t P_live_ops = {
 315         .pop_pread      = Pread_live,
 316         .pop_pwrite     = Pwrite_live,
 317         .pop_read_maps  = Pread_maps_live,
 318         .pop_read_aux   = Pread_aux_live,
 319         .pop_cred       = Pcred_live,
 320         .pop_priv       = Ppriv_live,
 321         .pop_psinfo     = Ppsinfo_live,
 322         .pop_lstatus    = Plstatus_live,
 323         .pop_lpsinfo    = Plpsinfo_live,
 324         .pop_platform   = Pplatform_live,
 325         .pop_uname      = Puname_live,
 326         .pop_zonename   = Pzonename_live,
 327         .pop_execname   = Pexecname_live,
 328 #if defined(__i386) || defined(__amd64)
 329         .pop_ldt        = Pldt_live
 330 #endif
 331 };
 332 
 333 /*
 334  * This is the library's .init handler.
 335  */
 336 #pragma init(_libproc_init)
 337 void
 338 _libproc_init(void)
 339 {
 340         _libproc_debug = getenv("LIBPROC_DEBUG") != NULL;
 341         _libproc_no_qsort = getenv("LIBPROC_NO_QSORT") != NULL;
 342         _libproc_incore_elf = getenv("LIBPROC_INCORE_ELF") != NULL;
 343 
 344         (void) sigfillset(&blockable_sigs);
 345         (void) sigdelset(&blockable_sigs, SIGKILL);
 346         (void) sigdelset(&blockable_sigs, SIGSTOP);
 347 }
 348 
 349 void
 350 Pset_procfs_path(const char *path)
 351 {
 352         (void) snprintf(procfs_path, sizeof (procfs_path), "%s", path);
 353 }
 354 
 355 /*
 356  * Call set_minfd() once before calling dupfd() several times.
 357  * We assume that the application will not reduce its current file
 358  * descriptor limit lower than 512 once it has set at least that value.
 359  */
 360 int
 361 set_minfd(void)
 362 {
 363         static mutex_t minfd_lock = DEFAULTMUTEX;
 364         struct rlimit rlim;
 365         int fd;
 366 
 367         if ((fd = minfd) < 256) {
 368                 (void) mutex_lock(&minfd_lock);
 369                 if ((fd = minfd) < 256) {
 370                         if (getrlimit(RLIMIT_NOFILE, &rlim) != 0)
 371                                 rlim.rlim_cur = rlim.rlim_max = 0;
 372                         if (rlim.rlim_cur >= 512)
 373                                 fd = 256;
 374                         else if ((fd = rlim.rlim_cur / 2) < 3)
 375                                 fd = 3;
 376                         membar_producer();
 377                         minfd = fd;
 378                 }
 379                 (void) mutex_unlock(&minfd_lock);
 380         }
 381         return (fd);
 382 }
 383 
 384 int
 385 dupfd(int fd, int dfd)
 386 {
 387         int mfd;
 388 
 389         /*
 390          * Make fd be greater than 255 (the 32-bit stdio limit),
 391          * or at least make it greater than 2 so that the
 392          * program will work when spawned by init(1m).
 393          * Also, if dfd is non-zero, dup the fd to be dfd.
 394          */
 395         if ((mfd = minfd) == 0)
 396                 mfd = set_minfd();
 397         if (dfd > 0 || (0 <= fd && fd < mfd)) {
 398                 if (dfd <= 0)
 399                         dfd = mfd;
 400                 dfd = fcntl(fd, F_DUPFD, dfd);
 401                 (void) close(fd);
 402                 fd = dfd;
 403         }
 404         /*
 405          * Mark it close-on-exec so any created process doesn't inherit it.
 406          */
 407         if (fd >= 0)
 408                 (void) fcntl(fd, F_SETFD, FD_CLOEXEC);
 409         return (fd);
 410 }
 411 
 412 /*
 413  * Create a new controlled process.
 414  * Leave it stopped on successful exit from exec() or execve().
 415  * Return an opaque pointer to its process control structure.
 416  * Return NULL if process cannot be created (fork()/exec() not successful).
 417  */
 418 struct ps_prochandle *
 419 Pxcreate(const char *file,      /* executable file name */
 420         char *const *argv,      /* argument vector */
 421         char *const *envp,      /* environment */
 422         int *perr,      /* pointer to error return code */
 423         char *path,     /* if non-null, holds exec path name on return */
 424         size_t len)     /* size of the path buffer */
 425 {
 426         char execpath[PATH_MAX];
 427         char procname[PATH_MAX];
 428         struct ps_prochandle *P;
 429         pid_t pid;
 430         int fd;
 431         char *fname;
 432         int rc;
 433         int lasterrno = 0;
 434 
 435         if (len == 0)   /* zero length, no path */
 436                 path = NULL;
 437         if (path != NULL)
 438                 *path = '\0';
 439 
 440         if ((P = malloc(sizeof (struct ps_prochandle))) == NULL) {
 441                 *perr = C_STRANGE;
 442                 return (NULL);
 443         }
 444 
 445         if ((pid = fork1()) == -1) {
 446                 free(P);
 447                 *perr = C_FORK;
 448                 return (NULL);
 449         }
 450 
 451         if (pid == 0) {                 /* child process */
 452                 id_t id;
 453                 extern char **environ;
 454 
 455                 /*
 456                  * If running setuid or setgid, reset credentials to normal.
 457                  */
 458                 if ((id = getgid()) != getegid())
 459                         (void) setgid(id);
 460                 if ((id = getuid()) != geteuid())
 461                         (void) setuid(id);
 462 
 463                 Pcreate_callback(P);    /* execute callback (see below) */
 464                 (void) pause();         /* wait for PRSABORT from parent */
 465 
 466                 /*
 467                  * This is ugly.  There is no execvep() function that takes a
 468                  * path and an environment.  We cheat here by replacing the
 469                  * global 'environ' variable right before we call this.
 470                  */
 471                 if (envp)
 472                         environ = (char **)envp;
 473 
 474                 (void) execvp(file, argv);  /* execute the program */
 475                 _exit(127);
 476         }
 477 
 478         /*
 479          * Initialize the process structure.
 480          */
 481         (void) memset(P, 0, sizeof (*P));
 482         (void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
 483         P->flags |= CREATED;
 484         P->state = PS_RUN;
 485         P->pid = pid;
 486         P->asfd = -1;
 487         P->ctlfd = -1;
 488         P->statfd = -1;
 489         P->agentctlfd = -1;
 490         P->agentstatfd = -1;
 491         Pinit_ops(&P->ops, &P_live_ops);
 492         Pinitsym(P);
 493 
 494         /*
 495          * Open the /proc/pid files.
 496          */
 497         (void) snprintf(procname, sizeof (procname), "%s/%d/",
 498             procfs_path, (int)pid);
 499         fname = procname + strlen(procname);
 500         (void) set_minfd();
 501 
 502         /*
 503          * Exclusive write open advises others not to interfere.
 504          * There is no reason for any of these open()s to fail.
 505          */
 506         (void) strcpy(fname, "as");
 507         if ((fd = open(procname, (O_RDWR|O_EXCL))) < 0 ||
 508             (fd = dupfd(fd, 0)) < 0) {
 509                 dprintf("Pcreate: failed to open %s: %s\n",
 510                     procname, strerror(errno));
 511                 rc = C_STRANGE;
 512                 goto bad;
 513         }
 514         P->asfd = fd;
 515 
 516         (void) strcpy(fname, "status");
 517         if ((fd = open(procname, O_RDONLY)) < 0 ||
 518             (fd = dupfd(fd, 0)) < 0) {
 519                 dprintf("Pcreate: failed to open %s: %s\n",
 520                     procname, strerror(errno));
 521                 rc = C_STRANGE;
 522                 goto bad;
 523         }
 524         P->statfd = fd;
 525 
 526         (void) strcpy(fname, "ctl");
 527         if ((fd = open(procname, O_WRONLY)) < 0 ||
 528             (fd = dupfd(fd, 0)) < 0) {
 529                 dprintf("Pcreate: failed to open %s: %s\n",
 530                     procname, strerror(errno));
 531                 rc = C_STRANGE;
 532                 goto bad;
 533         }
 534         P->ctlfd = fd;
 535 
 536         (void) Pstop(P, 0);     /* stop the controlled process */
 537 
 538         /*
 539          * Wait for process to sleep in pause().
 540          * If the process has already called pause(), then it should be
 541          * stopped (PR_REQUESTED) while asleep in pause and we are done.
 542          * Else we set up to catch entry/exit to pause() and set the process
 543          * running again, expecting it to stop when it reaches pause().
 544          * There is no reason for this to fail other than an interrupt.
 545          */
 546         (void) Psysentry(P, SYS_pause, 1);
 547         (void) Psysexit(P, SYS_pause, 1);
 548         for (;;) {
 549                 if (P->state == PS_STOP &&
 550                     P->status.pr_lwp.pr_syscall == SYS_pause &&
 551                     (P->status.pr_lwp.pr_why == PR_REQUESTED ||
 552                     P->status.pr_lwp.pr_why == PR_SYSENTRY ||
 553                     P->status.pr_lwp.pr_why == PR_SYSEXIT))
 554                         break;
 555 
 556                 if (P->state != PS_STOP ||   /* interrupt or process died */
 557                     Psetrun(P, 0, 0) != 0) {    /* can't restart */
 558                         if (errno == EINTR || errno == ERESTART)
 559                                 rc = C_INTR;
 560                         else {
 561                                 dprintf("Pcreate: Psetrun failed: %s\n",
 562                                     strerror(errno));
 563                                 rc = C_STRANGE;
 564                         }
 565                         goto bad;
 566                 }
 567 
 568                 (void) Pwait(P, 0);
 569         }
 570         (void) Psysentry(P, SYS_pause, 0);
 571         (void) Psysexit(P, SYS_pause, 0);
 572 
 573         /*
 574          * Kick the process off the pause() and catch
 575          * it again on entry to exec() or exit().
 576          */
 577         (void) Psysentry(P, SYS_exit, 1);
 578         (void) Psysentry(P, SYS_execve, 1);
 579         if (Psetrun(P, 0, PRSABORT) == -1) {
 580                 dprintf("Pcreate: Psetrun failed: %s\n", strerror(errno));
 581                 rc = C_STRANGE;
 582                 goto bad;
 583         }
 584         (void) Pwait(P, 0);
 585         if (P->state != PS_STOP) {
 586                 dprintf("Pcreate: Pwait failed: %s\n", strerror(errno));
 587                 rc = C_STRANGE;
 588                 goto bad;
 589         }
 590 
 591         /*
 592          * Move the process through instances of failed exec()s
 593          * to reach the point of stopped on successful exec().
 594          */
 595         (void) Psysexit(P, SYS_execve, TRUE);
 596 
 597         while (P->state == PS_STOP &&
 598             P->status.pr_lwp.pr_why == PR_SYSENTRY &&
 599             P->status.pr_lwp.pr_what == SYS_execve) {
 600                 /*
 601                  * Fetch the exec path name now, before we complete
 602                  * the exec().  We may lose the process and be unable
 603                  * to get the information later.
 604                  */
 605                 (void) Pread_string(P, execpath, sizeof (execpath),
 606                     (off_t)P->status.pr_lwp.pr_sysarg[0]);
 607                 if (path != NULL)
 608                         (void) strncpy(path, execpath, len);
 609                 /*
 610                  * Set the process running and wait for
 611                  * it to stop on exit from the exec().
 612                  */
 613                 (void) Psetrun(P, 0, 0);
 614                 (void) Pwait(P, 0);
 615 
 616                 if (P->state == PS_LOST &&           /* we lost control */
 617                     Preopen(P) != 0) {          /* and we can't get it back */
 618                         rc = C_PERM;
 619                         goto bad;
 620                 }
 621 
 622                 /*
 623                  * If the exec() failed, continue the loop, expecting
 624                  * there to be more attempts to exec(), based on PATH.
 625                  */
 626                 if (P->state == PS_STOP &&
 627                     P->status.pr_lwp.pr_why == PR_SYSEXIT &&
 628                     P->status.pr_lwp.pr_what == SYS_execve &&
 629                     (lasterrno = P->status.pr_lwp.pr_errno) != 0) {
 630                         /*
 631                          * The exec() failed.  Set the process running and
 632                          * wait for it to stop on entry to the next exec().
 633                          */
 634                         (void) Psetrun(P, 0, 0);
 635                         (void) Pwait(P, 0);
 636 
 637                         continue;
 638                 }
 639                 break;
 640         }
 641 
 642         if (P->state == PS_STOP &&
 643             P->status.pr_lwp.pr_why == PR_SYSEXIT &&
 644             P->status.pr_lwp.pr_what == SYS_execve &&
 645             P->status.pr_lwp.pr_errno == 0) {
 646                 /*
 647                  * The process is stopped on successful exec() or execve().
 648                  * Turn off all tracing flags and return success.
 649                  */
 650                 restore_tracing_flags(P);
 651 #ifndef _LP64
 652                 /* We must be a 64-bit process to deal with a 64-bit process */
 653                 if (P->status.pr_dmodel == PR_MODEL_LP64) {
 654                         rc = C_LP64;
 655                         goto bad;
 656                 }
 657 #endif
 658                 /*
 659                  * Set run-on-last-close so the controlled process
 660                  * runs even if we die on a signal.
 661                  */
 662                 (void) Psetflags(P, PR_RLC);
 663                 *perr = 0;
 664                 return (P);
 665         }
 666 
 667         rc = lasterrno == ENOENT ? C_NOENT : C_NOEXEC;
 668 
 669 bad:
 670         (void) kill(pid, SIGKILL);
 671         if (path != NULL && rc != C_PERM && rc != C_LP64)
 672                 *path = '\0';
 673         Pfree(P);
 674         *perr = rc;
 675         return (NULL);
 676 }
 677 
 678 struct ps_prochandle *
 679 Pcreate(
 680         const char *file,       /* executable file name */
 681         char *const *argv,      /* argument vector */
 682         int *perr,      /* pointer to error return code */
 683         char *path,     /* if non-null, holds exec path name on return */
 684         size_t len)     /* size of the path buffer */
 685 {
 686         return (Pxcreate(file, argv, NULL, perr, path, len));
 687 }
 688 
 689 /*
 690  * Return a printable string corresponding to a Pcreate() error return.
 691  */
 692 const char *
 693 Pcreate_error(int error)
 694 {
 695         const char *str;
 696 
 697         switch (error) {
 698         case C_FORK:
 699                 str = "cannot fork";
 700                 break;
 701         case C_PERM:
 702                 str = "file is set-id or unreadable";
 703                 break;
 704         case C_NOEXEC:
 705                 str = "cannot execute file";
 706                 break;
 707         case C_INTR:
 708                 str = "operation interrupted";
 709                 break;
 710         case C_LP64:
 711                 str = "program is _LP64, self is not";
 712                 break;
 713         case C_STRANGE:
 714                 str = "unanticipated system error";
 715                 break;
 716         case C_NOENT:
 717                 str = "cannot find executable file";
 718                 break;
 719         default:
 720                 str = "unknown error";
 721                 break;
 722         }
 723 
 724         return (str);
 725 }
 726 
 727 /*
 728  * Callback to execute in each child process created with Pcreate() after fork
 729  * but before it execs the new process image.  By default, we do nothing, but
 730  * by calling this function we allow the client program to define its own
 731  * version of the function which will interpose on our empty default.  This
 732  * may be useful for clients that need to modify signal dispositions, terminal
 733  * attributes, or process group and session properties for each new victim.
 734  */
 735 /*ARGSUSED*/
 736 void
 737 Pcreate_callback(struct ps_prochandle *P)
 738 {
 739         /* nothing to do here */
 740 }
 741 
 742 /*
 743  * Grab an existing process.
 744  * Return an opaque pointer to its process control structure.
 745  *
 746  * pid:         UNIX process ID.
 747  * flags:
 748  *      PGRAB_RETAIN    Retain tracing flags (default clears all tracing flags).
 749  *      PGRAB_FORCE     Grab regardless of whether process is already traced.
 750  *      PGRAB_RDONLY    Open the address space file O_RDONLY instead of O_RDWR,
 751  *                      and do not open the process control file.
 752  *      PGRAB_NOSTOP    Open the process but do not force it to stop.
 753  * perr:        pointer to error return code.
 754  */
 755 struct ps_prochandle *
 756 Pgrab(pid_t pid, int flags, int *perr)
 757 {
 758         struct ps_prochandle *P;
 759         int fd, omode;
 760         char procname[PATH_MAX];
 761         char *fname;
 762         int rc = 0;
 763 
 764         /*
 765          * PGRAB_RDONLY means that we do not open the /proc/<pid>/control file,
 766          * and so it implies RETAIN and NOSTOP since both require control.
 767          */
 768         if (flags & PGRAB_RDONLY)
 769                 flags |= PGRAB_RETAIN | PGRAB_NOSTOP;
 770 
 771         if ((P = malloc(sizeof (struct ps_prochandle))) == NULL) {
 772                 *perr = G_STRANGE;
 773                 return (NULL);
 774         }
 775 
 776         P->asfd = -1;
 777         P->ctlfd = -1;
 778         P->statfd = -1;
 779 
 780 again:  /* Come back here if we lose it in the Window of Vulnerability */
 781         if (P->ctlfd >= 0)
 782                 (void) close(P->ctlfd);
 783         if (P->asfd >= 0)
 784                 (void) close(P->asfd);
 785         if (P->statfd >= 0)
 786                 (void) close(P->statfd);
 787         (void) memset(P, 0, sizeof (*P));
 788         (void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
 789         P->ctlfd = -1;
 790         P->asfd = -1;
 791         P->statfd = -1;
 792         P->agentctlfd = -1;
 793         P->agentstatfd = -1;
 794         Pinit_ops(&P->ops, &P_live_ops);
 795         Pinitsym(P);
 796 
 797         /*
 798          * Open the /proc/pid files
 799          */
 800         (void) snprintf(procname, sizeof (procname), "%s/%d/",
 801             procfs_path, (int)pid);
 802         fname = procname + strlen(procname);
 803         (void) set_minfd();
 804 
 805         /*
 806          * Request exclusive open to avoid grabbing someone else's
 807          * process and to prevent others from interfering afterwards.
 808          * If this fails and the 'PGRAB_FORCE' flag is set, attempt to
 809          * open non-exclusively.
 810          */
 811         (void) strcpy(fname, "as");
 812         omode = (flags & PGRAB_RDONLY) ? O_RDONLY : O_RDWR;
 813 
 814         if (((fd = open(procname, omode | O_EXCL)) < 0 &&
 815             (fd = ((flags & PGRAB_FORCE)? open(procname, omode) : -1)) < 0) ||
 816             (fd = dupfd(fd, 0)) < 0) {
 817                 switch (errno) {
 818                 case ENOENT:
 819                         rc = G_NOPROC;
 820                         break;
 821                 case EACCES:
 822                 case EPERM:
 823                         rc = G_PERM;
 824                         break;
 825                 case EMFILE:
 826                         rc = G_NOFD;
 827                         break;
 828                 case EBUSY:
 829                         if (!(flags & PGRAB_FORCE) || geteuid() != 0) {
 830                                 rc = G_BUSY;
 831                                 break;
 832                         }
 833                         /* FALLTHROUGH */
 834                 default:
 835                         dprintf("Pgrab: failed to open %s: %s\n",
 836                             procname, strerror(errno));
 837                         rc = G_STRANGE;
 838                         break;
 839                 }
 840                 goto err;
 841         }
 842         P->asfd = fd;
 843 
 844         (void) strcpy(fname, "status");
 845         if ((fd = open(procname, O_RDONLY)) < 0 ||
 846             (fd = dupfd(fd, 0)) < 0) {
 847                 switch (errno) {
 848                 case ENOENT:
 849                         rc = G_NOPROC;
 850                         break;
 851                 case EMFILE:
 852                         rc = G_NOFD;
 853                         break;
 854                 default:
 855                         dprintf("Pgrab: failed to open %s: %s\n",
 856                             procname, strerror(errno));
 857                         rc = G_STRANGE;
 858                         break;
 859                 }
 860                 goto err;
 861         }
 862         P->statfd = fd;
 863 
 864         if (!(flags & PGRAB_RDONLY)) {
 865                 (void) strcpy(fname, "ctl");
 866                 if ((fd = open(procname, O_WRONLY)) < 0 ||
 867                     (fd = dupfd(fd, 0)) < 0) {
 868                         switch (errno) {
 869                         case ENOENT:
 870                                 rc = G_NOPROC;
 871                                 break;
 872                         case EMFILE:
 873                                 rc = G_NOFD;
 874                                 break;
 875                         default:
 876                                 dprintf("Pgrab: failed to open %s: %s\n",
 877                                     procname, strerror(errno));
 878                                 rc = G_STRANGE;
 879                                 break;
 880                         }
 881                         goto err;
 882                 }
 883                 P->ctlfd = fd;
 884         }
 885 
 886         P->state = PS_RUN;
 887         P->pid = pid;
 888 
 889         /*
 890          * We are now in the Window of Vulnerability (WoV).  The process may
 891          * exec() a setuid/setgid or unreadable object file between the open()
 892          * and the PCSTOP.  We will get EAGAIN in this case and must start over.
 893          * As Pstopstatus will trigger the first read() from a /proc file,
 894          * we also need to handle EOVERFLOW here when 32-bit as an indicator
 895          * that this process is 64-bit.  Finally, if the process has become
 896          * a zombie (PS_UNDEAD) while we were trying to grab it, just remain
 897          * silent about this and pretend there was no process.
 898          */
 899         if (Pstopstatus(P, PCNULL, 0) != 0) {
 900 #ifndef _LP64
 901                 if (errno == EOVERFLOW) {
 902                         rc = G_LP64;
 903                         goto err;
 904                 }
 905 #endif
 906                 if (P->state == PS_LOST) {   /* WoV */
 907                         (void) mutex_destroy(&P->proc_lock);
 908                         goto again;
 909                 }
 910 
 911                 if (P->state == PS_UNDEAD)
 912                         rc = G_NOPROC;
 913                 else
 914                         rc = G_STRANGE;
 915 
 916                 goto err;
 917         }
 918 
 919         /*
 920          * If the process is a system process, we can't control it even as root
 921          */
 922         if (P->status.pr_flags & PR_ISSYS) {
 923                 rc = G_SYS;
 924                 goto err;
 925         }
 926 #ifndef _LP64
 927         /*
 928          * We must be a 64-bit process to deal with a 64-bit process
 929          */
 930         if (P->status.pr_dmodel == PR_MODEL_LP64) {
 931                 rc = G_LP64;
 932                 goto err;
 933         }
 934 #endif
 935 
 936         /*
 937          * Remember the status for use by Prelease().
 938          */
 939         P->orig_status = P->status;       /* structure copy */
 940 
 941         /*
 942          * Before stopping the process, make sure we are not grabbing ourselves.
 943          * If we are, make sure we are doing it PGRAB_RDONLY.
 944          */
 945         if (pid == getpid()) {
 946                 /*
 947                  * Verify that the process is really ourself:
 948                  * Set a magic number, read it through the
 949                  * /proc file and see if the results match.
 950                  */
 951                 uint32_t magic1 = 0;
 952                 uint32_t magic2 = 2;
 953 
 954                 errno = 0;
 955 
 956                 if (Pread(P, &magic2, sizeof (magic2), (uintptr_t)&magic1)
 957                     == sizeof (magic2) &&
 958                     magic2 == 0 &&
 959                     (magic1 = 0xfeedbeef) &&
 960                     Pread(P, &magic2, sizeof (magic2), (uintptr_t)&magic1)
 961                     == sizeof (magic2) &&
 962                     magic2 == 0xfeedbeef &&
 963                     !(flags & PGRAB_RDONLY)) {
 964                         rc = G_SELF;
 965                         goto err;
 966                 }
 967         }
 968 
 969         /*
 970          * If the process is already stopped or has been directed
 971          * to stop via /proc, do not set run-on-last-close.
 972          */
 973         if (!(P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) &&
 974             !(flags & PGRAB_RDONLY)) {
 975                 /*
 976                  * Mark the process run-on-last-close so
 977                  * it runs even if we die from SIGKILL.
 978                  */
 979                 if (Psetflags(P, PR_RLC) != 0) {
 980                         if (errno == EAGAIN) {  /* WoV */
 981                                 (void) mutex_destroy(&P->proc_lock);
 982                                 goto again;
 983                         }
 984                         if (errno == ENOENT)    /* No complaint about zombies */
 985                                 rc = G_ZOMB;
 986                         else {
 987                                 dprintf("Pgrab: failed to set RLC\n");
 988                                 rc = G_STRANGE;
 989                         }
 990                         goto err;
 991                 }
 992         }
 993 
 994         /*
 995          * If a stop directive is pending and the process has not yet stopped,
 996          * then synchronously wait for the stop directive to take effect.
 997          * Limit the time spent waiting for the process to stop by iterating
 998          * at most 10 times. The time-out of 20 ms corresponds to the time
 999          * between sending the stop directive and the process actually stopped
1000          * as measured by DTrace on a slow, busy system. If the process doesn't
1001          * stop voluntarily, clear the PR_DSTOP flag so that the code below
1002          * forces the process to stop.
1003          */
1004         if (!(flags & PGRAB_RDONLY)) {
1005                 int niter = 0;
1006                 while ((P->status.pr_lwp.pr_flags & (PR_STOPPED|PR_DSTOP)) ==
1007                     PR_DSTOP && niter < 10 &&
1008                     Pstopstatus(P, PCTWSTOP, 20) != 0) {
1009                         niter++;
1010                         if (flags & PGRAB_NOSTOP)
1011                                 break;
1012                 }
1013                 if (niter == 10 && !(flags & PGRAB_NOSTOP)) {
1014                         /* Try it harder down below */
1015                         P->status.pr_lwp.pr_flags &= ~PR_DSTOP;
1016                 }
1017         }
1018 
1019         /*
1020          * If the process is not already stopped or directed to stop
1021          * and PGRAB_NOSTOP was not specified, stop the process now.
1022          */
1023         if (!(P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) &&
1024             !(flags & PGRAB_NOSTOP)) {
1025                 /*
1026                  * Stop the process, get its status and signal/syscall masks.
1027                  */
1028                 if (((P->status.pr_lwp.pr_flags & PR_STOPPED) &&
1029                     Pstopstatus(P, PCDSTOP, 0) != 0) ||
1030                     Pstopstatus(P, PCSTOP, 2000) != 0) {
1031 #ifndef _LP64
1032                         if (errno == EOVERFLOW) {
1033                                 rc = G_LP64;
1034                                 goto err;
1035                         }
1036 #endif
1037                         if (P->state == PS_LOST) {   /* WoV */
1038                                 (void) mutex_destroy(&P->proc_lock);
1039                                 goto again;
1040                         }
1041                         if ((errno != EINTR && errno != ERESTART) ||
1042                             (P->state != PS_STOP &&
1043                             !(P->status.pr_flags & PR_DSTOP))) {
1044                                 if (P->state != PS_RUN && errno != ENOENT) {
1045                                         dprintf("Pgrab: failed to PCSTOP\n");
1046                                         rc = G_STRANGE;
1047                                 } else {
1048                                         rc = G_ZOMB;
1049                                 }
1050                                 goto err;
1051                         }
1052                 }
1053 
1054                 /*
1055                  * Process should now either be stopped via /proc or there
1056                  * should be an outstanding stop directive.
1057                  */
1058                 if (!(P->status.pr_flags & (PR_ISTOP|PR_DSTOP))) {
1059                         dprintf("Pgrab: process is not stopped\n");
1060                         rc = G_STRANGE;
1061                         goto err;
1062                 }
1063 #ifndef _LP64
1064                 /*
1065                  * Test this again now because the 32-bit victim process may
1066                  * have exec'd a 64-bit process in the meantime.
1067                  */
1068                 if (P->status.pr_dmodel == PR_MODEL_LP64) {
1069                         rc = G_LP64;
1070                         goto err;
1071                 }
1072 #endif
1073         }
1074 
1075         /*
1076          * Cancel all tracing flags unless the PGRAB_RETAIN flag is set.
1077          */
1078         if (!(flags & PGRAB_RETAIN)) {
1079                 (void) Psysentry(P, 0, FALSE);
1080                 (void) Psysexit(P, 0, FALSE);
1081                 (void) Psignal(P, 0, FALSE);
1082                 (void) Pfault(P, 0, FALSE);
1083                 Psync(P);
1084         }
1085 
1086         *perr = 0;
1087         return (P);
1088 
1089 err:
1090         Pfree(P);
1091         *perr = rc;
1092         return (NULL);
1093 }
1094 
1095 /*
1096  * Return a printable string corresponding to a Pgrab() error return.
1097  */
1098 const char *
1099 Pgrab_error(int error)
1100 {
1101         const char *str;
1102 
1103         switch (error) {
1104         case G_NOPROC:
1105                 str = "no such process";
1106                 break;
1107         case G_NOCORE:
1108                 str = "no such core file";
1109                 break;
1110         case G_NOPROCORCORE:
1111                 str = "no such process or core file";
1112                 break;
1113         case G_NOEXEC:
1114                 str = "cannot find executable file";
1115                 break;
1116         case G_ZOMB:
1117                 str = "zombie process";
1118                 break;
1119         case G_PERM:
1120                 str = "permission denied";
1121                 break;
1122         case G_BUSY:
1123                 str = "process is traced";
1124                 break;
1125         case G_SYS:
1126                 str = "system process";
1127                 break;
1128         case G_SELF:
1129                 str = "attempt to grab self";
1130                 break;
1131         case G_INTR:
1132                 str = "operation interrupted";
1133                 break;
1134         case G_LP64:
1135                 str = "program is _LP64, self is not";
1136                 break;
1137         case G_FORMAT:
1138                 str = "file is not an ELF core file";
1139                 break;
1140         case G_ELF:
1141                 str = "libelf error";
1142                 break;
1143         case G_NOTE:
1144                 str = "core file is corrupt or missing required data";
1145                 break;
1146         case G_STRANGE:
1147                 str = "unanticipated system error";
1148                 break;
1149         case G_ISAINVAL:
1150                 str = "wrong ELF machine type";
1151                 break;
1152         case G_BADLWPS:
1153                 str = "bad lwp specification";
1154                 break;
1155         case G_NOFD:
1156                 str = "too many open files";
1157                 break;
1158         default:
1159                 str = "unknown error";
1160                 break;
1161         }
1162 
1163         return (str);
1164 }
1165 
1166 /*
1167  * Free a process control structure.
1168  * Close the file descriptors but don't do the Prelease logic.
1169  */
1170 void
1171 Pfree(struct ps_prochandle *P)
1172 {
1173         uint_t i;
1174 
1175         if (P->ucaddrs != NULL) {
1176                 free(P->ucaddrs);
1177                 P->ucaddrs = NULL;
1178                 P->ucnelems = 0;
1179         }
1180 
1181         (void) mutex_lock(&P->proc_lock);
1182         if (P->hashtab != NULL) {
1183                 struct ps_lwphandle *L;
1184                 for (i = 0; i < HASHSIZE; i++) {
1185                         while ((L = P->hashtab[i]) != NULL)
1186                                 Lfree_internal(P, L);
1187                 }
1188                 free(P->hashtab);
1189         }
1190 
1191         while (P->num_fd > 0) {
1192                 fd_info_t *fip = list_next(&P->fd_head);
1193                 list_unlink(fip);
1194                 free(fip);
1195                 P->num_fd--;
1196         }
1197         (void) mutex_unlock(&P->proc_lock);
1198         (void) mutex_destroy(&P->proc_lock);
1199 
1200         if (P->agentctlfd >= 0)
1201                 (void) close(P->agentctlfd);
1202         if (P->agentstatfd >= 0)
1203                 (void) close(P->agentstatfd);
1204         if (P->ctlfd >= 0)
1205                 (void) close(P->ctlfd);
1206         if (P->asfd >= 0)
1207                 (void) close(P->asfd);
1208         if (P->statfd >= 0)
1209                 (void) close(P->statfd);
1210         Preset_maps(P);
1211         P->ops.pop_fini(P, P->data);
1212 
1213         /* clear out the structure as a precaution against reuse */
1214         (void) memset(P, 0, sizeof (*P));
1215         P->ctlfd = -1;
1216         P->asfd = -1;
1217         P->statfd = -1;
1218         P->agentctlfd = -1;
1219         P->agentstatfd = -1;
1220 
1221         free(P);
1222 }
1223 
1224 /*
1225  * Return the state of the process, one of the PS_* values.
1226  */
1227 int
1228 Pstate(struct ps_prochandle *P)
1229 {
1230         return (P->state);
1231 }
1232 
1233 /*
1234  * Return the open address space file descriptor for the process.
1235  * Clients must not close this file descriptor, not use it
1236  * after the process is freed.
1237  */
1238 int
1239 Pasfd(struct ps_prochandle *P)
1240 {
1241         return (P->asfd);
1242 }
1243 
1244 /*
1245  * Return the open control file descriptor for the process.
1246  * Clients must not close this file descriptor, not use it
1247  * after the process is freed.
1248  */
1249 int
1250 Pctlfd(struct ps_prochandle *P)
1251 {
1252         return (P->ctlfd);
1253 }
1254 
1255 /*
1256  * Return a pointer to the process psinfo structure.
1257  * Clients should not hold on to this pointer indefinitely.
1258  * It will become invalid on Prelease().
1259  */
1260 const psinfo_t *
1261 Ppsinfo(struct ps_prochandle *P)
1262 {
1263         return (P->ops.pop_psinfo(P, &P->psinfo, P->data));
1264 }
1265 
1266 /*
1267  * Return a pointer to the process status structure.
1268  * Clients should not hold on to this pointer indefinitely.
1269  * It will become invalid on Prelease().
1270  */
1271 const pstatus_t *
1272 Pstatus(struct ps_prochandle *P)
1273 {
1274         return (&P->status);
1275 }
1276 
1277 static void
1278 Pread_status(struct ps_prochandle *P)
1279 {
1280         P->ops.pop_status(P, &P->status, P->data);
1281 }
1282 
1283 /*
1284  * Fill in a pointer to a process credentials structure.  The ngroups parameter
1285  * is the number of supplementary group entries allocated in the caller's cred
1286  * structure.  It should equal zero or one unless extra space has been
1287  * allocated for the group list by the caller.
1288  */
1289 int
1290 Pcred(struct ps_prochandle *P, prcred_t *pcrp, int ngroups)
1291 {
1292         return (P->ops.pop_cred(P, pcrp, ngroups, P->data));
1293 }
1294 
1295 static prheader_t *
1296 Plstatus(struct ps_prochandle *P)
1297 {
1298         return (P->ops.pop_lstatus(P, P->data));
1299 }
1300 
1301 static prheader_t *
1302 Plpsinfo(struct ps_prochandle *P)
1303 {
1304         return (P->ops.pop_lpsinfo(P, P->data));
1305 }
1306 
1307 
1308 #if defined(__i386) || defined(__amd64)
1309 /*
1310  * Fill in a pointer to a process LDT structure.
1311  * The caller provides a buffer of size 'nldt * sizeof (struct ssd)';
1312  * If pldt == NULL or nldt == 0, we return the number of existing LDT entries.
1313  * Otherwise we return the actual number of LDT entries fetched (<= nldt).
1314  */
1315 int
1316 Pldt(struct ps_prochandle *P, struct ssd *pldt, int nldt)
1317 {
1318         return (P->ops.pop_ldt(P, pldt, nldt, P->data));
1319 
1320 }
1321 #endif  /* __i386 */
1322 
1323 /*
1324  * Return a malloced process privilege structure in *pprv.
1325  */
1326 int
1327 Ppriv(struct ps_prochandle *P, prpriv_t **pprv)
1328 {
1329         return (P->ops.pop_priv(P, pprv, P->data));
1330 }
1331 
1332 int
1333 Psetpriv(struct ps_prochandle *P, prpriv_t *pprv)
1334 {
1335         int rc;
1336         long *ctl;
1337         size_t sz;
1338 
1339         if (P->state == PS_DEAD) {
1340                 errno = EBADF;
1341                 return (-1);
1342         }
1343 
1344         sz = PRIV_PRPRIV_SIZE(pprv) + sizeof (long);
1345 
1346         sz = ((sz - 1) / sizeof (long) + 1) * sizeof (long);
1347 
1348         ctl = malloc(sz);
1349         if (ctl == NULL)
1350                 return (-1);
1351 
1352         ctl[0] = PCSPRIV;
1353 
1354         (void) memcpy(&ctl[1], pprv, PRIV_PRPRIV_SIZE(pprv));
1355 
1356         if (write(P->ctlfd, ctl, sz) != sz)
1357                 rc = -1;
1358         else
1359                 rc = 0;
1360 
1361         free(ctl);
1362 
1363         return (rc);
1364 }
1365 
1366 void *
1367 Pprivinfo(struct ps_prochandle *P)
1368 {
1369         core_info_t *core = P->data;
1370 
1371         /* Use default from libc */
1372         if (P->state != PS_DEAD)
1373                 return (NULL);
1374 
1375         return (core->core_privinfo);
1376 }
1377 
1378 /*
1379  * Ensure that all cached state is written to the process.
1380  * The cached state is the LWP's signal mask and registers
1381  * and the process's tracing flags.
1382  */
1383 void
1384 Psync(struct ps_prochandle *P)
1385 {
1386         int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
1387         long cmd[6];
1388         iovec_t iov[12];
1389         int n = 0;
1390 
1391         if (P->flags & SETHOLD) {
1392                 cmd[0] = PCSHOLD;
1393                 iov[n].iov_base = (caddr_t)&cmd[0];
1394                 iov[n++].iov_len = sizeof (long);
1395                 iov[n].iov_base = (caddr_t)&P->status.pr_lwp.pr_lwphold;
1396                 iov[n++].iov_len = sizeof (P->status.pr_lwp.pr_lwphold);
1397         }
1398         if (P->flags & SETREGS) {
1399                 cmd[1] = PCSREG;
1400 #ifdef __i386
1401                 /* XX64 we should probably restore REG_GS after this */
1402                 if (ctlfd == P->agentctlfd)
1403                         P->status.pr_lwp.pr_reg[GS] = 0;
1404 #elif defined(__amd64)
1405                 /* XX64 */
1406 #endif
1407                 iov[n].iov_base = (caddr_t)&cmd[1];
1408                 iov[n++].iov_len = sizeof (long);
1409                 iov[n].iov_base = (caddr_t)&P->status.pr_lwp.pr_reg[0];
1410                 iov[n++].iov_len = sizeof (P->status.pr_lwp.pr_reg);
1411         }
1412         if (P->flags & SETSIG) {
1413                 cmd[2] = PCSTRACE;
1414                 iov[n].iov_base = (caddr_t)&cmd[2];
1415                 iov[n++].iov_len = sizeof (long);
1416                 iov[n].iov_base = (caddr_t)&P->status.pr_sigtrace;
1417                 iov[n++].iov_len = sizeof (P->status.pr_sigtrace);
1418         }
1419         if (P->flags & SETFAULT) {
1420                 cmd[3] = PCSFAULT;
1421                 iov[n].iov_base = (caddr_t)&cmd[3];
1422                 iov[n++].iov_len = sizeof (long);
1423                 iov[n].iov_base = (caddr_t)&P->status.pr_flttrace;
1424                 iov[n++].iov_len = sizeof (P->status.pr_flttrace);
1425         }
1426         if (P->flags & SETENTRY) {
1427                 cmd[4] = PCSENTRY;
1428                 iov[n].iov_base = (caddr_t)&cmd[4];
1429                 iov[n++].iov_len = sizeof (long);
1430                 iov[n].iov_base = (caddr_t)&P->status.pr_sysentry;
1431                 iov[n++].iov_len = sizeof (P->status.pr_sysentry);
1432         }
1433         if (P->flags & SETEXIT) {
1434                 cmd[5] = PCSEXIT;
1435                 iov[n].iov_base = (caddr_t)&cmd[5];
1436                 iov[n++].iov_len = sizeof (long);
1437                 iov[n].iov_base = (caddr_t)&P->status.pr_sysexit;
1438                 iov[n++].iov_len = sizeof (P->status.pr_sysexit);
1439         }
1440 
1441         if (n == 0 || writev(ctlfd, iov, n) < 0)
1442                 return;         /* nothing to do or write failed */
1443 
1444         P->flags &= ~(SETSIG|SETFAULT|SETENTRY|SETEXIT|SETHOLD|SETREGS);
1445 }
1446 
1447 /*
1448  * Reopen the /proc file (after PS_LOST).
1449  */
1450 int
1451 Preopen(struct ps_prochandle *P)
1452 {
1453         int fd;
1454         char procname[PATH_MAX];
1455         char *fname;
1456 
1457         if (P->state == PS_DEAD || P->state == PS_IDLE)
1458                 return (0);
1459 
1460         if (P->agentcnt > 0) {
1461                 P->agentcnt = 1;
1462                 Pdestroy_agent(P);
1463         }
1464 
1465         (void) snprintf(procname, sizeof (procname), "%s/%d/",
1466             procfs_path, (int)P->pid);
1467         fname = procname + strlen(procname);
1468 
1469         (void) strcpy(fname, "as");
1470         if ((fd = open(procname, O_RDWR)) < 0 ||
1471             close(P->asfd) < 0 ||
1472             (fd = dupfd(fd, P->asfd)) != P->asfd) {
1473                 dprintf("Preopen: failed to open %s: %s\n",
1474                     procname, strerror(errno));
1475                 if (fd >= 0)
1476                         (void) close(fd);
1477                 return (-1);
1478         }
1479         P->asfd = fd;
1480 
1481         (void) strcpy(fname, "status");
1482         if ((fd = open(procname, O_RDONLY)) < 0 ||
1483             close(P->statfd) < 0 ||
1484             (fd = dupfd(fd, P->statfd)) != P->statfd) {
1485                 dprintf("Preopen: failed to open %s: %s\n",
1486                     procname, strerror(errno));
1487                 if (fd >= 0)
1488                         (void) close(fd);
1489                 return (-1);
1490         }
1491         P->statfd = fd;
1492 
1493         (void) strcpy(fname, "ctl");
1494         if ((fd = open(procname, O_WRONLY)) < 0 ||
1495             close(P->ctlfd) < 0 ||
1496             (fd = dupfd(fd, P->ctlfd)) != P->ctlfd) {
1497                 dprintf("Preopen: failed to open %s: %s\n",
1498                     procname, strerror(errno));
1499                 if (fd >= 0)
1500                         (void) close(fd);
1501                 return (-1);
1502         }
1503         P->ctlfd = fd;
1504 
1505         /*
1506          * Set the state to PS_RUN and wait for the process to stop so that
1507          * we re-read the status from the new P->statfd.  If this fails, Pwait
1508          * will reset the state to PS_LOST and we fail the reopen.  Before
1509          * returning, we also forge a bit of P->status to allow the debugger to
1510          * see that we are PS_LOST following a successful exec.
1511          */
1512         P->state = PS_RUN;
1513         if (Pwait(P, 0) == -1) {
1514 #ifdef _ILP32
1515                 if (errno == EOVERFLOW)
1516                         P->status.pr_dmodel = PR_MODEL_LP64;
1517 #endif
1518                 P->status.pr_lwp.pr_why = PR_SYSEXIT;
1519                 P->status.pr_lwp.pr_what = SYS_execve;
1520                 P->status.pr_lwp.pr_errno = 0;
1521                 return (-1);
1522         }
1523 
1524         /*
1525          * The process should be stopped on exec (REQUESTED)
1526          * or else should be stopped on exit from exec() (SYSEXIT)
1527          */
1528         if (P->state == PS_STOP &&
1529             (P->status.pr_lwp.pr_why == PR_REQUESTED ||
1530             (P->status.pr_lwp.pr_why == PR_SYSEXIT &&
1531             P->status.pr_lwp.pr_what == SYS_execve))) {
1532                 /* fake up stop-on-exit-from-execve */
1533                 if (P->status.pr_lwp.pr_why == PR_REQUESTED) {
1534                         P->status.pr_lwp.pr_why = PR_SYSEXIT;
1535                         P->status.pr_lwp.pr_what = SYS_execve;
1536                         P->status.pr_lwp.pr_errno = 0;
1537                 }
1538         } else {
1539                 dprintf("Preopen: expected REQUESTED or "
1540                     "SYSEXIT(SYS_execve) stop\n");
1541         }
1542 
1543         return (0);
1544 }
1545 
1546 /*
1547  * Define all settable flags other than the microstate accounting flags.
1548  */
1549 #define ALL_SETTABLE_FLAGS (PR_FORK|PR_RLC|PR_KLC|PR_ASYNC|PR_BPTADJ|PR_PTRACE)
1550 
1551 /*
1552  * Restore /proc tracing flags to their original values
1553  * in preparation for releasing the process.
1554  * Also called by Pcreate() to clear all tracing flags.
1555  */
1556 static void
1557 restore_tracing_flags(struct ps_prochandle *P)
1558 {
1559         long flags;
1560         long cmd[4];
1561         iovec_t iov[8];
1562 
1563         if (P->flags & CREATED) {
1564                 /* we created this process; clear all tracing flags */
1565                 premptyset(&P->status.pr_sigtrace);
1566                 premptyset(&P->status.pr_flttrace);
1567                 premptyset(&P->status.pr_sysentry);
1568                 premptyset(&P->status.pr_sysexit);
1569                 if ((P->status.pr_flags & ALL_SETTABLE_FLAGS) != 0)
1570                         (void) Punsetflags(P, ALL_SETTABLE_FLAGS);
1571         } else {
1572                 /* we grabbed the process; restore its tracing flags */
1573                 P->status.pr_sigtrace = P->orig_status.pr_sigtrace;
1574                 P->status.pr_flttrace = P->orig_status.pr_flttrace;
1575                 P->status.pr_sysentry = P->orig_status.pr_sysentry;
1576                 P->status.pr_sysexit  = P->orig_status.pr_sysexit;
1577                 if ((P->status.pr_flags & ALL_SETTABLE_FLAGS) !=
1578                     (flags = (P->orig_status.pr_flags & ALL_SETTABLE_FLAGS))) {
1579                         (void) Punsetflags(P, ALL_SETTABLE_FLAGS);
1580                         if (flags)
1581                                 (void) Psetflags(P, flags);
1582                 }
1583         }
1584 
1585         cmd[0] = PCSTRACE;
1586         iov[0].iov_base = (caddr_t)&cmd[0];
1587         iov[0].iov_len = sizeof (long);
1588         iov[1].iov_base = (caddr_t)&P->status.pr_sigtrace;
1589         iov[1].iov_len = sizeof (P->status.pr_sigtrace);
1590 
1591         cmd[1] = PCSFAULT;
1592         iov[2].iov_base = (caddr_t)&cmd[1];
1593         iov[2].iov_len = sizeof (long);
1594         iov[3].iov_base = (caddr_t)&P->status.pr_flttrace;
1595         iov[3].iov_len = sizeof (P->status.pr_flttrace);
1596 
1597         cmd[2] = PCSENTRY;
1598         iov[4].iov_base = (caddr_t)&cmd[2];
1599         iov[4].iov_len = sizeof (long);
1600         iov[5].iov_base = (caddr_t)&P->status.pr_sysentry;
1601         iov[5].iov_len = sizeof (P->status.pr_sysentry);
1602 
1603         cmd[3] = PCSEXIT;
1604         iov[6].iov_base = (caddr_t)&cmd[3];
1605         iov[6].iov_len = sizeof (long);
1606         iov[7].iov_base = (caddr_t)&P->status.pr_sysexit;
1607         iov[7].iov_len = sizeof (P->status.pr_sysexit);
1608 
1609         (void) writev(P->ctlfd, iov, 8);
1610 
1611         P->flags &= ~(SETSIG|SETFAULT|SETENTRY|SETEXIT);
1612 }
1613 
1614 /*
1615  * Release the process.  Frees the process control structure.
1616  * flags:
1617  *      PRELEASE_CLEAR  Clear all tracing flags.
1618  *      PRELEASE_RETAIN Retain current tracing flags.
1619  *      PRELEASE_HANG   Leave the process stopped and abandoned.
1620  *      PRELEASE_KILL   Terminate the process with SIGKILL.
1621  */
1622 void
1623 Prelease(struct ps_prochandle *P, int flags)
1624 {
1625         if (P->state == PS_DEAD) {
1626                 dprintf("Prelease: releasing handle %p PS_DEAD of pid %d\n",
1627                     (void *)P, (int)P->pid);
1628                 Pfree(P);
1629                 return;
1630         }
1631 
1632         if (P->state == PS_IDLE) {
1633                 file_info_t *fptr = list_next(&P->file_head);
1634                 dprintf("Prelease: releasing handle %p PS_IDLE of file %s\n",
1635                     (void *)P, fptr->file_pname);
1636                 Pfree(P);
1637                 return;
1638         }
1639 
1640         dprintf("Prelease: releasing handle %p pid %d\n",
1641             (void *)P, (int)P->pid);
1642 
1643         if (P->ctlfd == -1) {
1644                 Pfree(P);
1645                 return;
1646         }
1647 
1648         if (P->agentcnt > 0) {
1649                 P->agentcnt = 1;
1650                 Pdestroy_agent(P);
1651         }
1652 
1653         /*
1654          * Attempt to stop the process.
1655          */
1656         P->state = PS_RUN;
1657         (void) Pstop(P, 1000);
1658 
1659         if (flags & PRELEASE_KILL) {
1660                 if (P->state == PS_STOP)
1661                         (void) Psetrun(P, SIGKILL, 0);
1662                 (void) kill(P->pid, SIGKILL);
1663                 Pfree(P);
1664                 return;
1665         }
1666 
1667         /*
1668          * If we lost control, all we can do now is close the files.
1669          * In this case, the last close sets the process running.
1670          */
1671         if (P->state != PS_STOP &&
1672             (P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) == 0) {
1673                 Pfree(P);
1674                 return;
1675         }
1676 
1677         /*
1678          * We didn't lose control; we do more.
1679          */
1680         Psync(P);
1681 
1682         if (flags & PRELEASE_CLEAR)
1683                 P->flags |= CREATED;
1684 
1685         if (!(flags & PRELEASE_RETAIN))
1686                 restore_tracing_flags(P);
1687 
1688         if (flags & PRELEASE_HANG) {
1689                 /* Leave the process stopped and abandoned */
1690                 (void) Punsetflags(P, PR_RLC|PR_KLC);
1691                 Pfree(P);
1692                 return;
1693         }
1694 
1695         /*
1696          * Set the process running if we created it or if it was
1697          * not originally stopped or directed to stop via /proc
1698          * or if we were given the PRELEASE_CLEAR flag.
1699          */
1700         if ((P->flags & CREATED) ||
1701             (P->orig_status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) == 0) {
1702                 (void) Psetflags(P, PR_RLC);
1703                 /*
1704                  * We do this repeatedly because the process may have
1705                  * more than one LWP stopped on an event of interest.
1706                  * This makes sure all of them are set running.
1707                  */
1708                 do {
1709                         if (Psetrun(P, 0, 0) == -1 && errno == EBUSY)
1710                                 break; /* Agent LWP may be stuck */
1711                 } while (Pstopstatus(P, PCNULL, 0) == 0 &&
1712                     P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP));
1713 
1714                 if (P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP))
1715                         dprintf("Prelease: failed to set process running\n");
1716         }
1717 
1718         Pfree(P);
1719 }
1720 
1721 /* debugging */
1722 void
1723 prldump(const char *caller, lwpstatus_t *lsp)
1724 {
1725         char name[32];
1726         uint32_t bits;
1727 
1728         switch (lsp->pr_why) {
1729         case PR_REQUESTED:
1730                 dprintf("%s: REQUESTED\n", caller);
1731                 break;
1732         case PR_SIGNALLED:
1733                 dprintf("%s: SIGNALLED %s\n", caller,
1734                     proc_signame(lsp->pr_what, name, sizeof (name)));
1735                 break;
1736         case PR_FAULTED:
1737                 dprintf("%s: FAULTED %s\n", caller,
1738                     proc_fltname(lsp->pr_what, name, sizeof (name)));
1739                 break;
1740         case PR_SYSENTRY:
1741                 dprintf("%s: SYSENTRY %s\n", caller,
1742                     proc_sysname(lsp->pr_what, name, sizeof (name)));
1743                 break;
1744         case PR_SYSEXIT:
1745                 dprintf("%s: SYSEXIT %s\n", caller,
1746                     proc_sysname(lsp->pr_what, name, sizeof (name)));
1747                 break;
1748         case PR_JOBCONTROL:
1749                 dprintf("%s: JOBCONTROL %s\n", caller,
1750                     proc_signame(lsp->pr_what, name, sizeof (name)));
1751                 break;
1752         case PR_SUSPENDED:
1753                 dprintf("%s: SUSPENDED\n", caller);
1754                 break;
1755         default:
1756                 dprintf("%s: Unknown\n", caller);
1757                 break;
1758         }
1759 
1760         if (lsp->pr_cursig)
1761                 dprintf("%s: p_cursig  = %d\n", caller, lsp->pr_cursig);
1762 
1763         bits = *((uint32_t *)&lsp->pr_lwppend);
1764         if (bits)
1765                 dprintf("%s: pr_lwppend = 0x%.8X\n", caller, bits);
1766 }
1767 
1768 /* debugging */
1769 static void
1770 prdump(struct ps_prochandle *P)
1771 {
1772         uint32_t bits;
1773 
1774         prldump("Pstopstatus", &P->status.pr_lwp);
1775 
1776         bits = *((uint32_t *)&P->status.pr_sigpend);
1777         if (bits)
1778                 dprintf("Pstopstatus: pr_sigpend = 0x%.8X\n", bits);
1779 }
1780 
1781 /*
1782  * Wait for the specified process to stop or terminate.
1783  * Or, just get the current status (PCNULL).
1784  * Or, direct it to stop and get the current status (PCDSTOP).
1785  * If the agent LWP exists, do these things to the agent,
1786  * else do these things to the process as a whole.
1787  */
1788 int
1789 Pstopstatus(struct ps_prochandle *P,
1790         long request,           /* PCNULL, PCDSTOP, PCSTOP, PCWSTOP */
1791         uint_t msec)            /* if non-zero, timeout in milliseconds */
1792 {
1793         int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
1794         long ctl[3];
1795         ssize_t rc;
1796         int err;
1797         int old_state = P->state;
1798 
1799         switch (P->state) {
1800         case PS_RUN:
1801                 break;
1802         case PS_STOP:
1803                 if (request != PCNULL && request != PCDSTOP)
1804                         return (0);
1805                 break;
1806         case PS_LOST:
1807                 if (request != PCNULL) {
1808                         errno = EAGAIN;
1809                         return (-1);
1810                 }
1811                 break;
1812         case PS_UNDEAD:
1813         case PS_DEAD:
1814         case PS_IDLE:
1815                 if (request != PCNULL) {
1816                         errno = ENOENT;
1817                         return (-1);
1818                 }
1819                 break;
1820         default:        /* corrupted state */
1821                 dprintf("Pstopstatus: corrupted state: %d\n", P->state);
1822                 errno = EINVAL;
1823                 return (-1);
1824         }
1825 
1826         ctl[0] = PCDSTOP;
1827         ctl[1] = PCTWSTOP;
1828         ctl[2] = (long)msec;
1829         rc = 0;
1830         switch (request) {
1831         case PCSTOP:
1832                 rc = write(ctlfd, &ctl[0], 3*sizeof (long));
1833                 break;
1834         case PCWSTOP:
1835                 rc = write(ctlfd, &ctl[1], 2*sizeof (long));
1836                 break;
1837         case PCDSTOP:
1838                 rc = write(ctlfd, &ctl[0], 1*sizeof (long));
1839                 break;
1840         case PCNULL:
1841                 if (P->state == PS_DEAD || P->state == PS_IDLE)
1842                         return (0);
1843                 break;
1844         default:        /* programming error */
1845                 errno = EINVAL;
1846                 return (-1);
1847         }
1848         err = (rc < 0)? errno : 0;
1849         Psync(P);
1850 
1851         if (P->agentstatfd < 0) {
1852                 if (pread(P->statfd, &P->status,
1853                     sizeof (P->status), (off_t)0) < 0)
1854                         err = errno;
1855         } else {
1856                 if (pread(P->agentstatfd, &P->status.pr_lwp,
1857                     sizeof (P->status.pr_lwp), (off_t)0) < 0)
1858                         err = errno;
1859                 P->status.pr_flags = P->status.pr_lwp.pr_flags;
1860         }
1861 
1862         if (err) {
1863                 switch (err) {
1864                 case EINTR:             /* user typed ctl-C */
1865                 case ERESTART:
1866                         dprintf("Pstopstatus: EINTR\n");
1867                         break;
1868                 case EAGAIN:            /* we lost control of the the process */
1869                 case EOVERFLOW:
1870                         dprintf("Pstopstatus: PS_LOST, errno=%d\n", err);
1871                         P->state = PS_LOST;
1872                         break;
1873                 default:                /* check for dead process */
1874                         if (_libproc_debug) {
1875                                 const char *errstr;
1876 
1877                                 switch (request) {
1878                                 case PCNULL:
1879                                         errstr = "Pstopstatus PCNULL"; break;
1880                                 case PCSTOP:
1881                                         errstr = "Pstopstatus PCSTOP"; break;
1882                                 case PCDSTOP:
1883                                         errstr = "Pstopstatus PCDSTOP"; break;
1884                                 case PCWSTOP:
1885                                         errstr = "Pstopstatus PCWSTOP"; break;
1886                                 default:
1887                                         errstr = "Pstopstatus PC???"; break;
1888                                 }
1889                                 dprintf("%s: %s\n", errstr, strerror(err));
1890                         }
1891                         deadcheck(P);
1892                         break;
1893                 }
1894                 if (err != EINTR && err != ERESTART) {
1895                         errno = err;
1896                         return (-1);
1897                 }
1898         }
1899 
1900         if (!(P->status.pr_flags & PR_STOPPED)) {
1901                 P->state = PS_RUN;
1902                 if (request == PCNULL || request == PCDSTOP || msec != 0)
1903                         return (0);
1904                 dprintf("Pstopstatus: process is not stopped\n");
1905                 errno = EPROTO;
1906                 return (-1);
1907         }
1908 
1909         P->state = PS_STOP;
1910 
1911         if (_libproc_debug)     /* debugging */
1912                 prdump(P);
1913 
1914         /*
1915          * If the process was already stopped coming into Pstopstatus(),
1916          * then don't use its PC to set P->sysaddr since it may have been
1917          * changed since the time the process originally stopped.
1918          */
1919         if (old_state == PS_STOP)
1920                 return (0);
1921 
1922         switch (P->status.pr_lwp.pr_why) {
1923         case PR_SYSENTRY:
1924         case PR_SYSEXIT:
1925                 if (Pissyscall_prev(P, P->status.pr_lwp.pr_reg[R_PC],
1926                     &P->sysaddr) == 0)
1927                         P->sysaddr = P->status.pr_lwp.pr_reg[R_PC];
1928                 break;
1929         case PR_REQUESTED:
1930         case PR_SIGNALLED:
1931         case PR_FAULTED:
1932         case PR_JOBCONTROL:
1933         case PR_SUSPENDED:
1934                 break;
1935         default:
1936                 errno = EPROTO;
1937                 return (-1);
1938         }
1939 
1940         return (0);
1941 }
1942 
1943 /*
1944  * Wait for the process to stop for any reason.
1945  */
1946 int
1947 Pwait(struct ps_prochandle *P, uint_t msec)
1948 {
1949         return (Pstopstatus(P, PCWSTOP, msec));
1950 }
1951 
1952 /*
1953  * Direct the process to stop; wait for it to stop.
1954  */
1955 int
1956 Pstop(struct ps_prochandle *P, uint_t msec)
1957 {
1958         return (Pstopstatus(P, PCSTOP, msec));
1959 }
1960 
1961 /*
1962  * Direct the process to stop; don't wait.
1963  */
1964 int
1965 Pdstop(struct ps_prochandle *P)
1966 {
1967         return (Pstopstatus(P, PCDSTOP, 0));
1968 }
1969 
1970 static void
1971 deadcheck(struct ps_prochandle *P)
1972 {
1973         int fd;
1974         void *buf;
1975         size_t size;
1976 
1977         if (P->statfd < 0)
1978                 P->state = PS_UNDEAD;
1979         else {
1980                 if (P->agentstatfd < 0) {
1981                         fd = P->statfd;
1982                         buf = &P->status;
1983                         size = sizeof (P->status);
1984                 } else {
1985                         fd = P->agentstatfd;
1986                         buf = &P->status.pr_lwp;
1987                         size = sizeof (P->status.pr_lwp);
1988                 }
1989                 while (pread(fd, buf, size, (off_t)0) != size) {
1990                         switch (errno) {
1991                         default:
1992                                 P->state = PS_UNDEAD;
1993                                 break;
1994                         case EINTR:
1995                         case ERESTART:
1996                                 continue;
1997                         case EAGAIN:
1998                                 P->state = PS_LOST;
1999                                 break;
2000                         }
2001                         break;
2002                 }
2003                 P->status.pr_flags = P->status.pr_lwp.pr_flags;
2004         }
2005 }
2006 
2007 /*
2008  * Get the value of one register from stopped process.
2009  */
2010 int
2011 Pgetareg(struct ps_prochandle *P, int regno, prgreg_t *preg)
2012 {
2013         if (regno < 0 || regno >= NPRGREG) {
2014                 errno = EINVAL;
2015                 return (-1);
2016         }
2017 
2018         if (P->state == PS_IDLE) {
2019                 errno = ENODATA;
2020                 return (-1);
2021         }
2022 
2023         if (P->state != PS_STOP && P->state != PS_DEAD) {
2024                 errno = EBUSY;
2025                 return (-1);
2026         }
2027 
2028         *preg = P->status.pr_lwp.pr_reg[regno];
2029         return (0);
2030 }
2031 
2032 /*
2033  * Put value of one register into stopped process.
2034  */
2035 int
2036 Pputareg(struct ps_prochandle *P, int regno, prgreg_t reg)
2037 {
2038         if (regno < 0 || regno >= NPRGREG) {
2039                 errno = EINVAL;
2040                 return (-1);
2041         }
2042 
2043         if (P->state != PS_STOP) {
2044                 errno = EBUSY;
2045                 return (-1);
2046         }
2047 
2048         P->status.pr_lwp.pr_reg[regno] = reg;
2049         P->flags |= SETREGS; /* set registers before continuing */
2050         return (0);
2051 }
2052 
2053 int
2054 Psetrun(struct ps_prochandle *P,
2055         int sig,        /* signal to pass to process */
2056         int flags)      /* PRSTEP|PRSABORT|PRSTOP|PRCSIG|PRCFAULT */
2057 {
2058         int ctlfd = (P->agentctlfd >= 0) ? P->agentctlfd : P->ctlfd;
2059         int sbits = (PR_DSTOP | PR_ISTOP | PR_ASLEEP);
2060 
2061         long ctl[1 +                                    /* PCCFAULT     */
2062             1 + sizeof (siginfo_t)/sizeof (long) +      /* PCSSIG/PCCSIG */
2063             2 ];                                        /* PCRUN        */
2064 
2065         long *ctlp = ctl;
2066         size_t size;
2067 
2068         if (P->state != PS_STOP && (P->status.pr_lwp.pr_flags & sbits) == 0) {
2069                 errno = EBUSY;
2070                 return (-1);
2071         }
2072 
2073         Psync(P);       /* flush tracing flags and registers */
2074 
2075         if (flags & PRCFAULT) {             /* clear current fault */
2076                 *ctlp++ = PCCFAULT;
2077                 flags &= ~PRCFAULT;
2078         }
2079 
2080         if (flags & PRCSIG) {               /* clear current signal */
2081                 *ctlp++ = PCCSIG;
2082                 flags &= ~PRCSIG;
2083         } else if (sig && sig != P->status.pr_lwp.pr_cursig) {
2084                 /* make current signal */
2085                 siginfo_t *infop;
2086 
2087                 *ctlp++ = PCSSIG;
2088                 infop = (siginfo_t *)ctlp;
2089                 (void) memset(infop, 0, sizeof (*infop));
2090                 infop->si_signo = sig;
2091                 ctlp += sizeof (siginfo_t) / sizeof (long);
2092         }
2093 
2094         *ctlp++ = PCRUN;
2095         *ctlp++ = flags;
2096         size = (char *)ctlp - (char *)ctl;
2097 
2098         P->info_valid = 0;   /* will need to update map and file info */
2099 
2100         /*
2101          * If we've cached ucontext-list information while we were stopped,
2102          * free it now.
2103          */
2104         if (P->ucaddrs != NULL) {
2105                 free(P->ucaddrs);
2106                 P->ucaddrs = NULL;
2107                 P->ucnelems = 0;
2108         }
2109 
2110         if (write(ctlfd, ctl, size) != size) {
2111                 /* If it is dead or lost, return the real status, not PS_RUN */
2112                 if (errno == ENOENT || errno == EAGAIN) {
2113                         (void) Pstopstatus(P, PCNULL, 0);
2114                         return (0);
2115                 }
2116                 /* If it is not in a jobcontrol stop, issue an error message */
2117                 if (errno != EBUSY ||
2118                     P->status.pr_lwp.pr_why != PR_JOBCONTROL) {
2119                         dprintf("Psetrun: %s\n", strerror(errno));
2120                         return (-1);
2121                 }
2122                 /* Otherwise pretend that the job-stopped process is running */
2123         }
2124 
2125         P->state = PS_RUN;
2126         return (0);
2127 }
2128 
2129 ssize_t
2130 Pread(struct ps_prochandle *P,
2131         void *buf,              /* caller's buffer */
2132         size_t nbyte,           /* number of bytes to read */
2133         uintptr_t address)      /* address in process */
2134 {
2135         return (P->ops.pop_pread(P, buf, nbyte, address, P->data));
2136 }
2137 
2138 ssize_t
2139 Pread_string(struct ps_prochandle *P,
2140         char *buf,              /* caller's buffer */
2141         size_t size,            /* upper limit on bytes to read */
2142         uintptr_t addr)         /* address in process */
2143 {
2144         enum { STRSZ = 40 };
2145         char string[STRSZ + 1];
2146         ssize_t leng = 0;
2147         int nbyte;
2148 
2149         if (size < 2) {
2150                 errno = EINVAL;
2151                 return (-1);
2152         }
2153 
2154         size--;                 /* ensure trailing null fits in buffer */
2155 
2156         *buf = '\0';
2157         string[STRSZ] = '\0';
2158 
2159         for (nbyte = STRSZ; nbyte == STRSZ && leng < size; addr += STRSZ) {
2160                 if ((nbyte = P->ops.pop_pread(P, string, STRSZ, addr,
2161                     P->data)) <= 0) {
2162                         buf[leng] = '\0';
2163                         return (leng ? leng : -1);
2164                 }
2165                 if ((nbyte = strlen(string)) > 0) {
2166                         if (leng + nbyte > size)
2167                                 nbyte = size - leng;
2168                         (void) strncpy(buf + leng, string, nbyte);
2169                         leng += nbyte;
2170                 }
2171         }
2172         buf[leng] = '\0';
2173         return (leng);
2174 }
2175 
2176 ssize_t
2177 Pwrite(struct ps_prochandle *P,
2178         const void *buf,        /* caller's buffer */
2179         size_t nbyte,           /* number of bytes to write */
2180         uintptr_t address)      /* address in process */
2181 {
2182         return (P->ops.pop_pwrite(P, buf, nbyte, address, P->data));
2183 }
2184 
2185 int
2186 Pclearsig(struct ps_prochandle *P)
2187 {
2188         int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2189         long ctl = PCCSIG;
2190 
2191         if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
2192                 return (-1);
2193         P->status.pr_lwp.pr_cursig = 0;
2194         return (0);
2195 }
2196 
2197 int
2198 Pclearfault(struct ps_prochandle *P)
2199 {
2200         int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2201         long ctl = PCCFAULT;
2202 
2203         if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
2204                 return (-1);
2205         return (0);
2206 }
2207 
2208 /*
2209  * Set a breakpoint trap, return original instruction.
2210  */
2211 int
2212 Psetbkpt(struct ps_prochandle *P, uintptr_t address, ulong_t *saved)
2213 {
2214         long ctl[1 + sizeof (priovec_t) / sizeof (long) +       /* PCREAD */
2215             1 + sizeof (priovec_t) / sizeof (long)];    /* PCWRITE */
2216         long *ctlp = ctl;
2217         size_t size;
2218         priovec_t *iovp;
2219         instr_t bpt = BPT;
2220         instr_t old;
2221 
2222         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2223             P->state == PS_IDLE) {
2224                 errno = ENOENT;
2225                 return (-1);
2226         }
2227 
2228         /* fetch the old instruction */
2229         *ctlp++ = PCREAD;
2230         iovp = (priovec_t *)ctlp;
2231         iovp->pio_base = &old;
2232         iovp->pio_len = sizeof (old);
2233         iovp->pio_offset = address;
2234         ctlp += sizeof (priovec_t) / sizeof (long);
2235 
2236         /* write the BPT instruction */
2237         *ctlp++ = PCWRITE;
2238         iovp = (priovec_t *)ctlp;
2239         iovp->pio_base = &bpt;
2240         iovp->pio_len = sizeof (bpt);
2241         iovp->pio_offset = address;
2242         ctlp += sizeof (priovec_t) / sizeof (long);
2243 
2244         size = (char *)ctlp - (char *)ctl;
2245         if (write(P->ctlfd, ctl, size) != size)
2246                 return (-1);
2247 
2248         /*
2249          * Fail if there was already a breakpoint there from another debugger
2250          * or DTrace's user-level tracing on x86.
2251          */
2252         if (old == BPT) {
2253                 errno = EBUSY;
2254                 return (-1);
2255         }
2256 
2257         *saved = (ulong_t)old;
2258         return (0);
2259 }
2260 
2261 /*
2262  * Restore original instruction where a breakpoint was set.
2263  */
2264 int
2265 Pdelbkpt(struct ps_prochandle *P, uintptr_t address, ulong_t saved)
2266 {
2267         instr_t old = (instr_t)saved;
2268         instr_t cur;
2269 
2270         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2271             P->state == PS_IDLE) {
2272                 errno = ENOENT;
2273                 return (-1);
2274         }
2275 
2276         /*
2277          * If the breakpoint instruction we had placed has been overwritten
2278          * with a new instruction, then don't try to replace it with the
2279          * old instruction. Doing do can cause problems with self-modifying
2280          * code -- PLTs for example. If the Pread() fails, we assume that we
2281          * should proceed though most likely the Pwrite() will also fail.
2282          */
2283         if (Pread(P, &cur, sizeof (cur), address) == sizeof (cur) &&
2284             cur != BPT)
2285                 return (0);
2286 
2287         if (Pwrite(P, &old, sizeof (old), address) != sizeof (old))
2288                 return (-1);
2289 
2290         return (0);
2291 }
2292 
2293 /*
2294  * Common code for Pxecbkpt() and Lxecbkpt().
2295  * Develop the array of requests that will do the job, then
2296  * write them to the specified control file descriptor.
2297  * Return the non-zero errno if the write fails.
2298  */
2299 static int
2300 execute_bkpt(
2301         int ctlfd,              /* process or LWP control file descriptor */
2302         const fltset_t *faultset,       /* current set of traced faults */
2303         const sigset_t *sigmask,        /* current signal mask */
2304         uintptr_t address,              /* address of breakpint */
2305         ulong_t saved)                  /* the saved instruction */
2306 {
2307         long ctl[
2308             1 + sizeof (sigset_t) / sizeof (long) +             /* PCSHOLD */
2309             1 + sizeof (fltset_t) / sizeof (long) +             /* PCSFAULT */
2310             1 + sizeof (priovec_t) / sizeof (long) +            /* PCWRITE */
2311             2 +                                                 /* PCRUN */
2312             1 +                                                 /* PCWSTOP */
2313             1 +                                                 /* PCCFAULT */
2314             1 + sizeof (priovec_t) / sizeof (long) +            /* PCWRITE */
2315             1 + sizeof (fltset_t) / sizeof (long) +             /* PCSFAULT */
2316             1 + sizeof (sigset_t) / sizeof (long)];             /* PCSHOLD */
2317         long *ctlp = ctl;
2318         sigset_t unblock;
2319         size_t size;
2320         ssize_t ssize;
2321         priovec_t *iovp;
2322         sigset_t *holdp;
2323         fltset_t *faultp;
2324         instr_t old = (instr_t)saved;
2325         instr_t bpt = BPT;
2326         int error = 0;
2327 
2328         /* block our signals for the duration */
2329         (void) sigprocmask(SIG_BLOCK, &blockable_sigs, &unblock);
2330 
2331         /* hold posted signals */
2332         *ctlp++ = PCSHOLD;
2333         holdp = (sigset_t *)ctlp;
2334         prfillset(holdp);
2335         prdelset(holdp, SIGKILL);
2336         prdelset(holdp, SIGSTOP);
2337         ctlp += sizeof (sigset_t) / sizeof (long);
2338 
2339         /* force tracing of FLTTRACE */
2340         if (!(prismember(faultset, FLTTRACE))) {
2341                 *ctlp++ = PCSFAULT;
2342                 faultp = (fltset_t *)ctlp;
2343                 *faultp = *faultset;
2344                 praddset(faultp, FLTTRACE);
2345                 ctlp += sizeof (fltset_t) / sizeof (long);
2346         }
2347 
2348         /* restore the old instruction */
2349         *ctlp++ = PCWRITE;
2350         iovp = (priovec_t *)ctlp;
2351         iovp->pio_base = &old;
2352         iovp->pio_len = sizeof (old);
2353         iovp->pio_offset = address;
2354         ctlp += sizeof (priovec_t) / sizeof (long);
2355 
2356         /* clear current signal and fault; set running w/ single-step */
2357         *ctlp++ = PCRUN;
2358         *ctlp++ = PRCSIG | PRCFAULT | PRSTEP;
2359 
2360         /* wait for stop, cancel the fault */
2361         *ctlp++ = PCWSTOP;
2362         *ctlp++ = PCCFAULT;
2363 
2364         /* restore the breakpoint trap */
2365         *ctlp++ = PCWRITE;
2366         iovp = (priovec_t *)ctlp;
2367         iovp->pio_base = &bpt;
2368         iovp->pio_len = sizeof (bpt);
2369         iovp->pio_offset = address;
2370         ctlp += sizeof (priovec_t) / sizeof (long);
2371 
2372         /* restore fault tracing set */
2373         if (!(prismember(faultset, FLTTRACE))) {
2374                 *ctlp++ = PCSFAULT;
2375                 *(fltset_t *)ctlp = *faultset;
2376                 ctlp += sizeof (fltset_t) / sizeof (long);
2377         }
2378 
2379         /* restore the hold mask */
2380         *ctlp++ = PCSHOLD;
2381         *(sigset_t *)ctlp = *sigmask;
2382         ctlp += sizeof (sigset_t) / sizeof (long);
2383 
2384         size = (char *)ctlp - (char *)ctl;
2385         if ((ssize = write(ctlfd, ctl, size)) != size)
2386                 error = (ssize == -1)? errno : EINTR;
2387         (void) sigprocmask(SIG_SETMASK, &unblock, NULL);
2388         return (error);
2389 }
2390 
2391 /*
2392  * Step over a breakpoint, i.e., execute the instruction that
2393  * really belongs at the breakpoint location (the current %pc)
2394  * and leave the process stopped at the next instruction.
2395  */
2396 int
2397 Pxecbkpt(struct ps_prochandle *P, ulong_t saved)
2398 {
2399         int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2400         int rv, error;
2401 
2402         if (P->state != PS_STOP) {
2403                 errno = EBUSY;
2404                 return (-1);
2405         }
2406 
2407         Psync(P);
2408 
2409         error = execute_bkpt(ctlfd,
2410             &P->status.pr_flttrace, &P->status.pr_lwp.pr_lwphold,
2411             P->status.pr_lwp.pr_reg[R_PC], saved);
2412         rv = Pstopstatus(P, PCNULL, 0);
2413 
2414         if (error != 0) {
2415                 if (P->status.pr_lwp.pr_why == PR_JOBCONTROL &&
2416                     error == EBUSY) {   /* jobcontrol stop -- back off */
2417                         P->state = PS_RUN;
2418                         return (0);
2419                 }
2420                 if (error == ENOENT)
2421                         return (0);
2422                 errno = error;
2423                 return (-1);
2424         }
2425 
2426         return (rv);
2427 }
2428 
2429 /*
2430  * Install the watchpoint described by wp.
2431  */
2432 int
2433 Psetwapt(struct ps_prochandle *P, const prwatch_t *wp)
2434 {
2435         long ctl[1 + sizeof (prwatch_t) / sizeof (long)];
2436         prwatch_t *cwp = (prwatch_t *)&ctl[1];
2437 
2438         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2439             P->state == PS_IDLE) {
2440                 errno = ENOENT;
2441                 return (-1);
2442         }
2443 
2444         ctl[0] = PCWATCH;
2445         cwp->pr_vaddr = wp->pr_vaddr;
2446         cwp->pr_size = wp->pr_size;
2447         cwp->pr_wflags = wp->pr_wflags;
2448 
2449         if (write(P->ctlfd, ctl, sizeof (ctl)) != sizeof (ctl))
2450                 return (-1);
2451 
2452         return (0);
2453 }
2454 
2455 /*
2456  * Remove the watchpoint described by wp.
2457  */
2458 int
2459 Pdelwapt(struct ps_prochandle *P, const prwatch_t *wp)
2460 {
2461         long ctl[1 + sizeof (prwatch_t) / sizeof (long)];
2462         prwatch_t *cwp = (prwatch_t *)&ctl[1];
2463 
2464         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2465             P->state == PS_IDLE) {
2466                 errno = ENOENT;
2467                 return (-1);
2468         }
2469 
2470         ctl[0] = PCWATCH;
2471         cwp->pr_vaddr = wp->pr_vaddr;
2472         cwp->pr_size = wp->pr_size;
2473         cwp->pr_wflags = 0;
2474 
2475         if (write(P->ctlfd, ctl, sizeof (ctl)) != sizeof (ctl))
2476                 return (-1);
2477 
2478         return (0);
2479 }
2480 
2481 /*
2482  * Common code for Pxecwapt() and Lxecwapt().  Develop the array of requests
2483  * that will do the job, then write them to the specified control file
2484  * descriptor.  Return the non-zero errno if the write fails.
2485  */
2486 static int
2487 execute_wapt(
2488         int ctlfd,              /* process or LWP control file descriptor */
2489         const fltset_t *faultset,       /* current set of traced faults */
2490         const sigset_t *sigmask,        /* current signal mask */
2491         const prwatch_t *wp)            /* watchpoint descriptor */
2492 {
2493         long ctl[
2494             1 + sizeof (sigset_t) / sizeof (long) +             /* PCSHOLD */
2495             1 + sizeof (fltset_t) / sizeof (long) +             /* PCSFAULT */
2496             1 + sizeof (prwatch_t) / sizeof (long) +            /* PCWATCH */
2497             2 +                                                 /* PCRUN */
2498             1 +                                                 /* PCWSTOP */
2499             1 +                                                 /* PCCFAULT */
2500             1 + sizeof (prwatch_t) / sizeof (long) +            /* PCWATCH */
2501             1 + sizeof (fltset_t) / sizeof (long) +             /* PCSFAULT */
2502             1 + sizeof (sigset_t) / sizeof (long)];             /* PCSHOLD */
2503 
2504         long *ctlp = ctl;
2505         int error = 0;
2506 
2507         sigset_t unblock;
2508         sigset_t *holdp;
2509         fltset_t *faultp;
2510         prwatch_t *prw;
2511         ssize_t ssize;
2512         size_t size;
2513 
2514         (void) sigprocmask(SIG_BLOCK, &blockable_sigs, &unblock);
2515 
2516         /*
2517          * Hold all posted signals in the victim process prior to stepping.
2518          */
2519         *ctlp++ = PCSHOLD;
2520         holdp = (sigset_t *)ctlp;
2521         prfillset(holdp);
2522         prdelset(holdp, SIGKILL);
2523         prdelset(holdp, SIGSTOP);
2524         ctlp += sizeof (sigset_t) / sizeof (long);
2525 
2526         /*
2527          * Force tracing of FLTTRACE since we need to single step.
2528          */
2529         if (!(prismember(faultset, FLTTRACE))) {
2530                 *ctlp++ = PCSFAULT;
2531                 faultp = (fltset_t *)ctlp;
2532                 *faultp = *faultset;
2533                 praddset(faultp, FLTTRACE);
2534                 ctlp += sizeof (fltset_t) / sizeof (long);
2535         }
2536 
2537         /*
2538          * Clear only the current watchpoint by setting pr_wflags to zero.
2539          */
2540         *ctlp++ = PCWATCH;
2541         prw = (prwatch_t *)ctlp;
2542         prw->pr_vaddr = wp->pr_vaddr;
2543         prw->pr_size = wp->pr_size;
2544         prw->pr_wflags = 0;
2545         ctlp += sizeof (prwatch_t) / sizeof (long);
2546 
2547         /*
2548          * Clear the current signal and fault; set running with single-step.
2549          * Then wait for the victim to stop and cancel the FLTTRACE.
2550          */
2551         *ctlp++ = PCRUN;
2552         *ctlp++ = PRCSIG | PRCFAULT | PRSTEP;
2553         *ctlp++ = PCWSTOP;
2554         *ctlp++ = PCCFAULT;
2555 
2556         /*
2557          * Restore the current watchpoint.
2558          */
2559         *ctlp++ = PCWATCH;
2560         (void) memcpy(ctlp, wp, sizeof (prwatch_t));
2561         ctlp += sizeof (prwatch_t) / sizeof (long);
2562 
2563         /*
2564          * Restore fault tracing set if we modified it.
2565          */
2566         if (!(prismember(faultset, FLTTRACE))) {
2567                 *ctlp++ = PCSFAULT;
2568                 *(fltset_t *)ctlp = *faultset;
2569                 ctlp += sizeof (fltset_t) / sizeof (long);
2570         }
2571 
2572         /*
2573          * Restore the hold mask to the current hold mask (i.e. the one
2574          * before we executed any of the previous operations).
2575          */
2576         *ctlp++ = PCSHOLD;
2577         *(sigset_t *)ctlp = *sigmask;
2578         ctlp += sizeof (sigset_t) / sizeof (long);
2579 
2580         size = (char *)ctlp - (char *)ctl;
2581         if ((ssize = write(ctlfd, ctl, size)) != size)
2582                 error = (ssize == -1)? errno : EINTR;
2583         (void) sigprocmask(SIG_SETMASK, &unblock, NULL);
2584         return (error);
2585 }
2586 
2587 /*
2588  * Step over a watchpoint, i.e., execute the instruction that was stopped by
2589  * the watchpoint, and then leave the LWP stopped at the next instruction.
2590  */
2591 int
2592 Pxecwapt(struct ps_prochandle *P, const prwatch_t *wp)
2593 {
2594         int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2595         int rv, error;
2596 
2597         if (P->state != PS_STOP) {
2598                 errno = EBUSY;
2599                 return (-1);
2600         }
2601 
2602         Psync(P);
2603         error = execute_wapt(ctlfd,
2604             &P->status.pr_flttrace, &P->status.pr_lwp.pr_lwphold, wp);
2605         rv = Pstopstatus(P, PCNULL, 0);
2606 
2607         if (error != 0) {
2608                 if (P->status.pr_lwp.pr_why == PR_JOBCONTROL &&
2609                     error == EBUSY) {   /* jobcontrol stop -- back off */
2610                         P->state = PS_RUN;
2611                         return (0);
2612                 }
2613                 if (error == ENOENT)
2614                         return (0);
2615                 errno = error;
2616                 return (-1);
2617         }
2618 
2619         return (rv);
2620 }
2621 
2622 int
2623 Psetflags(struct ps_prochandle *P, long flags)
2624 {
2625         int rc;
2626         long ctl[2];
2627 
2628         ctl[0] = PCSET;
2629         ctl[1] = flags;
2630 
2631         if (write(P->ctlfd, ctl, 2*sizeof (long)) != 2*sizeof (long)) {
2632                 rc = -1;
2633         } else {
2634                 P->status.pr_flags |= flags;
2635                 P->status.pr_lwp.pr_flags |= flags;
2636                 rc = 0;
2637         }
2638 
2639         return (rc);
2640 }
2641 
2642 int
2643 Punsetflags(struct ps_prochandle *P, long flags)
2644 {
2645         int rc;
2646         long ctl[2];
2647 
2648         ctl[0] = PCUNSET;
2649         ctl[1] = flags;
2650 
2651         if (write(P->ctlfd, ctl, 2*sizeof (long)) != 2*sizeof (long)) {
2652                 rc = -1;
2653         } else {
2654                 P->status.pr_flags &= ~flags;
2655                 P->status.pr_lwp.pr_flags &= ~flags;
2656                 rc = 0;
2657         }
2658 
2659         return (rc);
2660 }
2661 
2662 /*
2663  * Common function to allow clients to manipulate the action to be taken
2664  * on receipt of a signal, receipt of machine fault, entry to a system call,
2665  * or exit from a system call.  We make use of our private prset_* functions
2666  * in order to make this code be common.  The 'which' parameter identifies
2667  * the code for the event of interest (0 means change the entire set), and
2668  * the 'stop' parameter is a boolean indicating whether the process should
2669  * stop when the event of interest occurs.  The previous value is returned
2670  * to the caller; -1 is returned if an error occurred.
2671  */
2672 static int
2673 Psetaction(struct ps_prochandle *P, void *sp, size_t size,
2674     uint_t flag, int max, int which, int stop)
2675 {
2676         int oldval;
2677 
2678         if (which < 0 || which > max) {
2679                 errno = EINVAL;
2680                 return (-1);
2681         }
2682 
2683         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2684             P->state == PS_IDLE) {
2685                 errno = ENOENT;
2686                 return (-1);
2687         }
2688 
2689         oldval = prset_ismember(sp, size, which) ? TRUE : FALSE;
2690 
2691         if (stop) {
2692                 if (which == 0) {
2693                         prset_fill(sp, size);
2694                         P->flags |= flag;
2695                 } else if (!oldval) {
2696                         prset_add(sp, size, which);
2697                         P->flags |= flag;
2698                 }
2699         } else {
2700                 if (which == 0) {
2701                         prset_empty(sp, size);
2702                         P->flags |= flag;
2703                 } else if (oldval) {
2704                         prset_del(sp, size, which);
2705                         P->flags |= flag;
2706                 }
2707         }
2708 
2709         if (P->state == PS_RUN)
2710                 Psync(P);
2711 
2712         return (oldval);
2713 }
2714 
2715 /*
2716  * Set action on specified signal.
2717  */
2718 int
2719 Psignal(struct ps_prochandle *P, int which, int stop)
2720 {
2721         int oldval;
2722 
2723         if (which == SIGKILL && stop != 0) {
2724                 errno = EINVAL;
2725                 return (-1);
2726         }
2727 
2728         oldval = Psetaction(P, &P->status.pr_sigtrace, sizeof (sigset_t),
2729             SETSIG, PRMAXSIG, which, stop);
2730 
2731         if (oldval != -1 && which == 0 && stop != 0)
2732                 prdelset(&P->status.pr_sigtrace, SIGKILL);
2733 
2734         return (oldval);
2735 }
2736 
2737 /*
2738  * Set all signal tracing flags.
2739  */
2740 void
2741 Psetsignal(struct ps_prochandle *P, const sigset_t *set)
2742 {
2743         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2744             P->state == PS_IDLE)
2745                 return;
2746 
2747         P->status.pr_sigtrace = *set;
2748         P->flags |= SETSIG;
2749 
2750         if (P->state == PS_RUN)
2751                 Psync(P);
2752 }
2753 
2754 /*
2755  * Set action on specified fault.
2756  */
2757 int
2758 Pfault(struct ps_prochandle *P, int which, int stop)
2759 {
2760         return (Psetaction(P, &P->status.pr_flttrace, sizeof (fltset_t),
2761             SETFAULT, PRMAXFAULT, which, stop));
2762 }
2763 
2764 /*
2765  * Set all machine fault tracing flags.
2766  */
2767 void
2768 Psetfault(struct ps_prochandle *P, const fltset_t *set)
2769 {
2770         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2771             P->state == PS_IDLE)
2772                 return;
2773 
2774         P->status.pr_flttrace = *set;
2775         P->flags |= SETFAULT;
2776 
2777         if (P->state == PS_RUN)
2778                 Psync(P);
2779 }
2780 
2781 /*
2782  * Set action on specified system call entry.
2783  */
2784 int
2785 Psysentry(struct ps_prochandle *P, int which, int stop)
2786 {
2787         return (Psetaction(P, &P->status.pr_sysentry, sizeof (sysset_t),
2788             SETENTRY, PRMAXSYS, which, stop));
2789 }
2790 
2791 /*
2792  * Set all system call entry tracing flags.
2793  */
2794 void
2795 Psetsysentry(struct ps_prochandle *P, const sysset_t *set)
2796 {
2797         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2798             P->state == PS_IDLE)
2799                 return;
2800 
2801         P->status.pr_sysentry = *set;
2802         P->flags |= SETENTRY;
2803 
2804         if (P->state == PS_RUN)
2805                 Psync(P);
2806 }
2807 
2808 /*
2809  * Set action on specified system call exit.
2810  */
2811 int
2812 Psysexit(struct ps_prochandle *P, int which, int stop)
2813 {
2814         return (Psetaction(P, &P->status.pr_sysexit, sizeof (sysset_t),
2815             SETEXIT, PRMAXSYS, which, stop));
2816 }
2817 
2818 /*
2819  * Set all system call exit tracing flags.
2820  */
2821 void
2822 Psetsysexit(struct ps_prochandle *P, const sysset_t *set)
2823 {
2824         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2825             P->state == PS_IDLE)
2826                 return;
2827 
2828         P->status.pr_sysexit = *set;
2829         P->flags |= SETEXIT;
2830 
2831         if (P->state == PS_RUN)
2832                 Psync(P);
2833 }
2834 
2835 /*
2836  * Utility function to read the contents of a file that contains a
2837  * prheader_t at the start (/proc/pid/lstatus or /proc/pid/lpsinfo).
2838  * Returns a malloc()d buffer or NULL on failure.
2839  */
2840 static prheader_t *
2841 read_lfile(struct ps_prochandle *P, const char *lname)
2842 {
2843         prheader_t *Lhp;
2844         char lpath[PATH_MAX];
2845         struct stat64 statb;
2846         int fd;
2847         size_t size;
2848         ssize_t rval;
2849 
2850         (void) snprintf(lpath, sizeof (lpath), "%s/%d/%s", procfs_path,
2851             (int)P->status.pr_pid, lname);
2852         if ((fd = open(lpath, O_RDONLY)) < 0 || fstat64(fd, &statb) != 0) {
2853                 if (fd >= 0)
2854                         (void) close(fd);
2855                 return (NULL);
2856         }
2857 
2858         /*
2859          * 'size' is just the initial guess at the buffer size.
2860          * It will have to grow if the number of lwps increases
2861          * while we are looking at the process.
2862          * 'size' must be larger than the actual file size.
2863          */
2864         size = statb.st_size + 32;
2865 
2866         for (;;) {
2867                 if ((Lhp = malloc(size)) == NULL)
2868                         break;
2869                 if ((rval = pread(fd, Lhp, size, 0)) < 0 ||
2870                     rval <= sizeof (prheader_t)) {
2871                         free(Lhp);
2872                         Lhp = NULL;
2873                         break;
2874                 }
2875                 if (rval < size)
2876                         break;
2877                 /* need a bigger buffer */
2878                 free(Lhp);
2879                 size *= 2;
2880         }
2881 
2882         (void) close(fd);
2883         return (Lhp);
2884 }
2885 
2886 /*
2887  * LWP iteration interface.
2888  */
2889 int
2890 Plwp_iter(struct ps_prochandle *P, proc_lwp_f *func, void *cd)
2891 {
2892         prheader_t *Lhp;
2893         lwpstatus_t *Lsp;
2894         long nlwp;
2895         int rv;
2896 
2897         switch (P->state) {
2898         case PS_RUN:
2899                 (void) Pstopstatus(P, PCNULL, 0);
2900                 break;
2901 
2902         case PS_STOP:
2903                 Psync(P);
2904                 break;
2905 
2906         case PS_IDLE:
2907                 errno = ENODATA;
2908                 return (-1);
2909         }
2910 
2911         /*
2912          * For either live processes or cores, the single LWP case is easy:
2913          * the pstatus_t contains the lwpstatus_t for the only LWP.
2914          */
2915         if (P->status.pr_nlwp <= 1)
2916                 return (func(cd, &P->status.pr_lwp));
2917 
2918         /*
2919          * For the core file multi-LWP case, we just iterate through the
2920          * list of LWP structs we read in from the core file.
2921          */
2922         if (P->state == PS_DEAD) {
2923                 core_info_t *core = P->data;
2924                 lwp_info_t *lwp = list_prev(&core->core_lwp_head);
2925                 uint_t i;
2926 
2927                 for (i = 0; i < core->core_nlwp; i++, lwp = list_prev(lwp)) {
2928                         if (lwp->lwp_psinfo.pr_sname != 'Z' &&
2929                             (rv = func(cd, &lwp->lwp_status)) != 0)
2930                                 break;
2931                 }
2932 
2933                 return (rv);
2934         }
2935 
2936         /*
2937          * For the live process multi-LWP case, we have to work a little
2938          * harder: the /proc/pid/lstatus file has the array of LWP structs.
2939          */
2940         if ((Lhp = Plstatus(P)) == NULL)
2941                 return (-1);
2942 
2943         for (nlwp = Lhp->pr_nent, Lsp = (lwpstatus_t *)(uintptr_t)(Lhp + 1);
2944             nlwp > 0;
2945             nlwp--, Lsp = (lwpstatus_t *)((uintptr_t)Lsp + Lhp->pr_entsize)) {
2946                 if ((rv = func(cd, Lsp)) != 0)
2947                         break;
2948         }
2949 
2950         free(Lhp);
2951         return (rv);
2952 }
2953 
2954 /*
2955  * Extended LWP iteration interface.
2956  * Iterate over all LWPs, active and zombie.
2957  */
2958 int
2959 Plwp_iter_all(struct ps_prochandle *P, proc_lwp_all_f *func, void *cd)
2960 {
2961         prheader_t *Lhp = NULL;
2962         lwpstatus_t *Lsp;
2963         lwpstatus_t *sp;
2964         prheader_t *Lphp = NULL;
2965         lwpsinfo_t *Lpsp;
2966         long nstat;
2967         long ninfo;
2968         int rv;
2969 
2970 retry:
2971         if (Lhp != NULL)
2972                 free(Lhp);
2973         if (Lphp != NULL)
2974                 free(Lphp);
2975         if (P->state == PS_RUN)
2976                 (void) Pstopstatus(P, PCNULL, 0);
2977         (void) Ppsinfo(P);
2978 
2979         if (P->state == PS_STOP)
2980                 Psync(P);
2981 
2982         /*
2983          * For either live processes or cores, the single LWP case is easy:
2984          * the pstatus_t contains the lwpstatus_t for the only LWP and
2985          * the psinfo_t contains the lwpsinfo_t for the only LWP.
2986          */
2987         if (P->status.pr_nlwp + P->status.pr_nzomb <= 1)
2988                 return (func(cd, &P->status.pr_lwp, &P->psinfo.pr_lwp));
2989 
2990         /*
2991          * For the core file multi-LWP case, we just iterate through the
2992          * list of LWP structs we read in from the core file.
2993          */
2994         if (P->state == PS_DEAD) {
2995                 core_info_t *core = P->data;
2996                 lwp_info_t *lwp = list_prev(&core->core_lwp_head);
2997                 uint_t i;
2998 
2999                 for (i = 0; i < core->core_nlwp; i++, lwp = list_prev(lwp)) {
3000                         sp = (lwp->lwp_psinfo.pr_sname == 'Z')? NULL :
3001                             &lwp->lwp_status;
3002                         if ((rv = func(cd, sp, &lwp->lwp_psinfo)) != 0)
3003                                 break;
3004                 }
3005 
3006                 return (rv);
3007         }
3008 
3009         /*
3010          * For all other cases retrieve the array of lwpstatus_t's and
3011          * lwpsinfo_t's.
3012          */
3013         if ((Lhp = Plstatus(P)) == NULL)
3014                 return (-1);
3015         if ((Lphp = Plpsinfo(P)) == NULL) {
3016                 free(Lhp);
3017                 return (-1);
3018         }
3019 
3020         /*
3021          * If we are looking at a running process, or one we do not control,
3022          * the active and zombie lwps in the process may have changed since
3023          * we read the process status structure.  If so, just start over.
3024          */
3025         if (Lhp->pr_nent != P->status.pr_nlwp ||
3026             Lphp->pr_nent != P->status.pr_nlwp + P->status.pr_nzomb)
3027                 goto retry;
3028 
3029         /*
3030          * To be perfectly safe, prescan the two arrays, checking consistency.
3031          * We rely on /proc giving us lwpstatus_t's and lwpsinfo_t's in the
3032          * same order (the lwp directory order) in their respective files.
3033          * We also rely on there being (possibly) more lwpsinfo_t's than
3034          * lwpstatus_t's (the extra lwpsinfo_t's are for zombie lwps).
3035          */
3036         Lsp = (lwpstatus_t *)(uintptr_t)(Lhp + 1);
3037         Lpsp = (lwpsinfo_t *)(uintptr_t)(Lphp + 1);
3038         nstat = Lhp->pr_nent;
3039         for (ninfo = Lphp->pr_nent; ninfo != 0; ninfo--) {
3040                 if (Lpsp->pr_sname != 'Z') {
3041                         /*
3042                          * Not a zombie lwp; check for matching lwpids.
3043                          */
3044                         if (nstat == 0 || Lsp->pr_lwpid != Lpsp->pr_lwpid)
3045                                 goto retry;
3046                         Lsp = (lwpstatus_t *)((uintptr_t)Lsp + Lhp->pr_entsize);
3047                         nstat--;
3048                 }
3049                 Lpsp = (lwpsinfo_t *)((uintptr_t)Lpsp + Lphp->pr_entsize);
3050         }
3051         if (nstat != 0)
3052                 goto retry;
3053 
3054         /*
3055          * Rescan, this time for real.
3056          */
3057         Lsp = (lwpstatus_t *)(uintptr_t)(Lhp + 1);
3058         Lpsp = (lwpsinfo_t *)(uintptr_t)(Lphp + 1);
3059         for (ninfo = Lphp->pr_nent; ninfo != 0; ninfo--) {
3060                 if (Lpsp->pr_sname != 'Z') {
3061                         sp = Lsp;
3062                         Lsp = (lwpstatus_t *)((uintptr_t)Lsp + Lhp->pr_entsize);
3063                 } else {
3064                         sp = NULL;
3065                 }
3066                 if ((rv = func(cd, sp, Lpsp)) != 0)
3067                         break;
3068                 Lpsp = (lwpsinfo_t *)((uintptr_t)Lpsp + Lphp->pr_entsize);
3069         }
3070 
3071         free(Lhp);
3072         free(Lphp);
3073         return (rv);
3074 }
3075 
3076 core_content_t
3077 Pcontent(struct ps_prochandle *P)
3078 {
3079         core_info_t *core = P->data;
3080 
3081         if (P->state == PS_DEAD)
3082                 return (core->core_content);
3083         if (P->state == PS_IDLE)
3084                 return (CC_CONTENT_TEXT | CC_CONTENT_DATA | CC_CONTENT_CTF);
3085 
3086         return (CC_CONTENT_ALL);
3087 }
3088 
3089 /*
3090  * =================================================================
3091  * The remainder of the functions in this file are for the
3092  * control of individual LWPs in the controlled process.
3093  * =================================================================
3094  */
3095 
3096 /*
3097  * Find an entry in the process hash table for the specified lwpid.
3098  * The entry will either point to an existing struct ps_lwphandle
3099  * or it will point to an empty slot for a new struct ps_lwphandle.
3100  */
3101 static struct ps_lwphandle **
3102 Lfind(struct ps_prochandle *P, lwpid_t lwpid)
3103 {
3104         struct ps_lwphandle **Lp;
3105         struct ps_lwphandle *L;
3106 
3107         for (Lp = &P->hashtab[lwpid % (HASHSIZE - 1)];
3108             (L = *Lp) != NULL; Lp = &L->lwp_hash)
3109                 if (L->lwp_id == lwpid)
3110                         break;
3111         return (Lp);
3112 }
3113 
3114 /*
3115  * Grab an LWP contained within the controlled process.
3116  * Return an opaque pointer to its LWP control structure.
3117  *      perr: pointer to error return code.
3118  */
3119 struct ps_lwphandle *
3120 Lgrab(struct ps_prochandle *P, lwpid_t lwpid, int *perr)
3121 {
3122         struct ps_lwphandle **Lp;
3123         struct ps_lwphandle *L;
3124         int fd;
3125         char procname[PATH_MAX];
3126         char *fname;
3127         int rc = 0;
3128 
3129         (void) mutex_lock(&P->proc_lock);
3130 
3131         if (P->state == PS_UNDEAD || P->state == PS_IDLE)
3132                 rc = G_NOPROC;
3133         else if (P->hashtab == NULL &&
3134             (P->hashtab = calloc(HASHSIZE, sizeof (struct ps_lwphandle *)))
3135             == NULL)
3136                 rc = G_STRANGE;
3137         else if (*(Lp = Lfind(P, lwpid)) != NULL)
3138                 rc = G_BUSY;
3139         else if ((L = malloc(sizeof (struct ps_lwphandle))) == NULL)
3140                 rc = G_STRANGE;
3141         if (rc) {
3142                 *perr = rc;
3143                 (void) mutex_unlock(&P->proc_lock);
3144                 return (NULL);
3145         }
3146 
3147         (void) memset(L, 0, sizeof (*L));
3148         L->lwp_ctlfd = -1;
3149         L->lwp_statfd = -1;
3150         L->lwp_proc = P;
3151         L->lwp_id = lwpid;
3152         *Lp = L;        /* insert into the hash table */
3153 
3154         if (P->state == PS_DEAD) {   /* core file */
3155                 if (getlwpstatus(P, lwpid, &L->lwp_status) == -1) {
3156                         rc = G_NOPROC;
3157                         goto err;
3158                 }
3159                 L->lwp_state = PS_DEAD;
3160                 *perr = 0;
3161                 (void) mutex_unlock(&P->proc_lock);
3162                 return (L);
3163         }
3164 
3165         /*
3166          * Open the /proc/<pid>/lwp/<lwpid> files
3167          */
3168         (void) snprintf(procname, sizeof (procname), "%s/%d/lwp/%d/",
3169             procfs_path, (int)P->pid, (int)lwpid);
3170         fname = procname + strlen(procname);
3171         (void) set_minfd();
3172 
3173         (void) strcpy(fname, "lwpstatus");
3174         if ((fd = open(procname, O_RDONLY)) < 0 ||
3175             (fd = dupfd(fd, 0)) < 0) {
3176                 switch (errno) {
3177                 case ENOENT:
3178                         rc = G_NOPROC;
3179                         break;
3180                 default:
3181                         dprintf("Lgrab: failed to open %s: %s\n",
3182                             procname, strerror(errno));
3183                         rc = G_STRANGE;
3184                         break;
3185                 }
3186                 goto err;
3187         }
3188         L->lwp_statfd = fd;
3189 
3190         if (pread(fd, &L->lwp_status, sizeof (L->lwp_status), (off_t)0) < 0) {
3191                 switch (errno) {
3192                 case ENOENT:
3193                         rc = G_NOPROC;
3194                         break;
3195                 default:
3196                         dprintf("Lgrab: failed to read %s: %s\n",
3197                             procname, strerror(errno));
3198                         rc = G_STRANGE;
3199                         break;
3200                 }
3201                 goto err;
3202         }
3203 
3204         (void) strcpy(fname, "lwpctl");
3205         if ((fd = open(procname, O_WRONLY)) < 0 ||
3206             (fd = dupfd(fd, 0)) < 0) {
3207                 switch (errno) {
3208                 case ENOENT:
3209                         rc = G_NOPROC;
3210                         break;
3211                 default:
3212                         dprintf("Lgrab: failed to open %s: %s\n",
3213                             procname, strerror(errno));
3214                         rc = G_STRANGE;
3215                         break;
3216                 }
3217                 goto err;
3218         }
3219         L->lwp_ctlfd = fd;
3220 
3221         L->lwp_state =
3222             ((L->lwp_status.pr_flags & (PR_STOPPED|PR_ISTOP))
3223             == (PR_STOPPED|PR_ISTOP))?
3224             PS_STOP : PS_RUN;
3225 
3226         *perr = 0;
3227         (void) mutex_unlock(&P->proc_lock);
3228         return (L);
3229 
3230 err:
3231         Lfree_internal(P, L);
3232         *perr = rc;
3233         (void) mutex_unlock(&P->proc_lock);
3234         return (NULL);
3235 }
3236 
3237 /*
3238  * Return a printable string corresponding to an Lgrab() error return.
3239  */
3240 const char *
3241 Lgrab_error(int error)
3242 {
3243         const char *str;
3244 
3245         switch (error) {
3246         case G_NOPROC:
3247                 str = "no such LWP";
3248                 break;
3249         case G_BUSY:
3250                 str = "LWP already grabbed";
3251                 break;
3252         case G_STRANGE:
3253                 str = "unanticipated system error";
3254                 break;
3255         default:
3256                 str = "unknown error";
3257                 break;
3258         }
3259 
3260         return (str);
3261 }
3262 
3263 /*
3264  * Free an LWP control structure.
3265  */
3266 void
3267 Lfree(struct ps_lwphandle *L)
3268 {
3269         struct ps_prochandle *P = L->lwp_proc;
3270 
3271         (void) mutex_lock(&P->proc_lock);
3272         Lfree_internal(P, L);
3273         (void) mutex_unlock(&P->proc_lock);
3274 }
3275 
3276 static void
3277 Lfree_internal(struct ps_prochandle *P, struct ps_lwphandle *L)
3278 {
3279         *Lfind(P, L->lwp_id) = L->lwp_hash;       /* delete from hash table */
3280         if (L->lwp_ctlfd >= 0)
3281                 (void) close(L->lwp_ctlfd);
3282         if (L->lwp_statfd >= 0)
3283                 (void) close(L->lwp_statfd);
3284 
3285         /* clear out the structure as a precaution against reuse */
3286         (void) memset(L, 0, sizeof (*L));
3287         L->lwp_ctlfd = -1;
3288         L->lwp_statfd = -1;
3289 
3290         free(L);
3291 }
3292 
3293 /*
3294  * Return the state of the process, one of the PS_* values.
3295  */
3296 int
3297 Lstate(struct ps_lwphandle *L)
3298 {
3299         return (L->lwp_state);
3300 }
3301 
3302 /*
3303  * Return the open control file descriptor for the LWP.
3304  * Clients must not close this file descriptor, nor use it
3305  * after the LWP is freed.
3306  */
3307 int
3308 Lctlfd(struct ps_lwphandle *L)
3309 {
3310         return (L->lwp_ctlfd);
3311 }
3312 
3313 /*
3314  * Return a pointer to the LWP lwpsinfo structure.
3315  * Clients should not hold on to this pointer indefinitely.
3316  * It will become invalid on Lfree().
3317  */
3318 const lwpsinfo_t *
3319 Lpsinfo(struct ps_lwphandle *L)
3320 {
3321         if (Plwp_getpsinfo(L->lwp_proc, L->lwp_id, &L->lwp_psinfo) == -1)
3322                 return (NULL);
3323 
3324         return (&L->lwp_psinfo);
3325 }
3326 
3327 /*
3328  * Return a pointer to the LWP status structure.
3329  * Clients should not hold on to this pointer indefinitely.
3330  * It will become invalid on Lfree().
3331  */
3332 const lwpstatus_t *
3333 Lstatus(struct ps_lwphandle *L)
3334 {
3335         return (&L->lwp_status);
3336 }
3337 
3338 /*
3339  * Given an LWP handle, return the process handle.
3340  */
3341 struct ps_prochandle *
3342 Lprochandle(struct ps_lwphandle *L)
3343 {
3344         return (L->lwp_proc);
3345 }
3346 
3347 /*
3348  * Ensure that all cached state is written to the LWP.
3349  * The cached state is the LWP's signal mask and registers.
3350  */
3351 void
3352 Lsync(struct ps_lwphandle *L)
3353 {
3354         int ctlfd = L->lwp_ctlfd;
3355         long cmd[2];
3356         iovec_t iov[4];
3357         int n = 0;
3358 
3359         if (L->lwp_flags & SETHOLD) {
3360                 cmd[0] = PCSHOLD;
3361                 iov[n].iov_base = (caddr_t)&cmd[0];
3362                 iov[n++].iov_len = sizeof (long);
3363                 iov[n].iov_base = (caddr_t)&L->lwp_status.pr_lwphold;
3364                 iov[n++].iov_len = sizeof (L->lwp_status.pr_lwphold);
3365         }
3366         if (L->lwp_flags & SETREGS) {
3367                 cmd[1] = PCSREG;
3368                 iov[n].iov_base = (caddr_t)&cmd[1];
3369                 iov[n++].iov_len = sizeof (long);
3370                 iov[n].iov_base = (caddr_t)&L->lwp_status.pr_reg[0];
3371                 iov[n++].iov_len = sizeof (L->lwp_status.pr_reg);
3372         }
3373 
3374         if (n == 0 || writev(ctlfd, iov, n) < 0)
3375                 return;         /* nothing to do or write failed */
3376 
3377         L->lwp_flags &= ~(SETHOLD|SETREGS);
3378 }
3379 
3380 /*
3381  * Wait for the specified LWP to stop or terminate.
3382  * Or, just get the current status (PCNULL).
3383  * Or, direct it to stop and get the current status (PCDSTOP).
3384  */
3385 static int
3386 Lstopstatus(struct ps_lwphandle *L,
3387         long request,           /* PCNULL, PCDSTOP, PCSTOP, PCWSTOP */
3388         uint_t msec)            /* if non-zero, timeout in milliseconds */
3389 {
3390         int ctlfd = L->lwp_ctlfd;
3391         long ctl[3];
3392         ssize_t rc;
3393         int err;
3394 
3395         switch (L->lwp_state) {
3396         case PS_RUN:
3397                 break;
3398         case PS_STOP:
3399                 if (request != PCNULL && request != PCDSTOP)
3400                         return (0);
3401                 break;
3402         case PS_LOST:
3403                 if (request != PCNULL) {
3404                         errno = EAGAIN;
3405                         return (-1);
3406                 }
3407                 break;
3408         case PS_UNDEAD:
3409         case PS_DEAD:
3410                 if (request != PCNULL) {
3411                         errno = ENOENT;
3412                         return (-1);
3413                 }
3414                 break;
3415         default:        /* corrupted state */
3416                 dprintf("Lstopstatus: corrupted state: %d\n", L->lwp_state);
3417                 errno = EINVAL;
3418                 return (-1);
3419         }
3420 
3421         ctl[0] = PCDSTOP;
3422         ctl[1] = PCTWSTOP;
3423         ctl[2] = (long)msec;
3424         rc = 0;
3425         switch (request) {
3426         case PCSTOP:
3427                 rc = write(ctlfd, &ctl[0], 3*sizeof (long));
3428                 break;
3429         case PCWSTOP:
3430                 rc = write(ctlfd, &ctl[1], 2*sizeof (long));
3431                 break;
3432         case PCDSTOP:
3433                 rc = write(ctlfd, &ctl[0], 1*sizeof (long));
3434                 break;
3435         case PCNULL:
3436                 if (L->lwp_state == PS_DEAD)
3437                         return (0); /* Nothing else to do for cores */
3438                 break;
3439         default:        /* programming error */
3440                 errno = EINVAL;
3441                 return (-1);
3442         }
3443         err = (rc < 0)? errno : 0;
3444         Lsync(L);
3445 
3446         if (pread(L->lwp_statfd, &L->lwp_status,
3447             sizeof (L->lwp_status), (off_t)0) < 0)
3448                 err = errno;
3449 
3450         if (err) {
3451                 switch (err) {
3452                 case EINTR:             /* user typed ctl-C */
3453                 case ERESTART:
3454                         dprintf("Lstopstatus: EINTR\n");
3455                         break;
3456                 case EAGAIN:            /* we lost control of the the process */
3457                         dprintf("Lstopstatus: EAGAIN\n");
3458                         L->lwp_state = PS_LOST;
3459                         errno = err;
3460                         return (-1);
3461                 default:
3462                         if (_libproc_debug) {
3463                                 const char *errstr;
3464 
3465                                 switch (request) {
3466                                 case PCNULL:
3467                                         errstr = "Lstopstatus PCNULL"; break;
3468                                 case PCSTOP:
3469                                         errstr = "Lstopstatus PCSTOP"; break;
3470                                 case PCDSTOP:
3471                                         errstr = "Lstopstatus PCDSTOP"; break;
3472                                 case PCWSTOP:
3473                                         errstr = "Lstopstatus PCWSTOP"; break;
3474                                 default:
3475                                         errstr = "Lstopstatus PC???"; break;
3476                                 }
3477                                 dprintf("%s: %s\n", errstr, strerror(err));
3478                         }
3479                         L->lwp_state = PS_UNDEAD;
3480                         errno = err;
3481                         return (-1);
3482                 }
3483         }
3484 
3485         if ((L->lwp_status.pr_flags & (PR_STOPPED|PR_ISTOP))
3486             != (PR_STOPPED|PR_ISTOP)) {
3487                 L->lwp_state = PS_RUN;
3488                 if (request == PCNULL || request == PCDSTOP || msec != 0)
3489                         return (0);
3490                 dprintf("Lstopstatus: LWP is not stopped\n");
3491                 errno = EPROTO;
3492                 return (-1);
3493         }
3494 
3495         L->lwp_state = PS_STOP;
3496 
3497         if (_libproc_debug)     /* debugging */
3498                 prldump("Lstopstatus", &L->lwp_status);
3499 
3500         switch (L->lwp_status.pr_why) {
3501         case PR_SYSENTRY:
3502         case PR_SYSEXIT:
3503         case PR_REQUESTED:
3504         case PR_SIGNALLED:
3505         case PR_FAULTED:
3506         case PR_JOBCONTROL:
3507         case PR_SUSPENDED:
3508                 break;
3509         default:
3510                 errno = EPROTO;
3511                 return (-1);
3512         }
3513 
3514         return (0);
3515 }
3516 
3517 /*
3518  * Wait for the LWP to stop for any reason.
3519  */
3520 int
3521 Lwait(struct ps_lwphandle *L, uint_t msec)
3522 {
3523         return (Lstopstatus(L, PCWSTOP, msec));
3524 }
3525 
3526 /*
3527  * Direct the LWP to stop; wait for it to stop.
3528  */
3529 int
3530 Lstop(struct ps_lwphandle *L, uint_t msec)
3531 {
3532         return (Lstopstatus(L, PCSTOP, msec));
3533 }
3534 
3535 /*
3536  * Direct the LWP to stop; don't wait.
3537  */
3538 int
3539 Ldstop(struct ps_lwphandle *L)
3540 {
3541         return (Lstopstatus(L, PCDSTOP, 0));
3542 }
3543 
3544 /*
3545  * Get the value of one register from stopped LWP.
3546  */
3547 int
3548 Lgetareg(struct ps_lwphandle *L, int regno, prgreg_t *preg)
3549 {
3550         if (regno < 0 || regno >= NPRGREG) {
3551                 errno = EINVAL;
3552                 return (-1);
3553         }
3554 
3555         if (L->lwp_state != PS_STOP) {
3556                 errno = EBUSY;
3557                 return (-1);
3558         }
3559 
3560         *preg = L->lwp_status.pr_reg[regno];
3561         return (0);
3562 }
3563 
3564 /*
3565  * Put value of one register into stopped LWP.
3566  */
3567 int
3568 Lputareg(struct ps_lwphandle *L, int regno, prgreg_t reg)
3569 {
3570         if (regno < 0 || regno >= NPRGREG) {
3571                 errno = EINVAL;
3572                 return (-1);
3573         }
3574 
3575         if (L->lwp_state != PS_STOP) {
3576                 errno = EBUSY;
3577                 return (-1);
3578         }
3579 
3580         L->lwp_status.pr_reg[regno] = reg;
3581         L->lwp_flags |= SETREGS;     /* set registers before continuing */
3582         return (0);
3583 }
3584 
3585 int
3586 Lsetrun(struct ps_lwphandle *L,
3587         int sig,        /* signal to pass to LWP */
3588         int flags)      /* PRSTEP|PRSABORT|PRSTOP|PRCSIG|PRCFAULT */
3589 {
3590         int ctlfd = L->lwp_ctlfd;
3591         int sbits = (PR_DSTOP | PR_ISTOP | PR_ASLEEP);
3592 
3593         long ctl[1 +                                    /* PCCFAULT     */
3594             1 + sizeof (siginfo_t)/sizeof (long) +      /* PCSSIG/PCCSIG */
3595             2 ];                                        /* PCRUN        */
3596 
3597         long *ctlp = ctl;
3598         size_t size;
3599 
3600         if (L->lwp_state != PS_STOP &&
3601             (L->lwp_status.pr_flags & sbits) == 0) {
3602                 errno = EBUSY;
3603                 return (-1);
3604         }
3605 
3606         Lsync(L);       /* flush registers */
3607 
3608         if (flags & PRCFAULT) {             /* clear current fault */
3609                 *ctlp++ = PCCFAULT;
3610                 flags &= ~PRCFAULT;
3611         }
3612 
3613         if (flags & PRCSIG) {               /* clear current signal */
3614                 *ctlp++ = PCCSIG;
3615                 flags &= ~PRCSIG;
3616         } else if (sig && sig != L->lwp_status.pr_cursig) {
3617                 /* make current signal */
3618                 siginfo_t *infop;
3619 
3620                 *ctlp++ = PCSSIG;
3621                 infop = (siginfo_t *)ctlp;
3622                 (void) memset(infop, 0, sizeof (*infop));
3623                 infop->si_signo = sig;
3624                 ctlp += sizeof (siginfo_t) / sizeof (long);
3625         }
3626 
3627         *ctlp++ = PCRUN;
3628         *ctlp++ = flags;
3629         size = (char *)ctlp - (char *)ctl;
3630 
3631         L->lwp_proc->info_valid = 0; /* will need to update map and file info */
3632         L->lwp_proc->state = PS_RUN;
3633         L->lwp_state = PS_RUN;
3634 
3635         if (write(ctlfd, ctl, size) != size) {
3636                 /* Pretend that a job-stopped LWP is running */
3637                 if (errno != EBUSY || L->lwp_status.pr_why != PR_JOBCONTROL)
3638                         return (Lstopstatus(L, PCNULL, 0));
3639         }
3640 
3641         return (0);
3642 }
3643 
3644 int
3645 Lclearsig(struct ps_lwphandle *L)
3646 {
3647         int ctlfd = L->lwp_ctlfd;
3648         long ctl = PCCSIG;
3649 
3650         if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
3651                 return (-1);
3652         L->lwp_status.pr_cursig = 0;
3653         return (0);
3654 }
3655 
3656 int
3657 Lclearfault(struct ps_lwphandle *L)
3658 {
3659         int ctlfd = L->lwp_ctlfd;
3660         long ctl = PCCFAULT;
3661 
3662         if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
3663                 return (-1);
3664         return (0);
3665 }
3666 
3667 /*
3668  * Step over a breakpoint, i.e., execute the instruction that
3669  * really belongs at the breakpoint location (the current %pc)
3670  * and leave the LWP stopped at the next instruction.
3671  */
3672 int
3673 Lxecbkpt(struct ps_lwphandle *L, ulong_t saved)
3674 {
3675         struct ps_prochandle *P = L->lwp_proc;
3676         int rv, error;
3677 
3678         if (L->lwp_state != PS_STOP) {
3679                 errno = EBUSY;
3680                 return (-1);
3681         }
3682 
3683         Lsync(L);
3684         error = execute_bkpt(L->lwp_ctlfd,
3685             &P->status.pr_flttrace, &L->lwp_status.pr_lwphold,
3686             L->lwp_status.pr_reg[R_PC], saved);
3687         rv = Lstopstatus(L, PCNULL, 0);
3688 
3689         if (error != 0) {
3690                 if (L->lwp_status.pr_why == PR_JOBCONTROL &&
3691                     error == EBUSY) {   /* jobcontrol stop -- back off */
3692                         L->lwp_state = PS_RUN;
3693                         return (0);
3694                 }
3695                 if (error == ENOENT)
3696                         return (0);
3697                 errno = error;
3698                 return (-1);
3699         }
3700 
3701         return (rv);
3702 }
3703 
3704 /*
3705  * Step over a watchpoint, i.e., execute the instruction that was stopped by
3706  * the watchpoint, and then leave the LWP stopped at the next instruction.
3707  */
3708 int
3709 Lxecwapt(struct ps_lwphandle *L, const prwatch_t *wp)
3710 {
3711         struct ps_prochandle *P = L->lwp_proc;
3712         int rv, error;
3713 
3714         if (L->lwp_state != PS_STOP) {
3715                 errno = EBUSY;
3716                 return (-1);
3717         }
3718 
3719         Lsync(L);
3720         error = execute_wapt(L->lwp_ctlfd,
3721             &P->status.pr_flttrace, &L->lwp_status.pr_lwphold, wp);
3722         rv = Lstopstatus(L, PCNULL, 0);
3723 
3724         if (error != 0) {
3725                 if (L->lwp_status.pr_why == PR_JOBCONTROL &&
3726                     error == EBUSY) {   /* jobcontrol stop -- back off */
3727                         L->lwp_state = PS_RUN;
3728                         return (0);
3729                 }
3730                 if (error == ENOENT)
3731                         return (0);
3732                 errno = error;
3733                 return (-1);
3734         }
3735 
3736         return (rv);
3737 }
3738 
3739 int
3740 Lstack(struct ps_lwphandle *L, stack_t *stkp)
3741 {
3742         struct ps_prochandle *P = L->lwp_proc;
3743         uintptr_t addr = L->lwp_status.pr_ustack;
3744 
3745         if (P->status.pr_dmodel == PR_MODEL_NATIVE) {
3746                 if (Pread(P, stkp, sizeof (*stkp), addr) != sizeof (*stkp))
3747                         return (-1);
3748 #ifdef _LP64
3749         } else {
3750                 stack32_t stk32;
3751 
3752                 if (Pread(P, &stk32, sizeof (stk32), addr) != sizeof (stk32))
3753                         return (-1);
3754 
3755                 stack_32_to_n(&stk32, stkp);
3756 #endif
3757         }
3758 
3759         return (0);
3760 }
3761 
3762 int
3763 Lmain_stack(struct ps_lwphandle *L, stack_t *stkp)
3764 {
3765         struct ps_prochandle *P = L->lwp_proc;
3766 
3767         if (Lstack(L, stkp) != 0)
3768                 return (-1);
3769 
3770         /*
3771          * If the SS_ONSTACK flag is set then this LWP is operating on the
3772          * alternate signal stack. We can recover the original stack from
3773          * pr_oldcontext.
3774          */
3775         if (!(stkp->ss_flags & SS_ONSTACK))
3776                 return (0);
3777 
3778         if (P->status.pr_dmodel == PR_MODEL_NATIVE) {
3779                 ucontext_t *ctxp = (void *)L->lwp_status.pr_oldcontext;
3780 
3781                 if (Pread(P, stkp, sizeof (*stkp),
3782                     (uintptr_t)&ctxp->uc_stack) != sizeof (*stkp))
3783                         return (-1);
3784 #ifdef _LP64
3785         } else {
3786                 ucontext32_t *ctxp = (void *)L->lwp_status.pr_oldcontext;
3787                 stack32_t stk32;
3788 
3789                 if (Pread(P, &stk32, sizeof (stk32),
3790                     (uintptr_t)&ctxp->uc_stack) != sizeof (stk32))
3791                         return (-1);
3792 
3793                 stack_32_to_n(&stk32, stkp);
3794 #endif
3795         }
3796 
3797         return (0);
3798 }
3799 
3800 int
3801 Lalt_stack(struct ps_lwphandle *L, stack_t *stkp)
3802 {
3803         if (L->lwp_status.pr_altstack.ss_flags & SS_DISABLE) {
3804                 errno = ENODATA;
3805                 return (-1);
3806         }
3807 
3808         *stkp = L->lwp_status.pr_altstack;
3809 
3810         return (0);
3811 }
3812 
3813 /*
3814  * Add a mapping to the given proc handle.  Resizes the array as appropriate and
3815  * manages reference counts on the given file_info_t.
3816  *
3817  * The 'map_relocate' member is used to tell Psort_mappings() that the
3818  * associated file_map pointer needs to be relocated after the mappings have
3819  * been sorted.  It is only set for the first mapping, and has no meaning
3820  * outside these two functions.
3821  */
3822 int
3823 Padd_mapping(struct ps_prochandle *P, off64_t off, file_info_t *fp,
3824     prmap_t *pmap)
3825 {
3826         map_info_t *mp;
3827 
3828         if (P->map_count == P->map_alloc) {
3829                 size_t next = P->map_alloc ? P->map_alloc * 2 : 16;
3830 
3831                 if ((P->mappings = realloc(P->mappings,
3832                     next * sizeof (map_info_t))) == NULL)
3833                         return (-1);
3834 
3835                 P->map_alloc = next;
3836         }
3837 
3838         mp = &P->mappings[P->map_count++];
3839 
3840         mp->map_offset = off;
3841         mp->map_pmap = *pmap;
3842         mp->map_relocate = 0;
3843         if ((mp->map_file = fp) != NULL) {
3844                 if (fp->file_map == NULL) {
3845                         fp->file_map = mp;
3846                         mp->map_relocate = 1;
3847                 }
3848                 fp->file_ref++;
3849         }
3850 
3851         return (0);
3852 }
3853 
3854 static int
3855 map_sort(const void *a, const void *b)
3856 {
3857         const map_info_t *ap = a, *bp = b;
3858 
3859         if (ap->map_pmap.pr_vaddr < bp->map_pmap.pr_vaddr)
3860                 return (-1);
3861         else if (ap->map_pmap.pr_vaddr > bp->map_pmap.pr_vaddr)
3862                 return (1);
3863         else
3864                 return (0);
3865 }
3866 
3867 /*
3868  * Sort the current set of mappings.  Should be called during target
3869  * initialization after all calls to Padd_mapping() have been made.
3870  */
3871 void
3872 Psort_mappings(struct ps_prochandle *P)
3873 {
3874         int i;
3875         map_info_t *mp;
3876 
3877         qsort(P->mappings, P->map_count, sizeof (map_info_t), map_sort);
3878 
3879         /*
3880          * Update all the file_map pointers to refer to the new locations.
3881          */
3882         for (i = 0; i < P->map_count; i++) {
3883                 mp = &P->mappings[i];
3884                 if (mp->map_relocate)
3885                         mp->map_file->file_map = mp;
3886                 mp->map_relocate = 0;
3887         }
3888 }
3889 
3890 struct ps_prochandle *
3891 Pgrab_ops(pid_t pid, void *data, const ps_ops_t *ops, int flags)
3892 {
3893         struct ps_prochandle *P;
3894 
3895         if ((P = calloc(1, sizeof (*P))) == NULL) {
3896                 return (NULL);
3897         }
3898 
3899         Pinit_ops(&P->ops, ops);
3900         (void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
3901         P->pid = pid;
3902         P->state = PS_STOP;
3903         P->asfd = -1;
3904         P->ctlfd = -1;
3905         P->statfd = -1;
3906         P->agentctlfd = -1;
3907         P->agentstatfd = -1;
3908         Pinitsym(P);
3909         P->data = data;
3910         Pread_status(P);
3911 
3912         if (flags & PGRAB_INCORE) {
3913                 P->flags |= INCORE;
3914         }
3915 
3916         return (P);
3917 }