1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  *
  26  * Portions Copyright 2007 Chad Mynhier
  27  * Copyright 2012 DEY Storage Systems, Inc.  All rights reserved.
  28  * Copyright (c) 2013 by Delphix. All rights reserved.
  29  * Copyright 2015, Joyent, Inc.
  30  */
  31 
  32 #include <assert.h>
  33 #include <stdio.h>
  34 #include <stdlib.h>
  35 #include <unistd.h>
  36 #include <ctype.h>
  37 #include <fcntl.h>
  38 #include <string.h>
  39 #include <strings.h>
  40 #include <memory.h>
  41 #include <errno.h>
  42 #include <dirent.h>
  43 #include <limits.h>
  44 #include <signal.h>
  45 #include <atomic.h>
  46 #include <zone.h>
  47 #include <sys/types.h>
  48 #include <sys/uio.h>
  49 #include <sys/stat.h>
  50 #include <sys/resource.h>
  51 #include <sys/param.h>
  52 #include <sys/stack.h>
  53 #include <sys/fault.h>
  54 #include <sys/syscall.h>
  55 #include <sys/sysmacros.h>
  56 #include <sys/systeminfo.h>
  57 #include <sys/secflags.h>
  58 
  59 #include "libproc.h"
  60 #include "Pcontrol.h"
  61 #include "Putil.h"
  62 #include "P32ton.h"
  63 
  64 int     _libproc_debug;         /* set non-zero to enable debugging printfs */
  65 int     _libproc_no_qsort;      /* set non-zero to inhibit sorting */
  66                                 /* of symbol tables */
  67 int     _libproc_incore_elf;    /* only use in-core elf data */
  68 
  69 sigset_t blockable_sigs;        /* signals to block when we need to be safe */
  70 static  int     minfd;  /* minimum file descriptor returned by dupfd(fd, 0) */
  71 char    procfs_path[PATH_MAX] = "/proc";
  72 
  73 /*
  74  * Function prototypes for static routines in this module.
  75  */
  76 static  void    deadcheck(struct ps_prochandle *);
  77 static  void    restore_tracing_flags(struct ps_prochandle *);
  78 static  void    Lfree_internal(struct ps_prochandle *, struct ps_lwphandle *);
  79 static  prheader_t *read_lfile(struct ps_prochandle *, const char *);
  80 
  81 /*
  82  * Ops vector functions for live processes.
  83  */
  84 
  85 /*ARGSUSED*/
  86 static ssize_t
  87 Pread_live(struct ps_prochandle *P, void *buf, size_t n, uintptr_t addr,
  88     void *data)
  89 {
  90         return (pread(P->asfd, buf, n, (off_t)addr));
  91 }
  92 
  93 /*ARGSUSED*/
  94 static ssize_t
  95 Pwrite_live(struct ps_prochandle *P, const void *buf, size_t n, uintptr_t addr,
  96     void *data)
  97 {
  98         return (pwrite(P->asfd, buf, n, (off_t)addr));
  99 }
 100 
 101 /*ARGSUSED*/
 102 static int
 103 Pread_maps_live(struct ps_prochandle *P, prmap_t **Pmapp, ssize_t *nmapp,
 104     void *data)
 105 {
 106         char mapfile[PATH_MAX];
 107         int mapfd;
 108         struct stat statb;
 109         ssize_t nmap;
 110         prmap_t *Pmap = NULL;
 111 
 112         (void) snprintf(mapfile, sizeof (mapfile), "%s/%d/map",
 113             procfs_path, (int)P->pid);
 114         if ((mapfd = open(mapfile, O_RDONLY)) < 0 ||
 115             fstat(mapfd, &statb) != 0 ||
 116             statb.st_size < sizeof (prmap_t) ||
 117             (Pmap = malloc(statb.st_size)) == NULL ||
 118             (nmap = pread(mapfd, Pmap, statb.st_size, 0L)) <= 0 ||
 119             (nmap /= sizeof (prmap_t)) == 0) {
 120                 if (Pmap != NULL)
 121                         free(Pmap);
 122                 if (mapfd >= 0)
 123                         (void) close(mapfd);
 124                 Preset_maps(P); /* utter failure; destroy tables */
 125                 return (-1);
 126         }
 127         (void) close(mapfd);
 128 
 129         *Pmapp = Pmap;
 130         *nmapp = nmap;
 131 
 132         return (0);
 133 }
 134 
 135 /*ARGSUSED*/
 136 static void
 137 Pread_aux_live(struct ps_prochandle *P, auxv_t **auxvp, int *nauxp, void *data)
 138 {
 139         char auxfile[64];
 140         int fd;
 141         struct stat statb;
 142         auxv_t *auxv;
 143         ssize_t naux;
 144 
 145         (void) snprintf(auxfile, sizeof (auxfile), "%s/%d/auxv",
 146             procfs_path, (int)P->pid);
 147         if ((fd = open(auxfile, O_RDONLY)) < 0) {
 148                 dprintf("%s: failed to open %s: %s\n",
 149                     __func__, auxfile, strerror(errno));
 150                 return;
 151         }
 152 
 153         if (fstat(fd, &statb) == 0 &&
 154             statb.st_size >= sizeof (auxv_t) &&
 155             (auxv = malloc(statb.st_size + sizeof (auxv_t))) != NULL) {
 156                 if ((naux = read(fd, auxv, statb.st_size)) < 0 ||
 157                     (naux /= sizeof (auxv_t)) < 1) {
 158                         dprintf("%s: read failed: %s\n",
 159                             __func__, strerror(errno));
 160                         free(auxv);
 161                 } else {
 162                         auxv[naux].a_type = AT_NULL;
 163                         auxv[naux].a_un.a_val = 0L;
 164 
 165                         *auxvp = auxv;
 166                         *nauxp = (int)naux;
 167                 }
 168         }
 169 
 170         (void) close(fd);
 171 }
 172 
 173 /*ARGSUSED*/
 174 static int
 175 Pcred_live(struct ps_prochandle *P, prcred_t *pcrp, int ngroups, void *data)
 176 {
 177         return (proc_get_cred(P->pid, pcrp, ngroups));
 178 }
 179 
 180 /* ARGSUSED */
 181 static int
 182 Psecflags_live(struct ps_prochandle *P, prsecflags_t **psf, void *data)
 183 {
 184         return (proc_get_secflags(P->pid, psf));
 185 }
 186 
 187 /*ARGSUSED*/
 188 static int
 189 Ppriv_live(struct ps_prochandle *P, prpriv_t **pprv, void *data)
 190 {
 191         prpriv_t *pp;
 192 
 193         pp = proc_get_priv(P->pid);
 194         if (pp == NULL) {
 195                 return (-1);
 196         }
 197 
 198         *pprv = pp;
 199         return (0);
 200 }
 201 
 202 /*ARGSUSED*/
 203 static const psinfo_t *
 204 Ppsinfo_live(struct ps_prochandle *P, psinfo_t *psinfo, void *data)
 205 {
 206         if (proc_get_psinfo(P->pid, psinfo) == -1)
 207                 return (NULL);
 208 
 209         return (psinfo);
 210 }
 211 
 212 /*ARGSUSED*/
 213 static prheader_t *
 214 Plstatus_live(struct ps_prochandle *P, void *data)
 215 {
 216         return (read_lfile(P, "lstatus"));
 217 }
 218 
 219 /*ARGSUSED*/
 220 static prheader_t *
 221 Plpsinfo_live(struct ps_prochandle *P, void *data)
 222 {
 223         return (read_lfile(P, "lpsinfo"));
 224 }
 225 
 226 /*ARGSUSED*/
 227 static char *
 228 Pplatform_live(struct ps_prochandle *P, char *s, size_t n, void *data)
 229 {
 230         if (sysinfo(SI_PLATFORM, s, n) == -1)
 231                 return (NULL);
 232         return (s);
 233 }
 234 
 235 /*ARGSUSED*/
 236 static int
 237 Puname_live(struct ps_prochandle *P, struct utsname *u, void *data)
 238 {
 239         return (uname(u));
 240 }
 241 
 242 /*ARGSUSED*/
 243 static char *
 244 Pzonename_live(struct ps_prochandle *P, char *s, size_t n, void *data)
 245 {
 246         if (getzonenamebyid(P->status.pr_zoneid, s, n) < 0)
 247                 return (NULL);
 248         s[n - 1] = '\0';
 249         return (s);
 250 }
 251 
 252 /*
 253  * Callback function for Pfindexec().  We return a match if we can stat the
 254  * suggested pathname and confirm its device and inode number match our
 255  * previous information about the /proc/<pid>/object/a.out file.
 256  */
 257 static int
 258 stat_exec(const char *path, void *arg)
 259 {
 260         struct stat64 *stp = arg;
 261         struct stat64 st;
 262 
 263         return (stat64(path, &st) == 0 && S_ISREG(st.st_mode) &&
 264             stp->st_dev == st.st_dev && stp->st_ino == st.st_ino);
 265 }
 266 
 267 /*ARGSUSED*/
 268 static char *
 269 Pexecname_live(struct ps_prochandle *P, char *buf, size_t buflen, void *data)
 270 {
 271         char exec_name[PATH_MAX];
 272         char cwd[PATH_MAX];
 273         char proc_cwd[64];
 274         struct stat64 st;
 275         int ret;
 276 
 277         /*
 278          * Try to get the path information first.
 279          */
 280         (void) snprintf(exec_name, sizeof (exec_name),
 281             "%s/%d/path/a.out", procfs_path, (int)P->pid);
 282         if ((ret = readlink(exec_name, buf, buflen - 1)) > 0) {
 283                 buf[ret] = '\0';
 284                 (void) Pfindobj(P, buf, buf, buflen);
 285                 return (buf);
 286         }
 287 
 288         /*
 289          * Stat the executable file so we can compare Pfindexec's
 290          * suggestions to the actual device and inode number.
 291          */
 292         (void) snprintf(exec_name, sizeof (exec_name),
 293             "%s/%d/object/a.out", procfs_path, (int)P->pid);
 294 
 295         if (stat64(exec_name, &st) != 0 || !S_ISREG(st.st_mode))
 296                 return (NULL);
 297 
 298         /*
 299          * Attempt to figure out the current working directory of the
 300          * target process.  This only works if the target process has
 301          * not changed its current directory since it was exec'd.
 302          */
 303         (void) snprintf(proc_cwd, sizeof (proc_cwd),
 304             "%s/%d/path/cwd", procfs_path, (int)P->pid);
 305 
 306         if ((ret = readlink(proc_cwd, cwd, PATH_MAX - 1)) > 0)
 307                 cwd[ret] = '\0';
 308 
 309         (void) Pfindexec(P, ret > 0 ? cwd : NULL, stat_exec, &st);
 310 
 311         return (NULL);
 312 }
 313 
 314 #if defined(__i386) || defined(__amd64)
 315 /*ARGSUSED*/
 316 static int
 317 Pldt_live(struct ps_prochandle *P, struct ssd *pldt, int nldt, void *data)
 318 {
 319         return (proc_get_ldt(P->pid, pldt, nldt));
 320 }
 321 #endif
 322 
 323 static const ps_ops_t P_live_ops = {
 324         .pop_pread      = Pread_live,
 325         .pop_pwrite     = Pwrite_live,
 326         .pop_read_maps  = Pread_maps_live,
 327         .pop_read_aux   = Pread_aux_live,
 328         .pop_cred       = Pcred_live,
 329         .pop_priv       = Ppriv_live,
 330         .pop_psinfo     = Ppsinfo_live,
 331         .pop_lstatus    = Plstatus_live,
 332         .pop_lpsinfo    = Plpsinfo_live,
 333         .pop_platform   = Pplatform_live,
 334         .pop_uname      = Puname_live,
 335         .pop_zonename   = Pzonename_live,
 336         .pop_execname   = Pexecname_live,
 337         .pop_secflags   = Psecflags_live,
 338 #if defined(__i386) || defined(__amd64)
 339         .pop_ldt        = Pldt_live
 340 #endif
 341 };
 342 
 343 /*
 344  * This is the library's .init handler.
 345  */
 346 #pragma init(_libproc_init)
 347 void
 348 _libproc_init(void)
 349 {
 350         _libproc_debug = getenv("LIBPROC_DEBUG") != NULL;
 351         _libproc_no_qsort = getenv("LIBPROC_NO_QSORT") != NULL;
 352         _libproc_incore_elf = getenv("LIBPROC_INCORE_ELF") != NULL;
 353 
 354         (void) sigfillset(&blockable_sigs);
 355         (void) sigdelset(&blockable_sigs, SIGKILL);
 356         (void) sigdelset(&blockable_sigs, SIGSTOP);
 357 }
 358 
 359 void
 360 Pset_procfs_path(const char *path)
 361 {
 362         (void) snprintf(procfs_path, sizeof (procfs_path), "%s", path);
 363 }
 364 
 365 /*
 366  * Call set_minfd() once before calling dupfd() several times.
 367  * We assume that the application will not reduce its current file
 368  * descriptor limit lower than 512 once it has set at least that value.
 369  */
 370 int
 371 set_minfd(void)
 372 {
 373         static mutex_t minfd_lock = DEFAULTMUTEX;
 374         struct rlimit rlim;
 375         int fd;
 376 
 377         if ((fd = minfd) < 256) {
 378                 (void) mutex_lock(&minfd_lock);
 379                 if ((fd = minfd) < 256) {
 380                         if (getrlimit(RLIMIT_NOFILE, &rlim) != 0)
 381                                 rlim.rlim_cur = rlim.rlim_max = 0;
 382                         if (rlim.rlim_cur >= 512)
 383                                 fd = 256;
 384                         else if ((fd = rlim.rlim_cur / 2) < 3)
 385                                 fd = 3;
 386                         membar_producer();
 387                         minfd = fd;
 388                 }
 389                 (void) mutex_unlock(&minfd_lock);
 390         }
 391         return (fd);
 392 }
 393 
 394 int
 395 dupfd(int fd, int dfd)
 396 {
 397         int mfd;
 398 
 399         /*
 400          * Make fd be greater than 255 (the 32-bit stdio limit),
 401          * or at least make it greater than 2 so that the
 402          * program will work when spawned by init(1m).
 403          * Also, if dfd is non-zero, dup the fd to be dfd.
 404          */
 405         if ((mfd = minfd) == 0)
 406                 mfd = set_minfd();
 407         if (dfd > 0 || (0 <= fd && fd < mfd)) {
 408                 if (dfd <= 0)
 409                         dfd = mfd;
 410                 dfd = fcntl(fd, F_DUPFD, dfd);
 411                 (void) close(fd);
 412                 fd = dfd;
 413         }
 414         /*
 415          * Mark it close-on-exec so any created process doesn't inherit it.
 416          */
 417         if (fd >= 0)
 418                 (void) fcntl(fd, F_SETFD, FD_CLOEXEC);
 419         return (fd);
 420 }
 421 
 422 /*
 423  * Create a new controlled process.
 424  * Leave it stopped on successful exit from exec() or execve().
 425  * Return an opaque pointer to its process control structure.
 426  * Return NULL if process cannot be created (fork()/exec() not successful).
 427  */
 428 struct ps_prochandle *
 429 Pxcreate(const char *file,      /* executable file name */
 430     char *const *argv,          /* argument vector */
 431     char *const *envp,          /* environment */
 432     int *perr,                  /* pointer to error return code */
 433     char *path,         /* if non-null, holds exec path name on return */
 434     size_t len)                 /* size of the path buffer */
 435 {
 436         char execpath[PATH_MAX];
 437         char procname[PATH_MAX];
 438         struct ps_prochandle *P;
 439         pid_t pid;
 440         int fd;
 441         char *fname;
 442         int rc;
 443         int lasterrno = 0;
 444 
 445         if (len == 0)   /* zero length, no path */
 446                 path = NULL;
 447         if (path != NULL)
 448                 *path = '\0';
 449 
 450         if ((P = malloc(sizeof (struct ps_prochandle))) == NULL) {
 451                 *perr = C_STRANGE;
 452                 return (NULL);
 453         }
 454 
 455         if ((pid = fork1()) == -1) {
 456                 free(P);
 457                 *perr = C_FORK;
 458                 return (NULL);
 459         }
 460 
 461         if (pid == 0) {                 /* child process */
 462                 id_t id;
 463                 extern char **environ;
 464 
 465                 /*
 466                  * If running setuid or setgid, reset credentials to normal.
 467                  */
 468                 if ((id = getgid()) != getegid())
 469                         (void) setgid(id);
 470                 if ((id = getuid()) != geteuid())
 471                         (void) setuid(id);
 472 
 473                 Pcreate_callback(P);    /* execute callback (see below) */
 474                 (void) pause();         /* wait for PRSABORT from parent */
 475 
 476                 /*
 477                  * This is ugly.  There is no execvep() function that takes a
 478                  * path and an environment.  We cheat here by replacing the
 479                  * global 'environ' variable right before we call this.
 480                  */
 481                 if (envp)
 482                         environ = (char **)envp;
 483 
 484                 (void) execvp(file, argv);  /* execute the program */
 485                 _exit(127);
 486         }
 487 
 488         /*
 489          * Initialize the process structure.
 490          */
 491         (void) memset(P, 0, sizeof (*P));
 492         (void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
 493         P->flags |= CREATED;
 494         P->state = PS_RUN;
 495         P->pid = pid;
 496         P->asfd = -1;
 497         P->ctlfd = -1;
 498         P->statfd = -1;
 499         P->agentctlfd = -1;
 500         P->agentstatfd = -1;
 501         Pinit_ops(&P->ops, &P_live_ops);
 502         Pinitsym(P);
 503 
 504         /*
 505          * Open the /proc/pid files.
 506          */
 507         (void) snprintf(procname, sizeof (procname), "%s/%d/",
 508             procfs_path, (int)pid);
 509         fname = procname + strlen(procname);
 510         (void) set_minfd();
 511 
 512         /*
 513          * Exclusive write open advises others not to interfere.
 514          * There is no reason for any of these open()s to fail.
 515          */
 516         (void) strcpy(fname, "as");
 517         if ((fd = open(procname, (O_RDWR|O_EXCL))) < 0 ||
 518             (fd = dupfd(fd, 0)) < 0) {
 519                 dprintf("Pcreate: failed to open %s: %s\n",
 520                     procname, strerror(errno));
 521                 rc = C_STRANGE;
 522                 goto bad;
 523         }
 524         P->asfd = fd;
 525 
 526         (void) strcpy(fname, "status");
 527         if ((fd = open(procname, O_RDONLY)) < 0 ||
 528             (fd = dupfd(fd, 0)) < 0) {
 529                 dprintf("Pcreate: failed to open %s: %s\n",
 530                     procname, strerror(errno));
 531                 rc = C_STRANGE;
 532                 goto bad;
 533         }
 534         P->statfd = fd;
 535 
 536         (void) strcpy(fname, "ctl");
 537         if ((fd = open(procname, O_WRONLY)) < 0 ||
 538             (fd = dupfd(fd, 0)) < 0) {
 539                 dprintf("Pcreate: failed to open %s: %s\n",
 540                     procname, strerror(errno));
 541                 rc = C_STRANGE;
 542                 goto bad;
 543         }
 544         P->ctlfd = fd;
 545 
 546         (void) Pstop(P, 0);     /* stop the controlled process */
 547 
 548         /*
 549          * Wait for process to sleep in pause().
 550          * If the process has already called pause(), then it should be
 551          * stopped (PR_REQUESTED) while asleep in pause and we are done.
 552          * Else we set up to catch entry/exit to pause() and set the process
 553          * running again, expecting it to stop when it reaches pause().
 554          * There is no reason for this to fail other than an interrupt.
 555          */
 556         (void) Psysentry(P, SYS_pause, 1);
 557         (void) Psysexit(P, SYS_pause, 1);
 558         for (;;) {
 559                 if (P->state == PS_STOP &&
 560                     P->status.pr_lwp.pr_syscall == SYS_pause &&
 561                     (P->status.pr_lwp.pr_why == PR_REQUESTED ||
 562                     P->status.pr_lwp.pr_why == PR_SYSENTRY ||
 563                     P->status.pr_lwp.pr_why == PR_SYSEXIT))
 564                         break;
 565 
 566                 if (P->state != PS_STOP ||   /* interrupt or process died */
 567                     Psetrun(P, 0, 0) != 0) {    /* can't restart */
 568                         if (errno == EINTR || errno == ERESTART)
 569                                 rc = C_INTR;
 570                         else {
 571                                 dprintf("Pcreate: Psetrun failed: %s\n",
 572                                     strerror(errno));
 573                                 rc = C_STRANGE;
 574                         }
 575                         goto bad;
 576                 }
 577 
 578                 (void) Pwait(P, 0);
 579         }
 580         (void) Psysentry(P, SYS_pause, 0);
 581         (void) Psysexit(P, SYS_pause, 0);
 582 
 583         /*
 584          * Kick the process off the pause() and catch
 585          * it again on entry to exec() or exit().
 586          */
 587         (void) Psysentry(P, SYS_exit, 1);
 588         (void) Psysentry(P, SYS_execve, 1);
 589         if (Psetrun(P, 0, PRSABORT) == -1) {
 590                 dprintf("Pcreate: Psetrun failed: %s\n", strerror(errno));
 591                 rc = C_STRANGE;
 592                 goto bad;
 593         }
 594         (void) Pwait(P, 0);
 595         if (P->state != PS_STOP) {
 596                 dprintf("Pcreate: Pwait failed: %s\n", strerror(errno));
 597                 rc = C_STRANGE;
 598                 goto bad;
 599         }
 600 
 601         /*
 602          * Move the process through instances of failed exec()s
 603          * to reach the point of stopped on successful exec().
 604          */
 605         (void) Psysexit(P, SYS_execve, TRUE);
 606 
 607         while (P->state == PS_STOP &&
 608             P->status.pr_lwp.pr_why == PR_SYSENTRY &&
 609             P->status.pr_lwp.pr_what == SYS_execve) {
 610                 /*
 611                  * Fetch the exec path name now, before we complete
 612                  * the exec().  We may lose the process and be unable
 613                  * to get the information later.
 614                  */
 615                 (void) Pread_string(P, execpath, sizeof (execpath),
 616                     (off_t)P->status.pr_lwp.pr_sysarg[0]);
 617                 if (path != NULL)
 618                         (void) strncpy(path, execpath, len);
 619                 /*
 620                  * Set the process running and wait for
 621                  * it to stop on exit from the exec().
 622                  */
 623                 (void) Psetrun(P, 0, 0);
 624                 (void) Pwait(P, 0);
 625 
 626                 if (P->state == PS_LOST &&           /* we lost control */
 627                     Preopen(P) != 0) {          /* and we can't get it back */
 628                         rc = C_PERM;
 629                         goto bad;
 630                 }
 631 
 632                 /*
 633                  * If the exec() failed, continue the loop, expecting
 634                  * there to be more attempts to exec(), based on PATH.
 635                  */
 636                 if (P->state == PS_STOP &&
 637                     P->status.pr_lwp.pr_why == PR_SYSEXIT &&
 638                     P->status.pr_lwp.pr_what == SYS_execve &&
 639                     (lasterrno = P->status.pr_lwp.pr_errno) != 0) {
 640                         /*
 641                          * The exec() failed.  Set the process running and
 642                          * wait for it to stop on entry to the next exec().
 643                          */
 644                         (void) Psetrun(P, 0, 0);
 645                         (void) Pwait(P, 0);
 646 
 647                         continue;
 648                 }
 649                 break;
 650         }
 651 
 652         if (P->state == PS_STOP &&
 653             P->status.pr_lwp.pr_why == PR_SYSEXIT &&
 654             P->status.pr_lwp.pr_what == SYS_execve &&
 655             P->status.pr_lwp.pr_errno == 0) {
 656                 /*
 657                  * The process is stopped on successful exec() or execve().
 658                  * Turn off all tracing flags and return success.
 659                  */
 660                 restore_tracing_flags(P);
 661 #ifndef _LP64
 662                 /* We must be a 64-bit process to deal with a 64-bit process */
 663                 if (P->status.pr_dmodel == PR_MODEL_LP64) {
 664                         rc = C_LP64;
 665                         goto bad;
 666                 }
 667 #endif
 668                 /*
 669                  * Set run-on-last-close so the controlled process
 670                  * runs even if we die on a signal.
 671                  */
 672                 (void) Psetflags(P, PR_RLC);
 673                 *perr = 0;
 674                 return (P);
 675         }
 676 
 677         rc = lasterrno == ENOENT ? C_NOENT : C_NOEXEC;
 678 
 679 bad:
 680         (void) kill(pid, SIGKILL);
 681         if (path != NULL && rc != C_PERM && rc != C_LP64)
 682                 *path = '\0';
 683         Pfree(P);
 684         *perr = rc;
 685         return (NULL);
 686 }
 687 
 688 struct ps_prochandle *
 689 Pcreate(
 690         const char *file,       /* executable file name */
 691         char *const *argv,      /* argument vector */
 692         int *perr,      /* pointer to error return code */
 693         char *path,     /* if non-null, holds exec path name on return */
 694         size_t len)     /* size of the path buffer */
 695 {
 696         return (Pxcreate(file, argv, NULL, perr, path, len));
 697 }
 698 
 699 /*
 700  * Return a printable string corresponding to a Pcreate() error return.
 701  */
 702 const char *
 703 Pcreate_error(int error)
 704 {
 705         const char *str;
 706 
 707         switch (error) {
 708         case C_FORK:
 709                 str = "cannot fork";
 710                 break;
 711         case C_PERM:
 712                 str = "file is set-id or unreadable";
 713                 break;
 714         case C_NOEXEC:
 715                 str = "cannot execute file";
 716                 break;
 717         case C_INTR:
 718                 str = "operation interrupted";
 719                 break;
 720         case C_LP64:
 721                 str = "program is _LP64, self is not";
 722                 break;
 723         case C_STRANGE:
 724                 str = "unanticipated system error";
 725                 break;
 726         case C_NOENT:
 727                 str = "cannot find executable file";
 728                 break;
 729         default:
 730                 str = "unknown error";
 731                 break;
 732         }
 733 
 734         return (str);
 735 }
 736 
 737 /*
 738  * Callback to execute in each child process created with Pcreate() after fork
 739  * but before it execs the new process image.  By default, we do nothing, but
 740  * by calling this function we allow the client program to define its own
 741  * version of the function which will interpose on our empty default.  This
 742  * may be useful for clients that need to modify signal dispositions, terminal
 743  * attributes, or process group and session properties for each new victim.
 744  */
 745 /*ARGSUSED*/
 746 void
 747 Pcreate_callback(struct ps_prochandle *P)
 748 {
 749         /* nothing to do here */
 750 }
 751 
 752 /*
 753  * Grab an existing process.
 754  * Return an opaque pointer to its process control structure.
 755  *
 756  * pid:         UNIX process ID.
 757  * flags:
 758  *      PGRAB_RETAIN    Retain tracing flags (default clears all tracing flags).
 759  *      PGRAB_FORCE     Grab regardless of whether process is already traced.
 760  *      PGRAB_RDONLY    Open the address space file O_RDONLY instead of O_RDWR,
 761  *                      and do not open the process control file.
 762  *      PGRAB_NOSTOP    Open the process but do not force it to stop.
 763  * perr:        pointer to error return code.
 764  */
 765 struct ps_prochandle *
 766 Pgrab(pid_t pid, int flags, int *perr)
 767 {
 768         struct ps_prochandle *P;
 769         int fd, omode;
 770         char procname[PATH_MAX];
 771         char *fname;
 772         int rc = 0;
 773 
 774         /*
 775          * PGRAB_RDONLY means that we do not open the /proc/<pid>/control file,
 776          * and so it implies RETAIN and NOSTOP since both require control.
 777          */
 778         if (flags & PGRAB_RDONLY)
 779                 flags |= PGRAB_RETAIN | PGRAB_NOSTOP;
 780 
 781         if ((P = malloc(sizeof (struct ps_prochandle))) == NULL) {
 782                 *perr = G_STRANGE;
 783                 return (NULL);
 784         }
 785 
 786         P->asfd = -1;
 787         P->ctlfd = -1;
 788         P->statfd = -1;
 789 
 790 again:  /* Come back here if we lose it in the Window of Vulnerability */
 791         if (P->ctlfd >= 0)
 792                 (void) close(P->ctlfd);
 793         if (P->asfd >= 0)
 794                 (void) close(P->asfd);
 795         if (P->statfd >= 0)
 796                 (void) close(P->statfd);
 797         (void) memset(P, 0, sizeof (*P));
 798         (void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
 799         P->ctlfd = -1;
 800         P->asfd = -1;
 801         P->statfd = -1;
 802         P->agentctlfd = -1;
 803         P->agentstatfd = -1;
 804         Pinit_ops(&P->ops, &P_live_ops);
 805         Pinitsym(P);
 806 
 807         /*
 808          * Open the /proc/pid files
 809          */
 810         (void) snprintf(procname, sizeof (procname), "%s/%d/",
 811             procfs_path, (int)pid);
 812         fname = procname + strlen(procname);
 813         (void) set_minfd();
 814 
 815         /*
 816          * Request exclusive open to avoid grabbing someone else's
 817          * process and to prevent others from interfering afterwards.
 818          * If this fails and the 'PGRAB_FORCE' flag is set, attempt to
 819          * open non-exclusively.
 820          */
 821         (void) strcpy(fname, "as");
 822         omode = (flags & PGRAB_RDONLY) ? O_RDONLY : O_RDWR;
 823 
 824         if (((fd = open(procname, omode | O_EXCL)) < 0 &&
 825             (fd = ((flags & PGRAB_FORCE)? open(procname, omode) : -1)) < 0) ||
 826             (fd = dupfd(fd, 0)) < 0) {
 827                 switch (errno) {
 828                 case ENOENT:
 829                         rc = G_NOPROC;
 830                         break;
 831                 case EACCES:
 832                 case EPERM:
 833                         rc = G_PERM;
 834                         break;
 835                 case EMFILE:
 836                         rc = G_NOFD;
 837                         break;
 838                 case EBUSY:
 839                         if (!(flags & PGRAB_FORCE) || geteuid() != 0) {
 840                                 rc = G_BUSY;
 841                                 break;
 842                         }
 843                         /* FALLTHROUGH */
 844                 default:
 845                         dprintf("Pgrab: failed to open %s: %s\n",
 846                             procname, strerror(errno));
 847                         rc = G_STRANGE;
 848                         break;
 849                 }
 850                 goto err;
 851         }
 852         P->asfd = fd;
 853 
 854         (void) strcpy(fname, "status");
 855         if ((fd = open(procname, O_RDONLY)) < 0 ||
 856             (fd = dupfd(fd, 0)) < 0) {
 857                 switch (errno) {
 858                 case ENOENT:
 859                         rc = G_NOPROC;
 860                         break;
 861                 case EMFILE:
 862                         rc = G_NOFD;
 863                         break;
 864                 default:
 865                         dprintf("Pgrab: failed to open %s: %s\n",
 866                             procname, strerror(errno));
 867                         rc = G_STRANGE;
 868                         break;
 869                 }
 870                 goto err;
 871         }
 872         P->statfd = fd;
 873 
 874         if (!(flags & PGRAB_RDONLY)) {
 875                 (void) strcpy(fname, "ctl");
 876                 if ((fd = open(procname, O_WRONLY)) < 0 ||
 877                     (fd = dupfd(fd, 0)) < 0) {
 878                         switch (errno) {
 879                         case ENOENT:
 880                                 rc = G_NOPROC;
 881                                 break;
 882                         case EMFILE:
 883                                 rc = G_NOFD;
 884                                 break;
 885                         default:
 886                                 dprintf("Pgrab: failed to open %s: %s\n",
 887                                     procname, strerror(errno));
 888                                 rc = G_STRANGE;
 889                                 break;
 890                         }
 891                         goto err;
 892                 }
 893                 P->ctlfd = fd;
 894         }
 895 
 896         P->state = PS_RUN;
 897         P->pid = pid;
 898 
 899         /*
 900          * We are now in the Window of Vulnerability (WoV).  The process may
 901          * exec() a setuid/setgid or unreadable object file between the open()
 902          * and the PCSTOP.  We will get EAGAIN in this case and must start over.
 903          * As Pstopstatus will trigger the first read() from a /proc file,
 904          * we also need to handle EOVERFLOW here when 32-bit as an indicator
 905          * that this process is 64-bit.  Finally, if the process has become
 906          * a zombie (PS_UNDEAD) while we were trying to grab it, just remain
 907          * silent about this and pretend there was no process.
 908          */
 909         if (Pstopstatus(P, PCNULL, 0) != 0) {
 910 #ifndef _LP64
 911                 if (errno == EOVERFLOW) {
 912                         rc = G_LP64;
 913                         goto err;
 914                 }
 915 #endif
 916                 if (P->state == PS_LOST) {   /* WoV */
 917                         (void) mutex_destroy(&P->proc_lock);
 918                         goto again;
 919                 }
 920 
 921                 if (P->state == PS_UNDEAD)
 922                         rc = G_NOPROC;
 923                 else
 924                         rc = G_STRANGE;
 925 
 926                 goto err;
 927         }
 928 
 929         /*
 930          * If the process is a system process, we can't control it even as root
 931          */
 932         if (P->status.pr_flags & PR_ISSYS) {
 933                 rc = G_SYS;
 934                 goto err;
 935         }
 936 #ifndef _LP64
 937         /*
 938          * We must be a 64-bit process to deal with a 64-bit process
 939          */
 940         if (P->status.pr_dmodel == PR_MODEL_LP64) {
 941                 rc = G_LP64;
 942                 goto err;
 943         }
 944 #endif
 945 
 946         /*
 947          * Remember the status for use by Prelease().
 948          */
 949         P->orig_status = P->status;       /* structure copy */
 950 
 951         /*
 952          * Before stopping the process, make sure we are not grabbing ourselves.
 953          * If we are, make sure we are doing it PGRAB_RDONLY.
 954          */
 955         if (pid == getpid()) {
 956                 /*
 957                  * Verify that the process is really ourself:
 958                  * Set a magic number, read it through the
 959                  * /proc file and see if the results match.
 960                  */
 961                 uint32_t magic1 = 0;
 962                 uint32_t magic2 = 2;
 963 
 964                 errno = 0;
 965 
 966                 if (Pread(P, &magic2, sizeof (magic2), (uintptr_t)&magic1)
 967                     == sizeof (magic2) &&
 968                     magic2 == 0 &&
 969                     (magic1 = 0xfeedbeef) &&
 970                     Pread(P, &magic2, sizeof (magic2), (uintptr_t)&magic1)
 971                     == sizeof (magic2) &&
 972                     magic2 == 0xfeedbeef &&
 973                     !(flags & PGRAB_RDONLY)) {
 974                         rc = G_SELF;
 975                         goto err;
 976                 }
 977         }
 978 
 979         /*
 980          * If the process is already stopped or has been directed
 981          * to stop via /proc, do not set run-on-last-close.
 982          */
 983         if (!(P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) &&
 984             !(flags & PGRAB_RDONLY)) {
 985                 /*
 986                  * Mark the process run-on-last-close so
 987                  * it runs even if we die from SIGKILL.
 988                  */
 989                 if (Psetflags(P, PR_RLC) != 0) {
 990                         if (errno == EAGAIN) {  /* WoV */
 991                                 (void) mutex_destroy(&P->proc_lock);
 992                                 goto again;
 993                         }
 994                         if (errno == ENOENT)    /* No complaint about zombies */
 995                                 rc = G_ZOMB;
 996                         else {
 997                                 dprintf("Pgrab: failed to set RLC\n");
 998                                 rc = G_STRANGE;
 999                         }
1000                         goto err;
1001                 }
1002         }
1003 
1004         /*
1005          * If a stop directive is pending and the process has not yet stopped,
1006          * then synchronously wait for the stop directive to take effect.
1007          * Limit the time spent waiting for the process to stop by iterating
1008          * at most 10 times. The time-out of 20 ms corresponds to the time
1009          * between sending the stop directive and the process actually stopped
1010          * as measured by DTrace on a slow, busy system. If the process doesn't
1011          * stop voluntarily, clear the PR_DSTOP flag so that the code below
1012          * forces the process to stop.
1013          */
1014         if (!(flags & PGRAB_RDONLY)) {
1015                 int niter = 0;
1016                 while ((P->status.pr_lwp.pr_flags & (PR_STOPPED|PR_DSTOP)) ==
1017                     PR_DSTOP && niter < 10 &&
1018                     Pstopstatus(P, PCTWSTOP, 20) != 0) {
1019                         niter++;
1020                         if (flags & PGRAB_NOSTOP)
1021                                 break;
1022                 }
1023                 if (niter == 10 && !(flags & PGRAB_NOSTOP)) {
1024                         /* Try it harder down below */
1025                         P->status.pr_lwp.pr_flags &= ~PR_DSTOP;
1026                 }
1027         }
1028 
1029         /*
1030          * If the process is not already stopped or directed to stop
1031          * and PGRAB_NOSTOP was not specified, stop the process now.
1032          */
1033         if (!(P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) &&
1034             !(flags & PGRAB_NOSTOP)) {
1035                 /*
1036                  * Stop the process, get its status and signal/syscall masks.
1037                  */
1038                 if (((P->status.pr_lwp.pr_flags & PR_STOPPED) &&
1039                     Pstopstatus(P, PCDSTOP, 0) != 0) ||
1040                     Pstopstatus(P, PCSTOP, 2000) != 0) {
1041 #ifndef _LP64
1042                         if (errno == EOVERFLOW) {
1043                                 rc = G_LP64;
1044                                 goto err;
1045                         }
1046 #endif
1047                         if (P->state == PS_LOST) {   /* WoV */
1048                                 (void) mutex_destroy(&P->proc_lock);
1049                                 goto again;
1050                         }
1051                         if ((errno != EINTR && errno != ERESTART) ||
1052                             (P->state != PS_STOP &&
1053                             !(P->status.pr_flags & PR_DSTOP))) {
1054                                 if (P->state != PS_RUN && errno != ENOENT) {
1055                                         dprintf("Pgrab: failed to PCSTOP\n");
1056                                         rc = G_STRANGE;
1057                                 } else {
1058                                         rc = G_ZOMB;
1059                                 }
1060                                 goto err;
1061                         }
1062                 }
1063 
1064                 /*
1065                  * Process should now either be stopped via /proc or there
1066                  * should be an outstanding stop directive.
1067                  */
1068                 if (!(P->status.pr_flags & (PR_ISTOP|PR_DSTOP))) {
1069                         dprintf("Pgrab: process is not stopped\n");
1070                         rc = G_STRANGE;
1071                         goto err;
1072                 }
1073 #ifndef _LP64
1074                 /*
1075                  * Test this again now because the 32-bit victim process may
1076                  * have exec'd a 64-bit process in the meantime.
1077                  */
1078                 if (P->status.pr_dmodel == PR_MODEL_LP64) {
1079                         rc = G_LP64;
1080                         goto err;
1081                 }
1082 #endif
1083         }
1084 
1085         /*
1086          * Cancel all tracing flags unless the PGRAB_RETAIN flag is set.
1087          */
1088         if (!(flags & PGRAB_RETAIN)) {
1089                 (void) Psysentry(P, 0, FALSE);
1090                 (void) Psysexit(P, 0, FALSE);
1091                 (void) Psignal(P, 0, FALSE);
1092                 (void) Pfault(P, 0, FALSE);
1093                 Psync(P);
1094         }
1095 
1096         *perr = 0;
1097         return (P);
1098 
1099 err:
1100         Pfree(P);
1101         *perr = rc;
1102         return (NULL);
1103 }
1104 
1105 /*
1106  * Return a printable string corresponding to a Pgrab() error return.
1107  */
1108 const char *
1109 Pgrab_error(int error)
1110 {
1111         const char *str;
1112 
1113         switch (error) {
1114         case G_NOPROC:
1115                 str = "no such process";
1116                 break;
1117         case G_NOCORE:
1118                 str = "no such core file";
1119                 break;
1120         case G_NOPROCORCORE:
1121                 str = "no such process or core file";
1122                 break;
1123         case G_NOEXEC:
1124                 str = "cannot find executable file";
1125                 break;
1126         case G_ZOMB:
1127                 str = "zombie process";
1128                 break;
1129         case G_PERM:
1130                 str = "permission denied";
1131                 break;
1132         case G_BUSY:
1133                 str = "process is traced";
1134                 break;
1135         case G_SYS:
1136                 str = "system process";
1137                 break;
1138         case G_SELF:
1139                 str = "attempt to grab self";
1140                 break;
1141         case G_INTR:
1142                 str = "operation interrupted";
1143                 break;
1144         case G_LP64:
1145                 str = "program is _LP64, self is not";
1146                 break;
1147         case G_FORMAT:
1148                 str = "file is not an ELF core file";
1149                 break;
1150         case G_ELF:
1151                 str = "libelf error";
1152                 break;
1153         case G_NOTE:
1154                 str = "core file is corrupt or missing required data";
1155                 break;
1156         case G_STRANGE:
1157                 str = "unanticipated system error";
1158                 break;
1159         case G_ISAINVAL:
1160                 str = "wrong ELF machine type";
1161                 break;
1162         case G_BADLWPS:
1163                 str = "bad lwp specification";
1164                 break;
1165         case G_NOFD:
1166                 str = "too many open files";
1167                 break;
1168         default:
1169                 str = "unknown error";
1170                 break;
1171         }
1172 
1173         return (str);
1174 }
1175 
1176 /*
1177  * Free a process control structure.
1178  * Close the file descriptors but don't do the Prelease logic.
1179  */
1180 void
1181 Pfree(struct ps_prochandle *P)
1182 {
1183         uint_t i;
1184 
1185         if (P->ucaddrs != NULL) {
1186                 free(P->ucaddrs);
1187                 P->ucaddrs = NULL;
1188                 P->ucnelems = 0;
1189         }
1190 
1191         (void) mutex_lock(&P->proc_lock);
1192         if (P->hashtab != NULL) {
1193                 struct ps_lwphandle *L;
1194                 for (i = 0; i < HASHSIZE; i++) {
1195                         while ((L = P->hashtab[i]) != NULL)
1196                                 Lfree_internal(P, L);
1197                 }
1198                 free(P->hashtab);
1199         }
1200 
1201         while (P->num_fd > 0) {
1202                 fd_info_t *fip = list_next(&P->fd_head);
1203                 list_unlink(fip);
1204                 free(fip);
1205                 P->num_fd--;
1206         }
1207         (void) mutex_unlock(&P->proc_lock);
1208         (void) mutex_destroy(&P->proc_lock);
1209 
1210         if (P->agentctlfd >= 0)
1211                 (void) close(P->agentctlfd);
1212         if (P->agentstatfd >= 0)
1213                 (void) close(P->agentstatfd);
1214         if (P->ctlfd >= 0)
1215                 (void) close(P->ctlfd);
1216         if (P->asfd >= 0)
1217                 (void) close(P->asfd);
1218         if (P->statfd >= 0)
1219                 (void) close(P->statfd);
1220         Preset_maps(P);
1221         P->ops.pop_fini(P, P->data);
1222 
1223         /* clear out the structure as a precaution against reuse */
1224         (void) memset(P, 0, sizeof (*P));
1225         P->ctlfd = -1;
1226         P->asfd = -1;
1227         P->statfd = -1;
1228         P->agentctlfd = -1;
1229         P->agentstatfd = -1;
1230 
1231         free(P);
1232 }
1233 
1234 /*
1235  * Return the state of the process, one of the PS_* values.
1236  */
1237 int
1238 Pstate(struct ps_prochandle *P)
1239 {
1240         return (P->state);
1241 }
1242 
1243 /*
1244  * Return the open address space file descriptor for the process.
1245  * Clients must not close this file descriptor, not use it
1246  * after the process is freed.
1247  */
1248 int
1249 Pasfd(struct ps_prochandle *P)
1250 {
1251         return (P->asfd);
1252 }
1253 
1254 /*
1255  * Return the open control file descriptor for the process.
1256  * Clients must not close this file descriptor, not use it
1257  * after the process is freed.
1258  */
1259 int
1260 Pctlfd(struct ps_prochandle *P)
1261 {
1262         return (P->ctlfd);
1263 }
1264 
1265 /*
1266  * Return a pointer to the process psinfo structure.
1267  * Clients should not hold on to this pointer indefinitely.
1268  * It will become invalid on Prelease().
1269  */
1270 const psinfo_t *
1271 Ppsinfo(struct ps_prochandle *P)
1272 {
1273         return (P->ops.pop_psinfo(P, &P->psinfo, P->data));
1274 }
1275 
1276 /*
1277  * Return a pointer to the process status structure.
1278  * Clients should not hold on to this pointer indefinitely.
1279  * It will become invalid on Prelease().
1280  */
1281 const pstatus_t *
1282 Pstatus(struct ps_prochandle *P)
1283 {
1284         return (&P->status);
1285 }
1286 
1287 static void
1288 Pread_status(struct ps_prochandle *P)
1289 {
1290         P->ops.pop_status(P, &P->status, P->data);
1291 }
1292 
1293 /*
1294  * Fill in a pointer to a process credentials structure.  The ngroups parameter
1295  * is the number of supplementary group entries allocated in the caller's cred
1296  * structure.  It should equal zero or one unless extra space has been
1297  * allocated for the group list by the caller.
1298  */
1299 int
1300 Pcred(struct ps_prochandle *P, prcred_t *pcrp, int ngroups)
1301 {
1302         return (P->ops.pop_cred(P, pcrp, ngroups, P->data));
1303 }
1304 
1305 /* Return an allocated prsecflags_t */
1306 int
1307 Psecflags(struct ps_prochandle *P, prsecflags_t **psf)
1308 {
1309         int ret;
1310 
1311         if ((ret = P->ops.pop_secflags(P, psf, P->data)) == 0) {
1312                 if ((*psf)->pr_version != PRSECFLAGS_VERSION_1) {
1313                         errno = EINVAL;
1314                         return (-1);
1315                 }
1316         }
1317 
1318         return (ret);
1319 }
1320 
1321 void
1322 Psecflags_free(prsecflags_t *psf)
1323 {
1324         free(psf);
1325 }
1326 
1327 static prheader_t *
1328 Plstatus(struct ps_prochandle *P)
1329 {
1330         return (P->ops.pop_lstatus(P, P->data));
1331 }
1332 
1333 static prheader_t *
1334 Plpsinfo(struct ps_prochandle *P)
1335 {
1336         return (P->ops.pop_lpsinfo(P, P->data));
1337 }
1338 
1339 
1340 #if defined(__i386) || defined(__amd64)
1341 /*
1342  * Fill in a pointer to a process LDT structure.
1343  * The caller provides a buffer of size 'nldt * sizeof (struct ssd)';
1344  * If pldt == NULL or nldt == 0, we return the number of existing LDT entries.
1345  * Otherwise we return the actual number of LDT entries fetched (<= nldt).
1346  */
1347 int
1348 Pldt(struct ps_prochandle *P, struct ssd *pldt, int nldt)
1349 {
1350         return (P->ops.pop_ldt(P, pldt, nldt, P->data));
1351 
1352 }
1353 #endif  /* __i386 */
1354 
1355 /* ARGSUSED */
1356 void
1357 Ppriv_free(struct ps_prochandle *P, prpriv_t *prv)
1358 {
1359         free(prv);
1360 }
1361 
1362 /*
1363  * Return a malloced process privilege structure in *pprv.
1364  */
1365 int
1366 Ppriv(struct ps_prochandle *P, prpriv_t **pprv)
1367 {
1368         return (P->ops.pop_priv(P, pprv, P->data));
1369 }
1370 
1371 int
1372 Psetpriv(struct ps_prochandle *P, prpriv_t *pprv)
1373 {
1374         int rc;
1375         long *ctl;
1376         size_t sz;
1377 
1378         if (P->state == PS_DEAD) {
1379                 errno = EBADF;
1380                 return (-1);
1381         }
1382 
1383         sz = PRIV_PRPRIV_SIZE(pprv) + sizeof (long);
1384 
1385         sz = ((sz - 1) / sizeof (long) + 1) * sizeof (long);
1386 
1387         ctl = malloc(sz);
1388         if (ctl == NULL)
1389                 return (-1);
1390 
1391         ctl[0] = PCSPRIV;
1392 
1393         (void) memcpy(&ctl[1], pprv, PRIV_PRPRIV_SIZE(pprv));
1394 
1395         if (write(P->ctlfd, ctl, sz) != sz)
1396                 rc = -1;
1397         else
1398                 rc = 0;
1399 
1400         free(ctl);
1401 
1402         return (rc);
1403 }
1404 
1405 void *
1406 Pprivinfo(struct ps_prochandle *P)
1407 {
1408         core_info_t *core = P->data;
1409 
1410         /* Use default from libc */
1411         if (P->state != PS_DEAD)
1412                 return (NULL);
1413 
1414         return (core->core_privinfo);
1415 }
1416 
1417 /*
1418  * Ensure that all cached state is written to the process.
1419  * The cached state is the LWP's signal mask and registers
1420  * and the process's tracing flags.
1421  */
1422 void
1423 Psync(struct ps_prochandle *P)
1424 {
1425         int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
1426         long cmd[6];
1427         iovec_t iov[12];
1428         int n = 0;
1429 
1430         if (P->flags & SETHOLD) {
1431                 cmd[0] = PCSHOLD;
1432                 iov[n].iov_base = (caddr_t)&cmd[0];
1433                 iov[n++].iov_len = sizeof (long);
1434                 iov[n].iov_base = (caddr_t)&P->status.pr_lwp.pr_lwphold;
1435                 iov[n++].iov_len = sizeof (P->status.pr_lwp.pr_lwphold);
1436         }
1437         if (P->flags & SETREGS) {
1438                 cmd[1] = PCSREG;
1439 #ifdef __i386
1440                 /* XX64 we should probably restore REG_GS after this */
1441                 if (ctlfd == P->agentctlfd)
1442                         P->status.pr_lwp.pr_reg[GS] = 0;
1443 #elif defined(__amd64)
1444                 /* XX64 */
1445 #endif
1446                 iov[n].iov_base = (caddr_t)&cmd[1];
1447                 iov[n++].iov_len = sizeof (long);
1448                 iov[n].iov_base = (caddr_t)&P->status.pr_lwp.pr_reg[0];
1449                 iov[n++].iov_len = sizeof (P->status.pr_lwp.pr_reg);
1450         }
1451         if (P->flags & SETSIG) {
1452                 cmd[2] = PCSTRACE;
1453                 iov[n].iov_base = (caddr_t)&cmd[2];
1454                 iov[n++].iov_len = sizeof (long);
1455                 iov[n].iov_base = (caddr_t)&P->status.pr_sigtrace;
1456                 iov[n++].iov_len = sizeof (P->status.pr_sigtrace);
1457         }
1458         if (P->flags & SETFAULT) {
1459                 cmd[3] = PCSFAULT;
1460                 iov[n].iov_base = (caddr_t)&cmd[3];
1461                 iov[n++].iov_len = sizeof (long);
1462                 iov[n].iov_base = (caddr_t)&P->status.pr_flttrace;
1463                 iov[n++].iov_len = sizeof (P->status.pr_flttrace);
1464         }
1465         if (P->flags & SETENTRY) {
1466                 cmd[4] = PCSENTRY;
1467                 iov[n].iov_base = (caddr_t)&cmd[4];
1468                 iov[n++].iov_len = sizeof (long);
1469                 iov[n].iov_base = (caddr_t)&P->status.pr_sysentry;
1470                 iov[n++].iov_len = sizeof (P->status.pr_sysentry);
1471         }
1472         if (P->flags & SETEXIT) {
1473                 cmd[5] = PCSEXIT;
1474                 iov[n].iov_base = (caddr_t)&cmd[5];
1475                 iov[n++].iov_len = sizeof (long);
1476                 iov[n].iov_base = (caddr_t)&P->status.pr_sysexit;
1477                 iov[n++].iov_len = sizeof (P->status.pr_sysexit);
1478         }
1479 
1480         if (n == 0 || writev(ctlfd, iov, n) < 0)
1481                 return;         /* nothing to do or write failed */
1482 
1483         P->flags &= ~(SETSIG|SETFAULT|SETENTRY|SETEXIT|SETHOLD|SETREGS);
1484 }
1485 
1486 /*
1487  * Reopen the /proc file (after PS_LOST).
1488  */
1489 int
1490 Preopen(struct ps_prochandle *P)
1491 {
1492         int fd;
1493         char procname[PATH_MAX];
1494         char *fname;
1495 
1496         if (P->state == PS_DEAD || P->state == PS_IDLE)
1497                 return (0);
1498 
1499         if (P->agentcnt > 0) {
1500                 P->agentcnt = 1;
1501                 Pdestroy_agent(P);
1502         }
1503 
1504         (void) snprintf(procname, sizeof (procname), "%s/%d/",
1505             procfs_path, (int)P->pid);
1506         fname = procname + strlen(procname);
1507 
1508         (void) strcpy(fname, "as");
1509         if ((fd = open(procname, O_RDWR)) < 0 ||
1510             close(P->asfd) < 0 ||
1511             (fd = dupfd(fd, P->asfd)) != P->asfd) {
1512                 dprintf("Preopen: failed to open %s: %s\n",
1513                     procname, strerror(errno));
1514                 if (fd >= 0)
1515                         (void) close(fd);
1516                 return (-1);
1517         }
1518         P->asfd = fd;
1519 
1520         (void) strcpy(fname, "status");
1521         if ((fd = open(procname, O_RDONLY)) < 0 ||
1522             close(P->statfd) < 0 ||
1523             (fd = dupfd(fd, P->statfd)) != P->statfd) {
1524                 dprintf("Preopen: failed to open %s: %s\n",
1525                     procname, strerror(errno));
1526                 if (fd >= 0)
1527                         (void) close(fd);
1528                 return (-1);
1529         }
1530         P->statfd = fd;
1531 
1532         (void) strcpy(fname, "ctl");
1533         if ((fd = open(procname, O_WRONLY)) < 0 ||
1534             close(P->ctlfd) < 0 ||
1535             (fd = dupfd(fd, P->ctlfd)) != P->ctlfd) {
1536                 dprintf("Preopen: failed to open %s: %s\n",
1537                     procname, strerror(errno));
1538                 if (fd >= 0)
1539                         (void) close(fd);
1540                 return (-1);
1541         }
1542         P->ctlfd = fd;
1543 
1544         /*
1545          * Set the state to PS_RUN and wait for the process to stop so that
1546          * we re-read the status from the new P->statfd.  If this fails, Pwait
1547          * will reset the state to PS_LOST and we fail the reopen.  Before
1548          * returning, we also forge a bit of P->status to allow the debugger to
1549          * see that we are PS_LOST following a successful exec.
1550          */
1551         P->state = PS_RUN;
1552         if (Pwait(P, 0) == -1) {
1553 #ifdef _ILP32
1554                 if (errno == EOVERFLOW)
1555                         P->status.pr_dmodel = PR_MODEL_LP64;
1556 #endif
1557                 P->status.pr_lwp.pr_why = PR_SYSEXIT;
1558                 P->status.pr_lwp.pr_what = SYS_execve;
1559                 P->status.pr_lwp.pr_errno = 0;
1560                 return (-1);
1561         }
1562 
1563         /*
1564          * The process should be stopped on exec (REQUESTED)
1565          * or else should be stopped on exit from exec() (SYSEXIT)
1566          */
1567         if (P->state == PS_STOP &&
1568             (P->status.pr_lwp.pr_why == PR_REQUESTED ||
1569             (P->status.pr_lwp.pr_why == PR_SYSEXIT &&
1570             P->status.pr_lwp.pr_what == SYS_execve))) {
1571                 /* fake up stop-on-exit-from-execve */
1572                 if (P->status.pr_lwp.pr_why == PR_REQUESTED) {
1573                         P->status.pr_lwp.pr_why = PR_SYSEXIT;
1574                         P->status.pr_lwp.pr_what = SYS_execve;
1575                         P->status.pr_lwp.pr_errno = 0;
1576                 }
1577         } else {
1578                 dprintf("Preopen: expected REQUESTED or "
1579                     "SYSEXIT(SYS_execve) stop\n");
1580         }
1581 
1582         return (0);
1583 }
1584 
1585 /*
1586  * Define all settable flags other than the microstate accounting flags.
1587  */
1588 #define ALL_SETTABLE_FLAGS (PR_FORK|PR_RLC|PR_KLC|PR_ASYNC|PR_BPTADJ|PR_PTRACE)
1589 
1590 /*
1591  * Restore /proc tracing flags to their original values
1592  * in preparation for releasing the process.
1593  * Also called by Pcreate() to clear all tracing flags.
1594  */
1595 static void
1596 restore_tracing_flags(struct ps_prochandle *P)
1597 {
1598         long flags;
1599         long cmd[4];
1600         iovec_t iov[8];
1601 
1602         if (P->flags & CREATED) {
1603                 /* we created this process; clear all tracing flags */
1604                 premptyset(&P->status.pr_sigtrace);
1605                 premptyset(&P->status.pr_flttrace);
1606                 premptyset(&P->status.pr_sysentry);
1607                 premptyset(&P->status.pr_sysexit);
1608                 if ((P->status.pr_flags & ALL_SETTABLE_FLAGS) != 0)
1609                         (void) Punsetflags(P, ALL_SETTABLE_FLAGS);
1610         } else {
1611                 /* we grabbed the process; restore its tracing flags */
1612                 P->status.pr_sigtrace = P->orig_status.pr_sigtrace;
1613                 P->status.pr_flttrace = P->orig_status.pr_flttrace;
1614                 P->status.pr_sysentry = P->orig_status.pr_sysentry;
1615                 P->status.pr_sysexit  = P->orig_status.pr_sysexit;
1616                 if ((P->status.pr_flags & ALL_SETTABLE_FLAGS) !=
1617                     (flags = (P->orig_status.pr_flags & ALL_SETTABLE_FLAGS))) {
1618                         (void) Punsetflags(P, ALL_SETTABLE_FLAGS);
1619                         if (flags)
1620                                 (void) Psetflags(P, flags);
1621                 }
1622         }
1623 
1624         cmd[0] = PCSTRACE;
1625         iov[0].iov_base = (caddr_t)&cmd[0];
1626         iov[0].iov_len = sizeof (long);
1627         iov[1].iov_base = (caddr_t)&P->status.pr_sigtrace;
1628         iov[1].iov_len = sizeof (P->status.pr_sigtrace);
1629 
1630         cmd[1] = PCSFAULT;
1631         iov[2].iov_base = (caddr_t)&cmd[1];
1632         iov[2].iov_len = sizeof (long);
1633         iov[3].iov_base = (caddr_t)&P->status.pr_flttrace;
1634         iov[3].iov_len = sizeof (P->status.pr_flttrace);
1635 
1636         cmd[2] = PCSENTRY;
1637         iov[4].iov_base = (caddr_t)&cmd[2];
1638         iov[4].iov_len = sizeof (long);
1639         iov[5].iov_base = (caddr_t)&P->status.pr_sysentry;
1640         iov[5].iov_len = sizeof (P->status.pr_sysentry);
1641 
1642         cmd[3] = PCSEXIT;
1643         iov[6].iov_base = (caddr_t)&cmd[3];
1644         iov[6].iov_len = sizeof (long);
1645         iov[7].iov_base = (caddr_t)&P->status.pr_sysexit;
1646         iov[7].iov_len = sizeof (P->status.pr_sysexit);
1647 
1648         (void) writev(P->ctlfd, iov, 8);
1649 
1650         P->flags &= ~(SETSIG|SETFAULT|SETENTRY|SETEXIT);
1651 }
1652 
1653 /*
1654  * Release the process.  Frees the process control structure.
1655  * flags:
1656  *      PRELEASE_CLEAR  Clear all tracing flags.
1657  *      PRELEASE_RETAIN Retain current tracing flags.
1658  *      PRELEASE_HANG   Leave the process stopped and abandoned.
1659  *      PRELEASE_KILL   Terminate the process with SIGKILL.
1660  */
1661 void
1662 Prelease(struct ps_prochandle *P, int flags)
1663 {
1664         if (P->state == PS_DEAD) {
1665                 dprintf("Prelease: releasing handle %p PS_DEAD of pid %d\n",
1666                     (void *)P, (int)P->pid);
1667                 Pfree(P);
1668                 return;
1669         }
1670 
1671         if (P->state == PS_IDLE) {
1672                 file_info_t *fptr = list_next(&P->file_head);
1673                 dprintf("Prelease: releasing handle %p PS_IDLE of file %s\n",
1674                     (void *)P, fptr->file_pname);
1675                 Pfree(P);
1676                 return;
1677         }
1678 
1679         dprintf("Prelease: releasing handle %p pid %d\n",
1680             (void *)P, (int)P->pid);
1681 
1682         if (P->ctlfd == -1) {
1683                 Pfree(P);
1684                 return;
1685         }
1686 
1687         if (P->agentcnt > 0) {
1688                 P->agentcnt = 1;
1689                 Pdestroy_agent(P);
1690         }
1691 
1692         /*
1693          * Attempt to stop the process.
1694          */
1695         P->state = PS_RUN;
1696         (void) Pstop(P, 1000);
1697 
1698         if (flags & PRELEASE_KILL) {
1699                 if (P->state == PS_STOP)
1700                         (void) Psetrun(P, SIGKILL, 0);
1701                 (void) kill(P->pid, SIGKILL);
1702                 Pfree(P);
1703                 return;
1704         }
1705 
1706         /*
1707          * If we lost control, all we can do now is close the files.
1708          * In this case, the last close sets the process running.
1709          */
1710         if (P->state != PS_STOP &&
1711             (P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) == 0) {
1712                 Pfree(P);
1713                 return;
1714         }
1715 
1716         /*
1717          * We didn't lose control; we do more.
1718          */
1719         Psync(P);
1720 
1721         if (flags & PRELEASE_CLEAR)
1722                 P->flags |= CREATED;
1723 
1724         if (!(flags & PRELEASE_RETAIN))
1725                 restore_tracing_flags(P);
1726 
1727         if (flags & PRELEASE_HANG) {
1728                 /* Leave the process stopped and abandoned */
1729                 (void) Punsetflags(P, PR_RLC|PR_KLC);
1730                 Pfree(P);
1731                 return;
1732         }
1733 
1734         /*
1735          * Set the process running if we created it or if it was
1736          * not originally stopped or directed to stop via /proc
1737          * or if we were given the PRELEASE_CLEAR flag.
1738          */
1739         if ((P->flags & CREATED) ||
1740             (P->orig_status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) == 0) {
1741                 (void) Psetflags(P, PR_RLC);
1742                 /*
1743                  * We do this repeatedly because the process may have
1744                  * more than one LWP stopped on an event of interest.
1745                  * This makes sure all of them are set running.
1746                  */
1747                 do {
1748                         if (Psetrun(P, 0, 0) == -1 && errno == EBUSY)
1749                                 break; /* Agent LWP may be stuck */
1750                 } while (Pstopstatus(P, PCNULL, 0) == 0 &&
1751                     P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP));
1752 
1753                 if (P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP))
1754                         dprintf("Prelease: failed to set process running\n");
1755         }
1756 
1757         Pfree(P);
1758 }
1759 
1760 /* debugging */
1761 void
1762 prldump(const char *caller, lwpstatus_t *lsp)
1763 {
1764         char name[32];
1765         uint32_t bits;
1766 
1767         switch (lsp->pr_why) {
1768         case PR_REQUESTED:
1769                 dprintf("%s: REQUESTED\n", caller);
1770                 break;
1771         case PR_SIGNALLED:
1772                 dprintf("%s: SIGNALLED %s\n", caller,
1773                     proc_signame(lsp->pr_what, name, sizeof (name)));
1774                 break;
1775         case PR_FAULTED:
1776                 dprintf("%s: FAULTED %s\n", caller,
1777                     proc_fltname(lsp->pr_what, name, sizeof (name)));
1778                 break;
1779         case PR_SYSENTRY:
1780                 dprintf("%s: SYSENTRY %s\n", caller,
1781                     proc_sysname(lsp->pr_what, name, sizeof (name)));
1782                 break;
1783         case PR_SYSEXIT:
1784                 dprintf("%s: SYSEXIT %s\n", caller,
1785                     proc_sysname(lsp->pr_what, name, sizeof (name)));
1786                 break;
1787         case PR_JOBCONTROL:
1788                 dprintf("%s: JOBCONTROL %s\n", caller,
1789                     proc_signame(lsp->pr_what, name, sizeof (name)));
1790                 break;
1791         case PR_SUSPENDED:
1792                 dprintf("%s: SUSPENDED\n", caller);
1793                 break;
1794         default:
1795                 dprintf("%s: Unknown\n", caller);
1796                 break;
1797         }
1798 
1799         if (lsp->pr_cursig)
1800                 dprintf("%s: p_cursig  = %d\n", caller, lsp->pr_cursig);
1801 
1802         bits = *((uint32_t *)&lsp->pr_lwppend);
1803         if (bits)
1804                 dprintf("%s: pr_lwppend = 0x%.8X\n", caller, bits);
1805 }
1806 
1807 /* debugging */
1808 static void
1809 prdump(struct ps_prochandle *P)
1810 {
1811         uint32_t bits;
1812 
1813         prldump("Pstopstatus", &P->status.pr_lwp);
1814 
1815         bits = *((uint32_t *)&P->status.pr_sigpend);
1816         if (bits)
1817                 dprintf("Pstopstatus: pr_sigpend = 0x%.8X\n", bits);
1818 }
1819 
1820 /*
1821  * Wait for the specified process to stop or terminate.
1822  * Or, just get the current status (PCNULL).
1823  * Or, direct it to stop and get the current status (PCDSTOP).
1824  * If the agent LWP exists, do these things to the agent,
1825  * else do these things to the process as a whole.
1826  */
1827 int
1828 Pstopstatus(struct ps_prochandle *P,
1829     long request,               /* PCNULL, PCDSTOP, PCSTOP, PCWSTOP */
1830     uint_t msec)                /* if non-zero, timeout in milliseconds */
1831 {
1832         int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
1833         long ctl[3];
1834         ssize_t rc;
1835         int err;
1836         int old_state = P->state;
1837 
1838         switch (P->state) {
1839         case PS_RUN:
1840                 break;
1841         case PS_STOP:
1842                 if (request != PCNULL && request != PCDSTOP)
1843                         return (0);
1844                 break;
1845         case PS_LOST:
1846                 if (request != PCNULL) {
1847                         errno = EAGAIN;
1848                         return (-1);
1849                 }
1850                 break;
1851         case PS_UNDEAD:
1852         case PS_DEAD:
1853         case PS_IDLE:
1854                 if (request != PCNULL) {
1855                         errno = ENOENT;
1856                         return (-1);
1857                 }
1858                 break;
1859         default:        /* corrupted state */
1860                 dprintf("Pstopstatus: corrupted state: %d\n", P->state);
1861                 errno = EINVAL;
1862                 return (-1);
1863         }
1864 
1865         ctl[0] = PCDSTOP;
1866         ctl[1] = PCTWSTOP;
1867         ctl[2] = (long)msec;
1868         rc = 0;
1869         switch (request) {
1870         case PCSTOP:
1871                 rc = write(ctlfd, &ctl[0], 3*sizeof (long));
1872                 break;
1873         case PCWSTOP:
1874                 rc = write(ctlfd, &ctl[1], 2*sizeof (long));
1875                 break;
1876         case PCDSTOP:
1877                 rc = write(ctlfd, &ctl[0], 1*sizeof (long));
1878                 break;
1879         case PCNULL:
1880                 if (P->state == PS_DEAD || P->state == PS_IDLE)
1881                         return (0);
1882                 break;
1883         default:        /* programming error */
1884                 errno = EINVAL;
1885                 return (-1);
1886         }
1887         err = (rc < 0)? errno : 0;
1888         Psync(P);
1889 
1890         if (P->agentstatfd < 0) {
1891                 if (pread(P->statfd, &P->status,
1892                     sizeof (P->status), (off_t)0) < 0)
1893                         err = errno;
1894         } else {
1895                 if (pread(P->agentstatfd, &P->status.pr_lwp,
1896                     sizeof (P->status.pr_lwp), (off_t)0) < 0)
1897                         err = errno;
1898                 P->status.pr_flags = P->status.pr_lwp.pr_flags;
1899         }
1900 
1901         if (err) {
1902                 switch (err) {
1903                 case EINTR:             /* user typed ctl-C */
1904                 case ERESTART:
1905                         dprintf("Pstopstatus: EINTR\n");
1906                         break;
1907                 case EAGAIN:            /* we lost control of the the process */
1908                 case EOVERFLOW:
1909                         dprintf("Pstopstatus: PS_LOST, errno=%d\n", err);
1910                         P->state = PS_LOST;
1911                         break;
1912                 default:                /* check for dead process */
1913                         if (_libproc_debug) {
1914                                 const char *errstr;
1915 
1916                                 switch (request) {
1917                                 case PCNULL:
1918                                         errstr = "Pstopstatus PCNULL"; break;
1919                                 case PCSTOP:
1920                                         errstr = "Pstopstatus PCSTOP"; break;
1921                                 case PCDSTOP:
1922                                         errstr = "Pstopstatus PCDSTOP"; break;
1923                                 case PCWSTOP:
1924                                         errstr = "Pstopstatus PCWSTOP"; break;
1925                                 default:
1926                                         errstr = "Pstopstatus PC???"; break;
1927                                 }
1928                                 dprintf("%s: %s\n", errstr, strerror(err));
1929                         }
1930                         deadcheck(P);
1931                         break;
1932                 }
1933                 if (err != EINTR && err != ERESTART) {
1934                         errno = err;
1935                         return (-1);
1936                 }
1937         }
1938 
1939         if (!(P->status.pr_flags & PR_STOPPED)) {
1940                 P->state = PS_RUN;
1941                 if (request == PCNULL || request == PCDSTOP || msec != 0)
1942                         return (0);
1943                 dprintf("Pstopstatus: process is not stopped\n");
1944                 errno = EPROTO;
1945                 return (-1);
1946         }
1947 
1948         P->state = PS_STOP;
1949 
1950         if (_libproc_debug)     /* debugging */
1951                 prdump(P);
1952 
1953         /*
1954          * If the process was already stopped coming into Pstopstatus(),
1955          * then don't use its PC to set P->sysaddr since it may have been
1956          * changed since the time the process originally stopped.
1957          */
1958         if (old_state == PS_STOP)
1959                 return (0);
1960 
1961         switch (P->status.pr_lwp.pr_why) {
1962         case PR_SYSENTRY:
1963         case PR_SYSEXIT:
1964                 if (Pissyscall_prev(P, P->status.pr_lwp.pr_reg[R_PC],
1965                     &P->sysaddr) == 0)
1966                         P->sysaddr = P->status.pr_lwp.pr_reg[R_PC];
1967                 break;
1968         case PR_REQUESTED:
1969         case PR_SIGNALLED:
1970         case PR_FAULTED:
1971         case PR_JOBCONTROL:
1972         case PR_SUSPENDED:
1973                 break;
1974         default:
1975                 errno = EPROTO;
1976                 return (-1);
1977         }
1978 
1979         return (0);
1980 }
1981 
1982 /*
1983  * Wait for the process to stop for any reason.
1984  */
1985 int
1986 Pwait(struct ps_prochandle *P, uint_t msec)
1987 {
1988         return (Pstopstatus(P, PCWSTOP, msec));
1989 }
1990 
1991 /*
1992  * Direct the process to stop; wait for it to stop.
1993  */
1994 int
1995 Pstop(struct ps_prochandle *P, uint_t msec)
1996 {
1997         return (Pstopstatus(P, PCSTOP, msec));
1998 }
1999 
2000 /*
2001  * Direct the process to stop; don't wait.
2002  */
2003 int
2004 Pdstop(struct ps_prochandle *P)
2005 {
2006         return (Pstopstatus(P, PCDSTOP, 0));
2007 }
2008 
2009 static void
2010 deadcheck(struct ps_prochandle *P)
2011 {
2012         int fd;
2013         void *buf;
2014         size_t size;
2015 
2016         if (P->statfd < 0)
2017                 P->state = PS_UNDEAD;
2018         else {
2019                 if (P->agentstatfd < 0) {
2020                         fd = P->statfd;
2021                         buf = &P->status;
2022                         size = sizeof (P->status);
2023                 } else {
2024                         fd = P->agentstatfd;
2025                         buf = &P->status.pr_lwp;
2026                         size = sizeof (P->status.pr_lwp);
2027                 }
2028                 while (pread(fd, buf, size, (off_t)0) != size) {
2029                         switch (errno) {
2030                         default:
2031                                 P->state = PS_UNDEAD;
2032                                 break;
2033                         case EINTR:
2034                         case ERESTART:
2035                                 continue;
2036                         case EAGAIN:
2037                                 P->state = PS_LOST;
2038                                 break;
2039                         }
2040                         break;
2041                 }
2042                 P->status.pr_flags = P->status.pr_lwp.pr_flags;
2043         }
2044 }
2045 
2046 /*
2047  * Get the value of one register from stopped process.
2048  */
2049 int
2050 Pgetareg(struct ps_prochandle *P, int regno, prgreg_t *preg)
2051 {
2052         if (regno < 0 || regno >= NPRGREG) {
2053                 errno = EINVAL;
2054                 return (-1);
2055         }
2056 
2057         if (P->state == PS_IDLE) {
2058                 errno = ENODATA;
2059                 return (-1);
2060         }
2061 
2062         if (P->state != PS_STOP && P->state != PS_DEAD) {
2063                 errno = EBUSY;
2064                 return (-1);
2065         }
2066 
2067         *preg = P->status.pr_lwp.pr_reg[regno];
2068         return (0);
2069 }
2070 
2071 /*
2072  * Put value of one register into stopped process.
2073  */
2074 int
2075 Pputareg(struct ps_prochandle *P, int regno, prgreg_t reg)
2076 {
2077         if (regno < 0 || regno >= NPRGREG) {
2078                 errno = EINVAL;
2079                 return (-1);
2080         }
2081 
2082         if (P->state != PS_STOP) {
2083                 errno = EBUSY;
2084                 return (-1);
2085         }
2086 
2087         P->status.pr_lwp.pr_reg[regno] = reg;
2088         P->flags |= SETREGS; /* set registers before continuing */
2089         return (0);
2090 }
2091 
2092 int
2093 Psetrun(struct ps_prochandle *P,
2094     int sig,    /* signal to pass to process */
2095     int flags)  /* PRSTEP|PRSABORT|PRSTOP|PRCSIG|PRCFAULT */
2096 {
2097         int ctlfd = (P->agentctlfd >= 0) ? P->agentctlfd : P->ctlfd;
2098         int sbits = (PR_DSTOP | PR_ISTOP | PR_ASLEEP);
2099 
2100         long ctl[1 +                                    /* PCCFAULT     */
2101             1 + sizeof (siginfo_t)/sizeof (long) +      /* PCSSIG/PCCSIG */
2102             2 ];                                        /* PCRUN        */
2103 
2104         long *ctlp = ctl;
2105         size_t size;
2106 
2107         if (P->state != PS_STOP && (P->status.pr_lwp.pr_flags & sbits) == 0) {
2108                 errno = EBUSY;
2109                 return (-1);
2110         }
2111 
2112         Psync(P);       /* flush tracing flags and registers */
2113 
2114         if (flags & PRCFAULT) {             /* clear current fault */
2115                 *ctlp++ = PCCFAULT;
2116                 flags &= ~PRCFAULT;
2117         }
2118 
2119         if (flags & PRCSIG) {               /* clear current signal */
2120                 *ctlp++ = PCCSIG;
2121                 flags &= ~PRCSIG;
2122         } else if (sig && sig != P->status.pr_lwp.pr_cursig) {
2123                 /* make current signal */
2124                 siginfo_t *infop;
2125 
2126                 *ctlp++ = PCSSIG;
2127                 infop = (siginfo_t *)ctlp;
2128                 (void) memset(infop, 0, sizeof (*infop));
2129                 infop->si_signo = sig;
2130                 ctlp += sizeof (siginfo_t) / sizeof (long);
2131         }
2132 
2133         *ctlp++ = PCRUN;
2134         *ctlp++ = flags;
2135         size = (char *)ctlp - (char *)ctl;
2136 
2137         P->info_valid = 0;   /* will need to update map and file info */
2138 
2139         /*
2140          * If we've cached ucontext-list information while we were stopped,
2141          * free it now.
2142          */
2143         if (P->ucaddrs != NULL) {
2144                 free(P->ucaddrs);
2145                 P->ucaddrs = NULL;
2146                 P->ucnelems = 0;
2147         }
2148 
2149         if (write(ctlfd, ctl, size) != size) {
2150                 /* If it is dead or lost, return the real status, not PS_RUN */
2151                 if (errno == ENOENT || errno == EAGAIN) {
2152                         (void) Pstopstatus(P, PCNULL, 0);
2153                         return (0);
2154                 }
2155                 /* If it is not in a jobcontrol stop, issue an error message */
2156                 if (errno != EBUSY ||
2157                     P->status.pr_lwp.pr_why != PR_JOBCONTROL) {
2158                         dprintf("Psetrun: %s\n", strerror(errno));
2159                         return (-1);
2160                 }
2161                 /* Otherwise pretend that the job-stopped process is running */
2162         }
2163 
2164         P->state = PS_RUN;
2165         return (0);
2166 }
2167 
2168 ssize_t
2169 Pread(struct ps_prochandle *P,
2170     void *buf,          /* caller's buffer */
2171     size_t nbyte,       /* number of bytes to read */
2172     uintptr_t address)  /* address in process */
2173 {
2174         return (P->ops.pop_pread(P, buf, nbyte, address, P->data));
2175 }
2176 
2177 ssize_t
2178 Pread_string(struct ps_prochandle *P,
2179     char *buf,                  /* caller's buffer */
2180     size_t size,                /* upper limit on bytes to read */
2181     uintptr_t addr)             /* address in process */
2182 {
2183         enum { STRSZ = 40 };
2184         char string[STRSZ + 1];
2185         ssize_t leng = 0;
2186         int nbyte;
2187 
2188         if (size < 2) {
2189                 errno = EINVAL;
2190                 return (-1);
2191         }
2192 
2193         size--;                 /* ensure trailing null fits in buffer */
2194 
2195         *buf = '\0';
2196         string[STRSZ] = '\0';
2197 
2198         for (nbyte = STRSZ; nbyte == STRSZ && leng < size; addr += STRSZ) {
2199                 if ((nbyte = P->ops.pop_pread(P, string, STRSZ, addr,
2200                     P->data)) <= 0) {
2201                         buf[leng] = '\0';
2202                         return (leng ? leng : -1);
2203                 }
2204                 if ((nbyte = strlen(string)) > 0) {
2205                         if (leng + nbyte > size)
2206                                 nbyte = size - leng;
2207                         (void) strncpy(buf + leng, string, nbyte);
2208                         leng += nbyte;
2209                 }
2210         }
2211         buf[leng] = '\0';
2212         return (leng);
2213 }
2214 
2215 ssize_t
2216 Pwrite(struct ps_prochandle *P,
2217     const void *buf,    /* caller's buffer */
2218     size_t nbyte,       /* number of bytes to write */
2219     uintptr_t address)  /* address in process */
2220 {
2221         return (P->ops.pop_pwrite(P, buf, nbyte, address, P->data));
2222 }
2223 
2224 int
2225 Pclearsig(struct ps_prochandle *P)
2226 {
2227         int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2228         long ctl = PCCSIG;
2229 
2230         if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
2231                 return (-1);
2232         P->status.pr_lwp.pr_cursig = 0;
2233         return (0);
2234 }
2235 
2236 int
2237 Pclearfault(struct ps_prochandle *P)
2238 {
2239         int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2240         long ctl = PCCFAULT;
2241 
2242         if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
2243                 return (-1);
2244         return (0);
2245 }
2246 
2247 /*
2248  * Set a breakpoint trap, return original instruction.
2249  */
2250 int
2251 Psetbkpt(struct ps_prochandle *P, uintptr_t address, ulong_t *saved)
2252 {
2253         long ctl[1 + sizeof (priovec_t) / sizeof (long) +       /* PCREAD */
2254             1 + sizeof (priovec_t) / sizeof (long)];    /* PCWRITE */
2255         long *ctlp = ctl;
2256         size_t size;
2257         priovec_t *iovp;
2258         instr_t bpt = BPT;
2259         instr_t old;
2260 
2261         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2262             P->state == PS_IDLE) {
2263                 errno = ENOENT;
2264                 return (-1);
2265         }
2266 
2267         /* fetch the old instruction */
2268         *ctlp++ = PCREAD;
2269         iovp = (priovec_t *)ctlp;
2270         iovp->pio_base = &old;
2271         iovp->pio_len = sizeof (old);
2272         iovp->pio_offset = address;
2273         ctlp += sizeof (priovec_t) / sizeof (long);
2274 
2275         /* write the BPT instruction */
2276         *ctlp++ = PCWRITE;
2277         iovp = (priovec_t *)ctlp;
2278         iovp->pio_base = &bpt;
2279         iovp->pio_len = sizeof (bpt);
2280         iovp->pio_offset = address;
2281         ctlp += sizeof (priovec_t) / sizeof (long);
2282 
2283         size = (char *)ctlp - (char *)ctl;
2284         if (write(P->ctlfd, ctl, size) != size)
2285                 return (-1);
2286 
2287         /*
2288          * Fail if there was already a breakpoint there from another debugger
2289          * or DTrace's user-level tracing on x86.
2290          */
2291         if (old == BPT) {
2292                 errno = EBUSY;
2293                 return (-1);
2294         }
2295 
2296         *saved = (ulong_t)old;
2297         return (0);
2298 }
2299 
2300 /*
2301  * Restore original instruction where a breakpoint was set.
2302  */
2303 int
2304 Pdelbkpt(struct ps_prochandle *P, uintptr_t address, ulong_t saved)
2305 {
2306         instr_t old = (instr_t)saved;
2307         instr_t cur;
2308 
2309         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2310             P->state == PS_IDLE) {
2311                 errno = ENOENT;
2312                 return (-1);
2313         }
2314 
2315         /*
2316          * If the breakpoint instruction we had placed has been overwritten
2317          * with a new instruction, then don't try to replace it with the
2318          * old instruction. Doing do can cause problems with self-modifying
2319          * code -- PLTs for example. If the Pread() fails, we assume that we
2320          * should proceed though most likely the Pwrite() will also fail.
2321          */
2322         if (Pread(P, &cur, sizeof (cur), address) == sizeof (cur) &&
2323             cur != BPT)
2324                 return (0);
2325 
2326         if (Pwrite(P, &old, sizeof (old), address) != sizeof (old))
2327                 return (-1);
2328 
2329         return (0);
2330 }
2331 
2332 /*
2333  * Common code for Pxecbkpt() and Lxecbkpt().
2334  * Develop the array of requests that will do the job, then
2335  * write them to the specified control file descriptor.
2336  * Return the non-zero errno if the write fails.
2337  */
2338 static int
2339 execute_bkpt(
2340         int ctlfd,              /* process or LWP control file descriptor */
2341         const fltset_t *faultset,       /* current set of traced faults */
2342         const sigset_t *sigmask,        /* current signal mask */
2343         uintptr_t address,              /* address of breakpint */
2344         ulong_t saved)                  /* the saved instruction */
2345 {
2346         long ctl[
2347             1 + sizeof (sigset_t) / sizeof (long) +             /* PCSHOLD */
2348             1 + sizeof (fltset_t) / sizeof (long) +             /* PCSFAULT */
2349             1 + sizeof (priovec_t) / sizeof (long) +            /* PCWRITE */
2350             2 +                                                 /* PCRUN */
2351             1 +                                                 /* PCWSTOP */
2352             1 +                                                 /* PCCFAULT */
2353             1 + sizeof (priovec_t) / sizeof (long) +            /* PCWRITE */
2354             1 + sizeof (fltset_t) / sizeof (long) +             /* PCSFAULT */
2355             1 + sizeof (sigset_t) / sizeof (long)];             /* PCSHOLD */
2356         long *ctlp = ctl;
2357         sigset_t unblock;
2358         size_t size;
2359         ssize_t ssize;
2360         priovec_t *iovp;
2361         sigset_t *holdp;
2362         fltset_t *faultp;
2363         instr_t old = (instr_t)saved;
2364         instr_t bpt = BPT;
2365         int error = 0;
2366 
2367         /* block our signals for the duration */
2368         (void) sigprocmask(SIG_BLOCK, &blockable_sigs, &unblock);
2369 
2370         /* hold posted signals */
2371         *ctlp++ = PCSHOLD;
2372         holdp = (sigset_t *)ctlp;
2373         prfillset(holdp);
2374         prdelset(holdp, SIGKILL);
2375         prdelset(holdp, SIGSTOP);
2376         ctlp += sizeof (sigset_t) / sizeof (long);
2377 
2378         /* force tracing of FLTTRACE */
2379         if (!(prismember(faultset, FLTTRACE))) {
2380                 *ctlp++ = PCSFAULT;
2381                 faultp = (fltset_t *)ctlp;
2382                 *faultp = *faultset;
2383                 praddset(faultp, FLTTRACE);
2384                 ctlp += sizeof (fltset_t) / sizeof (long);
2385         }
2386 
2387         /* restore the old instruction */
2388         *ctlp++ = PCWRITE;
2389         iovp = (priovec_t *)ctlp;
2390         iovp->pio_base = &old;
2391         iovp->pio_len = sizeof (old);
2392         iovp->pio_offset = address;
2393         ctlp += sizeof (priovec_t) / sizeof (long);
2394 
2395         /* clear current signal and fault; set running w/ single-step */
2396         *ctlp++ = PCRUN;
2397         *ctlp++ = PRCSIG | PRCFAULT | PRSTEP;
2398 
2399         /* wait for stop, cancel the fault */
2400         *ctlp++ = PCWSTOP;
2401         *ctlp++ = PCCFAULT;
2402 
2403         /* restore the breakpoint trap */
2404         *ctlp++ = PCWRITE;
2405         iovp = (priovec_t *)ctlp;
2406         iovp->pio_base = &bpt;
2407         iovp->pio_len = sizeof (bpt);
2408         iovp->pio_offset = address;
2409         ctlp += sizeof (priovec_t) / sizeof (long);
2410 
2411         /* restore fault tracing set */
2412         if (!(prismember(faultset, FLTTRACE))) {
2413                 *ctlp++ = PCSFAULT;
2414                 *(fltset_t *)ctlp = *faultset;
2415                 ctlp += sizeof (fltset_t) / sizeof (long);
2416         }
2417 
2418         /* restore the hold mask */
2419         *ctlp++ = PCSHOLD;
2420         *(sigset_t *)ctlp = *sigmask;
2421         ctlp += sizeof (sigset_t) / sizeof (long);
2422 
2423         size = (char *)ctlp - (char *)ctl;
2424         if ((ssize = write(ctlfd, ctl, size)) != size)
2425                 error = (ssize == -1)? errno : EINTR;
2426         (void) sigprocmask(SIG_SETMASK, &unblock, NULL);
2427         return (error);
2428 }
2429 
2430 /*
2431  * Step over a breakpoint, i.e., execute the instruction that
2432  * really belongs at the breakpoint location (the current %pc)
2433  * and leave the process stopped at the next instruction.
2434  */
2435 int
2436 Pxecbkpt(struct ps_prochandle *P, ulong_t saved)
2437 {
2438         int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2439         int rv, error;
2440 
2441         if (P->state != PS_STOP) {
2442                 errno = EBUSY;
2443                 return (-1);
2444         }
2445 
2446         Psync(P);
2447 
2448         error = execute_bkpt(ctlfd,
2449             &P->status.pr_flttrace, &P->status.pr_lwp.pr_lwphold,
2450             P->status.pr_lwp.pr_reg[R_PC], saved);
2451         rv = Pstopstatus(P, PCNULL, 0);
2452 
2453         if (error != 0) {
2454                 if (P->status.pr_lwp.pr_why == PR_JOBCONTROL &&
2455                     error == EBUSY) {   /* jobcontrol stop -- back off */
2456                         P->state = PS_RUN;
2457                         return (0);
2458                 }
2459                 if (error == ENOENT)
2460                         return (0);
2461                 errno = error;
2462                 return (-1);
2463         }
2464 
2465         return (rv);
2466 }
2467 
2468 /*
2469  * Install the watchpoint described by wp.
2470  */
2471 int
2472 Psetwapt(struct ps_prochandle *P, const prwatch_t *wp)
2473 {
2474         long ctl[1 + sizeof (prwatch_t) / sizeof (long)];
2475         prwatch_t *cwp = (prwatch_t *)&ctl[1];
2476 
2477         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2478             P->state == PS_IDLE) {
2479                 errno = ENOENT;
2480                 return (-1);
2481         }
2482 
2483         ctl[0] = PCWATCH;
2484         cwp->pr_vaddr = wp->pr_vaddr;
2485         cwp->pr_size = wp->pr_size;
2486         cwp->pr_wflags = wp->pr_wflags;
2487 
2488         if (write(P->ctlfd, ctl, sizeof (ctl)) != sizeof (ctl))
2489                 return (-1);
2490 
2491         return (0);
2492 }
2493 
2494 /*
2495  * Remove the watchpoint described by wp.
2496  */
2497 int
2498 Pdelwapt(struct ps_prochandle *P, const prwatch_t *wp)
2499 {
2500         long ctl[1 + sizeof (prwatch_t) / sizeof (long)];
2501         prwatch_t *cwp = (prwatch_t *)&ctl[1];
2502 
2503         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2504             P->state == PS_IDLE) {
2505                 errno = ENOENT;
2506                 return (-1);
2507         }
2508 
2509         ctl[0] = PCWATCH;
2510         cwp->pr_vaddr = wp->pr_vaddr;
2511         cwp->pr_size = wp->pr_size;
2512         cwp->pr_wflags = 0;
2513 
2514         if (write(P->ctlfd, ctl, sizeof (ctl)) != sizeof (ctl))
2515                 return (-1);
2516 
2517         return (0);
2518 }
2519 
2520 /*
2521  * Common code for Pxecwapt() and Lxecwapt().  Develop the array of requests
2522  * that will do the job, then write them to the specified control file
2523  * descriptor.  Return the non-zero errno if the write fails.
2524  */
2525 static int
2526 execute_wapt(
2527         int ctlfd,              /* process or LWP control file descriptor */
2528         const fltset_t *faultset,       /* current set of traced faults */
2529         const sigset_t *sigmask,        /* current signal mask */
2530         const prwatch_t *wp)            /* watchpoint descriptor */
2531 {
2532         long ctl[
2533             1 + sizeof (sigset_t) / sizeof (long) +             /* PCSHOLD */
2534             1 + sizeof (fltset_t) / sizeof (long) +             /* PCSFAULT */
2535             1 + sizeof (prwatch_t) / sizeof (long) +            /* PCWATCH */
2536             2 +                                                 /* PCRUN */
2537             1 +                                                 /* PCWSTOP */
2538             1 +                                                 /* PCCFAULT */
2539             1 + sizeof (prwatch_t) / sizeof (long) +            /* PCWATCH */
2540             1 + sizeof (fltset_t) / sizeof (long) +             /* PCSFAULT */
2541             1 + sizeof (sigset_t) / sizeof (long)];             /* PCSHOLD */
2542 
2543         long *ctlp = ctl;
2544         int error = 0;
2545 
2546         sigset_t unblock;
2547         sigset_t *holdp;
2548         fltset_t *faultp;
2549         prwatch_t *prw;
2550         ssize_t ssize;
2551         size_t size;
2552 
2553         (void) sigprocmask(SIG_BLOCK, &blockable_sigs, &unblock);
2554 
2555         /*
2556          * Hold all posted signals in the victim process prior to stepping.
2557          */
2558         *ctlp++ = PCSHOLD;
2559         holdp = (sigset_t *)ctlp;
2560         prfillset(holdp);
2561         prdelset(holdp, SIGKILL);
2562         prdelset(holdp, SIGSTOP);
2563         ctlp += sizeof (sigset_t) / sizeof (long);
2564 
2565         /*
2566          * Force tracing of FLTTRACE since we need to single step.
2567          */
2568         if (!(prismember(faultset, FLTTRACE))) {
2569                 *ctlp++ = PCSFAULT;
2570                 faultp = (fltset_t *)ctlp;
2571                 *faultp = *faultset;
2572                 praddset(faultp, FLTTRACE);
2573                 ctlp += sizeof (fltset_t) / sizeof (long);
2574         }
2575 
2576         /*
2577          * Clear only the current watchpoint by setting pr_wflags to zero.
2578          */
2579         *ctlp++ = PCWATCH;
2580         prw = (prwatch_t *)ctlp;
2581         prw->pr_vaddr = wp->pr_vaddr;
2582         prw->pr_size = wp->pr_size;
2583         prw->pr_wflags = 0;
2584         ctlp += sizeof (prwatch_t) / sizeof (long);
2585 
2586         /*
2587          * Clear the current signal and fault; set running with single-step.
2588          * Then wait for the victim to stop and cancel the FLTTRACE.
2589          */
2590         *ctlp++ = PCRUN;
2591         *ctlp++ = PRCSIG | PRCFAULT | PRSTEP;
2592         *ctlp++ = PCWSTOP;
2593         *ctlp++ = PCCFAULT;
2594 
2595         /*
2596          * Restore the current watchpoint.
2597          */
2598         *ctlp++ = PCWATCH;
2599         (void) memcpy(ctlp, wp, sizeof (prwatch_t));
2600         ctlp += sizeof (prwatch_t) / sizeof (long);
2601 
2602         /*
2603          * Restore fault tracing set if we modified it.
2604          */
2605         if (!(prismember(faultset, FLTTRACE))) {
2606                 *ctlp++ = PCSFAULT;
2607                 *(fltset_t *)ctlp = *faultset;
2608                 ctlp += sizeof (fltset_t) / sizeof (long);
2609         }
2610 
2611         /*
2612          * Restore the hold mask to the current hold mask (i.e. the one
2613          * before we executed any of the previous operations).
2614          */
2615         *ctlp++ = PCSHOLD;
2616         *(sigset_t *)ctlp = *sigmask;
2617         ctlp += sizeof (sigset_t) / sizeof (long);
2618 
2619         size = (char *)ctlp - (char *)ctl;
2620         if ((ssize = write(ctlfd, ctl, size)) != size)
2621                 error = (ssize == -1)? errno : EINTR;
2622         (void) sigprocmask(SIG_SETMASK, &unblock, NULL);
2623         return (error);
2624 }
2625 
2626 /*
2627  * Step over a watchpoint, i.e., execute the instruction that was stopped by
2628  * the watchpoint, and then leave the LWP stopped at the next instruction.
2629  */
2630 int
2631 Pxecwapt(struct ps_prochandle *P, const prwatch_t *wp)
2632 {
2633         int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2634         int rv, error;
2635 
2636         if (P->state != PS_STOP) {
2637                 errno = EBUSY;
2638                 return (-1);
2639         }
2640 
2641         Psync(P);
2642         error = execute_wapt(ctlfd,
2643             &P->status.pr_flttrace, &P->status.pr_lwp.pr_lwphold, wp);
2644         rv = Pstopstatus(P, PCNULL, 0);
2645 
2646         if (error != 0) {
2647                 if (P->status.pr_lwp.pr_why == PR_JOBCONTROL &&
2648                     error == EBUSY) {   /* jobcontrol stop -- back off */
2649                         P->state = PS_RUN;
2650                         return (0);
2651                 }
2652                 if (error == ENOENT)
2653                         return (0);
2654                 errno = error;
2655                 return (-1);
2656         }
2657 
2658         return (rv);
2659 }
2660 
2661 int
2662 Psetflags(struct ps_prochandle *P, long flags)
2663 {
2664         int rc;
2665         long ctl[2];
2666 
2667         ctl[0] = PCSET;
2668         ctl[1] = flags;
2669 
2670         if (write(P->ctlfd, ctl, 2*sizeof (long)) != 2*sizeof (long)) {
2671                 rc = -1;
2672         } else {
2673                 P->status.pr_flags |= flags;
2674                 P->status.pr_lwp.pr_flags |= flags;
2675                 rc = 0;
2676         }
2677 
2678         return (rc);
2679 }
2680 
2681 int
2682 Punsetflags(struct ps_prochandle *P, long flags)
2683 {
2684         int rc;
2685         long ctl[2];
2686 
2687         ctl[0] = PCUNSET;
2688         ctl[1] = flags;
2689 
2690         if (write(P->ctlfd, ctl, 2*sizeof (long)) != 2*sizeof (long)) {
2691                 rc = -1;
2692         } else {
2693                 P->status.pr_flags &= ~flags;
2694                 P->status.pr_lwp.pr_flags &= ~flags;
2695                 rc = 0;
2696         }
2697 
2698         return (rc);
2699 }
2700 
2701 /*
2702  * Common function to allow clients to manipulate the action to be taken
2703  * on receipt of a signal, receipt of machine fault, entry to a system call,
2704  * or exit from a system call.  We make use of our private prset_* functions
2705  * in order to make this code be common.  The 'which' parameter identifies
2706  * the code for the event of interest (0 means change the entire set), and
2707  * the 'stop' parameter is a boolean indicating whether the process should
2708  * stop when the event of interest occurs.  The previous value is returned
2709  * to the caller; -1 is returned if an error occurred.
2710  */
2711 static int
2712 Psetaction(struct ps_prochandle *P, void *sp, size_t size,
2713     uint_t flag, int max, int which, int stop)
2714 {
2715         int oldval;
2716 
2717         if (which < 0 || which > max) {
2718                 errno = EINVAL;
2719                 return (-1);
2720         }
2721 
2722         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2723             P->state == PS_IDLE) {
2724                 errno = ENOENT;
2725                 return (-1);
2726         }
2727 
2728         oldval = prset_ismember(sp, size, which) ? TRUE : FALSE;
2729 
2730         if (stop) {
2731                 if (which == 0) {
2732                         prset_fill(sp, size);
2733                         P->flags |= flag;
2734                 } else if (!oldval) {
2735                         prset_add(sp, size, which);
2736                         P->flags |= flag;
2737                 }
2738         } else {
2739                 if (which == 0) {
2740                         prset_empty(sp, size);
2741                         P->flags |= flag;
2742                 } else if (oldval) {
2743                         prset_del(sp, size, which);
2744                         P->flags |= flag;
2745                 }
2746         }
2747 
2748         if (P->state == PS_RUN)
2749                 Psync(P);
2750 
2751         return (oldval);
2752 }
2753 
2754 /*
2755  * Set action on specified signal.
2756  */
2757 int
2758 Psignal(struct ps_prochandle *P, int which, int stop)
2759 {
2760         int oldval;
2761 
2762         if (which == SIGKILL && stop != 0) {
2763                 errno = EINVAL;
2764                 return (-1);
2765         }
2766 
2767         oldval = Psetaction(P, &P->status.pr_sigtrace, sizeof (sigset_t),
2768             SETSIG, PRMAXSIG, which, stop);
2769 
2770         if (oldval != -1 && which == 0 && stop != 0)
2771                 prdelset(&P->status.pr_sigtrace, SIGKILL);
2772 
2773         return (oldval);
2774 }
2775 
2776 /*
2777  * Set all signal tracing flags.
2778  */
2779 void
2780 Psetsignal(struct ps_prochandle *P, const sigset_t *set)
2781 {
2782         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2783             P->state == PS_IDLE)
2784                 return;
2785 
2786         P->status.pr_sigtrace = *set;
2787         P->flags |= SETSIG;
2788 
2789         if (P->state == PS_RUN)
2790                 Psync(P);
2791 }
2792 
2793 /*
2794  * Set action on specified fault.
2795  */
2796 int
2797 Pfault(struct ps_prochandle *P, int which, int stop)
2798 {
2799         return (Psetaction(P, &P->status.pr_flttrace, sizeof (fltset_t),
2800             SETFAULT, PRMAXFAULT, which, stop));
2801 }
2802 
2803 /*
2804  * Set all machine fault tracing flags.
2805  */
2806 void
2807 Psetfault(struct ps_prochandle *P, const fltset_t *set)
2808 {
2809         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2810             P->state == PS_IDLE)
2811                 return;
2812 
2813         P->status.pr_flttrace = *set;
2814         P->flags |= SETFAULT;
2815 
2816         if (P->state == PS_RUN)
2817                 Psync(P);
2818 }
2819 
2820 /*
2821  * Set action on specified system call entry.
2822  */
2823 int
2824 Psysentry(struct ps_prochandle *P, int which, int stop)
2825 {
2826         return (Psetaction(P, &P->status.pr_sysentry, sizeof (sysset_t),
2827             SETENTRY, PRMAXSYS, which, stop));
2828 }
2829 
2830 /*
2831  * Set all system call entry tracing flags.
2832  */
2833 void
2834 Psetsysentry(struct ps_prochandle *P, const sysset_t *set)
2835 {
2836         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2837             P->state == PS_IDLE)
2838                 return;
2839 
2840         P->status.pr_sysentry = *set;
2841         P->flags |= SETENTRY;
2842 
2843         if (P->state == PS_RUN)
2844                 Psync(P);
2845 }
2846 
2847 /*
2848  * Set action on specified system call exit.
2849  */
2850 int
2851 Psysexit(struct ps_prochandle *P, int which, int stop)
2852 {
2853         return (Psetaction(P, &P->status.pr_sysexit, sizeof (sysset_t),
2854             SETEXIT, PRMAXSYS, which, stop));
2855 }
2856 
2857 /*
2858  * Set all system call exit tracing flags.
2859  */
2860 void
2861 Psetsysexit(struct ps_prochandle *P, const sysset_t *set)
2862 {
2863         if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2864             P->state == PS_IDLE)
2865                 return;
2866 
2867         P->status.pr_sysexit = *set;
2868         P->flags |= SETEXIT;
2869 
2870         if (P->state == PS_RUN)
2871                 Psync(P);
2872 }
2873 
2874 /*
2875  * Utility function to read the contents of a file that contains a
2876  * prheader_t at the start (/proc/pid/lstatus or /proc/pid/lpsinfo).
2877  * Returns a malloc()d buffer or NULL on failure.
2878  */
2879 static prheader_t *
2880 read_lfile(struct ps_prochandle *P, const char *lname)
2881 {
2882         prheader_t *Lhp;
2883         char lpath[PATH_MAX];
2884         struct stat64 statb;
2885         int fd;
2886         size_t size;
2887         ssize_t rval;
2888 
2889         (void) snprintf(lpath, sizeof (lpath), "%s/%d/%s", procfs_path,
2890             (int)P->status.pr_pid, lname);
2891         if ((fd = open(lpath, O_RDONLY)) < 0 || fstat64(fd, &statb) != 0) {
2892                 if (fd >= 0)
2893                         (void) close(fd);
2894                 return (NULL);
2895         }
2896 
2897         /*
2898          * 'size' is just the initial guess at the buffer size.
2899          * It will have to grow if the number of lwps increases
2900          * while we are looking at the process.
2901          * 'size' must be larger than the actual file size.
2902          */
2903         size = statb.st_size + 32;
2904 
2905         for (;;) {
2906                 if ((Lhp = malloc(size)) == NULL)
2907                         break;
2908                 if ((rval = pread(fd, Lhp, size, 0)) < 0 ||
2909                     rval <= sizeof (prheader_t)) {
2910                         free(Lhp);
2911                         Lhp = NULL;
2912                         break;
2913                 }
2914                 if (rval < size)
2915                         break;
2916                 /* need a bigger buffer */
2917                 free(Lhp);
2918                 size *= 2;
2919         }
2920 
2921         (void) close(fd);
2922         return (Lhp);
2923 }
2924 
2925 /*
2926  * LWP iteration interface.
2927  */
2928 int
2929 Plwp_iter(struct ps_prochandle *P, proc_lwp_f *func, void *cd)
2930 {
2931         prheader_t *Lhp;
2932         lwpstatus_t *Lsp;
2933         long nlwp;
2934         int rv;
2935 
2936         switch (P->state) {
2937         case PS_RUN:
2938                 (void) Pstopstatus(P, PCNULL, 0);
2939                 break;
2940 
2941         case PS_STOP:
2942                 Psync(P);
2943                 break;
2944 
2945         case PS_IDLE:
2946                 errno = ENODATA;
2947                 return (-1);
2948         }
2949 
2950         /*
2951          * For either live processes or cores, the single LWP case is easy:
2952          * the pstatus_t contains the lwpstatus_t for the only LWP.
2953          */
2954         if (P->status.pr_nlwp <= 1)
2955                 return (func(cd, &P->status.pr_lwp));
2956 
2957         /*
2958          * For the core file multi-LWP case, we just iterate through the
2959          * list of LWP structs we read in from the core file.
2960          */
2961         if (P->state == PS_DEAD) {
2962                 core_info_t *core = P->data;
2963                 lwp_info_t *lwp = list_prev(&core->core_lwp_head);
2964                 uint_t i;
2965 
2966                 for (i = 0; i < core->core_nlwp; i++, lwp = list_prev(lwp)) {
2967                         if (lwp->lwp_psinfo.pr_sname != 'Z' &&
2968                             (rv = func(cd, &lwp->lwp_status)) != 0)
2969                                 break;
2970                 }
2971 
2972                 return (rv);
2973         }
2974 
2975         /*
2976          * For the live process multi-LWP case, we have to work a little
2977          * harder: the /proc/pid/lstatus file has the array of LWP structs.
2978          */
2979         if ((Lhp = Plstatus(P)) == NULL)
2980                 return (-1);
2981 
2982         for (nlwp = Lhp->pr_nent, Lsp = (lwpstatus_t *)(uintptr_t)(Lhp + 1);
2983             nlwp > 0;
2984             nlwp--, Lsp = (lwpstatus_t *)((uintptr_t)Lsp + Lhp->pr_entsize)) {
2985                 if ((rv = func(cd, Lsp)) != 0)
2986                         break;
2987         }
2988 
2989         free(Lhp);
2990         return (rv);
2991 }
2992 
2993 /*
2994  * Extended LWP iteration interface.
2995  * Iterate over all LWPs, active and zombie.
2996  */
2997 int
2998 Plwp_iter_all(struct ps_prochandle *P, proc_lwp_all_f *func, void *cd)
2999 {
3000         prheader_t *Lhp = NULL;
3001         lwpstatus_t *Lsp;
3002         lwpstatus_t *sp;
3003         prheader_t *Lphp = NULL;
3004         lwpsinfo_t *Lpsp;
3005         long nstat;
3006         long ninfo;
3007         int rv;
3008 
3009 retry:
3010         if (Lhp != NULL)
3011                 free(Lhp);
3012         if (Lphp != NULL)
3013                 free(Lphp);
3014         if (P->state == PS_RUN)
3015                 (void) Pstopstatus(P, PCNULL, 0);
3016         (void) Ppsinfo(P);
3017 
3018         if (P->state == PS_STOP)
3019                 Psync(P);
3020 
3021         /*
3022          * For either live processes or cores, the single LWP case is easy:
3023          * the pstatus_t contains the lwpstatus_t for the only LWP and
3024          * the psinfo_t contains the lwpsinfo_t for the only LWP.
3025          */
3026         if (P->status.pr_nlwp + P->status.pr_nzomb <= 1)
3027                 return (func(cd, &P->status.pr_lwp, &P->psinfo.pr_lwp));
3028 
3029         /*
3030          * For the core file multi-LWP case, we just iterate through the
3031          * list of LWP structs we read in from the core file.
3032          */
3033         if (P->state == PS_DEAD) {
3034                 core_info_t *core = P->data;
3035                 lwp_info_t *lwp = list_prev(&core->core_lwp_head);
3036                 uint_t i;
3037 
3038                 for (i = 0; i < core->core_nlwp; i++, lwp = list_prev(lwp)) {
3039                         sp = (lwp->lwp_psinfo.pr_sname == 'Z')? NULL :
3040                             &lwp->lwp_status;
3041                         if ((rv = func(cd, sp, &lwp->lwp_psinfo)) != 0)
3042                                 break;
3043                 }
3044 
3045                 return (rv);
3046         }
3047 
3048         /*
3049          * For all other cases retrieve the array of lwpstatus_t's and
3050          * lwpsinfo_t's.
3051          */
3052         if ((Lhp = Plstatus(P)) == NULL)
3053                 return (-1);
3054         if ((Lphp = Plpsinfo(P)) == NULL) {
3055                 free(Lhp);
3056                 return (-1);
3057         }
3058 
3059         /*
3060          * If we are looking at a running process, or one we do not control,
3061          * the active and zombie lwps in the process may have changed since
3062          * we read the process status structure.  If so, just start over.
3063          */
3064         if (Lhp->pr_nent != P->status.pr_nlwp ||
3065             Lphp->pr_nent != P->status.pr_nlwp + P->status.pr_nzomb)
3066                 goto retry;
3067 
3068         /*
3069          * To be perfectly safe, prescan the two arrays, checking consistency.
3070          * We rely on /proc giving us lwpstatus_t's and lwpsinfo_t's in the
3071          * same order (the lwp directory order) in their respective files.
3072          * We also rely on there being (possibly) more lwpsinfo_t's than
3073          * lwpstatus_t's (the extra lwpsinfo_t's are for zombie lwps).
3074          */
3075         Lsp = (lwpstatus_t *)(uintptr_t)(Lhp + 1);
3076         Lpsp = (lwpsinfo_t *)(uintptr_t)(Lphp + 1);
3077         nstat = Lhp->pr_nent;
3078         for (ninfo = Lphp->pr_nent; ninfo != 0; ninfo--) {
3079                 if (Lpsp->pr_sname != 'Z') {
3080                         /*
3081                          * Not a zombie lwp; check for matching lwpids.
3082                          */
3083                         if (nstat == 0 || Lsp->pr_lwpid != Lpsp->pr_lwpid)
3084                                 goto retry;
3085                         Lsp = (lwpstatus_t *)((uintptr_t)Lsp + Lhp->pr_entsize);
3086                         nstat--;
3087                 }
3088                 Lpsp = (lwpsinfo_t *)((uintptr_t)Lpsp + Lphp->pr_entsize);
3089         }
3090         if (nstat != 0)
3091                 goto retry;
3092 
3093         /*
3094          * Rescan, this time for real.
3095          */
3096         Lsp = (lwpstatus_t *)(uintptr_t)(Lhp + 1);
3097         Lpsp = (lwpsinfo_t *)(uintptr_t)(Lphp + 1);
3098         for (ninfo = Lphp->pr_nent; ninfo != 0; ninfo--) {
3099                 if (Lpsp->pr_sname != 'Z') {
3100                         sp = Lsp;
3101                         Lsp = (lwpstatus_t *)((uintptr_t)Lsp + Lhp->pr_entsize);
3102                 } else {
3103                         sp = NULL;
3104                 }
3105                 if ((rv = func(cd, sp, Lpsp)) != 0)
3106                         break;
3107                 Lpsp = (lwpsinfo_t *)((uintptr_t)Lpsp + Lphp->pr_entsize);
3108         }
3109 
3110         free(Lhp);
3111         free(Lphp);
3112         return (rv);
3113 }
3114 
3115 core_content_t
3116 Pcontent(struct ps_prochandle *P)
3117 {
3118         core_info_t *core = P->data;
3119 
3120         if (P->state == PS_DEAD)
3121                 return (core->core_content);
3122         if (P->state == PS_IDLE)
3123                 return (CC_CONTENT_TEXT | CC_CONTENT_DATA | CC_CONTENT_CTF);
3124 
3125         return (CC_CONTENT_ALL);
3126 }
3127 
3128 /*
3129  * =================================================================
3130  * The remainder of the functions in this file are for the
3131  * control of individual LWPs in the controlled process.
3132  * =================================================================
3133  */
3134 
3135 /*
3136  * Find an entry in the process hash table for the specified lwpid.
3137  * The entry will either point to an existing struct ps_lwphandle
3138  * or it will point to an empty slot for a new struct ps_lwphandle.
3139  */
3140 static struct ps_lwphandle **
3141 Lfind(struct ps_prochandle *P, lwpid_t lwpid)
3142 {
3143         struct ps_lwphandle **Lp;
3144         struct ps_lwphandle *L;
3145 
3146         for (Lp = &P->hashtab[lwpid % (HASHSIZE - 1)];
3147             (L = *Lp) != NULL; Lp = &L->lwp_hash)
3148                 if (L->lwp_id == lwpid)
3149                         break;
3150         return (Lp);
3151 }
3152 
3153 /*
3154  * Grab an LWP contained within the controlled process.
3155  * Return an opaque pointer to its LWP control structure.
3156  *      perr: pointer to error return code.
3157  */
3158 struct ps_lwphandle *
3159 Lgrab(struct ps_prochandle *P, lwpid_t lwpid, int *perr)
3160 {
3161         struct ps_lwphandle **Lp;
3162         struct ps_lwphandle *L;
3163         int fd;
3164         char procname[PATH_MAX];
3165         char *fname;
3166         int rc = 0;
3167 
3168         (void) mutex_lock(&P->proc_lock);
3169 
3170         if (P->state == PS_UNDEAD || P->state == PS_IDLE)
3171                 rc = G_NOPROC;
3172         else if (P->hashtab == NULL &&
3173             (P->hashtab = calloc(HASHSIZE, sizeof (struct ps_lwphandle *)))
3174             == NULL)
3175                 rc = G_STRANGE;
3176         else if (*(Lp = Lfind(P, lwpid)) != NULL)
3177                 rc = G_BUSY;
3178         else if ((L = malloc(sizeof (struct ps_lwphandle))) == NULL)
3179                 rc = G_STRANGE;
3180         if (rc) {
3181                 *perr = rc;
3182                 (void) mutex_unlock(&P->proc_lock);
3183                 return (NULL);
3184         }
3185 
3186         (void) memset(L, 0, sizeof (*L));
3187         L->lwp_ctlfd = -1;
3188         L->lwp_statfd = -1;
3189         L->lwp_proc = P;
3190         L->lwp_id = lwpid;
3191         *Lp = L;        /* insert into the hash table */
3192 
3193         if (P->state == PS_DEAD) {   /* core file */
3194                 if (getlwpstatus(P, lwpid, &L->lwp_status) == -1) {
3195                         rc = G_NOPROC;
3196                         goto err;
3197                 }
3198                 L->lwp_state = PS_DEAD;
3199                 *perr = 0;
3200                 (void) mutex_unlock(&P->proc_lock);
3201                 return (L);
3202         }
3203 
3204         /*
3205          * Open the /proc/<pid>/lwp/<lwpid> files
3206          */
3207         (void) snprintf(procname, sizeof (procname), "%s/%d/lwp/%d/",
3208             procfs_path, (int)P->pid, (int)lwpid);
3209         fname = procname + strlen(procname);
3210         (void) set_minfd();
3211 
3212         (void) strcpy(fname, "lwpstatus");
3213         if ((fd = open(procname, O_RDONLY)) < 0 ||
3214             (fd = dupfd(fd, 0)) < 0) {
3215                 switch (errno) {
3216                 case ENOENT:
3217                         rc = G_NOPROC;
3218                         break;
3219                 default:
3220                         dprintf("Lgrab: failed to open %s: %s\n",
3221                             procname, strerror(errno));
3222                         rc = G_STRANGE;
3223                         break;
3224                 }
3225                 goto err;
3226         }
3227         L->lwp_statfd = fd;
3228 
3229         if (pread(fd, &L->lwp_status, sizeof (L->lwp_status), (off_t)0) < 0) {
3230                 switch (errno) {
3231                 case ENOENT:
3232                         rc = G_NOPROC;
3233                         break;
3234                 default:
3235                         dprintf("Lgrab: failed to read %s: %s\n",
3236                             procname, strerror(errno));
3237                         rc = G_STRANGE;
3238                         break;
3239                 }
3240                 goto err;
3241         }
3242 
3243         (void) strcpy(fname, "lwpctl");
3244         if ((fd = open(procname, O_WRONLY)) < 0 ||
3245             (fd = dupfd(fd, 0)) < 0) {
3246                 switch (errno) {
3247                 case ENOENT:
3248                         rc = G_NOPROC;
3249                         break;
3250                 default:
3251                         dprintf("Lgrab: failed to open %s: %s\n",
3252                             procname, strerror(errno));
3253                         rc = G_STRANGE;
3254                         break;
3255                 }
3256                 goto err;
3257         }
3258         L->lwp_ctlfd = fd;
3259 
3260         L->lwp_state =
3261             ((L->lwp_status.pr_flags & (PR_STOPPED|PR_ISTOP))
3262             == (PR_STOPPED|PR_ISTOP))?
3263             PS_STOP : PS_RUN;
3264 
3265         *perr = 0;
3266         (void) mutex_unlock(&P->proc_lock);
3267         return (L);
3268 
3269 err:
3270         Lfree_internal(P, L);
3271         *perr = rc;
3272         (void) mutex_unlock(&P->proc_lock);
3273         return (NULL);
3274 }
3275 
3276 /*
3277  * Return a printable string corresponding to an Lgrab() error return.
3278  */
3279 const char *
3280 Lgrab_error(int error)
3281 {
3282         const char *str;
3283 
3284         switch (error) {
3285         case G_NOPROC:
3286                 str = "no such LWP";
3287                 break;
3288         case G_BUSY:
3289                 str = "LWP already grabbed";
3290                 break;
3291         case G_STRANGE:
3292                 str = "unanticipated system error";
3293                 break;
3294         default:
3295                 str = "unknown error";
3296                 break;
3297         }
3298 
3299         return (str);
3300 }
3301 
3302 /*
3303  * Free an LWP control structure.
3304  */
3305 void
3306 Lfree(struct ps_lwphandle *L)
3307 {
3308         struct ps_prochandle *P = L->lwp_proc;
3309 
3310         (void) mutex_lock(&P->proc_lock);
3311         Lfree_internal(P, L);
3312         (void) mutex_unlock(&P->proc_lock);
3313 }
3314 
3315 static void
3316 Lfree_internal(struct ps_prochandle *P, struct ps_lwphandle *L)
3317 {
3318         *Lfind(P, L->lwp_id) = L->lwp_hash;       /* delete from hash table */
3319         if (L->lwp_ctlfd >= 0)
3320                 (void) close(L->lwp_ctlfd);
3321         if (L->lwp_statfd >= 0)
3322                 (void) close(L->lwp_statfd);
3323 
3324         /* clear out the structure as a precaution against reuse */
3325         (void) memset(L, 0, sizeof (*L));
3326         L->lwp_ctlfd = -1;
3327         L->lwp_statfd = -1;
3328 
3329         free(L);
3330 }
3331 
3332 /*
3333  * Return the state of the process, one of the PS_* values.
3334  */
3335 int
3336 Lstate(struct ps_lwphandle *L)
3337 {
3338         return (L->lwp_state);
3339 }
3340 
3341 /*
3342  * Return the open control file descriptor for the LWP.
3343  * Clients must not close this file descriptor, nor use it
3344  * after the LWP is freed.
3345  */
3346 int
3347 Lctlfd(struct ps_lwphandle *L)
3348 {
3349         return (L->lwp_ctlfd);
3350 }
3351 
3352 /*
3353  * Return a pointer to the LWP lwpsinfo structure.
3354  * Clients should not hold on to this pointer indefinitely.
3355  * It will become invalid on Lfree().
3356  */
3357 const lwpsinfo_t *
3358 Lpsinfo(struct ps_lwphandle *L)
3359 {
3360         if (Plwp_getpsinfo(L->lwp_proc, L->lwp_id, &L->lwp_psinfo) == -1)
3361                 return (NULL);
3362 
3363         return (&L->lwp_psinfo);
3364 }
3365 
3366 /*
3367  * Return a pointer to the LWP status structure.
3368  * Clients should not hold on to this pointer indefinitely.
3369  * It will become invalid on Lfree().
3370  */
3371 const lwpstatus_t *
3372 Lstatus(struct ps_lwphandle *L)
3373 {
3374         return (&L->lwp_status);
3375 }
3376 
3377 /*
3378  * Given an LWP handle, return the process handle.
3379  */
3380 struct ps_prochandle *
3381 Lprochandle(struct ps_lwphandle *L)
3382 {
3383         return (L->lwp_proc);
3384 }
3385 
3386 /*
3387  * Ensure that all cached state is written to the LWP.
3388  * The cached state is the LWP's signal mask and registers.
3389  */
3390 void
3391 Lsync(struct ps_lwphandle *L)
3392 {
3393         int ctlfd = L->lwp_ctlfd;
3394         long cmd[2];
3395         iovec_t iov[4];
3396         int n = 0;
3397 
3398         if (L->lwp_flags & SETHOLD) {
3399                 cmd[0] = PCSHOLD;
3400                 iov[n].iov_base = (caddr_t)&cmd[0];
3401                 iov[n++].iov_len = sizeof (long);
3402                 iov[n].iov_base = (caddr_t)&L->lwp_status.pr_lwphold;
3403                 iov[n++].iov_len = sizeof (L->lwp_status.pr_lwphold);
3404         }
3405         if (L->lwp_flags & SETREGS) {
3406                 cmd[1] = PCSREG;
3407                 iov[n].iov_base = (caddr_t)&cmd[1];
3408                 iov[n++].iov_len = sizeof (long);
3409                 iov[n].iov_base = (caddr_t)&L->lwp_status.pr_reg[0];
3410                 iov[n++].iov_len = sizeof (L->lwp_status.pr_reg);
3411         }
3412 
3413         if (n == 0 || writev(ctlfd, iov, n) < 0)
3414                 return;         /* nothing to do or write failed */
3415 
3416         L->lwp_flags &= ~(SETHOLD|SETREGS);
3417 }
3418 
3419 /*
3420  * Wait for the specified LWP to stop or terminate.
3421  * Or, just get the current status (PCNULL).
3422  * Or, direct it to stop and get the current status (PCDSTOP).
3423  */
3424 static int
3425 Lstopstatus(struct ps_lwphandle *L,
3426     long request,               /* PCNULL, PCDSTOP, PCSTOP, PCWSTOP */
3427     uint_t msec)                /* if non-zero, timeout in milliseconds */
3428 {
3429         int ctlfd = L->lwp_ctlfd;
3430         long ctl[3];
3431         ssize_t rc;
3432         int err;
3433 
3434         switch (L->lwp_state) {
3435         case PS_RUN:
3436                 break;
3437         case PS_STOP:
3438                 if (request != PCNULL && request != PCDSTOP)
3439                         return (0);
3440                 break;
3441         case PS_LOST:
3442                 if (request != PCNULL) {
3443                         errno = EAGAIN;
3444                         return (-1);
3445                 }
3446                 break;
3447         case PS_UNDEAD:
3448         case PS_DEAD:
3449                 if (request != PCNULL) {
3450                         errno = ENOENT;
3451                         return (-1);
3452                 }
3453                 break;
3454         default:        /* corrupted state */
3455                 dprintf("Lstopstatus: corrupted state: %d\n", L->lwp_state);
3456                 errno = EINVAL;
3457                 return (-1);
3458         }
3459 
3460         ctl[0] = PCDSTOP;
3461         ctl[1] = PCTWSTOP;
3462         ctl[2] = (long)msec;
3463         rc = 0;
3464         switch (request) {
3465         case PCSTOP:
3466                 rc = write(ctlfd, &ctl[0], 3*sizeof (long));
3467                 break;
3468         case PCWSTOP:
3469                 rc = write(ctlfd, &ctl[1], 2*sizeof (long));
3470                 break;
3471         case PCDSTOP:
3472                 rc = write(ctlfd, &ctl[0], 1*sizeof (long));
3473                 break;
3474         case PCNULL:
3475                 if (L->lwp_state == PS_DEAD)
3476                         return (0); /* Nothing else to do for cores */
3477                 break;
3478         default:        /* programming error */
3479                 errno = EINVAL;
3480                 return (-1);
3481         }
3482         err = (rc < 0)? errno : 0;
3483         Lsync(L);
3484 
3485         if (pread(L->lwp_statfd, &L->lwp_status,
3486             sizeof (L->lwp_status), (off_t)0) < 0)
3487                 err = errno;
3488 
3489         if (err) {
3490                 switch (err) {
3491                 case EINTR:             /* user typed ctl-C */
3492                 case ERESTART:
3493                         dprintf("Lstopstatus: EINTR\n");
3494                         break;
3495                 case EAGAIN:            /* we lost control of the the process */
3496                         dprintf("Lstopstatus: EAGAIN\n");
3497                         L->lwp_state = PS_LOST;
3498                         errno = err;
3499                         return (-1);
3500                 default:
3501                         if (_libproc_debug) {
3502                                 const char *errstr;
3503 
3504                                 switch (request) {
3505                                 case PCNULL:
3506                                         errstr = "Lstopstatus PCNULL"; break;
3507                                 case PCSTOP:
3508                                         errstr = "Lstopstatus PCSTOP"; break;
3509                                 case PCDSTOP:
3510                                         errstr = "Lstopstatus PCDSTOP"; break;
3511                                 case PCWSTOP:
3512                                         errstr = "Lstopstatus PCWSTOP"; break;
3513                                 default:
3514                                         errstr = "Lstopstatus PC???"; break;
3515                                 }
3516                                 dprintf("%s: %s\n", errstr, strerror(err));
3517                         }
3518                         L->lwp_state = PS_UNDEAD;
3519                         errno = err;
3520                         return (-1);
3521                 }
3522         }
3523 
3524         if ((L->lwp_status.pr_flags & (PR_STOPPED|PR_ISTOP))
3525             != (PR_STOPPED|PR_ISTOP)) {
3526                 L->lwp_state = PS_RUN;
3527                 if (request == PCNULL || request == PCDSTOP || msec != 0)
3528                         return (0);
3529                 dprintf("Lstopstatus: LWP is not stopped\n");
3530                 errno = EPROTO;
3531                 return (-1);
3532         }
3533 
3534         L->lwp_state = PS_STOP;
3535 
3536         if (_libproc_debug)     /* debugging */
3537                 prldump("Lstopstatus", &L->lwp_status);
3538 
3539         switch (L->lwp_status.pr_why) {
3540         case PR_SYSENTRY:
3541         case PR_SYSEXIT:
3542         case PR_REQUESTED:
3543         case PR_SIGNALLED:
3544         case PR_FAULTED:
3545         case PR_JOBCONTROL:
3546         case PR_SUSPENDED:
3547                 break;
3548         default:
3549                 errno = EPROTO;
3550                 return (-1);
3551         }
3552 
3553         return (0);
3554 }
3555 
3556 /*
3557  * Wait for the LWP to stop for any reason.
3558  */
3559 int
3560 Lwait(struct ps_lwphandle *L, uint_t msec)
3561 {
3562         return (Lstopstatus(L, PCWSTOP, msec));
3563 }
3564 
3565 /*
3566  * Direct the LWP to stop; wait for it to stop.
3567  */
3568 int
3569 Lstop(struct ps_lwphandle *L, uint_t msec)
3570 {
3571         return (Lstopstatus(L, PCSTOP, msec));
3572 }
3573 
3574 /*
3575  * Direct the LWP to stop; don't wait.
3576  */
3577 int
3578 Ldstop(struct ps_lwphandle *L)
3579 {
3580         return (Lstopstatus(L, PCDSTOP, 0));
3581 }
3582 
3583 /*
3584  * Get the value of one register from stopped LWP.
3585  */
3586 int
3587 Lgetareg(struct ps_lwphandle *L, int regno, prgreg_t *preg)
3588 {
3589         if (regno < 0 || regno >= NPRGREG) {
3590                 errno = EINVAL;
3591                 return (-1);
3592         }
3593 
3594         if (L->lwp_state != PS_STOP) {
3595                 errno = EBUSY;
3596                 return (-1);
3597         }
3598 
3599         *preg = L->lwp_status.pr_reg[regno];
3600         return (0);
3601 }
3602 
3603 /*
3604  * Put value of one register into stopped LWP.
3605  */
3606 int
3607 Lputareg(struct ps_lwphandle *L, int regno, prgreg_t reg)
3608 {
3609         if (regno < 0 || regno >= NPRGREG) {
3610                 errno = EINVAL;
3611                 return (-1);
3612         }
3613 
3614         if (L->lwp_state != PS_STOP) {
3615                 errno = EBUSY;
3616                 return (-1);
3617         }
3618 
3619         L->lwp_status.pr_reg[regno] = reg;
3620         L->lwp_flags |= SETREGS;     /* set registers before continuing */
3621         return (0);
3622 }
3623 
3624 int
3625 Lsetrun(struct ps_lwphandle *L,
3626     int sig,    /* signal to pass to LWP */
3627     int flags)  /* PRSTEP|PRSABORT|PRSTOP|PRCSIG|PRCFAULT */
3628 {
3629         int ctlfd = L->lwp_ctlfd;
3630         int sbits = (PR_DSTOP | PR_ISTOP | PR_ASLEEP);
3631 
3632         long ctl[1 +                                    /* PCCFAULT     */
3633             1 + sizeof (siginfo_t)/sizeof (long) +      /* PCSSIG/PCCSIG */
3634             2 ];                                        /* PCRUN        */
3635 
3636         long *ctlp = ctl;
3637         size_t size;
3638 
3639         if (L->lwp_state != PS_STOP &&
3640             (L->lwp_status.pr_flags & sbits) == 0) {
3641                 errno = EBUSY;
3642                 return (-1);
3643         }
3644 
3645         Lsync(L);       /* flush registers */
3646 
3647         if (flags & PRCFAULT) {             /* clear current fault */
3648                 *ctlp++ = PCCFAULT;
3649                 flags &= ~PRCFAULT;
3650         }
3651 
3652         if (flags & PRCSIG) {               /* clear current signal */
3653                 *ctlp++ = PCCSIG;
3654                 flags &= ~PRCSIG;
3655         } else if (sig && sig != L->lwp_status.pr_cursig) {
3656                 /* make current signal */
3657                 siginfo_t *infop;
3658 
3659                 *ctlp++ = PCSSIG;
3660                 infop = (siginfo_t *)ctlp;
3661                 (void) memset(infop, 0, sizeof (*infop));
3662                 infop->si_signo = sig;
3663                 ctlp += sizeof (siginfo_t) / sizeof (long);
3664         }
3665 
3666         *ctlp++ = PCRUN;
3667         *ctlp++ = flags;
3668         size = (char *)ctlp - (char *)ctl;
3669 
3670         L->lwp_proc->info_valid = 0; /* will need to update map and file info */
3671         L->lwp_proc->state = PS_RUN;
3672         L->lwp_state = PS_RUN;
3673 
3674         if (write(ctlfd, ctl, size) != size) {
3675                 /* Pretend that a job-stopped LWP is running */
3676                 if (errno != EBUSY || L->lwp_status.pr_why != PR_JOBCONTROL)
3677                         return (Lstopstatus(L, PCNULL, 0));
3678         }
3679 
3680         return (0);
3681 }
3682 
3683 int
3684 Lclearsig(struct ps_lwphandle *L)
3685 {
3686         int ctlfd = L->lwp_ctlfd;
3687         long ctl = PCCSIG;
3688 
3689         if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
3690                 return (-1);
3691         L->lwp_status.pr_cursig = 0;
3692         return (0);
3693 }
3694 
3695 int
3696 Lclearfault(struct ps_lwphandle *L)
3697 {
3698         int ctlfd = L->lwp_ctlfd;
3699         long ctl = PCCFAULT;
3700 
3701         if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
3702                 return (-1);
3703         return (0);
3704 }
3705 
3706 /*
3707  * Step over a breakpoint, i.e., execute the instruction that
3708  * really belongs at the breakpoint location (the current %pc)
3709  * and leave the LWP stopped at the next instruction.
3710  */
3711 int
3712 Lxecbkpt(struct ps_lwphandle *L, ulong_t saved)
3713 {
3714         struct ps_prochandle *P = L->lwp_proc;
3715         int rv, error;
3716 
3717         if (L->lwp_state != PS_STOP) {
3718                 errno = EBUSY;
3719                 return (-1);
3720         }
3721 
3722         Lsync(L);
3723         error = execute_bkpt(L->lwp_ctlfd,
3724             &P->status.pr_flttrace, &L->lwp_status.pr_lwphold,
3725             L->lwp_status.pr_reg[R_PC], saved);
3726         rv = Lstopstatus(L, PCNULL, 0);
3727 
3728         if (error != 0) {
3729                 if (L->lwp_status.pr_why == PR_JOBCONTROL &&
3730                     error == EBUSY) {   /* jobcontrol stop -- back off */
3731                         L->lwp_state = PS_RUN;
3732                         return (0);
3733                 }
3734                 if (error == ENOENT)
3735                         return (0);
3736                 errno = error;
3737                 return (-1);
3738         }
3739 
3740         return (rv);
3741 }
3742 
3743 /*
3744  * Step over a watchpoint, i.e., execute the instruction that was stopped by
3745  * the watchpoint, and then leave the LWP stopped at the next instruction.
3746  */
3747 int
3748 Lxecwapt(struct ps_lwphandle *L, const prwatch_t *wp)
3749 {
3750         struct ps_prochandle *P = L->lwp_proc;
3751         int rv, error;
3752 
3753         if (L->lwp_state != PS_STOP) {
3754                 errno = EBUSY;
3755                 return (-1);
3756         }
3757 
3758         Lsync(L);
3759         error = execute_wapt(L->lwp_ctlfd,
3760             &P->status.pr_flttrace, &L->lwp_status.pr_lwphold, wp);
3761         rv = Lstopstatus(L, PCNULL, 0);
3762 
3763         if (error != 0) {
3764                 if (L->lwp_status.pr_why == PR_JOBCONTROL &&
3765                     error == EBUSY) {   /* jobcontrol stop -- back off */
3766                         L->lwp_state = PS_RUN;
3767                         return (0);
3768                 }
3769                 if (error == ENOENT)
3770                         return (0);
3771                 errno = error;
3772                 return (-1);
3773         }
3774 
3775         return (rv);
3776 }
3777 
3778 int
3779 Lstack(struct ps_lwphandle *L, stack_t *stkp)
3780 {
3781         struct ps_prochandle *P = L->lwp_proc;
3782         uintptr_t addr = L->lwp_status.pr_ustack;
3783 
3784         if (P->status.pr_dmodel == PR_MODEL_NATIVE) {
3785                 if (Pread(P, stkp, sizeof (*stkp), addr) != sizeof (*stkp))
3786                         return (-1);
3787 #ifdef _LP64
3788         } else {
3789                 stack32_t stk32;
3790 
3791                 if (Pread(P, &stk32, sizeof (stk32), addr) != sizeof (stk32))
3792                         return (-1);
3793 
3794                 stack_32_to_n(&stk32, stkp);
3795 #endif
3796         }
3797 
3798         return (0);
3799 }
3800 
3801 int
3802 Lmain_stack(struct ps_lwphandle *L, stack_t *stkp)
3803 {
3804         struct ps_prochandle *P = L->lwp_proc;
3805 
3806         if (Lstack(L, stkp) != 0)
3807                 return (-1);
3808 
3809         /*
3810          * If the SS_ONSTACK flag is set then this LWP is operating on the
3811          * alternate signal stack. We can recover the original stack from
3812          * pr_oldcontext.
3813          */
3814         if (!(stkp->ss_flags & SS_ONSTACK))
3815                 return (0);
3816 
3817         if (P->status.pr_dmodel == PR_MODEL_NATIVE) {
3818                 ucontext_t *ctxp = (void *)L->lwp_status.pr_oldcontext;
3819 
3820                 if (Pread(P, stkp, sizeof (*stkp),
3821                     (uintptr_t)&ctxp->uc_stack) != sizeof (*stkp))
3822                         return (-1);
3823 #ifdef _LP64
3824         } else {
3825                 ucontext32_t *ctxp = (void *)L->lwp_status.pr_oldcontext;
3826                 stack32_t stk32;
3827 
3828                 if (Pread(P, &stk32, sizeof (stk32),
3829                     (uintptr_t)&ctxp->uc_stack) != sizeof (stk32))
3830                         return (-1);
3831 
3832                 stack_32_to_n(&stk32, stkp);
3833 #endif
3834         }
3835 
3836         return (0);
3837 }
3838 
3839 int
3840 Lalt_stack(struct ps_lwphandle *L, stack_t *stkp)
3841 {
3842         if (L->lwp_status.pr_altstack.ss_flags & SS_DISABLE) {
3843                 errno = ENODATA;
3844                 return (-1);
3845         }
3846 
3847         *stkp = L->lwp_status.pr_altstack;
3848 
3849         return (0);
3850 }
3851 
3852 /*
3853  * Add a mapping to the given proc handle.  Resizes the array as appropriate and
3854  * manages reference counts on the given file_info_t.
3855  *
3856  * The 'map_relocate' member is used to tell Psort_mappings() that the
3857  * associated file_map pointer needs to be relocated after the mappings have
3858  * been sorted.  It is only set for the first mapping, and has no meaning
3859  * outside these two functions.
3860  */
3861 int
3862 Padd_mapping(struct ps_prochandle *P, off64_t off, file_info_t *fp,
3863     prmap_t *pmap)
3864 {
3865         map_info_t *mp;
3866 
3867         if (P->map_count == P->map_alloc) {
3868                 size_t next = P->map_alloc ? P->map_alloc * 2 : 16;
3869 
3870                 if ((P->mappings = realloc(P->mappings,
3871                     next * sizeof (map_info_t))) == NULL)
3872                         return (-1);
3873 
3874                 P->map_alloc = next;
3875         }
3876 
3877         mp = &P->mappings[P->map_count++];
3878 
3879         mp->map_offset = off;
3880         mp->map_pmap = *pmap;
3881         mp->map_relocate = 0;
3882         if ((mp->map_file = fp) != NULL) {
3883                 if (fp->file_map == NULL) {
3884                         fp->file_map = mp;
3885                         mp->map_relocate = 1;
3886                 }
3887                 fp->file_ref++;
3888         }
3889 
3890         return (0);
3891 }
3892 
3893 static int
3894 map_sort(const void *a, const void *b)
3895 {
3896         const map_info_t *ap = a, *bp = b;
3897 
3898         if (ap->map_pmap.pr_vaddr < bp->map_pmap.pr_vaddr)
3899                 return (-1);
3900         else if (ap->map_pmap.pr_vaddr > bp->map_pmap.pr_vaddr)
3901                 return (1);
3902         else
3903                 return (0);
3904 }
3905 
3906 /*
3907  * Sort the current set of mappings.  Should be called during target
3908  * initialization after all calls to Padd_mapping() have been made.
3909  */
3910 void
3911 Psort_mappings(struct ps_prochandle *P)
3912 {
3913         int i;
3914         map_info_t *mp;
3915 
3916         qsort(P->mappings, P->map_count, sizeof (map_info_t), map_sort);
3917 
3918         /*
3919          * Update all the file_map pointers to refer to the new locations.
3920          */
3921         for (i = 0; i < P->map_count; i++) {
3922                 mp = &P->mappings[i];
3923                 if (mp->map_relocate)
3924                         mp->map_file->file_map = mp;
3925                 mp->map_relocate = 0;
3926         }
3927 }
3928 
3929 struct ps_prochandle *
3930 Pgrab_ops(pid_t pid, void *data, const ps_ops_t *ops, int flags)
3931 {
3932         struct ps_prochandle *P;
3933 
3934         if ((P = calloc(1, sizeof (*P))) == NULL) {
3935                 return (NULL);
3936         }
3937 
3938         Pinit_ops(&P->ops, ops);
3939         (void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
3940         P->pid = pid;
3941         P->state = PS_STOP;
3942         P->asfd = -1;
3943         P->ctlfd = -1;
3944         P->statfd = -1;
3945         P->agentctlfd = -1;
3946         P->agentstatfd = -1;
3947         Pinitsym(P);
3948         P->data = data;
3949         Pread_status(P);
3950 
3951         if (flags & PGRAB_INCORE) {
3952                 P->flags |= INCORE;
3953         }
3954 
3955         return (P);
3956 }