1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  *
  26  * Portions Copyright 2007 Chad Mynhier
  27  * Copyright 2012 DEY Storage Systems, Inc.  All rights reserved.
  28  * Copyright (c) 2013 by Delphix. All rights reserved.
  29  * Copyright 2015, Joyent, Inc.
  30  */
  31 
  32 #include <assert.h>
  33 #include <stdio.h>
  34 #include <stdlib.h>
  35 #include <unistd.h>
  36 #include <ctype.h>
  37 #include <fcntl.h>
  38 #include <string.h>
  39 #include <strings.h>
  40 #include <memory.h>
  41 #include <errno.h>
  42 #include <dirent.h>
  43 #include <limits.h>
  44 #include <signal.h>
  45 #include <atomic.h>
  46 #include <zone.h>
  47 #include <sys/types.h>
  48 #include <sys/uio.h>
  49 #include <sys/stat.h>
  50 #include <sys/resource.h>
  51 #include <sys/param.h>
  52 #include <sys/stack.h>
  53 #include <sys/fault.h>
  54 #include <sys/syscall.h>
  55 #include <sys/sysmacros.h>
  56 #include <sys/systeminfo.h>
  57 
  58 #include "libproc.h"
  59 #include "Pcontrol.h"
  60 #include "Putil.h"
  61 #include "P32ton.h"
  62 
  63 int     _libproc_debug;         /* set non-zero to enable debugging printfs */
  64 int     _libproc_no_qsort;      /* set non-zero to inhibit sorting */
  65                                 /* of symbol tables */
  66 int     _libproc_incore_elf;    /* only use in-core elf data */
  67 
  68 sigset_t blockable_sigs;        /* signals to block when we need to be safe */
  69 static  int     minfd;  /* minimum file descriptor returned by dupfd(fd, 0) */
  70 char    procfs_path[PATH_MAX] = "/proc";
  71 
  72 /*
  73  * Function prototypes for static routines in this module.
  74  */
  75 static  void    deadcheck(struct ps_prochandle *);
  76 static  void    restore_tracing_flags(struct ps_prochandle *);
  77 static  void    Lfree_internal(struct ps_prochandle *, struct ps_lwphandle *);
  78 static  prheader_t *read_lfile(struct ps_prochandle *, const char *);
  79 
  80 /*
  81  * Ops vector functions for live processes.
  82  */
  83 
  84 /*ARGSUSED*/
  85 static ssize_t
  86 Pread_live(struct ps_prochandle *P, void *buf, size_t n, uintptr_t addr,
  87     void *data)
  88 {
  89         return (pread(P->asfd, buf, n, (off_t)addr));
  90 }
  91 
  92 /*ARGSUSED*/
  93 static ssize_t
  94 Pwrite_live(struct ps_prochandle *P, const void *buf, size_t n, uintptr_t addr,
  95     void *data)
  96 {
  97         return (pwrite(P->asfd, buf, n, (off_t)addr));
  98 }
  99 
 100 /*ARGSUSED*/
 101 static int
 102 Pread_maps_live(struct ps_prochandle *P, prmap_t **Pmapp, ssize_t *nmapp,
 103     void *data)
 104 {
 105         char mapfile[PATH_MAX];
 106         int mapfd;
 107         struct stat statb;
 108         ssize_t nmap;
 109         prmap_t *Pmap = NULL;
 110 
 111         (void) snprintf(mapfile, sizeof (mapfile), "%s/%d/map",
 112             procfs_path, (int)P->pid);
 113         if ((mapfd = open(mapfile, O_RDONLY)) < 0 ||
 114             fstat(mapfd, &statb) != 0 ||
 115             statb.st_size < sizeof (prmap_t) ||
 116             (Pmap = malloc(statb.st_size)) == NULL ||
 117             (nmap = pread(mapfd, Pmap, statb.st_size, 0L)) <= 0 ||
 118             (nmap /= sizeof (prmap_t)) == 0) {
 119                 if (Pmap != NULL)
 120                         free(Pmap);
 121                 if (mapfd >= 0)
 122                         (void) close(mapfd);
 123                 Preset_maps(P); /* utter failure; destroy tables */
 124                 return (-1);
 125         }
 126         (void) close(mapfd);
 127 
 128         *Pmapp = Pmap;
 129         *nmapp = nmap;
 130 
 131         return (0);
 132 }
 133 
 134 /*ARGSUSED*/
 135 static void
 136 Pread_aux_live(struct ps_prochandle *P, auxv_t **auxvp, int *nauxp, void *data)
 137 {
 138         char auxfile[64];
 139         int fd;
 140         struct stat statb;
 141         auxv_t *auxv;
 142         ssize_t naux;
 143 
 144         (void) snprintf(auxfile, sizeof (auxfile), "%s/%d/auxv",
 145             procfs_path, (int)P->pid);
 146         if ((fd = open(auxfile, O_RDONLY)) < 0) {
 147                 dprintf("%s: failed to open %s: %s\n",
 148                     __func__, auxfile, strerror(errno));
 149                 return;
 150         }
 151 
 152         if (fstat(fd, &statb) == 0 &&
 153             statb.st_size >= sizeof (auxv_t) &&
 154             (auxv = malloc(statb.st_size + sizeof (auxv_t))) != NULL) {
 155                 if ((naux = read(fd, auxv, statb.st_size)) < 0 ||
 156                     (naux /= sizeof (auxv_t)) < 1) {
 157                         dprintf("%s: read failed: %s\n",
 158                             __func__, strerror(errno));
 159                         free(auxv);
 160                 } else {
 161                         auxv[naux].a_type = AT_NULL;
 162                         auxv[naux].a_un.a_val = 0L;
 163 
 164                         *auxvp = auxv;
 165                         *nauxp = (int)naux;
 166                 }
 167         }
 168 
 169         (void) close(fd);
 170 }
 171 
 172 /*ARGSUSED*/
 173 static int
 174 Pcred_live(struct ps_prochandle *P, prcred_t *pcrp, int ngroups, void *data)
 175 {
 176         return (proc_get_cred(P->pid, pcrp, ngroups));
 177 }
 178 
 179 /*ARGSUSED*/
 180 static int
 181 Ppriv_live(struct ps_prochandle *P, prpriv_t **pprv, void *data)
 182 {
 183         prpriv_t *pp;
 184 
 185         pp = proc_get_priv(P->pid);
 186         if (pp == NULL) {
 187                 return (-1);
 188         }
 189 
 190         *pprv = pp;
 191         return (0);
 192 }
 193 
 194 /*ARGSUSED*/
 195 static const psinfo_t *
 196 Ppsinfo_live(struct ps_prochandle *P, psinfo_t *psinfo, void *data)
 197 {
 198         if (proc_get_psinfo(P->pid, psinfo) == -1)
 199                 return (NULL);
 200 
 201         return (psinfo);
 202 }
 203 
 204 /*ARGSUSED*/
 205 static prheader_t *
 206 Plstatus_live(struct ps_prochandle *P, void *data)
 207 {
 208         return (read_lfile(P, "lstatus"));
 209 }
 210 
 211 /*ARGSUSED*/
 212 static prheader_t *
 213 Plpsinfo_live(struct ps_prochandle *P, void *data)
 214 {
 215         return (read_lfile(P, "lpsinfo"));
 216 }
 217 
 218 /*ARGSUSED*/
 219 static char *
 220 Pplatform_live(struct ps_prochandle *P, char *s, size_t n, void *data)
 221 {
 222         if (sysinfo(SI_PLATFORM, s, n) == -1)
 223                 return (NULL);
 224         return (s);
 225 }
 226 
 227 /*ARGSUSED*/
 228 static int
 229 Puname_live(struct ps_prochandle *P, struct utsname *u, void *data)
 230 {
 231         return (uname(u));
 232 }
 233 
 234 /*ARGSUSED*/
 235 static char *
 236 Pzonename_live(struct ps_prochandle *P, char *s, size_t n, void *data)
 237 {
 238         if (getzonenamebyid(P->status.pr_zoneid, s, n) < 0)
 239                 return (NULL);
 240         s[n - 1] = '\0';
 241         return (s);
 242 }
 243 
 244 /*
 245  * Callback function for Pfindexec().  We return a match if we can stat the
 246  * suggested pathname and confirm its device and inode number match our
 247  * previous information about the /proc/<pid>/object/a.out file.
 248  */
 249 static int
 250 stat_exec(const char *path, void *arg)
 251 {
 252         struct stat64 *stp = arg;
 253         struct stat64 st;
 254 
 255         return (stat64(path, &st) == 0 && S_ISREG(st.st_mode) &&
 256             stp->st_dev == st.st_dev && stp->st_ino == st.st_ino);
 257 }
 258 
 259 /*ARGSUSED*/
 260 static char *
 261 Pexecname_live(struct ps_prochandle *P, char *buf, size_t buflen, void *data)
 262 {
 263         char exec_name[PATH_MAX];
 264         char cwd[PATH_MAX];
 265         char proc_cwd[64];
 266         struct stat64 st;
 267         int ret;
 268 
 269         /*
 270          * Try to get the path information first.
 271          */
 272         (void) snprintf(exec_name, sizeof (exec_name),
 273             "%s/%d/path/a.out", procfs_path, (int)P->pid);
 274         if ((ret = readlink(exec_name, buf, buflen - 1)) > 0) {
 275                 buf[ret] = '\0';
 276                 (void) Pfindobj(P, buf, buf, buflen);
 277                 return (buf);
 278         }
 279 
 280         /*
 281          * Stat the executable file so we can compare Pfindexec's
 282          * suggestions to the actual device and inode number.
 283          */
 284         (void) snprintf(exec_name, sizeof (exec_name),
 285             "%s/%d/object/a.out", procfs_path, (int)P->pid);
 286 
 287         if (stat64(exec_name, &st) != 0 || !S_ISREG(st.st_mode))
 288                 return (NULL);
 289 
 290         /*
 291          * Attempt to figure out the current working directory of the
 292          * target process.  This only works if the target process has
 293          * not changed its current directory since it was exec'd.
 294          */
 295         (void) snprintf(proc_cwd, sizeof (proc_cwd),
 296             "%s/%d/path/cwd", procfs_path, (int)P->pid);
 297 
 298         if ((ret = readlink(proc_cwd, cwd, PATH_MAX - 1)) > 0)
 299                 cwd[ret] = '\0';
 300 
 301         (void) Pfindexec(P, ret > 0 ? cwd : NULL, stat_exec, &st);
 302 
 303         return (NULL);
 304 }
 305 
 306 #if defined(__i386) || defined(__amd64)
 307 /*ARGSUSED*/
 308 static int
 309 Pldt_live(struct ps_prochandle *P, struct ssd *pldt, int nldt, void *data)
 310 {
 311         return (proc_get_ldt(P->pid, pldt, nldt));
 312 }
 313 #endif
 314 
 315 static const ps_ops_t P_live_ops = {
 316         .pop_pread      = Pread_live,
 317         .pop_pwrite     = Pwrite_live,
 318         .pop_read_maps  = Pread_maps_live,
 319         .pop_read_aux   = Pread_aux_live,
 320         .pop_cred       = Pcred_live,
 321         .pop_priv       = Ppriv_live,
 322         .pop_psinfo     = Ppsinfo_live,
 323         .pop_lstatus    = Plstatus_live,
 324         .pop_lpsinfo    = Plpsinfo_live,
 325         .pop_platform   = Pplatform_live,
 326         .pop_uname      = Puname_live,
 327         .pop_zonename   = Pzonename_live,
 328         .pop_execname   = Pexecname_live,
 329 #if defined(__i386) || defined(__amd64)
 330         .pop_ldt        = Pldt_live
 331 #endif
 332 };
 333 
 334 /*
 335  * This is the library's .init handler.
 336  */
 337 #pragma init(_libproc_init)
 338 void
 339 _libproc_init(void)
 340 {
 341         _libproc_debug = getenv("LIBPROC_DEBUG") != NULL;
 342         _libproc_no_qsort = getenv("LIBPROC_NO_QSORT") != NULL;
 343         _libproc_incore_elf = getenv("LIBPROC_INCORE_ELF") != NULL;
 344 
 345         (void) sigfillset(&blockable_sigs);
 346         (void) sigdelset(&blockable_sigs, SIGKILL);
 347         (void) sigdelset(&blockable_sigs, SIGSTOP);
 348 }
 349 
 350 void
 351 Pset_procfs_path(const char *path)
 352 {
 353         (void) snprintf(procfs_path, sizeof (procfs_path), "%s", path);
 354 }
 355 
 356 /*
 357  * Call set_minfd() once before calling dupfd() several times.
 358  * We assume that the application will not reduce its current file
 359  * descriptor limit lower than 512 once it has set at least that value.
 360  */
 361 int
 362 set_minfd(void)
 363 {
 364         static mutex_t minfd_lock = DEFAULTMUTEX;
 365         struct rlimit rlim;
 366         int fd;
 367 
 368         if ((fd = minfd) < 256) {
 369                 (void) mutex_lock(&minfd_lock);
 370                 if ((fd = minfd) < 256) {
 371                         if (getrlimit(RLIMIT_NOFILE, &rlim) != 0)
 372                                 rlim.rlim_cur = rlim.rlim_max = 0;
 373                         if (rlim.rlim_cur >= 512)
 374                                 fd = 256;
 375                         else if ((fd = rlim.rlim_cur / 2) < 3)
 376                                 fd = 3;
 377                         membar_producer();
 378                         minfd = fd;
 379                 }
 380                 (void) mutex_unlock(&minfd_lock);
 381         }
 382         return (fd);
 383 }
 384 
 385 int
 386 dupfd(int fd, int dfd)
 387 {
 388         int mfd;
 389 
 390         /*
 391          * Make fd be greater than 255 (the 32-bit stdio limit),
 392          * or at least make it greater than 2 so that the
 393          * program will work when spawned by init(1m).
 394          * Also, if dfd is non-zero, dup the fd to be dfd.
 395          */
 396         if ((mfd = minfd) == 0)
 397                 mfd = set_minfd();
 398         if (dfd > 0 || (0 <= fd && fd < mfd)) {
 399                 if (dfd <= 0)
 400                         dfd = mfd;
 401                 dfd = fcntl(fd, F_DUPFD, dfd);
 402                 (void) close(fd);
 403                 fd = dfd;
 404         }
 405         /*
 406          * Mark it close-on-exec so any created process doesn't inherit it.
 407          */
 408         if (fd >= 0)
 409                 (void) fcntl(fd, F_SETFD, FD_CLOEXEC);
 410         return (fd);
 411 }
 412 
 413 /*
 414  * Create a new controlled process.
 415  * Leave it stopped on successful exit from exec() or execve().
 416  * Return an opaque pointer to its process control structure.
 417  * Return NULL if process cannot be created (fork()/exec() not successful).
 418  */
 419 struct ps_prochandle *
 420 Pxcreate(const char *file,      /* executable file name */
 421         char *const *argv,      /* argument vector */
 422         char *const *envp,      /* environment */
 423         int *perr,      /* pointer to error return code */
 424         char *path,     /* if non-null, holds exec path name on return */
 425         size_t len)     /* size of the path buffer */
 426 {
 427         char execpath[PATH_MAX];
 428         char procname[PATH_MAX];
 429         struct ps_prochandle *P;
 430         pid_t pid;
 431         int fd;
 432         char *fname;
 433         int rc;
 434         int lasterrno = 0;
 435 
 436         if (len == 0)   /* zero length, no path */
 437                 path = NULL;
 438         if (path != NULL)
 439                 *path = '\0';
 440 
 441         if ((P = malloc(sizeof (struct ps_prochandle))) == NULL) {
 442                 *perr = C_STRANGE;
 443                 return (NULL);
 444         }
 445 
 446         if ((pid = fork1()) == -1) {
 447                 free(P);
 448                 *perr = C_FORK;
 449                 return (NULL);
 450         }
 451 
 452         if (pid == 0) {                 /* child process */
 453                 id_t id;
 454                 extern char **environ;
 455 
 456                 /*
 457                  * If running setuid or setgid, reset credentials to normal.
 458                  */
 459                 if ((id = getgid()) != getegid())
 460                         (void) setgid(id);
 461                 if ((id = getuid()) != geteuid())
 462                         (void) setuid(id);
 463 
 464                 Pcreate_callback(P);    /* execute callback (see below) */
 465                 (void) pause();         /* wait for PRSABORT from parent */
 466 
 467                 /*
 468                  * This is ugly.  There is no execvep() function that takes a
 469                  * path and an environment.  We cheat here by replacing the
 470                  * global 'environ' variable right before we call this.
 471                  */
 472                 if (envp)
 473                         environ = (char **)envp;
 474 
 475                 (void) execvp(file, argv);  /* execute the program */
 476                 _exit(127);
 477         }
 478 
 479         /*
 480          * Initialize the process structure.
 481          */
 482         (void) memset(P, 0, sizeof (*P));
 483         (void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
 484         P->flags |= CREATED;
 485         P->state = PS_RUN;
 486         P->pid = pid;
 487         P->asfd = -1;
 488         P->ctlfd = -1;
 489         P->statfd = -1;
 490         P->agentctlfd = -1;
 491         P->agentstatfd = -1;
 492         Pinit_ops(&P->ops, &P_live_ops);
 493         Pinitsym(P);
 494 
 495         /*
 496          * Open the /proc/pid files.
 497          */
 498         (void) snprintf(procname, sizeof (procname), "%s/%d/",
 499             procfs_path, (int)pid);
 500         fname = procname + strlen(procname);
 501         (void) set_minfd();
 502 
 503         /*
 504          * Exclusive write open advises others not to interfere.
 505          * There is no reason for any of these open()s to fail.
 506          */
 507         (void) strcpy(fname, "as");
 508         if ((fd = open(procname, (O_RDWR|O_EXCL))) < 0 ||
 509             (fd = dupfd(fd, 0)) < 0) {
 510                 dprintf("Pcreate: failed to open %s: %s\n",
 511                     procname, strerror(errno));
 512                 rc = C_STRANGE;
 513                 goto bad;
 514         }
 515         P->asfd = fd;
 516 
 517         (void) strcpy(fname, "status");
 518         if ((fd = open(procname, O_RDONLY)) < 0 ||
 519             (fd = dupfd(fd, 0)) < 0) {
 520                 dprintf("Pcreate: failed to open %s: %s\n",
 521                     procname, strerror(errno));
 522                 rc = C_STRANGE;
 523                 goto bad;
 524         }
 525         P->statfd = fd;
 526 
 527         (void) strcpy(fname, "ctl");
 528         if ((fd = open(procname, O_WRONLY)) < 0 ||
 529             (fd = dupfd(fd, 0)) < 0) {
 530                 dprintf("Pcreate: failed to open %s: %s\n",
 531                     procname, strerror(errno));
 532                 rc = C_STRANGE;
 533                 goto bad;
 534         }
 535         P->ctlfd = fd;
 536 
 537         (void) Pstop(P, 0);     /* stop the controlled process */
 538 
 539         /*
 540          * Wait for process to sleep in pause().
 541          * If the process has already called pause(), then it should be
 542          * stopped (PR_REQUESTED) while asleep in pause and we are done.
 543          * Else we set up to catch entry/exit to pause() and set the process
 544          * running again, expecting it to stop when it reaches pause().
 545          * There is no reason for this to fail other than an interrupt.
 546          */
 547         (void) Psysentry(P, SYS_pause, 1);
 548         (void) Psysexit(P, SYS_pause, 1);
 549         for (;;) {
 550                 if (P->state == PS_STOP &&
 551                     P->status.pr_lwp.pr_syscall == SYS_pause &&
 552                     (P->status.pr_lwp.pr_why == PR_REQUESTED ||
 553                     P->status.pr_lwp.pr_why == PR_SYSENTRY ||
 554                     P->status.pr_lwp.pr_why == PR_SYSEXIT))
 555                         break;
 556 
 557                 if (P->state != PS_STOP ||   /* interrupt or process died */
 558                     Psetrun(P, 0, 0) != 0) {    /* can't restart */
 559                         if (errno == EINTR || errno == ERESTART)
 560                                 rc = C_INTR;
 561                         else {
 562                                 dprintf("Pcreate: Psetrun failed: %s\n",
 563                                     strerror(errno));
 564                                 rc = C_STRANGE;
 565                         }
 566                         goto bad;
 567                 }
 568 
 569                 (void) Pwait(P, 0);
 570         }
 571         (void) Psysentry(P, SYS_pause, 0);
 572         (void) Psysexit(P, SYS_pause, 0);
 573 
 574         /*
 575          * Kick the process off the pause() and catch
 576          * it again on entry to exec() or exit().
 577          */
 578         (void) Psysentry(P, SYS_exit, 1);
 579         (void) Psysentry(P, SYS_execve, 1);
 580         if (Psetrun(P, 0, PRSABORT) == -1) {
 581                 dprintf("Pcreate: Psetrun failed: %s\n", strerror(errno));
 582                 rc = C_STRANGE;
 583                 goto bad;
 584         }
 585         (void) Pwait(P, 0);
 586         if (P->state != PS_STOP) {
 587                 dprintf("Pcreate: Pwait failed: %s\n", strerror(errno));
 588                 rc = C_STRANGE;
 589                 goto bad;
 590         }
 591 
 592         /*
 593          * Move the process through instances of failed exec()s
 594          * to reach the point of stopped on successful exec().
 595          */
 596         (void) Psysexit(P, SYS_execve, TRUE);
 597 
 598         while (P->state == PS_STOP &&
 599             P->status.pr_lwp.pr_why == PR_SYSENTRY &&
 600             P->status.pr_lwp.pr_what == SYS_execve) {
 601                 /*
 602                  * Fetch the exec path name now, before we complete
 603                  * the exec().  We may lose the process and be unable
 604                  * to get the information later.
 605                  */
 606                 (void) Pread_string(P, execpath, sizeof (execpath),
 607                     (off_t)P->status.pr_lwp.pr_sysarg[0]);
 608                 if (path != NULL)
 609                         (void) strncpy(path, execpath, len);
 610                 /*
 611                  * Set the process running and wait for
 612                  * it to stop on exit from the exec().
 613                  */
 614                 (void) Psetrun(P, 0, 0);
 615                 (void) Pwait(P, 0);
 616 
 617                 if (P->state == PS_LOST &&           /* we lost control */
 618                     Preopen(P) != 0) {          /* and we can't get it back */
 619                         rc = C_PERM;
 620                         goto bad;
 621                 }
 622 
 623                 /*
 624                  * If the exec() failed, continue the loop, expecting
 625                  * there to be more attempts to exec(), based on PATH.
 626                  */
 627                 if (P->state == PS_STOP &&
 628                     P->status.pr_lwp.pr_why == PR_SYSEXIT &&
 629                     P->status.pr_lwp.pr_what == SYS_execve &&
 630                     (lasterrno = P->status.pr_lwp.pr_errno) != 0) {
 631                         /*
 632                          * The exec() failed.  Set the process running and
 633                          * wait for it to stop on entry to the next exec().
 634                          */
 635                         (void) Psetrun(P, 0, 0);
 636                         (void) Pwait(P, 0);
 637 
 638                         continue;
 639                 }
 640                 break;
 641         }
 642 
 643         if (P->state == PS_STOP &&
 644             P->status.pr_lwp.pr_why == PR_SYSEXIT &&
 645             P->status.pr_lwp.pr_what == SYS_execve &&
 646             P->status.pr_lwp.pr_errno == 0) {
 647                 /*
 648                  * The process is stopped on successful exec() or execve().
 649                  * Turn off all tracing flags and return success.
 650                  */
 651                 restore_tracing_flags(P);
 652 #ifndef _LP64
 653                 /* We must be a 64-bit process to deal with a 64-bit process */
 654                 if (P->status.pr_dmodel == PR_MODEL_LP64) {
 655                         rc = C_LP64;
 656                         goto bad;
 657                 }
 658 #endif
 659                 /*
 660                  * Set run-on-last-close so the controlled process
 661                  * runs even if we die on a signal.
 662                  */
 663                 (void) Psetflags(P, PR_RLC);
 664                 *perr = 0;
 665                 return (P);
 666         }
 667 
 668         rc = lasterrno == ENOENT ? C_NOENT : C_NOEXEC;
 669 
 670 bad:
 671         (void) kill(pid, SIGKILL);
 672         if (path != NULL && rc != C_PERM && rc != C_LP64)
 673                 *path = '\0';
 674         Pfree(P);
 675         *perr = rc;
 676         return (NULL);
 677 }
 678 
 679 struct ps_prochandle *
 680 Pcreate(
 681         const char *file,       /* executable file name */
 682         char *const *argv,      /* argument vector */
 683         int *perr,      /* pointer to error return code */
 684         char *path,     /* if non-null, holds exec path name on return */
 685         size_t len)     /* size of the path buffer */
 686 {
 687         return (Pxcreate(file, argv, NULL, perr, path, len));
 688 }
 689 
 690 /*
 691  * Return a printable string corresponding to a Pcreate() error return.
 692  */
 693 const char *
 694 Pcreate_error(int error)
 695 {
 696         const char *str;
 697 
 698         switch (error) {
 699         case C_FORK:
 700                 str = "cannot fork";
 701                 break;
 702         case C_PERM:
 703                 str = "file is set-id or unreadable";
 704                 break;
 705         case C_NOEXEC:
 706                 str = "cannot execute file";
 707                 break;
 708         case C_INTR:
 709                 str = "operation interrupted";
 710                 break;
 711         case C_LP64:
 712                 str = "program is _LP64, self is not";
 713                 break;
 714         case C_STRANGE:
 715                 str = "unanticipated system error";
 716                 break;
 717         case C_NOENT:
 718                 str = "cannot find executable file";
 719                 break;
 720         default:
 721                 str = "unknown error";
 722                 break;
 723         }
 724 
 725         return (str);
 726 }
 727 
 728 /*
 729  * Callback to execute in each child process created with Pcreate() after fork
 730  * but before it execs the new process image.  By default, we do nothing, but
 731  * by calling this function we allow the client program to define its own
 732  * version of the function which will interpose on our empty default.  This
 733  * may be useful for clients that need to modify signal dispositions, terminal
 734  * attributes, or process group and session properties for each new victim.
 735  */
 736 /*ARGSUSED*/
 737 void
 738 Pcreate_callback(struct ps_prochandle *P)
 739 {
 740         /* nothing to do here */
 741 }
 742 
 743 /*
 744  * Grab an existing process.
 745  * Return an opaque pointer to its process control structure.
 746  *
 747  * pid:         UNIX process ID.
 748  * flags:
 749  *      PGRAB_RETAIN    Retain tracing flags (default clears all tracing flags).
 750  *      PGRAB_FORCE     Grab regardless of whether process is already traced.
 751  *      PGRAB_RDONLY    Open the address space file O_RDONLY instead of O_RDWR,
 752  *                      and do not open the process control file.
 753  *      PGRAB_NOSTOP    Open the process but do not force it to stop.
 754  * perr:        pointer to error return code.
 755  */
 756 struct ps_prochandle *
 757 Pgrab(pid_t pid, int flags, int *perr)
 758 {
 759         struct ps_prochandle *P;
 760         int fd, omode;
 761         char procname[PATH_MAX];
 762         char *fname;
 763         int rc = 0;
 764 
 765         /*
 766          * PGRAB_RDONLY means that we do not open the /proc/<pid>/control file,
 767          * and so it implies RETAIN and NOSTOP since both require control.
 768          */
 769         if (flags & PGRAB_RDONLY)
 770                 flags |= PGRAB_RETAIN | PGRAB_NOSTOP;
 771 
 772         if ((P = malloc(sizeof (struct ps_prochandle))) == NULL) {
 773                 *perr = G_STRANGE;
 774                 return (NULL);
 775         }
 776 
 777         P->asfd = -1;
 778         P->ctlfd = -1;
 779         P->statfd = -1;
 780 
 781 again:  /* Come back here if we lose it in the Window of Vulnerability */
 782         if (P->ctlfd >= 0)
 783                 (void) close(P->ctlfd);
 784         if (P->asfd >= 0)
 785                 (void) close(P->asfd);
 786         if (P->statfd >= 0)
 787                 (void) close(P->statfd);
 788         (void) memset(P, 0, sizeof (*P));
 789         (void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
 790         P->ctlfd = -1;
 791         P->asfd = -1;
 792         P->statfd = -1;
 793         P->agentctlfd = -1;
 794         P->agentstatfd = -1;
 795         Pinit_ops(&P->ops, &P_live_ops);
 796         Pinitsym(P);
 797 
 798         /*
 799          * Open the /proc/pid files
 800          */
 801         (void) snprintf(procname, sizeof (procname), "%s/%d/",
 802             procfs_path, (int)pid);
 803         fname = procname + strlen(procname);
 804         (void) set_minfd();
 805 
 806         /*
 807          * Request exclusive open to avoid grabbing someone else's
 808          * process and to prevent others from interfering afterwards.
 809          * If this fails and the 'PGRAB_FORCE' flag is set, attempt to
 810          * open non-exclusively.
 811          */
 812         (void) strcpy(fname, "as");
 813         omode = (flags & PGRAB_RDONLY) ? O_RDONLY : O_RDWR;
 814 
 815         if (((fd = open(procname, omode | O_EXCL)) < 0 &&
 816             (fd = ((flags & PGRAB_FORCE)? open(procname, omode) : -1)) < 0) ||
 817             (fd = dupfd(fd, 0)) < 0) {
 818                 switch (errno) {
 819                 case ENOENT:
 820                         rc = G_NOPROC;
 821                         break;
 822                 case EACCES:
 823                 case EPERM:
 824                         rc = G_PERM;
 825                         break;
 826                 case EMFILE:
 827                         rc = G_NOFD;
 828                         break;
 829                 case EBUSY:
 830                         if (!(flags & PGRAB_FORCE) || geteuid() != 0) {
 831                                 rc = G_BUSY;
 832                                 break;
 833                         }
 834                         /* FALLTHROUGH */
 835                 default:
 836                         dprintf("Pgrab: failed to open %s: %s\n",
 837                             procname, strerror(errno));
 838                         rc = G_STRANGE;
 839                         break;
 840                 }
 841                 goto err;
 842         }
 843         P->asfd = fd;
 844 
 845         (void) strcpy(fname, "status");
 846         if ((fd = open(procname, O_RDONLY)) < 0 ||
 847             (fd = dupfd(fd, 0)) < 0) {
 848                 switch (errno) {
 849                 case ENOENT:
 850                         rc = G_NOPROC;
 851                         break;
 852                 case EMFILE:
 853                         rc = G_NOFD;
 854                         break;
 855                 default:
 856                         dprintf("Pgrab: failed to open %s: %s\n",
 857                             procname, strerror(errno));
 858                         rc = G_STRANGE;
 859                         break;
 860                 }
 861                 goto err;
 862         }
 863         P->statfd = fd;
 864 
 865         if (!(flags & PGRAB_RDONLY)) {
 866                 (void) strcpy(fname, "ctl");
 867                 if ((fd = open(procname, O_WRONLY)) < 0 ||
 868                     (fd = dupfd(fd, 0)) < 0) {
 869                         switch (errno) {
 870                         case ENOENT:
 871                                 rc = G_NOPROC;
 872                                 break;
 873                         case EMFILE:
 874                                 rc = G_NOFD;
 875                                 break;
 876                         default:
 877                                 dprintf("Pgrab: failed to open %s: %s\n",
 878                                     procname, strerror(errno));
 879                                 rc = G_STRANGE;
 880                                 break;
 881                         }
 882                         goto err;
 883                 }
 884                 P->ctlfd = fd;
 885         }
 886 
 887         P->state = PS_RUN;
 888         P->pid = pid;
 889 
 890         /*
 891          * We are now in the Window of Vulnerability (WoV).  The process may
 892          * exec() a setuid/setgid or unreadable object file between the open()
 893          * and the PCSTOP.  We will get EAGAIN in this case and must start over.
 894          * As Pstopstatus will trigger the first read() from a /proc file,
 895          * we also need to handle EOVERFLOW here when 32-bit as an indicator
 896          * that this process is 64-bit.  Finally, if the process has become
 897          * a zombie (PS_UNDEAD) while we were trying to grab it, just remain
 898          * silent about this and pretend there was no process.
 899          */
 900         if (Pstopstatus(P, PCNULL, 0) != 0) {
 901 #ifndef _LP64
 902                 if (errno == EOVERFLOW) {
 903                         rc = G_LP64;
 904                         goto err;
 905                 }
 906 #endif
 907                 if (P->state == PS_LOST) {   /* WoV */
 908                         (void) mutex_destroy(&P->proc_lock);
 909                         goto again;
 910                 }
 911 
 912                 if (P->state == PS_UNDEAD)
 913                         rc = G_NOPROC;
 914                 else
 915                         rc = G_STRANGE;
 916 
 917                 goto err;
 918         }
 919 
 920         /*
 921          * If the process is a system process, we can't control it even as root
 922          */
 923         if (P->status.pr_flags & PR_ISSYS) {
 924                 rc = G_SYS;
 925                 goto err;
 926         }
 927 #ifndef _LP64
 928         /*
 929          * We must be a 64-bit process to deal with a 64-bit process
 930          */
 931         if (P->status.pr_dmodel == PR_MODEL_LP64) {
 932                 rc = G_LP64;
 933                 goto err;
 934         }
 935 #endif
 936 
 937         /*
 938          * Remember the status for use by Prelease().
 939          */
 940         P->orig_status = P->status;       /* structure copy */
 941 
 942         /*
 943          * Before stopping the process, make sure we are not grabbing ourselves.
 944          * If we are, make sure we are doing it PGRAB_RDONLY.
 945          */
 946         if (pid == getpid()) {
 947                 /*
 948                  * Verify that the process is really ourself:
 949                  * Set a magic number, read it through the
 950                  * /proc file and see if the results match.
 951                  */
 952                 uint32_t magic1 = 0;
 953                 uint32_t magic2 = 2;
 954 
 955                 errno = 0;
 956 
 957                 if (Pread(P, &magic2, sizeof (magic2), (uintptr_t)&magic1)
 958                     == sizeof (magic2) &&
 959                     magic2 == 0 &&
 960                     (magic1 = 0xfeedbeef) &&
 961                     Pread(P, &magic2, sizeof (magic2), (uintptr_t)&magic1)
 962                     == sizeof (magic2) &&
 963                     magic2 == 0xfeedbeef &&
 964                     !(flags & PGRAB_RDONLY)) {
 965                         rc = G_SELF;
 966                         goto err;
 967                 }
 968         }
 969 
 970         /*
 971          * If the process is already stopped or has been directed
 972          * to stop via /proc, do not set run-on-last-close.
 973          */
 974         if (!(P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) &&
 975             !(flags & PGRAB_RDONLY)) {
 976                 /*
 977                  * Mark the process run-on-last-close so
 978                  * it runs even if we die from SIGKILL.
 979                  */
 980                 if (Psetflags(P, PR_RLC) != 0) {
 981                         if (errno == EAGAIN) {  /* WoV */
 982                                 (void) mutex_destroy(&P->proc_lock);
 983                                 goto again;
 984                         }
 985                         if (errno == ENOENT)    /* No complaint about zombies */
 986                                 rc = G_ZOMB;
 987                         else {
 988                                 dprintf("Pgrab: failed to set RLC\n");
 989                                 rc = G_STRANGE;
 990                         }
 991                         goto err;
 992                 }
 993         }
 994 
 995         /*
 996          * If a stop directive is pending and the process has not yet stopped,
 997          * then synchronously wait for the stop directive to take effect.
 998          * Limit the time spent waiting for the process to stop by iterating
 999          * at most 10 times. The time-out of 20 ms corresponds to the time
1000          * between sending the stop directive and the process actually stopped
1001          * as measured by DTrace on a slow, busy system. If the process doesn't
1002          * stop voluntarily, clear the PR_DSTOP flag so that the code below
1003          * forces the process to stop.
1004          */
1005         if (!(flags & PGRAB_RDONLY)) {
1006                 int niter = 0;
1007                 while ((P->status.pr_lwp.pr_flags & (PR_STOPPED|PR_DSTOP)) ==
1008                     PR_DSTOP && niter < 10 &&
1009                     Pstopstatus(P, PCTWSTOP, 20) != 0) {
1010                         niter++;
1011                         if (flags & PGRAB_NOSTOP)
1012                                 break;
1013                 }
1014                 if (niter == 10 && !(flags & PGRAB_NOSTOP)) {
1015                         /* Try it harder down below */
1016                         P->status.pr_lwp.pr_flags &= ~PR_DSTOP;
1017                 }
1018         }
1019 
1020         /*
1021          * If the process is not already stopped or directed to stop
1022          * and PGRAB_NOSTOP was not specified, stop the process now.
1023          */
1024         if (!(P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) &&
1025             !(flags & PGRAB_NOSTOP)) {
1026                 /*
1027                  * Stop the process, get its status and signal/syscall masks.
1028                  */
1029                 if (((P->status.pr_lwp.pr_flags & PR_STOPPED) &&
1030                     Pstopstatus(P, PCDSTOP, 0) != 0) ||
1031                     Pstopstatus(P, PCSTOP, 2000) != 0) {
1032 #ifndef _LP64
1033                         if (errno == EOVERFLOW) {
1034                                 rc = G_LP64;
1035                                 goto err;
1036                         }
1037 #endif
1038                         if (P->state == PS_LOST) {   /* WoV */
1039                                 (void) mutex_destroy(&P->proc_lock);
1040                                 goto again;
1041                         }
1042                         if ((errno != EINTR && errno != ERESTART) ||
1043                             (P->state != PS_STOP &&
1044                             !(P->status.pr_flags & PR_DSTOP))) {
1045                                 if (P->state != PS_RUN && errno != ENOENT) {
1046                                         dprintf("Pgrab: failed to PCSTOP\n");
1047                                         rc = G_STRANGE;
1048                                 } else {
1049                                         rc = G_ZOMB;
1050                                 }
1051                                 goto err;
1052                         }
1053                 }
1054 
1055                 /*
1056                  * Process should now either be stopped via /proc or there
1057                  * should be an outstanding stop directive.
1058                  */
1059                 if (!(P->status.pr_flags & (PR_ISTOP|PR_DSTOP))) {
1060                         dprintf("Pgrab: process is not stopped\n");
1061                         rc = G_STRANGE;
1062                         goto err;
1063                 }
1064 #ifndef _LP64
1065                 /*
1066                  * Test this again now because the 32-bit victim process may
1067                  * have exec'd a 64-bit process in the meantime.
1068                  */
1069                 if (P->status.pr_dmodel == PR_MODEL_LP64) {
1070                         rc = G_LP64;
1071                         goto err;
1072                 }
1073 #endif
1074         }
1075 
1076         /*
1077          * Cancel all tracing flags unless the PGRAB_RETAIN flag is set.
1078          */
1079         if (!(flags & PGRAB_RETAIN)) {
1080                 (void) Psysentry(P, 0, FALSE);
1081                 (void) Psysexit(P, 0, FALSE);
1082                 (void) Psignal(P, 0, FALSE);
1083                 (void) Pfault(P, 0, FALSE);
1084                 Psync(P);
1085         }
1086 
1087         *perr = 0;
1088         return (P);
1089 
1090 err:
1091         Pfree(P);
1092         *perr = rc;
1093         return (NULL);
1094 }
1095 
1096 /*
1097  * Return a printable string corresponding to a Pgrab() error return.
1098  */
1099 const char *
1100 Pgrab_error(int error)
1101 {
1102         const char *str;
1103 
1104         switch (error) {
1105         case G_NOPROC:
1106                 str = "no such process";
1107                 break;
1108         case G_NOCORE:
1109                 str = "no such core file";
1110                 break;
1111         case G_NOPROCORCORE:
1112                 str = "no such process or core file";
1113                 break;
1114         case G_NOEXEC:
1115                 str = "cannot find executable file";
1116                 break;
1117         case G_ZOMB:
1118                 str = "zombie process";
1119                 break;
1120         case G_PERM:
1121                 str = "permission denied";
1122                 break;
1123         case G_BUSY:
1124                 str = "process is traced";
1125                 break;
1126         case G_SYS:
1127                 str = "system process";
1128                 break;
1129         case G_SELF:
1130                 str = "attempt to grab self";
1131                 break;
1132         case G_INTR:
1133                 str = "operation interrupted";
1134                 break;
1135         case G_LP64:
1136                 str = "program is _LP64, self is not";
1137                 break;
1138         case G_FORMAT:
1139                 str = "file is not an ELF core file";
1140                 break;
1141         case G_ELF:
1142                 str = "libelf error";
1143                 break;
1144         case G_NOTE:
1145                 str = "core file is corrupt or missing required data";
1146                 break;
1147         case G_STRANGE:
1148                 str = "unanticipated system error";
1149                 break;
1150         case G_ISAINVAL:
1151                 str = "wrong ELF machine type";
1152                 break;
1153         case G_BADLWPS:
1154                 str = "bad lwp specification";
1155                 break;
1156         case G_NOFD:
1157                 str = "too many open files";
1158                 break;
1159         default:
1160                 str = "unknown error";
1161                 break;
1162         }
1163 
1164         return (str);
1165 }
1166 
1167 /*
1168  * Free a process control structure.
1169  * Close the file descriptors but don't do the Prelease logic.
1170  */
1171 void
1172 Pfree(struct ps_prochandle *P)
1173 {
1174         uint_t i;
1175 
1176         if (P->ucaddrs != NULL) {
1177                 free(P->ucaddrs);
1178                 P->ucaddrs = NULL;
1179                 P->ucnelems = 0;
1180         }
1181 
1182         (void) mutex_lock(&P->proc_lock);
1183         if (P->hashtab != NULL) {
1184                 struct ps_lwphandle *L;
1185                 for (i = 0; i < HASHSIZE; i++) {
1186                         while ((L = P->hashtab[i]) != NULL)
1187                                 Lfree_internal(P, L);
1188                 }
1189                 free(P->hashtab);
1190         }
1191 
1192         while (P->num_fd > 0) {
1193                 fd_info_t *fip = list_next(&P->fd_head);
1194                 list_unlink(fip);
1195                 free(fip);
1196                 P->num_fd--;
1197         }
1198         (void) mutex_unlock(&P->proc_lock);
1199         (void) mutex_destroy(&P->proc_lock);
1200 
1201         if (P->agentctlfd >= 0)
1202                 (void) close(P->agentctlfd);
1203         if (P->agentstatfd >= 0)
1204                 (void) close(P->agentstatfd);
1205         if (P->ctlfd >= 0)
1206                 (void) close(P->ctlfd);
1207         if (P->asfd >= 0)
1208                 (void) close(P->asfd);
1209         if (P->statfd >= 0)
1210                 (void) close(P->statfd);
1211         Preset_maps(P);
1212         P->ops.pop_fini(P, P->data);
1213 
1214         /* clear out the structure as a precaution against reuse */
1215         (void) memset(P, 0, sizeof (*P));
1216         P->ctlfd = -1;
1217         P->asfd = -1;
1218         P->statfd = -1;
1219         P->agentctlfd = -1;
1220         P->agentstatfd = -1;
1221 
1222         free(P);
1223 }
1224 
1225 /*
1226  * Return the state of the process, one of the PS_* values.
1227  */
1228 int
1229 Pstate(struct ps_prochandle *P)
1230 {
1231         return (P->state);
1232 }
1233 
1234 /*
1235  * Return the open address space file descriptor for the process.
1236  * Clients must not close this file descriptor, not use it
1237  * after the process is freed.
1238  */
1239 int
1240 Pasfd(struct ps_prochandle *P)
1241 {
1242         return (P->asfd);
1243 }
1244 
1245 /*
1246  * Return the open control file descriptor for the process.
1247  * Clients must not close this file descriptor, not use it
1248  * after the process is freed.
1249  */
1250 int
1251 Pctlfd(struct ps_prochandle *P)
1252 {
1253         return (P->ctlfd);
1254 }
1255 
1256 /*
1257  * Return a pointer to the process psinfo structure.
1258  * Clients should not hold on to this pointer indefinitely.
1259  * It will become invalid on Prelease().
1260  */
1261 const psinfo_t *
1262 Ppsinfo(struct ps_prochandle *P)
1263 {
1264         return (P->ops.pop_psinfo(P, &P->psinfo, P->data));
1265 }
1266 
1267 /*
1268  * Return a pointer to the process status structure.
1269  * Clients should not hold on to this pointer indefinitely.
1270  * It will become invalid on Prelease().
1271  */
1272 const pstatus_t *
1273 Pstatus(struct ps_prochandle *P)
1274 {
1275         return (&P->status);
1276 }
1277 
1278 static void
1279 Pread_status(struct ps_prochandle *P)
1280 {
1281         P->ops.pop_status(P, &P->status, P->data);
1282 }
1283 
1284 /*
1285  * Fill in a pointer to a process credentials structure.  The ngroups parameter
1286  * is the number of supplementary group entries allocated in the caller's cred
1287  * structure.  It should equal zero or one unless extra space has been
1288  * allocated for the group list by the caller.
1289  */
1290 int
1291 Pcred(struct ps_prochandle *P, prcred_t *pcrp, int ngroups)
1292 {
1293         return (P->ops.pop_cred(P, pcrp, ngroups, P->data));
1294 }
1295 
1296 static prheader_t *
1297 Plstatus(struct ps_prochandle *P)
1298 {
1299         return (P->ops.pop_lstatus(P, P->data));
1300 }
1301 
1302 static prheader_t *
1303 Plpsinfo(struct ps_prochandle *P)
1304 {
1305         return (P->ops.pop_lpsinfo(P, P->data));
1306 }
1307 
1308 
1309 #if defined(__i386) || defined(__amd64)
1310 /*
1311  * Fill in a pointer to a process LDT structure.
1312  * The caller provides a buffer of size 'nldt * sizeof (struct ssd)';
1313  * If pldt == NULL or nldt == 0, we return the number of existing LDT entries.
1314  * Otherwise we return the actual number of LDT entries fetched (<= nldt).
1315  */
1316 int
1317 Pldt(struct ps_prochandle *P, struct ssd *pldt, int nldt)
1318 {
1319         return (P->ops.pop_ldt(P, pldt, nldt, P->data));
1320 
1321 }
1322 #endif  /* __i386 */
1323 
1324 /* ARGSUSED */
1325 void
1326 Ppriv_free(struct ps_prochandle *P, prpriv_t *prv)
1327 {
1328         free(prv);
1329 }
1330 
1331 /*
1332  * Return a malloced process privilege structure in *pprv.
1333  */
1334 int
1335 Ppriv(struct ps_prochandle *P, prpriv_t **pprv)
1336 {
1337         return (P->ops.pop_priv(P, pprv, P->data));
1338 }
1339 
1340 int
1341 Psetpriv(struct ps_prochandle *P, prpriv_t *pprv)
1342 {
1343         int rc;
1344         long *ctl;
1345         size_t sz;
1346 
1347         if (P->state == PS_DEAD) {
1348                 errno = EBADF;
1349                 return (-1);
1350         }
1351 
1352         sz = PRIV_PRPRIV_SIZE(pprv) + sizeof (long);
1353 
1354         sz = ((sz - 1) / sizeof (long) + 1) * sizeof (long);
1355 
1356         ctl = malloc(sz);
1357         if (ctl == NULL)
1358                 return (-1);
1359 
1360         ctl[0] = PCSPRIV;
1361 
1362         (void) memcpy(&ctl[1], pprv, PRIV_PRPRIV_SIZE(pprv));
1363 
1364         if (write(P->ctlfd, ctl, sz) != sz)
1365                 rc = -1;
1366         else
1367                 rc = 0;
1368 
1369         free(ctl);
1370 
1371         return (rc);
1372 }
1373 
1374 void *
1375 Pprivinfo(struct ps_prochandle *P)
1376 {
1377         core_info_t *core = P->data;
1378 
1379         /* Use default from libc */
1380         if (P->state != PS_DEAD)
1381                 return (NULL);
1382 
1383         return (core->core_privinfo);
1384 }
1385 
1386 /*
1387  * Ensure that all cached state is written to the process.
1388  * The cached state is the LWP's signal mask and registers
1389  * and the process's tracing flags.
1390  */
1391 void
1392 Psync(struct ps_prochandle *P)
1393 {
1394         int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
1395         long cmd[6];
1396         iovec_t iov[12];
1397         int n = 0;
1398 
1399         if (P->flags & SETHOLD) {
1400                 cmd[0] = PCSHOLD;
1401                 iov[n].iov_base = (caddr_t)&cmd[0];
1402                 iov[n++].iov_len = sizeof (long);
1403                 iov[n].iov_base = (caddr_t)&P->status.pr_lwp.pr_lwphold;
1404                 iov[n++].iov_len = sizeof (P->status.pr_lwp.pr_lwphold);
1405         }
1406         if (P->flags & SETREGS) {
1407                 cmd[1] = PCSREG;
1408 #ifdef __i386
1409                 /* XX64 we should probably restore REG_GS after this */
1410                 if (ctlfd == P->agentctlfd)
1411                         P->status.pr_lwp.pr_reg[GS] = 0;
1412 #elif defined(__amd64)
1413                 /* XX64 */
1414 #endif
1415                 iov[n].iov_base = (caddr_t)&cmd[1];
1416                 iov[n++].iov_len = sizeof (long);
1417                 iov[n].iov_base = (caddr_t)&P->status.pr_lwp.pr_reg[0];
1418                 iov[n++].iov_len = sizeof (P->status.pr_lwp.pr_reg);
1419         }
1420         if (P->flags & SETSIG) {
1421                 cmd[2] = PCSTRACE;
1422                 iov[n].iov_base = (caddr_t)&cmd[2];
1423                 iov[n++].iov_len = sizeof (long);
1424                 iov[n].iov_base = (caddr_t)&P->status.pr_sigtrace;
1425                 iov[n++].iov_len = sizeof (P->status.pr_sigtrace);
1426         }
1427         if (P->flags & SETFAULT) {
1428                 cmd[3] = PCSFAULT;
1429                 iov[n].iov_base = (caddr_t)&cmd[3];
1430                 iov[n++].iov_len = sizeof (long);
1431                 iov[n].iov_base = (caddr_t)&P->status.pr_flttrace;
1432                 iov[n++].iov_len = sizeof (P->status.pr_flttrace);
1433         }
1434         if (P->flags & SETENTRY) {
1435                 cmd[4] = PCSENTRY;
1436                 iov[n].iov_base = (caddr_t)&cmd[4];
1437                 iov[n++].iov_len = sizeof (long);
1438                 iov[n].iov_base = (caddr_t)&P->status.pr_sysentry;
1439                 iov[n++].iov_len = sizeof (P->status.pr_sysentry);
1440         }
1441         if (P->flags & SETEXIT) {
1442                 cmd[5] = PCSEXIT;
1443                 iov[n].iov_base = (caddr_t)&cmd[5];
1444                 iov[n++].iov_len = sizeof (long);
1445                 iov[n].iov_base = (caddr_t)&P->status.pr_sysexit;
1446                 iov[n++].iov_len = sizeof (P->status.pr_sysexit);
1447         }
1448 
1449         if (n == 0 || writev(ctlfd, iov, n) < 0)
1450                 return;         /* nothing to do or write failed */
1451 
1452         P->flags &= ~(SETSIG|SETFAULT|SETENTRY|SETEXIT|SETHOLD|SETREGS);
1453 }
1454 
1455 /*
1456  * Reopen the /proc file (after PS_LOST).
1457  */
1458 int
1459 Preopen(struct ps_prochandle *P)
1460 {
1461         int fd;
1462         char procname[PATH_MAX];
1463         char *fname;
1464 
1465         if (P->state == PS_DEAD || P->state == PS_IDLE)
1466                 return (0);
1467 
1468         if (P->agentcnt > 0) {
1469                 P->agentcnt = 1;
1470                 Pdestroy_agent(P);
1471         }
1472 
1473         (void) snprintf(procname, sizeof (procname), "%s/%d/",
1474             procfs_path, (int)P->pid);
1475         fname = procname + strlen(procname);
1476 
1477         (void) strcpy(fname, "as");
1478         if ((fd = open(procname, O_RDWR)) < 0 ||
1479             close(P->asfd) < 0 ||
1480             (fd = dupfd(fd, P->asfd)) != P->asfd) {
1481                 dprintf("Preopen: failed to open %s: %s\n",
1482                     procname, strerror(errno));
1483                 if (fd >= 0)
1484                         (void) close(fd);
1485                 return (-1);
1486         }
1487         P->asfd = fd;
1488 
1489         (void) strcpy(fname, "status");
1490         if ((fd = open(procname, O_RDONLY)) < 0 ||
1491             close(P->statfd) < 0 ||
1492             (fd = dupfd(fd, P->statfd)) != P->statfd) {
1493                 dprintf("Preopen: failed to open %s: %s\n",
1494                     procname, strerror(errno));
1495                 if (fd >= 0)
1496                         (void) close(fd);
1497                 return (-1);
1498         }
1499         P->statfd = fd;
1500 
1501         (void) strcpy(fname, "ctl");
1502         if ((fd = open(procname, O_WRONLY)) < 0 ||
1503             close(P->ctlfd) < 0 ||
1504             (fd = dupfd(fd, P->ctlfd)) != P->ctlfd) {
1505                 dprintf("Preopen: failed to open %s: %s\n",
1506                     procname, strerror(errno));
1507                 if (fd >= 0)
1508                         (void) close(fd);
1509                 return (-1);
1510         }
1511         P->ctlfd = fd;
1512 
1513         /*
1514          * Set the state to PS_RUN and wait for the process to stop so that
1515          * we re-read the status from the new P->statfd.  If this fails, Pwait
1516          * will reset the state to PS_LOST and we fail the reopen.  Before
1517          * returning, we also forge a bit of P->status to allow the debugger to
1518          * see that we are PS_LOST following a successful exec.
1519          */
1520         P->state = PS_RUN;
1521         if (Pwait(P, 0) == -1) {
1522 #ifdef _ILP32
1523                 if (errno == EOVERFLOW)
1524                         P->status.pr_dmodel = PR_MODEL_LP64;
1525 #endif
1526                 P->status.pr_lwp.pr_why = PR_SYSEXIT;
1527                 P->status.pr_lwp.pr_what = SYS_execve;
1528                 P->status.pr_lwp.pr_errno = 0;
1529                 return (-1);
1530         }
1531 
1532         /*
1533          * The process should be stopped on exec (REQUESTED)
1534          * or else should be stopped on exit from exec() (SYSEXIT)
1535          */
1536         if (P->state == PS_STOP &&
1537             (P->status.pr_lwp.pr_why == PR_REQUESTED ||
1538             (P->status.pr_lwp.pr_why == PR_SYSEXIT &&
1539             P->status.pr_lwp.pr_what == SYS_execve))) {
1540                 /* fake up stop-on-exit-from-execve */
1541                 if (P->status.pr_lwp.pr_why == PR_REQUESTED) {
1542                         P->status.pr_lwp.pr_why = PR_SYSEXIT;
1543                         P->status.pr_lwp.pr_what = SYS_execve;
1544                         P->status.pr_lwp.pr_errno = 0;
1545                 }
1546         } else {
1547                 dprintf("Preopen: expected REQUESTED or "
1548                     "SYSEXIT(SYS_execve) stop\n");
1549         }
1550 
1551         return (0);
1552 }
1553 
1554 /*
1555  * Define all settable flags other than the microstate accounting flags.
1556  */
1557 #define ALL_SETTABLE_FLAGS (PR_FORK|PR_RLC|PR_KLC|PR_ASYNC|PR_BPTADJ|PR_PTRACE)
1558 
1559 /*
1560  * Restore /proc tracing flags to their original values
1561  * in preparation for releasing the process.
1562  * Also called by Pcreate() to clear all tracing flags.
1563  */
1564 static void
1565 restore_tracing_flags(struct ps_prochandle *P)
1566 {
1567         long flags;
1568         long cmd[4];
1569         iovec_t iov[8];
1570 
1571         if (P->flags & CREATED) {
1572                 /* we created this process; clear all tracing flags */
1573                 premptyset(&P->status.pr_sigtrace);
1574                 premptyset(&P->status.pr_flttrace);
1575                 premptyset(&P->status.pr_sysentry);
1576                 premptyset(&P->status.pr_sysexit);
1577                 if ((P->status.pr_flags & ALL_SETTABLE_FLAGS) != 0)
1578                         (void) Punsetflags(P, ALL_SETTABLE_FLAGS);
1579         } else {
1580                 /* we grabbed the process; restore its tracing flags */
1581                 P->status.pr_sigtrace = P->orig_status.pr_sigtrace;
1582                 P->status.pr_flttrace = P->orig_status.pr_flttrace;
1583                 P->status.pr_sysentry = P->orig_status.pr_sysentry;
1584                 P->status.pr_sysexit  = P->orig_status.pr_sysexit;
1585                 if ((P->status.pr_flags & ALL_SETTABLE_FLAGS) !=
1586                     (flags = (P->orig_status.pr_flags & ALL_SETTABLE_FLAGS))) {
1587                         (void) Punsetflags(P, ALL_SETTABLE_FLAGS);
1588                         if (flags)
1589                                 (void) Psetflags(P, flags);
1590                 }
1591         }
1592 
1593         cmd[0] = PCSTRACE;
1594         iov[0].iov_base = (caddr_t)&cmd[0];
1595         iov[0].iov_len = sizeof (long);
1596         iov[1].iov_base = (caddr_t)&P->status.pr_sigtrace;
1597         iov[1].iov_len = sizeof (P->status.pr_sigtrace);
1598 
1599         cmd[1] = PCSFAULT;
1600         iov[2].iov_base = (caddr_t)&cmd[1];
1601         iov[2].iov_len = sizeof (long);
1602         iov[3].iov_base = (caddr_t)&P->status.pr_flttrace;
1603         iov[3].iov_len = sizeof (P->status.pr_flttrace);
1604 
1605         cmd[2] = PCSENTRY;
1606         iov[4].iov_base = (caddr_t)&cmd[2];
1607         iov[4].iov_len = sizeof (long);
1608         iov[5].iov_base = (caddr_t)&P->status.pr_sysentry;
1609         iov[5].iov_len = sizeof (P->status.pr_sysentry);
1610 
1611         cmd[3] = PCSEXIT;
1612         iov[6].iov_base = (caddr_t)&cmd[3];
1613         iov[6].iov_len = sizeof (long);
1614         iov[7].iov_base = (caddr_t)&P->status.pr_sysexit;
1615         iov[7].iov_len = sizeof (P->status.pr_sysexit);
1616 
1617         (void) writev(P->ctlfd, iov, 8);
1618 
1619         P->flags &= ~(SETSIG|SETFAULT|SETENTRY|SETEXIT);
1620 }
1621 
1622 /*
1623  * Release the process.  Frees the process control structure.
1624  * flags:
1625  *      PRELEASE_CLEAR  Clear all tracing flags.
1626  *      PRELEASE_RETAIN Retain current tracing flags.
1627  *      PRELEASE_HANG   Leave the process stopped and abandoned.
1628  *      PRELEASE_KILL   Terminate the process with SIGKILL.
1629  */
1630 void
1631 Prelease(struct ps_prochandle *P, int flags)
1632 {
1633         if (P->state == PS_DEAD) {
1634                 dprintf("Prelease: releasing handle %p PS_DEAD of pid %d\n",
1635                     (void *)P, (int)P->pid);
1636                 Pfree(P);
1637                 return;
1638         }
1639 
1640         if (P->state == PS_IDLE) {
1641                 file_info_t *fptr = list_next(&P->file_head);
1642                 dprintf("Prelease: releasing handle %p PS_IDLE of file %s\n",
1643                     (void *)P, fptr->file_pname);
1644                 Pfree(P);
1645                 return;
1646         }
1647 
1648         dprintf("Prelease: releasing handle %p pid %d\n",
1649             (void *)P, (int)P->pid);
1650 
1651         if (P->ctlfd == -1) {
1652                 Pfree(P);
1653                 return;
1654         }
1655 
1656         if (P->agentcnt > 0) {
1657                 P->agentcnt = 1;
1658                 Pdestroy_agent(P);
1659         }
1660 
1661         /*
1662          * Attempt to stop the process.
1663          */
1664         P->state = PS_RUN;
1665         (void) Pstop(P, 1000);
1666 
1667         if (flags & PRELEASE_KILL) {
1668                 if (P->state == PS_STOP)
1669                         (void) Psetrun(P, SIGKILL, 0);
1670                 (void) kill(P->pid, SIGKILL);
1671                 Pfree(P);
1672                 return;
1673         }
1674 
1675         /*
1676          * If we lost control, all we can do now is close the files.
1677          * In this case, the last close sets the process running.
1678          */
1679         if (P->state != PS_STOP &&
1680             (P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) == 0) {
1681                 Pfree(P);
1682                 return;
1683         }
1684 
1685         /*
1686          * We didn't lose control; we do more.
1687          */
1688         Psync(P);
1689 
1690         if (flags & PRELEASE_CLEAR)
1691                 P->flags |= CREATED;
1692 
1693         if (!(flags & PRELEASE_RETAIN))
1694                 restore_tracing_flags(P);
1695 
1696         if (flags & PRELEASE_HANG) {
1697                 /* Leave the process stopped and abandoned */
1698                 (void) Punsetflags(P, PR_RLC|PR_KLC);
1699                 Pfree(P);
1700                 return;
1701         }
1702 
1703         /*
1704          * Set the process running if we created it or if it was
1705          * not originally stopped or directed to stop via /proc
1706          * or if we were given the PRELEASE_CLEAR flag.
1707          */
1708         if ((P->flags & CREATED) ||
1709             (P->orig_status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) == 0) {
1710                 (void) Psetflags(P, PR_RLC);
1711                 /*
1712                  * We do this repeatedly because the process may have
1713                  * more than one LWP stopped on an event of interest.
1714                  * This makes sure all of them are set running.
1715                  */
1716                 do {
1717                         if (Psetrun(P, 0, 0) == -1 && errno == EBUSY)
1718                                 break; /* Agent LWP may be stuck */
1719                 } while (Pstopstatus(P, PCNULL, 0) == 0 &&
1720                     P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP));
1721 
1722                 if (P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP))
1723                         dprintf("Prelease: failed to set process running\n");
1724         }
1725 
1726         Pfree(P);
1727 }
1728 
1729 /* debugging */
1730 void
1731 prldump(const char *caller, lwpstatus_t *lsp)
1732 {
1733         char name[32];
1734         uint32_t bits;
1735 
1736         switch (lsp->pr_why) {
1737         case PR_REQUESTED:
1738                 dprintf("%s: REQUESTED\n", caller);
1739                 break;
1740         case PR_SIGNALLED:
1741                 dprintf("%s: SIGNALLED %s\n", caller,
1742                     proc_signame(lsp->pr_what, name, sizeof (name)));
1743                 break;
1744         case PR_FAULTED:
1745                 dprintf("%s: FAULTED %s\n", caller,
1746                     proc_fltname(lsp->pr_what, name, sizeof (name)));
1747                 break;
1748         case PR_SYSENTRY:
1749                 dprintf("%s: SYSENTRY %s\n", caller,
1750                     proc_sysname(lsp->pr_what, name, sizeof (name)));
1751                 break;
1752         case PR_SYSEXIT:
1753                 dprintf("%s: SYSEXIT %s\n", caller,
1754                     proc_sysname(lsp->pr_what, name, sizeof (name)));
1755                 break;
1756         case PR_JOBCONTROL:
1757                 dprintf("%s: JOBCONTROL %s\n", caller,
1758                     proc_signame(lsp->pr_what, name, sizeof (name)));
1759                 break;
1760         case PR_SUSPENDED:
1761                 dprintf("%s: SUSPENDED\n", caller);
1762                 break;
1763         default:
1764                 dprintf("%s: Unknown\n", caller);
1765                 break;
1766         }
1767 
1768         if (lsp->pr_cursig)
1769                 dprintf("%s: p_cursig  = %d\n", caller, lsp->pr_cursig);
1770 
1771         bits = *((uint32_t *)&lsp->pr_lwppend);
1772         if (bits)
1773                 dprintf("%s: pr_lwppend = 0x%.8X\n", caller, bits);
1774 }
1775 
1776 /* debugging */
1777 static void
1778 prdump(struct ps_prochandle *P)
1779 {
1780         uint32_t bits;
1781 
1782         prldump("Pstopstatus", &P->status.pr_lwp);
1783 
1784         bits = *((uint32_t *)&P->status.pr_sigpend);
1785         if (bits)
1786                 dprintf("Pstopstatus: pr_sigpend = 0x%.8X\n", bits);
1787 }
1788 
1789 /*
1790  * Wait for the specified process to stop or terminate.
1791  * Or, just get the current status (PCNULL).
1792  * Or, direct it to stop and get the current status (PCDSTOP).
1793  * If the agent LWP exists, do these things to the agent,
1794  * else do these things to the process as a whole.
1795  */
1796 int
1797 Pstopstatus(struct ps_prochandle *P,
1798         long request,           /* PCNULL, PCDSTOP, PCSTOP, PCWSTOP */
1799         uint_t msec)            /* if non-zero, timeout in milliseconds */
1800 {
1801         int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
1802         long ctl[3];
1803         ssize_t rc;
1804         int err;
1805         int old_state = P->state;
1806 
1807         switch (P->state) {
1808         case PS_RUN:
1809                 break;
1810         case PS_STOP:
1811                 if (request != PCNULL && request != PCDSTOP)
1812                         return (0);
1813                 break;
1814         case PS_LOST:
1815                 if (request != PCNULL) {
1816                         errno = EAGAIN;
1817                         return (-1);
1818                 }
1819                 break;
1820         case PS_UNDEAD:
1821         case PS_DEAD:
1822         case PS_IDLE:
1823                 if (request != PCNULL) {
1824                         errno = ENOENT;
1825                         return (-1);
1826                 }
1827                 break;
1828         default:        /* corrupted state */
1829                 dprintf("Pstopstatus: corrupted state: %d\n", P->state);
1830                 errno = EINVAL;
1831                 return (-1);
1832         }
1833 
1834         ctl[0] = PCDSTOP;
1835         ctl[1] = PCTWSTOP;
1836         ctl[2] = (long)msec;
1837         rc = 0;
1838         switch (request) {
1839         case PCSTOP:
1840                 rc = write(ctlfd, &ctl[0], 3*sizeof (long));
1841                 break;
1842         case PCWSTOP:
1843                 rc = write(ctlfd, &ctl[1], 2*sizeof (long));
1844                 break;
1845         case PCDSTOP:
1846                 rc = write(ctlfd, &ctl[0], 1*sizeof (long));
1847                 break;
1848         case PCNULL:
1849                 if (P->state == PS_DEAD || P->state == PS_IDLE)
1850                         return (0);
1851                 break;
1852         default:        /* programming error */
1853                 errno = EINVAL;
1854                 return (-1);
1855         }
1856         err = (rc < 0)? errno : 0;
1857         Psync(P);
1858 
1859         if (P->agentstatfd < 0) {
1860                 if (pread(P->statfd, &P->status,
1861                     sizeof (P->status), (off_t)0) < 0)
1862                         err = errno;
1863         } else {
1864                 if (pread(P->agentstatfd, &P->status.pr_lwp,
1865                     sizeof (P->status.pr_lwp), (off_t)0) < 0)
1866                         err = errno;
1867                 P->status.pr_flags = P->status.pr_lwp.pr_flags;
1868         }
1869 
1870         if (err) {
1871                 switch (err) {
1872                 case EINTR:             /* user typed ctl-C */
1873                 case ERESTART:
1874                         dprintf("Pstopstatus: EINTR\n");
1875                         break;
1876                 case EAGAIN:            /* we lost control of the the process */
1877                 case EOVERFLOW:
1878                         dprintf("Pstopstatus: PS_LOST, errno=%d\n", err);
1879                         P->state = PS_LOST;
1880                         break;
1881                 default:                /* check for dead process */
1882                         if (_libproc_debug) {
1883                                 const char *errstr;
1884 
1885                                 switch (request) {
1886                                 case PCNULL:
1887                                         errstr = "Pstopstatus PCNULL"; break;
1888                                 case PCSTOP:
1889                                         errstr = "Pstopstatus PCSTOP"; break;
1890                                 case PCDSTOP:
1891                                         errstr = "Pstopstatus PCDSTOP"; break;
1892                                 case PCWSTOP:
1893                                         errstr = "Pstopstatus PCWSTOP"; break;
1894                                 default:
1895                                         errstr = "Pstopstatus PC???"; break;
1896                                 }
1897                                 dprintf("%s: %s\n", errstr, strerror(err));
1898                         }
1899                         deadcheck(P);
1900                         break;
1901                 }
1902                 if (err != EINTR && err != ERESTART) {
1903                         errno = err;
1904                         return (-1);
1905                 }
1906         }
1907 
1908         if (!(P->status.pr_flags & PR_STOPPED)) {
1909                 P->state = PS_RUN;
1910                 if (request == PCNULL || request == PCDSTOP || msec != 0)
1911                         return (0);
1912                 dprintf("Pstopstatus: process is not stopped\n");
1913                 errno = EPROTO;
1914                 return (-1);
1915         }
1916 
1917         P->state = PS_STOP;
1918 
1919         if (_libproc_debug)     /* debugging */
1920                 prdump(P);
1921 
1922         /*
1923          * If the process was already stopped coming into Pstopstatus(),
1924          * then don't use its PC to set P->sysaddr since it may have been
1925          * changed since the time the process originally stopped.
1926          */
1927         if (old_state == PS_STOP)
1928                 return (0);
1929 
1930         switch (P->status.pr_lwp.pr_why) {
1931         case PR_SYSENTRY:
1932         case PR_SYSEXIT:
1933                 if (Pissyscall_prev(P, P->status.pr_lwp.pr_reg[R_PC],
1934                     &P->sysaddr) == 0)
1935                         P->sysaddr = P->status.pr_lwp.pr_reg[R_PC];
1936                 break;
1937         case PR_REQUESTED:
1938         case PR_SIGNALLED:
1939         case PR_FAULTED:
1940         case PR_JOBCONTROL:
1941         case PR_SUSPENDED:
1942                 break;
1943         default:
1944                 errno = EPROTO;
1945                 return (-1);
1946         }
1947 
1948         return (0);
1949 }
1950 
1951 /*
1952  * Wait for the process to stop for any reason.
1953  */
1954 int
1955 Pwait(struct ps_prochandle *P, uint_t msec)
1956 {
1957         return (Pstopstatus(P, PCWSTOP, msec));
1958 }
1959 
1960 /*
1961  * Direct the process to stop; wait for it to stop.
1962  */
1963 int
1964 Pstop(struct ps_prochandle *P, uint_t msec)
1965 {
1966         return (Pstopstatus(P, PCSTOP, msec));
1967 }
1968 
1969 /*
1970  * Direct the process to stop; don't wait.
1971  */
1972 int
1973 Pdstop(struct ps_prochandle *P)
1974 {
1975         return (Pstopstatus(P, PCDSTOP, 0));
1976 }
1977 
1978 static void
1979 deadcheck(struct ps_prochandle *P)
1980 {
1981         int fd;
1982         void *buf;
1983         size_t size;
1984 
1985         if (P->statfd < 0)
1986                 P->state = PS_UNDEAD;
1987         else {
1988                 if (P->agentstatfd < 0) {
1989                         fd = P->statfd;
1990                         buf = &P->status;
1991                         size = sizeof (P->status);
1992                 } else {
1993                         fd = P->agentstatfd;
1994                         buf = &P->status.pr_lwp;
1995                         size = sizeof (P->status.pr_lwp);
1996                 }
1997                 while (pread(fd, buf, size, (off_t)0) != size) {
1998                         switch (errno) {
1999                         default:
2000                                 P->state = PS_UNDEAD;
2001                                 break;
2002                         case EINTR:
2003                         case ERESTART:
2004                                 continue;
2005                         case EAGAIN:
2006                                 P->state = PS_LOST;
2007                                 break;
2008                         }
2009                         break;
2010                 }
2011                 P->status.pr_flags = P->status.pr_lwp.pr_flags;
2012         }
2013 }
2014 
2015 /*
2016  * Get the value of one register from stopped process.
2017  */
2018 int
2019 Pgetareg(struct ps_prochandle *P, int regno, prgreg_t *preg)
2020 {
2021         if (regno < 0 || regno >= NPRGREG) {
2022                 errno = EINVAL;
2023                 return (-1);
2024         }
2025 
2026         if (P->state == PS_IDLE) {
2027                 errno = ENODATA;
2028                 return (-1);
2029         }
2030 
2031         if (P->state != PS_STOP && P->state != PS_DEAD) {
2032                 errno = EBUSY;
2033                 return (-1);
2034         }
2035 
2036         *preg = P->status.pr_lwp.pr_reg[regno];
2037         return (0);
2038 }
2039 
2040 /*
2041  * Put value of one register into stopped process.
2042  */
2043 int
2044 Pputareg(struct ps_prochandle *P, int regno, prgreg_t reg)
2045 {
2046         if (regno < 0 || regno >= NPRGREG) {
2047                 errno = EINVAL;
2048                 return (-1);
2049         }
2050 
2051         if (P->state != PS_STOP) {
2052                 errno = EBUSY;
2053                 return (-1);
2054         }
2055 
2056         P->status.pr_lwp.pr_reg[regno] = reg;
2057         P->flags |= SETREGS; /* set registers before continuing */
2058         return (0);
2059 }
2060 
2061 int
2062 Psetrun(struct ps_prochandle *P,
2063         int sig,        /* signal to pass to process */
2064         int flags)      /* PRSTEP|PRSABORT|PRSTOP|PRCSIG|PRCFAULT */
2065 {
2066         int ctlfd = (P->agentctlfd >= 0) ? P->agentctlfd : P->ctlfd;
2067         int sbits = (PR_DSTOP | PR_ISTOP | PR_ASLEEP);
2068 
2069         long ctl[1 +                                    /* PCCFAULT     */
2070             1 + sizeof (siginfo_t)/sizeof (long) +      /* PCSSIG/PCCSIG */
2071             2 ];                                        /* PCRUN        */
2072 
2073         long *ctlp = ctl;
2074         size_t size;
2075 
2076         if (P->state != PS_STOP && (P->status.pr_lwp.pr_flags & sbits) == 0) {
2077                 errno = EBUSY;
2078                 return (-1);
2079         }
2080 
2081         Psync(P);       /* flush tracing flags and registers */
2082 
2083         if (flags & PRCFAULT) {             /* clear current fault */
2084                 *ctlp++ = PCCFAULT;
2085                 flags &= ~PRCFAULT;
2086         }
2087 
2088         if (flags & PRCSIG) {               /* clear current signal */
2089                 *ctlp++ = PCCSIG;
2090                 flags &= ~PRCSIG;
2091         } else if (sig && sig != P->status.pr_lwp.pr_cursig) {
2092                 /* make current signal */
2093                 siginfo_t *infop;
2094 
2095                 *ctlp++ = PCSSIG;
2096                 infop = (siginfo_t *)ctlp;
2097                 (void) memset(infop, 0, sizeof (*infop));
2098                 infop->si_signo = sig;
2099                 ctlp += sizeof (siginfo_t) / sizeof (long);
2100         }
2101 
2102         *ctlp++ = PCRUN;
2103         *ctlp++ = flags;
2104         size = (char *)ctlp - (char *)ctl;
2105 
2106         P->info_valid = 0;   /* will need to update map and file info */
2107 
2108         /*
2109          * If we've cached ucontext-list information while we were stopped,
2110          * free it now.
2111          */
2112         if (P->ucaddrs != NULL) {
2113                 free(P->ucaddrs);
2114                 P->ucaddrs = NULL;
2115                 P->ucnelems = 0;
2116         }
2117 
2118         if (write(ctlfd, ctl, size) != size) {
2119                 /* If it is dead or lost, return the real status, not PS_RUN */
2120                 if (errno == ENOENT || errno == EAGAIN) {
2121                         (void) Pstopstatus(P, PCNULL, 0);
2122                         return (0);
2123                 }
2124                 /* If it is not in a jobcontrol stop, issue an error message */
2125                 if (errno != EBUSY ||
2126                     P->status.pr_lwp.pr_why != PR_JOBCONTROL) {
2127                         dprintf("Psetrun: %s\n", strerror(errno));
2128                         return (-1);
2129                 }
2130                 /* Otherwise pretend that the job-stopped process is running */
2131         }
2132 
2133         P->state = PS_RUN;
2134         return (0);
2135 }
2136 
2137 ssize_t
2138 Pread(struct ps_prochandle *P,
2139         void *buf,              /* caller's buffer */
2140         size_t nbyte,           /* number of bytes to read */
2141         uintptr_t address)      /* address in process */
2142 {
2143         return (P->ops.pop_pread(P, buf, nbyte, address, P->data));
2144 }
2145 
2146 ssize_t
2147 Pread_string(struct ps_prochandle *P,
2148         char *buf,              /* caller's buffer */
2149         size_t size,            /* upper limit on bytes to read */
2150         uintptr_t addr)         /* address in process */
2151 {
2152         enum { STRSZ = 40 };
2153         char string[STRSZ + 1];
2154         ssize_t leng = 0;
2155         int nbyte;
2156 
2157         if (size < 2) {
2158                 errno = EINVAL;
2159                 return (-1);
2160         }
2161 
2162         size--;                 /* ensure trailing null fits in buffer */
2163 
2164         *buf = '\0';
2165         string[STRSZ] = '\0';
2166 
2167         for (nbyte = STRSZ; nbyte == STRSZ && leng < size; addr += STRSZ) {
2168                 if ((nbyte = P->ops.pop_pread(P, string, STRSZ, addr,
2169                     P->data)) <= 0) {
2170                         buf[leng] = '\0';
2171                         return (leng ? leng : -1);
2172                 }
2173                 if ((nbyte = strlen(string)) > 0) {
2174                         if (leng + nbyte > size)
2175                                 nbyte = size - leng;
2176                         (void) strncpy(buf + leng, string, nbyte);
2177                         leng += nbyte;
2178                 }
2179         }
2180         buf[leng] = '\0';
2181         return (leng);
2182 }
2183 
2184 ssize_t
2185 Pwrite(struct ps_prochandle *P,
2186         const void *buf,        /* caller's buffer */
2187         size_t nbyte,           /* number of bytes to write */
2188         uintptr_t address)      /* address in process */
2189 {
2190         return (P->ops.pop_pwrite(P, buf, nbyte, address, P->data));
2191 }
2192 
2193 int
2194 Pclearsig(struct ps_prochandle *P)
2195 {
2196         int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2197         long ctl = PCCSIG;
2198 
2199         if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
2200                 return (-1);
2201         P->status.pr_lwp.pr_cursig = 0;
2202         return (0);
2203 }
2204 
2205 int
2206 Pclearfault(struct ps_prochandle *P)
2207 {
2208         int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2209         long ctl = PCCFAULT;
2210 
2211         if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
2212                 return (-1);
2213         return (0);
2214 }
2215 
2216 /*
2217  * Set a breakpoint trap, return original instruction.
2218  */
2219 int
2220 Psetbkpt(struct ps_prochandle *P, uintptr_t address, ulong_t *saved)
2221 {
2222         long ctl[1 + sizeof (priovec_t) / sizeof (long) +       /* PCREAD */
2223             1 + sizeof (priovec_t) / sizeof (long)];    /* PCWRITE */
2224         long *ctlp = ctl;
2225         size_t size;
2226         priovec_t *iovp;
2227         instr_t bpt = BPT;
2228         instr_t old;
2229 
2230         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2231             P->state == PS_IDLE) {
2232                 errno = ENOENT;
2233                 return (-1);
2234         }
2235 
2236         /* fetch the old instruction */
2237         *ctlp++ = PCREAD;
2238         iovp = (priovec_t *)ctlp;
2239         iovp->pio_base = &old;
2240         iovp->pio_len = sizeof (old);
2241         iovp->pio_offset = address;
2242         ctlp += sizeof (priovec_t) / sizeof (long);
2243 
2244         /* write the BPT instruction */
2245         *ctlp++ = PCWRITE;
2246         iovp = (priovec_t *)ctlp;
2247         iovp->pio_base = &bpt;
2248         iovp->pio_len = sizeof (bpt);
2249         iovp->pio_offset = address;
2250         ctlp += sizeof (priovec_t) / sizeof (long);
2251 
2252         size = (char *)ctlp - (char *)ctl;
2253         if (write(P->ctlfd, ctl, size) != size)
2254                 return (-1);
2255 
2256         /*
2257          * Fail if there was already a breakpoint there from another debugger
2258          * or DTrace's user-level tracing on x86.
2259          */
2260         if (old == BPT) {
2261                 errno = EBUSY;
2262                 return (-1);
2263         }
2264 
2265         *saved = (ulong_t)old;
2266         return (0);
2267 }
2268 
2269 /*
2270  * Restore original instruction where a breakpoint was set.
2271  */
2272 int
2273 Pdelbkpt(struct ps_prochandle *P, uintptr_t address, ulong_t saved)
2274 {
2275         instr_t old = (instr_t)saved;
2276         instr_t cur;
2277 
2278         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2279             P->state == PS_IDLE) {
2280                 errno = ENOENT;
2281                 return (-1);
2282         }
2283 
2284         /*
2285          * If the breakpoint instruction we had placed has been overwritten
2286          * with a new instruction, then don't try to replace it with the
2287          * old instruction. Doing do can cause problems with self-modifying
2288          * code -- PLTs for example. If the Pread() fails, we assume that we
2289          * should proceed though most likely the Pwrite() will also fail.
2290          */
2291         if (Pread(P, &cur, sizeof (cur), address) == sizeof (cur) &&
2292             cur != BPT)
2293                 return (0);
2294 
2295         if (Pwrite(P, &old, sizeof (old), address) != sizeof (old))
2296                 return (-1);
2297 
2298         return (0);
2299 }
2300 
2301 /*
2302  * Common code for Pxecbkpt() and Lxecbkpt().
2303  * Develop the array of requests that will do the job, then
2304  * write them to the specified control file descriptor.
2305  * Return the non-zero errno if the write fails.
2306  */
2307 static int
2308 execute_bkpt(
2309         int ctlfd,              /* process or LWP control file descriptor */
2310         const fltset_t *faultset,       /* current set of traced faults */
2311         const sigset_t *sigmask,        /* current signal mask */
2312         uintptr_t address,              /* address of breakpint */
2313         ulong_t saved)                  /* the saved instruction */
2314 {
2315         long ctl[
2316             1 + sizeof (sigset_t) / sizeof (long) +             /* PCSHOLD */
2317             1 + sizeof (fltset_t) / sizeof (long) +             /* PCSFAULT */
2318             1 + sizeof (priovec_t) / sizeof (long) +            /* PCWRITE */
2319             2 +                                                 /* PCRUN */
2320             1 +                                                 /* PCWSTOP */
2321             1 +                                                 /* PCCFAULT */
2322             1 + sizeof (priovec_t) / sizeof (long) +            /* PCWRITE */
2323             1 + sizeof (fltset_t) / sizeof (long) +             /* PCSFAULT */
2324             1 + sizeof (sigset_t) / sizeof (long)];             /* PCSHOLD */
2325         long *ctlp = ctl;
2326         sigset_t unblock;
2327         size_t size;
2328         ssize_t ssize;
2329         priovec_t *iovp;
2330         sigset_t *holdp;
2331         fltset_t *faultp;
2332         instr_t old = (instr_t)saved;
2333         instr_t bpt = BPT;
2334         int error = 0;
2335 
2336         /* block our signals for the duration */
2337         (void) sigprocmask(SIG_BLOCK, &blockable_sigs, &unblock);
2338 
2339         /* hold posted signals */
2340         *ctlp++ = PCSHOLD;
2341         holdp = (sigset_t *)ctlp;
2342         prfillset(holdp);
2343         prdelset(holdp, SIGKILL);
2344         prdelset(holdp, SIGSTOP);
2345         ctlp += sizeof (sigset_t) / sizeof (long);
2346 
2347         /* force tracing of FLTTRACE */
2348         if (!(prismember(faultset, FLTTRACE))) {
2349                 *ctlp++ = PCSFAULT;
2350                 faultp = (fltset_t *)ctlp;
2351                 *faultp = *faultset;
2352                 praddset(faultp, FLTTRACE);
2353                 ctlp += sizeof (fltset_t) / sizeof (long);
2354         }
2355 
2356         /* restore the old instruction */
2357         *ctlp++ = PCWRITE;
2358         iovp = (priovec_t *)ctlp;
2359         iovp->pio_base = &old;
2360         iovp->pio_len = sizeof (old);
2361         iovp->pio_offset = address;
2362         ctlp += sizeof (priovec_t) / sizeof (long);
2363 
2364         /* clear current signal and fault; set running w/ single-step */
2365         *ctlp++ = PCRUN;
2366         *ctlp++ = PRCSIG | PRCFAULT | PRSTEP;
2367 
2368         /* wait for stop, cancel the fault */
2369         *ctlp++ = PCWSTOP;
2370         *ctlp++ = PCCFAULT;
2371 
2372         /* restore the breakpoint trap */
2373         *ctlp++ = PCWRITE;
2374         iovp = (priovec_t *)ctlp;
2375         iovp->pio_base = &bpt;
2376         iovp->pio_len = sizeof (bpt);
2377         iovp->pio_offset = address;
2378         ctlp += sizeof (priovec_t) / sizeof (long);
2379 
2380         /* restore fault tracing set */
2381         if (!(prismember(faultset, FLTTRACE))) {
2382                 *ctlp++ = PCSFAULT;
2383                 *(fltset_t *)ctlp = *faultset;
2384                 ctlp += sizeof (fltset_t) / sizeof (long);
2385         }
2386 
2387         /* restore the hold mask */
2388         *ctlp++ = PCSHOLD;
2389         *(sigset_t *)ctlp = *sigmask;
2390         ctlp += sizeof (sigset_t) / sizeof (long);
2391 
2392         size = (char *)ctlp - (char *)ctl;
2393         if ((ssize = write(ctlfd, ctl, size)) != size)
2394                 error = (ssize == -1)? errno : EINTR;
2395         (void) sigprocmask(SIG_SETMASK, &unblock, NULL);
2396         return (error);
2397 }
2398 
2399 /*
2400  * Step over a breakpoint, i.e., execute the instruction that
2401  * really belongs at the breakpoint location (the current %pc)
2402  * and leave the process stopped at the next instruction.
2403  */
2404 int
2405 Pxecbkpt(struct ps_prochandle *P, ulong_t saved)
2406 {
2407         int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2408         int rv, error;
2409 
2410         if (P->state != PS_STOP) {
2411                 errno = EBUSY;
2412                 return (-1);
2413         }
2414 
2415         Psync(P);
2416 
2417         error = execute_bkpt(ctlfd,
2418             &P->status.pr_flttrace, &P->status.pr_lwp.pr_lwphold,
2419             P->status.pr_lwp.pr_reg[R_PC], saved);
2420         rv = Pstopstatus(P, PCNULL, 0);
2421 
2422         if (error != 0) {
2423                 if (P->status.pr_lwp.pr_why == PR_JOBCONTROL &&
2424                     error == EBUSY) {   /* jobcontrol stop -- back off */
2425                         P->state = PS_RUN;
2426                         return (0);
2427                 }
2428                 if (error == ENOENT)
2429                         return (0);
2430                 errno = error;
2431                 return (-1);
2432         }
2433 
2434         return (rv);
2435 }
2436 
2437 /*
2438  * Install the watchpoint described by wp.
2439  */
2440 int
2441 Psetwapt(struct ps_prochandle *P, const prwatch_t *wp)
2442 {
2443         long ctl[1 + sizeof (prwatch_t) / sizeof (long)];
2444         prwatch_t *cwp = (prwatch_t *)&ctl[1];
2445 
2446         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2447             P->state == PS_IDLE) {
2448                 errno = ENOENT;
2449                 return (-1);
2450         }
2451 
2452         ctl[0] = PCWATCH;
2453         cwp->pr_vaddr = wp->pr_vaddr;
2454         cwp->pr_size = wp->pr_size;
2455         cwp->pr_wflags = wp->pr_wflags;
2456 
2457         if (write(P->ctlfd, ctl, sizeof (ctl)) != sizeof (ctl))
2458                 return (-1);
2459 
2460         return (0);
2461 }
2462 
2463 /*
2464  * Remove the watchpoint described by wp.
2465  */
2466 int
2467 Pdelwapt(struct ps_prochandle *P, const prwatch_t *wp)
2468 {
2469         long ctl[1 + sizeof (prwatch_t) / sizeof (long)];
2470         prwatch_t *cwp = (prwatch_t *)&ctl[1];
2471 
2472         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2473             P->state == PS_IDLE) {
2474                 errno = ENOENT;
2475                 return (-1);
2476         }
2477 
2478         ctl[0] = PCWATCH;
2479         cwp->pr_vaddr = wp->pr_vaddr;
2480         cwp->pr_size = wp->pr_size;
2481         cwp->pr_wflags = 0;
2482 
2483         if (write(P->ctlfd, ctl, sizeof (ctl)) != sizeof (ctl))
2484                 return (-1);
2485 
2486         return (0);
2487 }
2488 
2489 /*
2490  * Common code for Pxecwapt() and Lxecwapt().  Develop the array of requests
2491  * that will do the job, then write them to the specified control file
2492  * descriptor.  Return the non-zero errno if the write fails.
2493  */
2494 static int
2495 execute_wapt(
2496         int ctlfd,              /* process or LWP control file descriptor */
2497         const fltset_t *faultset,       /* current set of traced faults */
2498         const sigset_t *sigmask,        /* current signal mask */
2499         const prwatch_t *wp)            /* watchpoint descriptor */
2500 {
2501         long ctl[
2502             1 + sizeof (sigset_t) / sizeof (long) +             /* PCSHOLD */
2503             1 + sizeof (fltset_t) / sizeof (long) +             /* PCSFAULT */
2504             1 + sizeof (prwatch_t) / sizeof (long) +            /* PCWATCH */
2505             2 +                                                 /* PCRUN */
2506             1 +                                                 /* PCWSTOP */
2507             1 +                                                 /* PCCFAULT */
2508             1 + sizeof (prwatch_t) / sizeof (long) +            /* PCWATCH */
2509             1 + sizeof (fltset_t) / sizeof (long) +             /* PCSFAULT */
2510             1 + sizeof (sigset_t) / sizeof (long)];             /* PCSHOLD */
2511 
2512         long *ctlp = ctl;
2513         int error = 0;
2514 
2515         sigset_t unblock;
2516         sigset_t *holdp;
2517         fltset_t *faultp;
2518         prwatch_t *prw;
2519         ssize_t ssize;
2520         size_t size;
2521 
2522         (void) sigprocmask(SIG_BLOCK, &blockable_sigs, &unblock);
2523 
2524         /*
2525          * Hold all posted signals in the victim process prior to stepping.
2526          */
2527         *ctlp++ = PCSHOLD;
2528         holdp = (sigset_t *)ctlp;
2529         prfillset(holdp);
2530         prdelset(holdp, SIGKILL);
2531         prdelset(holdp, SIGSTOP);
2532         ctlp += sizeof (sigset_t) / sizeof (long);
2533 
2534         /*
2535          * Force tracing of FLTTRACE since we need to single step.
2536          */
2537         if (!(prismember(faultset, FLTTRACE))) {
2538                 *ctlp++ = PCSFAULT;
2539                 faultp = (fltset_t *)ctlp;
2540                 *faultp = *faultset;
2541                 praddset(faultp, FLTTRACE);
2542                 ctlp += sizeof (fltset_t) / sizeof (long);
2543         }
2544 
2545         /*
2546          * Clear only the current watchpoint by setting pr_wflags to zero.
2547          */
2548         *ctlp++ = PCWATCH;
2549         prw = (prwatch_t *)ctlp;
2550         prw->pr_vaddr = wp->pr_vaddr;
2551         prw->pr_size = wp->pr_size;
2552         prw->pr_wflags = 0;
2553         ctlp += sizeof (prwatch_t) / sizeof (long);
2554 
2555         /*
2556          * Clear the current signal and fault; set running with single-step.
2557          * Then wait for the victim to stop and cancel the FLTTRACE.
2558          */
2559         *ctlp++ = PCRUN;
2560         *ctlp++ = PRCSIG | PRCFAULT | PRSTEP;
2561         *ctlp++ = PCWSTOP;
2562         *ctlp++ = PCCFAULT;
2563 
2564         /*
2565          * Restore the current watchpoint.
2566          */
2567         *ctlp++ = PCWATCH;
2568         (void) memcpy(ctlp, wp, sizeof (prwatch_t));
2569         ctlp += sizeof (prwatch_t) / sizeof (long);
2570 
2571         /*
2572          * Restore fault tracing set if we modified it.
2573          */
2574         if (!(prismember(faultset, FLTTRACE))) {
2575                 *ctlp++ = PCSFAULT;
2576                 *(fltset_t *)ctlp = *faultset;
2577                 ctlp += sizeof (fltset_t) / sizeof (long);
2578         }
2579 
2580         /*
2581          * Restore the hold mask to the current hold mask (i.e. the one
2582          * before we executed any of the previous operations).
2583          */
2584         *ctlp++ = PCSHOLD;
2585         *(sigset_t *)ctlp = *sigmask;
2586         ctlp += sizeof (sigset_t) / sizeof (long);
2587 
2588         size = (char *)ctlp - (char *)ctl;
2589         if ((ssize = write(ctlfd, ctl, size)) != size)
2590                 error = (ssize == -1)? errno : EINTR;
2591         (void) sigprocmask(SIG_SETMASK, &unblock, NULL);
2592         return (error);
2593 }
2594 
2595 /*
2596  * Step over a watchpoint, i.e., execute the instruction that was stopped by
2597  * the watchpoint, and then leave the LWP stopped at the next instruction.
2598  */
2599 int
2600 Pxecwapt(struct ps_prochandle *P, const prwatch_t *wp)
2601 {
2602         int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2603         int rv, error;
2604 
2605         if (P->state != PS_STOP) {
2606                 errno = EBUSY;
2607                 return (-1);
2608         }
2609 
2610         Psync(P);
2611         error = execute_wapt(ctlfd,
2612             &P->status.pr_flttrace, &P->status.pr_lwp.pr_lwphold, wp);
2613         rv = Pstopstatus(P, PCNULL, 0);
2614 
2615         if (error != 0) {
2616                 if (P->status.pr_lwp.pr_why == PR_JOBCONTROL &&
2617                     error == EBUSY) {   /* jobcontrol stop -- back off */
2618                         P->state = PS_RUN;
2619                         return (0);
2620                 }
2621                 if (error == ENOENT)
2622                         return (0);
2623                 errno = error;
2624                 return (-1);
2625         }
2626 
2627         return (rv);
2628 }
2629 
2630 int
2631 Psetflags(struct ps_prochandle *P, long flags)
2632 {
2633         int rc;
2634         long ctl[2];
2635 
2636         ctl[0] = PCSET;
2637         ctl[1] = flags;
2638 
2639         if (write(P->ctlfd, ctl, 2*sizeof (long)) != 2*sizeof (long)) {
2640                 rc = -1;
2641         } else {
2642                 P->status.pr_flags |= flags;
2643                 P->status.pr_lwp.pr_flags |= flags;
2644                 rc = 0;
2645         }
2646 
2647         return (rc);
2648 }
2649 
2650 int
2651 Punsetflags(struct ps_prochandle *P, long flags)
2652 {
2653         int rc;
2654         long ctl[2];
2655 
2656         ctl[0] = PCUNSET;
2657         ctl[1] = flags;
2658 
2659         if (write(P->ctlfd, ctl, 2*sizeof (long)) != 2*sizeof (long)) {
2660                 rc = -1;
2661         } else {
2662                 P->status.pr_flags &= ~flags;
2663                 P->status.pr_lwp.pr_flags &= ~flags;
2664                 rc = 0;
2665         }
2666 
2667         return (rc);
2668 }
2669 
2670 /*
2671  * Common function to allow clients to manipulate the action to be taken
2672  * on receipt of a signal, receipt of machine fault, entry to a system call,
2673  * or exit from a system call.  We make use of our private prset_* functions
2674  * in order to make this code be common.  The 'which' parameter identifies
2675  * the code for the event of interest (0 means change the entire set), and
2676  * the 'stop' parameter is a boolean indicating whether the process should
2677  * stop when the event of interest occurs.  The previous value is returned
2678  * to the caller; -1 is returned if an error occurred.
2679  */
2680 static int
2681 Psetaction(struct ps_prochandle *P, void *sp, size_t size,
2682     uint_t flag, int max, int which, int stop)
2683 {
2684         int oldval;
2685 
2686         if (which < 0 || which > max) {
2687                 errno = EINVAL;
2688                 return (-1);
2689         }
2690 
2691         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2692             P->state == PS_IDLE) {
2693                 errno = ENOENT;
2694                 return (-1);
2695         }
2696 
2697         oldval = prset_ismember(sp, size, which) ? TRUE : FALSE;
2698 
2699         if (stop) {
2700                 if (which == 0) {
2701                         prset_fill(sp, size);
2702                         P->flags |= flag;
2703                 } else if (!oldval) {
2704                         prset_add(sp, size, which);
2705                         P->flags |= flag;
2706                 }
2707         } else {
2708                 if (which == 0) {
2709                         prset_empty(sp, size);
2710                         P->flags |= flag;
2711                 } else if (oldval) {
2712                         prset_del(sp, size, which);
2713                         P->flags |= flag;
2714                 }
2715         }
2716 
2717         if (P->state == PS_RUN)
2718                 Psync(P);
2719 
2720         return (oldval);
2721 }
2722 
2723 /*
2724  * Set action on specified signal.
2725  */
2726 int
2727 Psignal(struct ps_prochandle *P, int which, int stop)
2728 {
2729         int oldval;
2730 
2731         if (which == SIGKILL && stop != 0) {
2732                 errno = EINVAL;
2733                 return (-1);
2734         }
2735 
2736         oldval = Psetaction(P, &P->status.pr_sigtrace, sizeof (sigset_t),
2737             SETSIG, PRMAXSIG, which, stop);
2738 
2739         if (oldval != -1 && which == 0 && stop != 0)
2740                 prdelset(&P->status.pr_sigtrace, SIGKILL);
2741 
2742         return (oldval);
2743 }
2744 
2745 /*
2746  * Set all signal tracing flags.
2747  */
2748 void
2749 Psetsignal(struct ps_prochandle *P, const sigset_t *set)
2750 {
2751         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2752             P->state == PS_IDLE)
2753                 return;
2754 
2755         P->status.pr_sigtrace = *set;
2756         P->flags |= SETSIG;
2757 
2758         if (P->state == PS_RUN)
2759                 Psync(P);
2760 }
2761 
2762 /*
2763  * Set action on specified fault.
2764  */
2765 int
2766 Pfault(struct ps_prochandle *P, int which, int stop)
2767 {
2768         return (Psetaction(P, &P->status.pr_flttrace, sizeof (fltset_t),
2769             SETFAULT, PRMAXFAULT, which, stop));
2770 }
2771 
2772 /*
2773  * Set all machine fault tracing flags.
2774  */
2775 void
2776 Psetfault(struct ps_prochandle *P, const fltset_t *set)
2777 {
2778         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2779             P->state == PS_IDLE)
2780                 return;
2781 
2782         P->status.pr_flttrace = *set;
2783         P->flags |= SETFAULT;
2784 
2785         if (P->state == PS_RUN)
2786                 Psync(P);
2787 }
2788 
2789 /*
2790  * Set action on specified system call entry.
2791  */
2792 int
2793 Psysentry(struct ps_prochandle *P, int which, int stop)
2794 {
2795         return (Psetaction(P, &P->status.pr_sysentry, sizeof (sysset_t),
2796             SETENTRY, PRMAXSYS, which, stop));
2797 }
2798 
2799 /*
2800  * Set all system call entry tracing flags.
2801  */
2802 void
2803 Psetsysentry(struct ps_prochandle *P, const sysset_t *set)
2804 {
2805         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2806             P->state == PS_IDLE)
2807                 return;
2808 
2809         P->status.pr_sysentry = *set;
2810         P->flags |= SETENTRY;
2811 
2812         if (P->state == PS_RUN)
2813                 Psync(P);
2814 }
2815 
2816 /*
2817  * Set action on specified system call exit.
2818  */
2819 int
2820 Psysexit(struct ps_prochandle *P, int which, int stop)
2821 {
2822         return (Psetaction(P, &P->status.pr_sysexit, sizeof (sysset_t),
2823             SETEXIT, PRMAXSYS, which, stop));
2824 }
2825 
2826 /*
2827  * Set all system call exit tracing flags.
2828  */
2829 void
2830 Psetsysexit(struct ps_prochandle *P, const sysset_t *set)
2831 {
2832         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2833             P->state == PS_IDLE)
2834                 return;
2835 
2836         P->status.pr_sysexit = *set;
2837         P->flags |= SETEXIT;
2838 
2839         if (P->state == PS_RUN)
2840                 Psync(P);
2841 }
2842 
2843 /*
2844  * Utility function to read the contents of a file that contains a
2845  * prheader_t at the start (/proc/pid/lstatus or /proc/pid/lpsinfo).
2846  * Returns a malloc()d buffer or NULL on failure.
2847  */
2848 static prheader_t *
2849 read_lfile(struct ps_prochandle *P, const char *lname)
2850 {
2851         prheader_t *Lhp;
2852         char lpath[PATH_MAX];
2853         struct stat64 statb;
2854         int fd;
2855         size_t size;
2856         ssize_t rval;
2857 
2858         (void) snprintf(lpath, sizeof (lpath), "%s/%d/%s", procfs_path,
2859             (int)P->status.pr_pid, lname);
2860         if ((fd = open(lpath, O_RDONLY)) < 0 || fstat64(fd, &statb) != 0) {
2861                 if (fd >= 0)
2862                         (void) close(fd);
2863                 return (NULL);
2864         }
2865 
2866         /*
2867          * 'size' is just the initial guess at the buffer size.
2868          * It will have to grow if the number of lwps increases
2869          * while we are looking at the process.
2870          * 'size' must be larger than the actual file size.
2871          */
2872         size = statb.st_size + 32;
2873 
2874         for (;;) {
2875                 if ((Lhp = malloc(size)) == NULL)
2876                         break;
2877                 if ((rval = pread(fd, Lhp, size, 0)) < 0 ||
2878                     rval <= sizeof (prheader_t)) {
2879                         free(Lhp);
2880                         Lhp = NULL;
2881                         break;
2882                 }
2883                 if (rval < size)
2884                         break;
2885                 /* need a bigger buffer */
2886                 free(Lhp);
2887                 size *= 2;
2888         }
2889 
2890         (void) close(fd);
2891         return (Lhp);
2892 }
2893 
2894 /*
2895  * LWP iteration interface.
2896  */
2897 int
2898 Plwp_iter(struct ps_prochandle *P, proc_lwp_f *func, void *cd)
2899 {
2900         prheader_t *Lhp;
2901         lwpstatus_t *Lsp;
2902         long nlwp;
2903         int rv;
2904 
2905         switch (P->state) {
2906         case PS_RUN:
2907                 (void) Pstopstatus(P, PCNULL, 0);
2908                 break;
2909 
2910         case PS_STOP:
2911                 Psync(P);
2912                 break;
2913 
2914         case PS_IDLE:
2915                 errno = ENODATA;
2916                 return (-1);
2917         }
2918 
2919         /*
2920          * For either live processes or cores, the single LWP case is easy:
2921          * the pstatus_t contains the lwpstatus_t for the only LWP.
2922          */
2923         if (P->status.pr_nlwp <= 1)
2924                 return (func(cd, &P->status.pr_lwp));
2925 
2926         /*
2927          * For the core file multi-LWP case, we just iterate through the
2928          * list of LWP structs we read in from the core file.
2929          */
2930         if (P->state == PS_DEAD) {
2931                 core_info_t *core = P->data;
2932                 lwp_info_t *lwp = list_prev(&core->core_lwp_head);
2933                 uint_t i;
2934 
2935                 for (i = 0; i < core->core_nlwp; i++, lwp = list_prev(lwp)) {
2936                         if (lwp->lwp_psinfo.pr_sname != 'Z' &&
2937                             (rv = func(cd, &lwp->lwp_status)) != 0)
2938                                 break;
2939                 }
2940 
2941                 return (rv);
2942         }
2943 
2944         /*
2945          * For the live process multi-LWP case, we have to work a little
2946          * harder: the /proc/pid/lstatus file has the array of LWP structs.
2947          */
2948         if ((Lhp = Plstatus(P)) == NULL)
2949                 return (-1);
2950 
2951         for (nlwp = Lhp->pr_nent, Lsp = (lwpstatus_t *)(uintptr_t)(Lhp + 1);
2952             nlwp > 0;
2953             nlwp--, Lsp = (lwpstatus_t *)((uintptr_t)Lsp + Lhp->pr_entsize)) {
2954                 if ((rv = func(cd, Lsp)) != 0)
2955                         break;
2956         }
2957 
2958         free(Lhp);
2959         return (rv);
2960 }
2961 
2962 /*
2963  * Extended LWP iteration interface.
2964  * Iterate over all LWPs, active and zombie.
2965  */
2966 int
2967 Plwp_iter_all(struct ps_prochandle *P, proc_lwp_all_f *func, void *cd)
2968 {
2969         prheader_t *Lhp = NULL;
2970         lwpstatus_t *Lsp;
2971         lwpstatus_t *sp;
2972         prheader_t *Lphp = NULL;
2973         lwpsinfo_t *Lpsp;
2974         long nstat;
2975         long ninfo;
2976         int rv;
2977 
2978 retry:
2979         if (Lhp != NULL)
2980                 free(Lhp);
2981         if (Lphp != NULL)
2982                 free(Lphp);
2983         if (P->state == PS_RUN)
2984                 (void) Pstopstatus(P, PCNULL, 0);
2985         (void) Ppsinfo(P);
2986 
2987         if (P->state == PS_STOP)
2988                 Psync(P);
2989 
2990         /*
2991          * For either live processes or cores, the single LWP case is easy:
2992          * the pstatus_t contains the lwpstatus_t for the only LWP and
2993          * the psinfo_t contains the lwpsinfo_t for the only LWP.
2994          */
2995         if (P->status.pr_nlwp + P->status.pr_nzomb <= 1)
2996                 return (func(cd, &P->status.pr_lwp, &P->psinfo.pr_lwp));
2997 
2998         /*
2999          * For the core file multi-LWP case, we just iterate through the
3000          * list of LWP structs we read in from the core file.
3001          */
3002         if (P->state == PS_DEAD) {
3003                 core_info_t *core = P->data;
3004                 lwp_info_t *lwp = list_prev(&core->core_lwp_head);
3005                 uint_t i;
3006 
3007                 for (i = 0; i < core->core_nlwp; i++, lwp = list_prev(lwp)) {
3008                         sp = (lwp->lwp_psinfo.pr_sname == 'Z')? NULL :
3009                             &lwp->lwp_status;
3010                         if ((rv = func(cd, sp, &lwp->lwp_psinfo)) != 0)
3011                                 break;
3012                 }
3013 
3014                 return (rv);
3015         }
3016 
3017         /*
3018          * For all other cases retrieve the array of lwpstatus_t's and
3019          * lwpsinfo_t's.
3020          */
3021         if ((Lhp = Plstatus(P)) == NULL)
3022                 return (-1);
3023         if ((Lphp = Plpsinfo(P)) == NULL) {
3024                 free(Lhp);
3025                 return (-1);
3026         }
3027 
3028         /*
3029          * If we are looking at a running process, or one we do not control,
3030          * the active and zombie lwps in the process may have changed since
3031          * we read the process status structure.  If so, just start over.
3032          */
3033         if (Lhp->pr_nent != P->status.pr_nlwp ||
3034             Lphp->pr_nent != P->status.pr_nlwp + P->status.pr_nzomb)
3035                 goto retry;
3036 
3037         /*
3038          * To be perfectly safe, prescan the two arrays, checking consistency.
3039          * We rely on /proc giving us lwpstatus_t's and lwpsinfo_t's in the
3040          * same order (the lwp directory order) in their respective files.
3041          * We also rely on there being (possibly) more lwpsinfo_t's than
3042          * lwpstatus_t's (the extra lwpsinfo_t's are for zombie lwps).
3043          */
3044         Lsp = (lwpstatus_t *)(uintptr_t)(Lhp + 1);
3045         Lpsp = (lwpsinfo_t *)(uintptr_t)(Lphp + 1);
3046         nstat = Lhp->pr_nent;
3047         for (ninfo = Lphp->pr_nent; ninfo != 0; ninfo--) {
3048                 if (Lpsp->pr_sname != 'Z') {
3049                         /*
3050                          * Not a zombie lwp; check for matching lwpids.
3051                          */
3052                         if (nstat == 0 || Lsp->pr_lwpid != Lpsp->pr_lwpid)
3053                                 goto retry;
3054                         Lsp = (lwpstatus_t *)((uintptr_t)Lsp + Lhp->pr_entsize);
3055                         nstat--;
3056                 }
3057                 Lpsp = (lwpsinfo_t *)((uintptr_t)Lpsp + Lphp->pr_entsize);
3058         }
3059         if (nstat != 0)
3060                 goto retry;
3061 
3062         /*
3063          * Rescan, this time for real.
3064          */
3065         Lsp = (lwpstatus_t *)(uintptr_t)(Lhp + 1);
3066         Lpsp = (lwpsinfo_t *)(uintptr_t)(Lphp + 1);
3067         for (ninfo = Lphp->pr_nent; ninfo != 0; ninfo--) {
3068                 if (Lpsp->pr_sname != 'Z') {
3069                         sp = Lsp;
3070                         Lsp = (lwpstatus_t *)((uintptr_t)Lsp + Lhp->pr_entsize);
3071                 } else {
3072                         sp = NULL;
3073                 }
3074                 if ((rv = func(cd, sp, Lpsp)) != 0)
3075                         break;
3076                 Lpsp = (lwpsinfo_t *)((uintptr_t)Lpsp + Lphp->pr_entsize);
3077         }
3078 
3079         free(Lhp);
3080         free(Lphp);
3081         return (rv);
3082 }
3083 
3084 core_content_t
3085 Pcontent(struct ps_prochandle *P)
3086 {
3087         core_info_t *core = P->data;
3088 
3089         if (P->state == PS_DEAD)
3090                 return (core->core_content);
3091         if (P->state == PS_IDLE)
3092                 return (CC_CONTENT_TEXT | CC_CONTENT_DATA | CC_CONTENT_CTF);
3093 
3094         return (CC_CONTENT_ALL);
3095 }
3096 
3097 /*
3098  * =================================================================
3099  * The remainder of the functions in this file are for the
3100  * control of individual LWPs in the controlled process.
3101  * =================================================================
3102  */
3103 
3104 /*
3105  * Find an entry in the process hash table for the specified lwpid.
3106  * The entry will either point to an existing struct ps_lwphandle
3107  * or it will point to an empty slot for a new struct ps_lwphandle.
3108  */
3109 static struct ps_lwphandle **
3110 Lfind(struct ps_prochandle *P, lwpid_t lwpid)
3111 {
3112         struct ps_lwphandle **Lp;
3113         struct ps_lwphandle *L;
3114 
3115         for (Lp = &P->hashtab[lwpid % (HASHSIZE - 1)];
3116             (L = *Lp) != NULL; Lp = &L->lwp_hash)
3117                 if (L->lwp_id == lwpid)
3118                         break;
3119         return (Lp);
3120 }
3121 
3122 /*
3123  * Grab an LWP contained within the controlled process.
3124  * Return an opaque pointer to its LWP control structure.
3125  *      perr: pointer to error return code.
3126  */
3127 struct ps_lwphandle *
3128 Lgrab(struct ps_prochandle *P, lwpid_t lwpid, int *perr)
3129 {
3130         struct ps_lwphandle **Lp;
3131         struct ps_lwphandle *L;
3132         int fd;
3133         char procname[PATH_MAX];
3134         char *fname;
3135         int rc = 0;
3136 
3137         (void) mutex_lock(&P->proc_lock);
3138 
3139         if (P->state == PS_UNDEAD || P->state == PS_IDLE)
3140                 rc = G_NOPROC;
3141         else if (P->hashtab == NULL &&
3142             (P->hashtab = calloc(HASHSIZE, sizeof (struct ps_lwphandle *)))
3143             == NULL)
3144                 rc = G_STRANGE;
3145         else if (*(Lp = Lfind(P, lwpid)) != NULL)
3146                 rc = G_BUSY;
3147         else if ((L = malloc(sizeof (struct ps_lwphandle))) == NULL)
3148                 rc = G_STRANGE;
3149         if (rc) {
3150                 *perr = rc;
3151                 (void) mutex_unlock(&P->proc_lock);
3152                 return (NULL);
3153         }
3154 
3155         (void) memset(L, 0, sizeof (*L));
3156         L->lwp_ctlfd = -1;
3157         L->lwp_statfd = -1;
3158         L->lwp_proc = P;
3159         L->lwp_id = lwpid;
3160         *Lp = L;        /* insert into the hash table */
3161 
3162         if (P->state == PS_DEAD) {   /* core file */
3163                 if (getlwpstatus(P, lwpid, &L->lwp_status) == -1) {
3164                         rc = G_NOPROC;
3165                         goto err;
3166                 }
3167                 L->lwp_state = PS_DEAD;
3168                 *perr = 0;
3169                 (void) mutex_unlock(&P->proc_lock);
3170                 return (L);
3171         }
3172 
3173         /*
3174          * Open the /proc/<pid>/lwp/<lwpid> files
3175          */
3176         (void) snprintf(procname, sizeof (procname), "%s/%d/lwp/%d/",
3177             procfs_path, (int)P->pid, (int)lwpid);
3178         fname = procname + strlen(procname);
3179         (void) set_minfd();
3180 
3181         (void) strcpy(fname, "lwpstatus");
3182         if ((fd = open(procname, O_RDONLY)) < 0 ||
3183             (fd = dupfd(fd, 0)) < 0) {
3184                 switch (errno) {
3185                 case ENOENT:
3186                         rc = G_NOPROC;
3187                         break;
3188                 default:
3189                         dprintf("Lgrab: failed to open %s: %s\n",
3190                             procname, strerror(errno));
3191                         rc = G_STRANGE;
3192                         break;
3193                 }
3194                 goto err;
3195         }
3196         L->lwp_statfd = fd;
3197 
3198         if (pread(fd, &L->lwp_status, sizeof (L->lwp_status), (off_t)0) < 0) {
3199                 switch (errno) {
3200                 case ENOENT:
3201                         rc = G_NOPROC;
3202                         break;
3203                 default:
3204                         dprintf("Lgrab: failed to read %s: %s\n",
3205                             procname, strerror(errno));
3206                         rc = G_STRANGE;
3207                         break;
3208                 }
3209                 goto err;
3210         }
3211 
3212         (void) strcpy(fname, "lwpctl");
3213         if ((fd = open(procname, O_WRONLY)) < 0 ||
3214             (fd = dupfd(fd, 0)) < 0) {
3215                 switch (errno) {
3216                 case ENOENT:
3217                         rc = G_NOPROC;
3218                         break;
3219                 default:
3220                         dprintf("Lgrab: failed to open %s: %s\n",
3221                             procname, strerror(errno));
3222                         rc = G_STRANGE;
3223                         break;
3224                 }
3225                 goto err;
3226         }
3227         L->lwp_ctlfd = fd;
3228 
3229         L->lwp_state =
3230             ((L->lwp_status.pr_flags & (PR_STOPPED|PR_ISTOP))
3231             == (PR_STOPPED|PR_ISTOP))?
3232             PS_STOP : PS_RUN;
3233 
3234         *perr = 0;
3235         (void) mutex_unlock(&P->proc_lock);
3236         return (L);
3237 
3238 err:
3239         Lfree_internal(P, L);
3240         *perr = rc;
3241         (void) mutex_unlock(&P->proc_lock);
3242         return (NULL);
3243 }
3244 
3245 /*
3246  * Return a printable string corresponding to an Lgrab() error return.
3247  */
3248 const char *
3249 Lgrab_error(int error)
3250 {
3251         const char *str;
3252 
3253         switch (error) {
3254         case G_NOPROC:
3255                 str = "no such LWP";
3256                 break;
3257         case G_BUSY:
3258                 str = "LWP already grabbed";
3259                 break;
3260         case G_STRANGE:
3261                 str = "unanticipated system error";
3262                 break;
3263         default:
3264                 str = "unknown error";
3265                 break;
3266         }
3267 
3268         return (str);
3269 }
3270 
3271 /*
3272  * Free an LWP control structure.
3273  */
3274 void
3275 Lfree(struct ps_lwphandle *L)
3276 {
3277         struct ps_prochandle *P = L->lwp_proc;
3278 
3279         (void) mutex_lock(&P->proc_lock);
3280         Lfree_internal(P, L);
3281         (void) mutex_unlock(&P->proc_lock);
3282 }
3283 
3284 static void
3285 Lfree_internal(struct ps_prochandle *P, struct ps_lwphandle *L)
3286 {
3287         *Lfind(P, L->lwp_id) = L->lwp_hash;       /* delete from hash table */
3288         if (L->lwp_ctlfd >= 0)
3289                 (void) close(L->lwp_ctlfd);
3290         if (L->lwp_statfd >= 0)
3291                 (void) close(L->lwp_statfd);
3292 
3293         /* clear out the structure as a precaution against reuse */
3294         (void) memset(L, 0, sizeof (*L));
3295         L->lwp_ctlfd = -1;
3296         L->lwp_statfd = -1;
3297 
3298         free(L);
3299 }
3300 
3301 /*
3302  * Return the state of the process, one of the PS_* values.
3303  */
3304 int
3305 Lstate(struct ps_lwphandle *L)
3306 {
3307         return (L->lwp_state);
3308 }
3309 
3310 /*
3311  * Return the open control file descriptor for the LWP.
3312  * Clients must not close this file descriptor, nor use it
3313  * after the LWP is freed.
3314  */
3315 int
3316 Lctlfd(struct ps_lwphandle *L)
3317 {
3318         return (L->lwp_ctlfd);
3319 }
3320 
3321 /*
3322  * Return a pointer to the LWP lwpsinfo structure.
3323  * Clients should not hold on to this pointer indefinitely.
3324  * It will become invalid on Lfree().
3325  */
3326 const lwpsinfo_t *
3327 Lpsinfo(struct ps_lwphandle *L)
3328 {
3329         if (Plwp_getpsinfo(L->lwp_proc, L->lwp_id, &L->lwp_psinfo) == -1)
3330                 return (NULL);
3331 
3332         return (&L->lwp_psinfo);
3333 }
3334 
3335 /*
3336  * Return a pointer to the LWP status structure.
3337  * Clients should not hold on to this pointer indefinitely.
3338  * It will become invalid on Lfree().
3339  */
3340 const lwpstatus_t *
3341 Lstatus(struct ps_lwphandle *L)
3342 {
3343         return (&L->lwp_status);
3344 }
3345 
3346 /*
3347  * Given an LWP handle, return the process handle.
3348  */
3349 struct ps_prochandle *
3350 Lprochandle(struct ps_lwphandle *L)
3351 {
3352         return (L->lwp_proc);
3353 }
3354 
3355 /*
3356  * Ensure that all cached state is written to the LWP.
3357  * The cached state is the LWP's signal mask and registers.
3358  */
3359 void
3360 Lsync(struct ps_lwphandle *L)
3361 {
3362         int ctlfd = L->lwp_ctlfd;
3363         long cmd[2];
3364         iovec_t iov[4];
3365         int n = 0;
3366 
3367         if (L->lwp_flags & SETHOLD) {
3368                 cmd[0] = PCSHOLD;
3369                 iov[n].iov_base = (caddr_t)&cmd[0];
3370                 iov[n++].iov_len = sizeof (long);
3371                 iov[n].iov_base = (caddr_t)&L->lwp_status.pr_lwphold;
3372                 iov[n++].iov_len = sizeof (L->lwp_status.pr_lwphold);
3373         }
3374         if (L->lwp_flags & SETREGS) {
3375                 cmd[1] = PCSREG;
3376                 iov[n].iov_base = (caddr_t)&cmd[1];
3377                 iov[n++].iov_len = sizeof (long);
3378                 iov[n].iov_base = (caddr_t)&L->lwp_status.pr_reg[0];
3379                 iov[n++].iov_len = sizeof (L->lwp_status.pr_reg);
3380         }
3381 
3382         if (n == 0 || writev(ctlfd, iov, n) < 0)
3383                 return;         /* nothing to do or write failed */
3384 
3385         L->lwp_flags &= ~(SETHOLD|SETREGS);
3386 }
3387 
3388 /*
3389  * Wait for the specified LWP to stop or terminate.
3390  * Or, just get the current status (PCNULL).
3391  * Or, direct it to stop and get the current status (PCDSTOP).
3392  */
3393 static int
3394 Lstopstatus(struct ps_lwphandle *L,
3395         long request,           /* PCNULL, PCDSTOP, PCSTOP, PCWSTOP */
3396         uint_t msec)            /* if non-zero, timeout in milliseconds */
3397 {
3398         int ctlfd = L->lwp_ctlfd;
3399         long ctl[3];
3400         ssize_t rc;
3401         int err;
3402 
3403         switch (L->lwp_state) {
3404         case PS_RUN:
3405                 break;
3406         case PS_STOP:
3407                 if (request != PCNULL && request != PCDSTOP)
3408                         return (0);
3409                 break;
3410         case PS_LOST:
3411                 if (request != PCNULL) {
3412                         errno = EAGAIN;
3413                         return (-1);
3414                 }
3415                 break;
3416         case PS_UNDEAD:
3417         case PS_DEAD:
3418                 if (request != PCNULL) {
3419                         errno = ENOENT;
3420                         return (-1);
3421                 }
3422                 break;
3423         default:        /* corrupted state */
3424                 dprintf("Lstopstatus: corrupted state: %d\n", L->lwp_state);
3425                 errno = EINVAL;
3426                 return (-1);
3427         }
3428 
3429         ctl[0] = PCDSTOP;
3430         ctl[1] = PCTWSTOP;
3431         ctl[2] = (long)msec;
3432         rc = 0;
3433         switch (request) {
3434         case PCSTOP:
3435                 rc = write(ctlfd, &ctl[0], 3*sizeof (long));
3436                 break;
3437         case PCWSTOP:
3438                 rc = write(ctlfd, &ctl[1], 2*sizeof (long));
3439                 break;
3440         case PCDSTOP:
3441                 rc = write(ctlfd, &ctl[0], 1*sizeof (long));
3442                 break;
3443         case PCNULL:
3444                 if (L->lwp_state == PS_DEAD)
3445                         return (0); /* Nothing else to do for cores */
3446                 break;
3447         default:        /* programming error */
3448                 errno = EINVAL;
3449                 return (-1);
3450         }
3451         err = (rc < 0)? errno : 0;
3452         Lsync(L);
3453 
3454         if (pread(L->lwp_statfd, &L->lwp_status,
3455             sizeof (L->lwp_status), (off_t)0) < 0)
3456                 err = errno;
3457 
3458         if (err) {
3459                 switch (err) {
3460                 case EINTR:             /* user typed ctl-C */
3461                 case ERESTART:
3462                         dprintf("Lstopstatus: EINTR\n");
3463                         break;
3464                 case EAGAIN:            /* we lost control of the the process */
3465                         dprintf("Lstopstatus: EAGAIN\n");
3466                         L->lwp_state = PS_LOST;
3467                         errno = err;
3468                         return (-1);
3469                 default:
3470                         if (_libproc_debug) {
3471                                 const char *errstr;
3472 
3473                                 switch (request) {
3474                                 case PCNULL:
3475                                         errstr = "Lstopstatus PCNULL"; break;
3476                                 case PCSTOP:
3477                                         errstr = "Lstopstatus PCSTOP"; break;
3478                                 case PCDSTOP:
3479                                         errstr = "Lstopstatus PCDSTOP"; break;
3480                                 case PCWSTOP:
3481                                         errstr = "Lstopstatus PCWSTOP"; break;
3482                                 default:
3483                                         errstr = "Lstopstatus PC???"; break;
3484                                 }
3485                                 dprintf("%s: %s\n", errstr, strerror(err));
3486                         }
3487                         L->lwp_state = PS_UNDEAD;
3488                         errno = err;
3489                         return (-1);
3490                 }
3491         }
3492 
3493         if ((L->lwp_status.pr_flags & (PR_STOPPED|PR_ISTOP))
3494             != (PR_STOPPED|PR_ISTOP)) {
3495                 L->lwp_state = PS_RUN;
3496                 if (request == PCNULL || request == PCDSTOP || msec != 0)
3497                         return (0);
3498                 dprintf("Lstopstatus: LWP is not stopped\n");
3499                 errno = EPROTO;
3500                 return (-1);
3501         }
3502 
3503         L->lwp_state = PS_STOP;
3504 
3505         if (_libproc_debug)     /* debugging */
3506                 prldump("Lstopstatus", &L->lwp_status);
3507 
3508         switch (L->lwp_status.pr_why) {
3509         case PR_SYSENTRY:
3510         case PR_SYSEXIT:
3511         case PR_REQUESTED:
3512         case PR_SIGNALLED:
3513         case PR_FAULTED:
3514         case PR_JOBCONTROL:
3515         case PR_SUSPENDED:
3516                 break;
3517         default:
3518                 errno = EPROTO;
3519                 return (-1);
3520         }
3521 
3522         return (0);
3523 }
3524 
3525 /*
3526  * Wait for the LWP to stop for any reason.
3527  */
3528 int
3529 Lwait(struct ps_lwphandle *L, uint_t msec)
3530 {
3531         return (Lstopstatus(L, PCWSTOP, msec));
3532 }
3533 
3534 /*
3535  * Direct the LWP to stop; wait for it to stop.
3536  */
3537 int
3538 Lstop(struct ps_lwphandle *L, uint_t msec)
3539 {
3540         return (Lstopstatus(L, PCSTOP, msec));
3541 }
3542 
3543 /*
3544  * Direct the LWP to stop; don't wait.
3545  */
3546 int
3547 Ldstop(struct ps_lwphandle *L)
3548 {
3549         return (Lstopstatus(L, PCDSTOP, 0));
3550 }
3551 
3552 /*
3553  * Get the value of one register from stopped LWP.
3554  */
3555 int
3556 Lgetareg(struct ps_lwphandle *L, int regno, prgreg_t *preg)
3557 {
3558         if (regno < 0 || regno >= NPRGREG) {
3559                 errno = EINVAL;
3560                 return (-1);
3561         }
3562 
3563         if (L->lwp_state != PS_STOP) {
3564                 errno = EBUSY;
3565                 return (-1);
3566         }
3567 
3568         *preg = L->lwp_status.pr_reg[regno];
3569         return (0);
3570 }
3571 
3572 /*
3573  * Put value of one register into stopped LWP.
3574  */
3575 int
3576 Lputareg(struct ps_lwphandle *L, int regno, prgreg_t reg)
3577 {
3578         if (regno < 0 || regno >= NPRGREG) {
3579                 errno = EINVAL;
3580                 return (-1);
3581         }
3582 
3583         if (L->lwp_state != PS_STOP) {
3584                 errno = EBUSY;
3585                 return (-1);
3586         }
3587 
3588         L->lwp_status.pr_reg[regno] = reg;
3589         L->lwp_flags |= SETREGS;     /* set registers before continuing */
3590         return (0);
3591 }
3592 
3593 int
3594 Lsetrun(struct ps_lwphandle *L,
3595         int sig,        /* signal to pass to LWP */
3596         int flags)      /* PRSTEP|PRSABORT|PRSTOP|PRCSIG|PRCFAULT */
3597 {
3598         int ctlfd = L->lwp_ctlfd;
3599         int sbits = (PR_DSTOP | PR_ISTOP | PR_ASLEEP);
3600 
3601         long ctl[1 +                                    /* PCCFAULT     */
3602             1 + sizeof (siginfo_t)/sizeof (long) +      /* PCSSIG/PCCSIG */
3603             2 ];                                        /* PCRUN        */
3604 
3605         long *ctlp = ctl;
3606         size_t size;
3607 
3608         if (L->lwp_state != PS_STOP &&
3609             (L->lwp_status.pr_flags & sbits) == 0) {
3610                 errno = EBUSY;
3611                 return (-1);
3612         }
3613 
3614         Lsync(L);       /* flush registers */
3615 
3616         if (flags & PRCFAULT) {             /* clear current fault */
3617                 *ctlp++ = PCCFAULT;
3618                 flags &= ~PRCFAULT;
3619         }
3620 
3621         if (flags & PRCSIG) {               /* clear current signal */
3622                 *ctlp++ = PCCSIG;
3623                 flags &= ~PRCSIG;
3624         } else if (sig && sig != L->lwp_status.pr_cursig) {
3625                 /* make current signal */
3626                 siginfo_t *infop;
3627 
3628                 *ctlp++ = PCSSIG;
3629                 infop = (siginfo_t *)ctlp;
3630                 (void) memset(infop, 0, sizeof (*infop));
3631                 infop->si_signo = sig;
3632                 ctlp += sizeof (siginfo_t) / sizeof (long);
3633         }
3634 
3635         *ctlp++ = PCRUN;
3636         *ctlp++ = flags;
3637         size = (char *)ctlp - (char *)ctl;
3638 
3639         L->lwp_proc->info_valid = 0; /* will need to update map and file info */
3640         L->lwp_proc->state = PS_RUN;
3641         L->lwp_state = PS_RUN;
3642 
3643         if (write(ctlfd, ctl, size) != size) {
3644                 /* Pretend that a job-stopped LWP is running */
3645                 if (errno != EBUSY || L->lwp_status.pr_why != PR_JOBCONTROL)
3646                         return (Lstopstatus(L, PCNULL, 0));
3647         }
3648 
3649         return (0);
3650 }
3651 
3652 int
3653 Lclearsig(struct ps_lwphandle *L)
3654 {
3655         int ctlfd = L->lwp_ctlfd;
3656         long ctl = PCCSIG;
3657 
3658         if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
3659                 return (-1);
3660         L->lwp_status.pr_cursig = 0;
3661         return (0);
3662 }
3663 
3664 int
3665 Lclearfault(struct ps_lwphandle *L)
3666 {
3667         int ctlfd = L->lwp_ctlfd;
3668         long ctl = PCCFAULT;
3669 
3670         if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
3671                 return (-1);
3672         return (0);
3673 }
3674 
3675 /*
3676  * Step over a breakpoint, i.e., execute the instruction that
3677  * really belongs at the breakpoint location (the current %pc)
3678  * and leave the LWP stopped at the next instruction.
3679  */
3680 int
3681 Lxecbkpt(struct ps_lwphandle *L, ulong_t saved)
3682 {
3683         struct ps_prochandle *P = L->lwp_proc;
3684         int rv, error;
3685 
3686         if (L->lwp_state != PS_STOP) {
3687                 errno = EBUSY;
3688                 return (-1);
3689         }
3690 
3691         Lsync(L);
3692         error = execute_bkpt(L->lwp_ctlfd,
3693             &P->status.pr_flttrace, &L->lwp_status.pr_lwphold,
3694             L->lwp_status.pr_reg[R_PC], saved);
3695         rv = Lstopstatus(L, PCNULL, 0);
3696 
3697         if (error != 0) {
3698                 if (L->lwp_status.pr_why == PR_JOBCONTROL &&
3699                     error == EBUSY) {   /* jobcontrol stop -- back off */
3700                         L->lwp_state = PS_RUN;
3701                         return (0);
3702                 }
3703                 if (error == ENOENT)
3704                         return (0);
3705                 errno = error;
3706                 return (-1);
3707         }
3708 
3709         return (rv);
3710 }
3711 
3712 /*
3713  * Step over a watchpoint, i.e., execute the instruction that was stopped by
3714  * the watchpoint, and then leave the LWP stopped at the next instruction.
3715  */
3716 int
3717 Lxecwapt(struct ps_lwphandle *L, const prwatch_t *wp)
3718 {
3719         struct ps_prochandle *P = L->lwp_proc;
3720         int rv, error;
3721 
3722         if (L->lwp_state != PS_STOP) {
3723                 errno = EBUSY;
3724                 return (-1);
3725         }
3726 
3727         Lsync(L);
3728         error = execute_wapt(L->lwp_ctlfd,
3729             &P->status.pr_flttrace, &L->lwp_status.pr_lwphold, wp);
3730         rv = Lstopstatus(L, PCNULL, 0);
3731 
3732         if (error != 0) {
3733                 if (L->lwp_status.pr_why == PR_JOBCONTROL &&
3734                     error == EBUSY) {   /* jobcontrol stop -- back off */
3735                         L->lwp_state = PS_RUN;
3736                         return (0);
3737                 }
3738                 if (error == ENOENT)
3739                         return (0);
3740                 errno = error;
3741                 return (-1);
3742         }
3743 
3744         return (rv);
3745 }
3746 
3747 int
3748 Lstack(struct ps_lwphandle *L, stack_t *stkp)
3749 {
3750         struct ps_prochandle *P = L->lwp_proc;
3751         uintptr_t addr = L->lwp_status.pr_ustack;
3752 
3753         if (P->status.pr_dmodel == PR_MODEL_NATIVE) {
3754                 if (Pread(P, stkp, sizeof (*stkp), addr) != sizeof (*stkp))
3755                         return (-1);
3756 #ifdef _LP64
3757         } else {
3758                 stack32_t stk32;
3759 
3760                 if (Pread(P, &stk32, sizeof (stk32), addr) != sizeof (stk32))
3761                         return (-1);
3762 
3763                 stack_32_to_n(&stk32, stkp);
3764 #endif
3765         }
3766 
3767         return (0);
3768 }
3769 
3770 int
3771 Lmain_stack(struct ps_lwphandle *L, stack_t *stkp)
3772 {
3773         struct ps_prochandle *P = L->lwp_proc;
3774 
3775         if (Lstack(L, stkp) != 0)
3776                 return (-1);
3777 
3778         /*
3779          * If the SS_ONSTACK flag is set then this LWP is operating on the
3780          * alternate signal stack. We can recover the original stack from
3781          * pr_oldcontext.
3782          */
3783         if (!(stkp->ss_flags & SS_ONSTACK))
3784                 return (0);
3785 
3786         if (P->status.pr_dmodel == PR_MODEL_NATIVE) {
3787                 ucontext_t *ctxp = (void *)L->lwp_status.pr_oldcontext;
3788 
3789                 if (Pread(P, stkp, sizeof (*stkp),
3790                     (uintptr_t)&ctxp->uc_stack) != sizeof (*stkp))
3791                         return (-1);
3792 #ifdef _LP64
3793         } else {
3794                 ucontext32_t *ctxp = (void *)L->lwp_status.pr_oldcontext;
3795                 stack32_t stk32;
3796 
3797                 if (Pread(P, &stk32, sizeof (stk32),
3798                     (uintptr_t)&ctxp->uc_stack) != sizeof (stk32))
3799                         return (-1);
3800 
3801                 stack_32_to_n(&stk32, stkp);
3802 #endif
3803         }
3804 
3805         return (0);
3806 }
3807 
3808 int
3809 Lalt_stack(struct ps_lwphandle *L, stack_t *stkp)
3810 {
3811         if (L->lwp_status.pr_altstack.ss_flags & SS_DISABLE) {
3812                 errno = ENODATA;
3813                 return (-1);
3814         }
3815 
3816         *stkp = L->lwp_status.pr_altstack;
3817 
3818         return (0);
3819 }
3820 
3821 /*
3822  * Add a mapping to the given proc handle.  Resizes the array as appropriate and
3823  * manages reference counts on the given file_info_t.
3824  *
3825  * The 'map_relocate' member is used to tell Psort_mappings() that the
3826  * associated file_map pointer needs to be relocated after the mappings have
3827  * been sorted.  It is only set for the first mapping, and has no meaning
3828  * outside these two functions.
3829  */
3830 int
3831 Padd_mapping(struct ps_prochandle *P, off64_t off, file_info_t *fp,
3832     prmap_t *pmap)
3833 {
3834         map_info_t *mp;
3835 
3836         if (P->map_count == P->map_alloc) {
3837                 size_t next = P->map_alloc ? P->map_alloc * 2 : 16;
3838 
3839                 if ((P->mappings = realloc(P->mappings,
3840                     next * sizeof (map_info_t))) == NULL)
3841                         return (-1);
3842 
3843                 P->map_alloc = next;
3844         }
3845 
3846         mp = &P->mappings[P->map_count++];
3847 
3848         mp->map_offset = off;
3849         mp->map_pmap = *pmap;
3850         mp->map_relocate = 0;
3851         if ((mp->map_file = fp) != NULL) {
3852                 if (fp->file_map == NULL) {
3853                         fp->file_map = mp;
3854                         mp->map_relocate = 1;
3855                 }
3856                 fp->file_ref++;
3857         }
3858 
3859         return (0);
3860 }
3861 
3862 static int
3863 map_sort(const void *a, const void *b)
3864 {
3865         const map_info_t *ap = a, *bp = b;
3866 
3867         if (ap->map_pmap.pr_vaddr < bp->map_pmap.pr_vaddr)
3868                 return (-1);
3869         else if (ap->map_pmap.pr_vaddr > bp->map_pmap.pr_vaddr)
3870                 return (1);
3871         else
3872                 return (0);
3873 }
3874 
3875 /*
3876  * Sort the current set of mappings.  Should be called during target
3877  * initialization after all calls to Padd_mapping() have been made.
3878  */
3879 void
3880 Psort_mappings(struct ps_prochandle *P)
3881 {
3882         int i;
3883         map_info_t *mp;
3884 
3885         qsort(P->mappings, P->map_count, sizeof (map_info_t), map_sort);
3886 
3887         /*
3888          * Update all the file_map pointers to refer to the new locations.
3889          */
3890         for (i = 0; i < P->map_count; i++) {
3891                 mp = &P->mappings[i];
3892                 if (mp->map_relocate)
3893                         mp->map_file->file_map = mp;
3894                 mp->map_relocate = 0;
3895         }
3896 }
3897 
3898 struct ps_prochandle *
3899 Pgrab_ops(pid_t pid, void *data, const ps_ops_t *ops, int flags)
3900 {
3901         struct ps_prochandle *P;
3902 
3903         if ((P = calloc(1, sizeof (*P))) == NULL) {
3904                 return (NULL);
3905         }
3906 
3907         Pinit_ops(&P->ops, ops);
3908         (void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
3909         P->pid = pid;
3910         P->state = PS_STOP;
3911         P->asfd = -1;
3912         P->ctlfd = -1;
3913         P->statfd = -1;
3914         P->agentctlfd = -1;
3915         P->agentstatfd = -1;
3916         Pinitsym(P);
3917         P->data = data;
3918         Pread_status(P);
3919 
3920         if (flags & PGRAB_INCORE) {
3921                 P->flags |= INCORE;
3922         }
3923 
3924         return (P);
3925 }