1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  *
26  * Portions Copyright 2007 Chad Mynhier
27  * Copyright 2012 DEY Storage Systems, Inc.  All rights reserved.
28  * Copyright (c) 2013 by Delphix. All rights reserved.
29  * Copyright 2015, Joyent, Inc.
30  */
31 
32 #include <assert.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <unistd.h>
36 #include <ctype.h>
37 #include <fcntl.h>
38 #include <string.h>
39 #include <strings.h>
40 #include <memory.h>
41 #include <errno.h>
42 #include <dirent.h>
43 #include <limits.h>
44 #include <signal.h>
45 #include <atomic.h>
46 #include <zone.h>
47 #include <sys/types.h>
48 #include <sys/uio.h>
49 #include <sys/stat.h>
50 #include <sys/resource.h>
51 #include <sys/param.h>
52 #include <sys/stack.h>
53 #include <sys/fault.h>
54 #include <sys/syscall.h>
55 #include <sys/sysmacros.h>
56 #include <sys/systeminfo.h>
57 
58 #include "libproc.h"
59 #include "Pcontrol.h"
60 #include "Putil.h"
61 #include "P32ton.h"
62 
63 int	_libproc_debug;		/* set non-zero to enable debugging printfs */
64 int	_libproc_no_qsort;	/* set non-zero to inhibit sorting */
65 				/* of symbol tables */
66 int	_libproc_incore_elf;	/* only use in-core elf data */
67 
68 sigset_t blockable_sigs;	/* signals to block when we need to be safe */
69 static	int	minfd;	/* minimum file descriptor returned by dupfd(fd, 0) */
70 char	procfs_path[PATH_MAX] = "/proc";
71 
72 /*
73  * Function prototypes for static routines in this module.
74  */
75 static	void	deadcheck(struct ps_prochandle *);
76 static	void	restore_tracing_flags(struct ps_prochandle *);
77 static	void	Lfree_internal(struct ps_prochandle *, struct ps_lwphandle *);
78 static  prheader_t *read_lfile(struct ps_prochandle *, const char *);
79 
80 /*
81  * Ops vector functions for live processes.
82  */
83 
84 /*ARGSUSED*/
85 static ssize_t
86 Pread_live(struct ps_prochandle *P, void *buf, size_t n, uintptr_t addr,
87     void *data)
88 {
89 	return (pread(P->asfd, buf, n, (off_t)addr));
90 }
91 
92 /*ARGSUSED*/
93 static ssize_t
94 Pwrite_live(struct ps_prochandle *P, const void *buf, size_t n, uintptr_t addr,
95     void *data)
96 {
97 	return (pwrite(P->asfd, buf, n, (off_t)addr));
98 }
99 
100 /*ARGSUSED*/
101 static int
102 Pread_maps_live(struct ps_prochandle *P, prmap_t **Pmapp, ssize_t *nmapp,
103     void *data)
104 {
105 	char mapfile[PATH_MAX];
106 	int mapfd;
107 	struct stat statb;
108 	ssize_t nmap;
109 	prmap_t *Pmap = NULL;
110 
111 	(void) snprintf(mapfile, sizeof (mapfile), "%s/%d/map",
112 	    procfs_path, (int)P->pid);
113 	if ((mapfd = open(mapfile, O_RDONLY)) < 0 ||
114 	    fstat(mapfd, &statb) != 0 ||
115 	    statb.st_size < sizeof (prmap_t) ||
116 	    (Pmap = malloc(statb.st_size)) == NULL ||
117 	    (nmap = pread(mapfd, Pmap, statb.st_size, 0L)) <= 0 ||
118 	    (nmap /= sizeof (prmap_t)) == 0) {
119 		if (Pmap != NULL)
120 			free(Pmap);
121 		if (mapfd >= 0)
122 			(void) close(mapfd);
123 		Preset_maps(P); /* utter failure; destroy tables */
124 		return (-1);
125 	}
126 	(void) close(mapfd);
127 
128 	*Pmapp = Pmap;
129 	*nmapp = nmap;
130 
131 	return (0);
132 }
133 
134 /*ARGSUSED*/
135 static void
136 Pread_aux_live(struct ps_prochandle *P, auxv_t **auxvp, int *nauxp, void *data)
137 {
138 	char auxfile[64];
139 	int fd;
140 	struct stat statb;
141 	auxv_t *auxv;
142 	ssize_t naux;
143 
144 	(void) snprintf(auxfile, sizeof (auxfile), "%s/%d/auxv",
145 	    procfs_path, (int)P->pid);
146 	if ((fd = open(auxfile, O_RDONLY)) < 0) {
147 		dprintf("%s: failed to open %s: %s\n",
148 		    __func__, auxfile, strerror(errno));
149 		return;
150 	}
151 
152 	if (fstat(fd, &statb) == 0 &&
153 	    statb.st_size >= sizeof (auxv_t) &&
154 	    (auxv = malloc(statb.st_size + sizeof (auxv_t))) != NULL) {
155 		if ((naux = read(fd, auxv, statb.st_size)) < 0 ||
156 		    (naux /= sizeof (auxv_t)) < 1) {
157 			dprintf("%s: read failed: %s\n",
158 			    __func__, strerror(errno));
159 			free(auxv);
160 		} else {
161 			auxv[naux].a_type = AT_NULL;
162 			auxv[naux].a_un.a_val = 0L;
163 
164 			*auxvp = auxv;
165 			*nauxp = (int)naux;
166 		}
167 	}
168 
169 	(void) close(fd);
170 }
171 
172 /*ARGSUSED*/
173 static int
174 Pcred_live(struct ps_prochandle *P, prcred_t *pcrp, int ngroups, void *data)
175 {
176 	return (proc_get_cred(P->pid, pcrp, ngroups));
177 }
178 
179 /*ARGSUSED*/
180 static int
181 Ppriv_live(struct ps_prochandle *P, prpriv_t **pprv, void *data)
182 {
183 	prpriv_t *pp;
184 
185 	pp = proc_get_priv(P->pid);
186 	if (pp == NULL) {
187 		return (-1);
188 	}
189 
190 	*pprv = pp;
191 	return (0);
192 }
193 
194 /*ARGSUSED*/
195 static const psinfo_t *
196 Ppsinfo_live(struct ps_prochandle *P, psinfo_t *psinfo, void *data)
197 {
198 	if (proc_get_psinfo(P->pid, psinfo) == -1)
199 		return (NULL);
200 
201 	return (psinfo);
202 }
203 
204 /*ARGSUSED*/
205 static prheader_t *
206 Plstatus_live(struct ps_prochandle *P, void *data)
207 {
208 	return (read_lfile(P, "lstatus"));
209 }
210 
211 /*ARGSUSED*/
212 static prheader_t *
213 Plpsinfo_live(struct ps_prochandle *P, void *data)
214 {
215 	return (read_lfile(P, "lpsinfo"));
216 }
217 
218 /*ARGSUSED*/
219 static char *
220 Pplatform_live(struct ps_prochandle *P, char *s, size_t n, void *data)
221 {
222 	if (sysinfo(SI_PLATFORM, s, n) == -1)
223 		return (NULL);
224 	return (s);
225 }
226 
227 /*ARGSUSED*/
228 static int
229 Puname_live(struct ps_prochandle *P, struct utsname *u, void *data)
230 {
231 	return (uname(u));
232 }
233 
234 /*ARGSUSED*/
235 static char *
236 Pzonename_live(struct ps_prochandle *P, char *s, size_t n, void *data)
237 {
238 	if (getzonenamebyid(P->status.pr_zoneid, s, n) < 0)
239 		return (NULL);
240 	s[n - 1] = '\0';
241 	return (s);
242 }
243 
244 /*
245  * Callback function for Pfindexec().  We return a match if we can stat the
246  * suggested pathname and confirm its device and inode number match our
247  * previous information about the /proc/<pid>/object/a.out file.
248  */
249 static int
250 stat_exec(const char *path, void *arg)
251 {
252 	struct stat64 *stp = arg;
253 	struct stat64 st;
254 
255 	return (stat64(path, &st) == 0 && S_ISREG(st.st_mode) &&
256 	    stp->st_dev == st.st_dev && stp->st_ino == st.st_ino);
257 }
258 
259 /*ARGSUSED*/
260 static char *
261 Pexecname_live(struct ps_prochandle *P, char *buf, size_t buflen, void *data)
262 {
263 	char exec_name[PATH_MAX];
264 	char cwd[PATH_MAX];
265 	char proc_cwd[64];
266 	struct stat64 st;
267 	int ret;
268 
269 	/*
270 	 * Try to get the path information first.
271 	 */
272 	(void) snprintf(exec_name, sizeof (exec_name),
273 	    "%s/%d/path/a.out", procfs_path, (int)P->pid);
274 	if ((ret = readlink(exec_name, buf, buflen - 1)) > 0) {
275 		buf[ret] = '\0';
276 		(void) Pfindobj(P, buf, buf, buflen);
277 		return (buf);
278 	}
279 
280 	/*
281 	 * Stat the executable file so we can compare Pfindexec's
282 	 * suggestions to the actual device and inode number.
283 	 */
284 	(void) snprintf(exec_name, sizeof (exec_name),
285 	    "%s/%d/object/a.out", procfs_path, (int)P->pid);
286 
287 	if (stat64(exec_name, &st) != 0 || !S_ISREG(st.st_mode))
288 		return (NULL);
289 
290 	/*
291 	 * Attempt to figure out the current working directory of the
292 	 * target process.  This only works if the target process has
293 	 * not changed its current directory since it was exec'd.
294 	 */
295 	(void) snprintf(proc_cwd, sizeof (proc_cwd),
296 	    "%s/%d/path/cwd", procfs_path, (int)P->pid);
297 
298 	if ((ret = readlink(proc_cwd, cwd, PATH_MAX - 1)) > 0)
299 		cwd[ret] = '\0';
300 
301 	(void) Pfindexec(P, ret > 0 ? cwd : NULL, stat_exec, &st);
302 
303 	return (NULL);
304 }
305 
306 #if defined(__i386) || defined(__amd64)
307 /*ARGSUSED*/
308 static int
309 Pldt_live(struct ps_prochandle *P, struct ssd *pldt, int nldt, void *data)
310 {
311 	return (proc_get_ldt(P->pid, pldt, nldt));
312 }
313 #endif
314 
315 static const ps_ops_t P_live_ops = {
316 	.pop_pread	= Pread_live,
317 	.pop_pwrite	= Pwrite_live,
318 	.pop_read_maps	= Pread_maps_live,
319 	.pop_read_aux	= Pread_aux_live,
320 	.pop_cred	= Pcred_live,
321 	.pop_priv	= Ppriv_live,
322 	.pop_psinfo	= Ppsinfo_live,
323 	.pop_lstatus	= Plstatus_live,
324 	.pop_lpsinfo	= Plpsinfo_live,
325 	.pop_platform	= Pplatform_live,
326 	.pop_uname	= Puname_live,
327 	.pop_zonename	= Pzonename_live,
328 	.pop_execname	= Pexecname_live,
329 #if defined(__i386) || defined(__amd64)
330 	.pop_ldt	= Pldt_live
331 #endif
332 };
333 
334 /*
335  * This is the library's .init handler.
336  */
337 #pragma init(_libproc_init)
338 void
339 _libproc_init(void)
340 {
341 	_libproc_debug = getenv("LIBPROC_DEBUG") != NULL;
342 	_libproc_no_qsort = getenv("LIBPROC_NO_QSORT") != NULL;
343 	_libproc_incore_elf = getenv("LIBPROC_INCORE_ELF") != NULL;
344 
345 	(void) sigfillset(&blockable_sigs);
346 	(void) sigdelset(&blockable_sigs, SIGKILL);
347 	(void) sigdelset(&blockable_sigs, SIGSTOP);
348 }
349 
350 void
351 Pset_procfs_path(const char *path)
352 {
353 	(void) snprintf(procfs_path, sizeof (procfs_path), "%s", path);
354 }
355 
356 /*
357  * Call set_minfd() once before calling dupfd() several times.
358  * We assume that the application will not reduce its current file
359  * descriptor limit lower than 512 once it has set at least that value.
360  */
361 int
362 set_minfd(void)
363 {
364 	static mutex_t minfd_lock = DEFAULTMUTEX;
365 	struct rlimit rlim;
366 	int fd;
367 
368 	if ((fd = minfd) < 256) {
369 		(void) mutex_lock(&minfd_lock);
370 		if ((fd = minfd) < 256) {
371 			if (getrlimit(RLIMIT_NOFILE, &rlim) != 0)
372 				rlim.rlim_cur = rlim.rlim_max = 0;
373 			if (rlim.rlim_cur >= 512)
374 				fd = 256;
375 			else if ((fd = rlim.rlim_cur / 2) < 3)
376 				fd = 3;
377 			membar_producer();
378 			minfd = fd;
379 		}
380 		(void) mutex_unlock(&minfd_lock);
381 	}
382 	return (fd);
383 }
384 
385 int
386 dupfd(int fd, int dfd)
387 {
388 	int mfd;
389 
390 	/*
391 	 * Make fd be greater than 255 (the 32-bit stdio limit),
392 	 * or at least make it greater than 2 so that the
393 	 * program will work when spawned by init(1m).
394 	 * Also, if dfd is non-zero, dup the fd to be dfd.
395 	 */
396 	if ((mfd = minfd) == 0)
397 		mfd = set_minfd();
398 	if (dfd > 0 || (0 <= fd && fd < mfd)) {
399 		if (dfd <= 0)
400 			dfd = mfd;
401 		dfd = fcntl(fd, F_DUPFD, dfd);
402 		(void) close(fd);
403 		fd = dfd;
404 	}
405 	/*
406 	 * Mark it close-on-exec so any created process doesn't inherit it.
407 	 */
408 	if (fd >= 0)
409 		(void) fcntl(fd, F_SETFD, FD_CLOEXEC);
410 	return (fd);
411 }
412 
413 /*
414  * Create a new controlled process.
415  * Leave it stopped on successful exit from exec() or execve().
416  * Return an opaque pointer to its process control structure.
417  * Return NULL if process cannot be created (fork()/exec() not successful).
418  */
419 struct ps_prochandle *
420 Pxcreate(const char *file,	/* executable file name */
421 	char *const *argv,	/* argument vector */
422 	char *const *envp,	/* environment */
423 	int *perr,	/* pointer to error return code */
424 	char *path,	/* if non-null, holds exec path name on return */
425 	size_t len)	/* size of the path buffer */
426 {
427 	char execpath[PATH_MAX];
428 	char procname[PATH_MAX];
429 	struct ps_prochandle *P;
430 	pid_t pid;
431 	int fd;
432 	char *fname;
433 	int rc;
434 	int lasterrno = 0;
435 
436 	if (len == 0)	/* zero length, no path */
437 		path = NULL;
438 	if (path != NULL)
439 		*path = '\0';
440 
441 	if ((P = malloc(sizeof (struct ps_prochandle))) == NULL) {
442 		*perr = C_STRANGE;
443 		return (NULL);
444 	}
445 
446 	if ((pid = fork1()) == -1) {
447 		free(P);
448 		*perr = C_FORK;
449 		return (NULL);
450 	}
451 
452 	if (pid == 0) {			/* child process */
453 		id_t id;
454 		extern char **environ;
455 
456 		/*
457 		 * If running setuid or setgid, reset credentials to normal.
458 		 */
459 		if ((id = getgid()) != getegid())
460 			(void) setgid(id);
461 		if ((id = getuid()) != geteuid())
462 			(void) setuid(id);
463 
464 		Pcreate_callback(P);	/* execute callback (see below) */
465 		(void) pause();		/* wait for PRSABORT from parent */
466 
467 		/*
468 		 * This is ugly.  There is no execvep() function that takes a
469 		 * path and an environment.  We cheat here by replacing the
470 		 * global 'environ' variable right before we call this.
471 		 */
472 		if (envp)
473 			environ = (char **)envp;
474 
475 		(void) execvp(file, argv);  /* execute the program */
476 		_exit(127);
477 	}
478 
479 	/*
480 	 * Initialize the process structure.
481 	 */
482 	(void) memset(P, 0, sizeof (*P));
483 	(void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
484 	P->flags |= CREATED;
485 	P->state = PS_RUN;
486 	P->pid = pid;
487 	P->asfd = -1;
488 	P->ctlfd = -1;
489 	P->statfd = -1;
490 	P->agentctlfd = -1;
491 	P->agentstatfd = -1;
492 	Pinit_ops(&P->ops, &P_live_ops);
493 	Pinitsym(P);
494 
495 	/*
496 	 * Open the /proc/pid files.
497 	 */
498 	(void) snprintf(procname, sizeof (procname), "%s/%d/",
499 	    procfs_path, (int)pid);
500 	fname = procname + strlen(procname);
501 	(void) set_minfd();
502 
503 	/*
504 	 * Exclusive write open advises others not to interfere.
505 	 * There is no reason for any of these open()s to fail.
506 	 */
507 	(void) strcpy(fname, "as");
508 	if ((fd = open(procname, (O_RDWR|O_EXCL))) < 0 ||
509 	    (fd = dupfd(fd, 0)) < 0) {
510 		dprintf("Pcreate: failed to open %s: %s\n",
511 		    procname, strerror(errno));
512 		rc = C_STRANGE;
513 		goto bad;
514 	}
515 	P->asfd = fd;
516 
517 	(void) strcpy(fname, "status");
518 	if ((fd = open(procname, O_RDONLY)) < 0 ||
519 	    (fd = dupfd(fd, 0)) < 0) {
520 		dprintf("Pcreate: failed to open %s: %s\n",
521 		    procname, strerror(errno));
522 		rc = C_STRANGE;
523 		goto bad;
524 	}
525 	P->statfd = fd;
526 
527 	(void) strcpy(fname, "ctl");
528 	if ((fd = open(procname, O_WRONLY)) < 0 ||
529 	    (fd = dupfd(fd, 0)) < 0) {
530 		dprintf("Pcreate: failed to open %s: %s\n",
531 		    procname, strerror(errno));
532 		rc = C_STRANGE;
533 		goto bad;
534 	}
535 	P->ctlfd = fd;
536 
537 	(void) Pstop(P, 0);	/* stop the controlled process */
538 
539 	/*
540 	 * Wait for process to sleep in pause().
541 	 * If the process has already called pause(), then it should be
542 	 * stopped (PR_REQUESTED) while asleep in pause and we are done.
543 	 * Else we set up to catch entry/exit to pause() and set the process
544 	 * running again, expecting it to stop when it reaches pause().
545 	 * There is no reason for this to fail other than an interrupt.
546 	 */
547 	(void) Psysentry(P, SYS_pause, 1);
548 	(void) Psysexit(P, SYS_pause, 1);
549 	for (;;) {
550 		if (P->state == PS_STOP &&
551 		    P->status.pr_lwp.pr_syscall == SYS_pause &&
552 		    (P->status.pr_lwp.pr_why == PR_REQUESTED ||
553 		    P->status.pr_lwp.pr_why == PR_SYSENTRY ||
554 		    P->status.pr_lwp.pr_why == PR_SYSEXIT))
555 			break;
556 
557 		if (P->state != PS_STOP ||	/* interrupt or process died */
558 		    Psetrun(P, 0, 0) != 0) {	/* can't restart */
559 			if (errno == EINTR || errno == ERESTART)
560 				rc = C_INTR;
561 			else {
562 				dprintf("Pcreate: Psetrun failed: %s\n",
563 				    strerror(errno));
564 				rc = C_STRANGE;
565 			}
566 			goto bad;
567 		}
568 
569 		(void) Pwait(P, 0);
570 	}
571 	(void) Psysentry(P, SYS_pause, 0);
572 	(void) Psysexit(P, SYS_pause, 0);
573 
574 	/*
575 	 * Kick the process off the pause() and catch
576 	 * it again on entry to exec() or exit().
577 	 */
578 	(void) Psysentry(P, SYS_exit, 1);
579 	(void) Psysentry(P, SYS_execve, 1);
580 	if (Psetrun(P, 0, PRSABORT) == -1) {
581 		dprintf("Pcreate: Psetrun failed: %s\n", strerror(errno));
582 		rc = C_STRANGE;
583 		goto bad;
584 	}
585 	(void) Pwait(P, 0);
586 	if (P->state != PS_STOP) {
587 		dprintf("Pcreate: Pwait failed: %s\n", strerror(errno));
588 		rc = C_STRANGE;
589 		goto bad;
590 	}
591 
592 	/*
593 	 * Move the process through instances of failed exec()s
594 	 * to reach the point of stopped on successful exec().
595 	 */
596 	(void) Psysexit(P, SYS_execve, TRUE);
597 
598 	while (P->state == PS_STOP &&
599 	    P->status.pr_lwp.pr_why == PR_SYSENTRY &&
600 	    P->status.pr_lwp.pr_what == SYS_execve) {
601 		/*
602 		 * Fetch the exec path name now, before we complete
603 		 * the exec().  We may lose the process and be unable
604 		 * to get the information later.
605 		 */
606 		(void) Pread_string(P, execpath, sizeof (execpath),
607 		    (off_t)P->status.pr_lwp.pr_sysarg[0]);
608 		if (path != NULL)
609 			(void) strncpy(path, execpath, len);
610 		/*
611 		 * Set the process running and wait for
612 		 * it to stop on exit from the exec().
613 		 */
614 		(void) Psetrun(P, 0, 0);
615 		(void) Pwait(P, 0);
616 
617 		if (P->state == PS_LOST &&		/* we lost control */
618 		    Preopen(P) != 0) {		/* and we can't get it back */
619 			rc = C_PERM;
620 			goto bad;
621 		}
622 
623 		/*
624 		 * If the exec() failed, continue the loop, expecting
625 		 * there to be more attempts to exec(), based on PATH.
626 		 */
627 		if (P->state == PS_STOP &&
628 		    P->status.pr_lwp.pr_why == PR_SYSEXIT &&
629 		    P->status.pr_lwp.pr_what == SYS_execve &&
630 		    (lasterrno = P->status.pr_lwp.pr_errno) != 0) {
631 			/*
632 			 * The exec() failed.  Set the process running and
633 			 * wait for it to stop on entry to the next exec().
634 			 */
635 			(void) Psetrun(P, 0, 0);
636 			(void) Pwait(P, 0);
637 
638 			continue;
639 		}
640 		break;
641 	}
642 
643 	if (P->state == PS_STOP &&
644 	    P->status.pr_lwp.pr_why == PR_SYSEXIT &&
645 	    P->status.pr_lwp.pr_what == SYS_execve &&
646 	    P->status.pr_lwp.pr_errno == 0) {
647 		/*
648 		 * The process is stopped on successful exec() or execve().
649 		 * Turn off all tracing flags and return success.
650 		 */
651 		restore_tracing_flags(P);
652 #ifndef _LP64
653 		/* We must be a 64-bit process to deal with a 64-bit process */
654 		if (P->status.pr_dmodel == PR_MODEL_LP64) {
655 			rc = C_LP64;
656 			goto bad;
657 		}
658 #endif
659 		/*
660 		 * Set run-on-last-close so the controlled process
661 		 * runs even if we die on a signal.
662 		 */
663 		(void) Psetflags(P, PR_RLC);
664 		*perr = 0;
665 		return (P);
666 	}
667 
668 	rc = lasterrno == ENOENT ? C_NOENT : C_NOEXEC;
669 
670 bad:
671 	(void) kill(pid, SIGKILL);
672 	if (path != NULL && rc != C_PERM && rc != C_LP64)
673 		*path = '\0';
674 	Pfree(P);
675 	*perr = rc;
676 	return (NULL);
677 }
678 
679 struct ps_prochandle *
680 Pcreate(
681 	const char *file,	/* executable file name */
682 	char *const *argv,	/* argument vector */
683 	int *perr,	/* pointer to error return code */
684 	char *path,	/* if non-null, holds exec path name on return */
685 	size_t len)	/* size of the path buffer */
686 {
687 	return (Pxcreate(file, argv, NULL, perr, path, len));
688 }
689 
690 /*
691  * Return a printable string corresponding to a Pcreate() error return.
692  */
693 const char *
694 Pcreate_error(int error)
695 {
696 	const char *str;
697 
698 	switch (error) {
699 	case C_FORK:
700 		str = "cannot fork";
701 		break;
702 	case C_PERM:
703 		str = "file is set-id or unreadable";
704 		break;
705 	case C_NOEXEC:
706 		str = "cannot execute file";
707 		break;
708 	case C_INTR:
709 		str = "operation interrupted";
710 		break;
711 	case C_LP64:
712 		str = "program is _LP64, self is not";
713 		break;
714 	case C_STRANGE:
715 		str = "unanticipated system error";
716 		break;
717 	case C_NOENT:
718 		str = "cannot find executable file";
719 		break;
720 	default:
721 		str = "unknown error";
722 		break;
723 	}
724 
725 	return (str);
726 }
727 
728 /*
729  * Callback to execute in each child process created with Pcreate() after fork
730  * but before it execs the new process image.  By default, we do nothing, but
731  * by calling this function we allow the client program to define its own
732  * version of the function which will interpose on our empty default.  This
733  * may be useful for clients that need to modify signal dispositions, terminal
734  * attributes, or process group and session properties for each new victim.
735  */
736 /*ARGSUSED*/
737 void
738 Pcreate_callback(struct ps_prochandle *P)
739 {
740 	/* nothing to do here */
741 }
742 
743 /*
744  * Grab an existing process.
745  * Return an opaque pointer to its process control structure.
746  *
747  * pid:		UNIX process ID.
748  * flags:
749  *	PGRAB_RETAIN	Retain tracing flags (default clears all tracing flags).
750  *	PGRAB_FORCE	Grab regardless of whether process is already traced.
751  *	PGRAB_RDONLY	Open the address space file O_RDONLY instead of O_RDWR,
752  *                      and do not open the process control file.
753  *	PGRAB_NOSTOP	Open the process but do not force it to stop.
754  * perr:	pointer to error return code.
755  */
756 struct ps_prochandle *
757 Pgrab(pid_t pid, int flags, int *perr)
758 {
759 	struct ps_prochandle *P;
760 	int fd, omode;
761 	char procname[PATH_MAX];
762 	char *fname;
763 	int rc = 0;
764 
765 	/*
766 	 * PGRAB_RDONLY means that we do not open the /proc/<pid>/control file,
767 	 * and so it implies RETAIN and NOSTOP since both require control.
768 	 */
769 	if (flags & PGRAB_RDONLY)
770 		flags |= PGRAB_RETAIN | PGRAB_NOSTOP;
771 
772 	if ((P = malloc(sizeof (struct ps_prochandle))) == NULL) {
773 		*perr = G_STRANGE;
774 		return (NULL);
775 	}
776 
777 	P->asfd = -1;
778 	P->ctlfd = -1;
779 	P->statfd = -1;
780 
781 again:	/* Come back here if we lose it in the Window of Vulnerability */
782 	if (P->ctlfd >= 0)
783 		(void) close(P->ctlfd);
784 	if (P->asfd >= 0)
785 		(void) close(P->asfd);
786 	if (P->statfd >= 0)
787 		(void) close(P->statfd);
788 	(void) memset(P, 0, sizeof (*P));
789 	(void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
790 	P->ctlfd = -1;
791 	P->asfd = -1;
792 	P->statfd = -1;
793 	P->agentctlfd = -1;
794 	P->agentstatfd = -1;
795 	Pinit_ops(&P->ops, &P_live_ops);
796 	Pinitsym(P);
797 
798 	/*
799 	 * Open the /proc/pid files
800 	 */
801 	(void) snprintf(procname, sizeof (procname), "%s/%d/",
802 	    procfs_path, (int)pid);
803 	fname = procname + strlen(procname);
804 	(void) set_minfd();
805 
806 	/*
807 	 * Request exclusive open to avoid grabbing someone else's
808 	 * process and to prevent others from interfering afterwards.
809 	 * If this fails and the 'PGRAB_FORCE' flag is set, attempt to
810 	 * open non-exclusively.
811 	 */
812 	(void) strcpy(fname, "as");
813 	omode = (flags & PGRAB_RDONLY) ? O_RDONLY : O_RDWR;
814 
815 	if (((fd = open(procname, omode | O_EXCL)) < 0 &&
816 	    (fd = ((flags & PGRAB_FORCE)? open(procname, omode) : -1)) < 0) ||
817 	    (fd = dupfd(fd, 0)) < 0) {
818 		switch (errno) {
819 		case ENOENT:
820 			rc = G_NOPROC;
821 			break;
822 		case EACCES:
823 		case EPERM:
824 			rc = G_PERM;
825 			break;
826 		case EMFILE:
827 			rc = G_NOFD;
828 			break;
829 		case EBUSY:
830 			if (!(flags & PGRAB_FORCE) || geteuid() != 0) {
831 				rc = G_BUSY;
832 				break;
833 			}
834 			/* FALLTHROUGH */
835 		default:
836 			dprintf("Pgrab: failed to open %s: %s\n",
837 			    procname, strerror(errno));
838 			rc = G_STRANGE;
839 			break;
840 		}
841 		goto err;
842 	}
843 	P->asfd = fd;
844 
845 	(void) strcpy(fname, "status");
846 	if ((fd = open(procname, O_RDONLY)) < 0 ||
847 	    (fd = dupfd(fd, 0)) < 0) {
848 		switch (errno) {
849 		case ENOENT:
850 			rc = G_NOPROC;
851 			break;
852 		case EMFILE:
853 			rc = G_NOFD;
854 			break;
855 		default:
856 			dprintf("Pgrab: failed to open %s: %s\n",
857 			    procname, strerror(errno));
858 			rc = G_STRANGE;
859 			break;
860 		}
861 		goto err;
862 	}
863 	P->statfd = fd;
864 
865 	if (!(flags & PGRAB_RDONLY)) {
866 		(void) strcpy(fname, "ctl");
867 		if ((fd = open(procname, O_WRONLY)) < 0 ||
868 		    (fd = dupfd(fd, 0)) < 0) {
869 			switch (errno) {
870 			case ENOENT:
871 				rc = G_NOPROC;
872 				break;
873 			case EMFILE:
874 				rc = G_NOFD;
875 				break;
876 			default:
877 				dprintf("Pgrab: failed to open %s: %s\n",
878 				    procname, strerror(errno));
879 				rc = G_STRANGE;
880 				break;
881 			}
882 			goto err;
883 		}
884 		P->ctlfd = fd;
885 	}
886 
887 	P->state = PS_RUN;
888 	P->pid = pid;
889 
890 	/*
891 	 * We are now in the Window of Vulnerability (WoV).  The process may
892 	 * exec() a setuid/setgid or unreadable object file between the open()
893 	 * and the PCSTOP.  We will get EAGAIN in this case and must start over.
894 	 * As Pstopstatus will trigger the first read() from a /proc file,
895 	 * we also need to handle EOVERFLOW here when 32-bit as an indicator
896 	 * that this process is 64-bit.  Finally, if the process has become
897 	 * a zombie (PS_UNDEAD) while we were trying to grab it, just remain
898 	 * silent about this and pretend there was no process.
899 	 */
900 	if (Pstopstatus(P, PCNULL, 0) != 0) {
901 #ifndef _LP64
902 		if (errno == EOVERFLOW) {
903 			rc = G_LP64;
904 			goto err;
905 		}
906 #endif
907 		if (P->state == PS_LOST) {	/* WoV */
908 			(void) mutex_destroy(&P->proc_lock);
909 			goto again;
910 		}
911 
912 		if (P->state == PS_UNDEAD)
913 			rc = G_NOPROC;
914 		else
915 			rc = G_STRANGE;
916 
917 		goto err;
918 	}
919 
920 	/*
921 	 * If the process is a system process, we can't control it even as root
922 	 */
923 	if (P->status.pr_flags & PR_ISSYS) {
924 		rc = G_SYS;
925 		goto err;
926 	}
927 #ifndef _LP64
928 	/*
929 	 * We must be a 64-bit process to deal with a 64-bit process
930 	 */
931 	if (P->status.pr_dmodel == PR_MODEL_LP64) {
932 		rc = G_LP64;
933 		goto err;
934 	}
935 #endif
936 
937 	/*
938 	 * Remember the status for use by Prelease().
939 	 */
940 	P->orig_status = P->status;	/* structure copy */
941 
942 	/*
943 	 * Before stopping the process, make sure we are not grabbing ourselves.
944 	 * If we are, make sure we are doing it PGRAB_RDONLY.
945 	 */
946 	if (pid == getpid()) {
947 		/*
948 		 * Verify that the process is really ourself:
949 		 * Set a magic number, read it through the
950 		 * /proc file and see if the results match.
951 		 */
952 		uint32_t magic1 = 0;
953 		uint32_t magic2 = 2;
954 
955 		errno = 0;
956 
957 		if (Pread(P, &magic2, sizeof (magic2), (uintptr_t)&magic1)
958 		    == sizeof (magic2) &&
959 		    magic2 == 0 &&
960 		    (magic1 = 0xfeedbeef) &&
961 		    Pread(P, &magic2, sizeof (magic2), (uintptr_t)&magic1)
962 		    == sizeof (magic2) &&
963 		    magic2 == 0xfeedbeef &&
964 		    !(flags & PGRAB_RDONLY)) {
965 			rc = G_SELF;
966 			goto err;
967 		}
968 	}
969 
970 	/*
971 	 * If the process is already stopped or has been directed
972 	 * to stop via /proc, do not set run-on-last-close.
973 	 */
974 	if (!(P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) &&
975 	    !(flags & PGRAB_RDONLY)) {
976 		/*
977 		 * Mark the process run-on-last-close so
978 		 * it runs even if we die from SIGKILL.
979 		 */
980 		if (Psetflags(P, PR_RLC) != 0) {
981 			if (errno == EAGAIN) {	/* WoV */
982 				(void) mutex_destroy(&P->proc_lock);
983 				goto again;
984 			}
985 			if (errno == ENOENT)	/* No complaint about zombies */
986 				rc = G_ZOMB;
987 			else {
988 				dprintf("Pgrab: failed to set RLC\n");
989 				rc = G_STRANGE;
990 			}
991 			goto err;
992 		}
993 	}
994 
995 	/*
996 	 * If a stop directive is pending and the process has not yet stopped,
997 	 * then synchronously wait for the stop directive to take effect.
998 	 * Limit the time spent waiting for the process to stop by iterating
999 	 * at most 10 times. The time-out of 20 ms corresponds to the time
1000 	 * between sending the stop directive and the process actually stopped
1001 	 * as measured by DTrace on a slow, busy system. If the process doesn't
1002 	 * stop voluntarily, clear the PR_DSTOP flag so that the code below
1003 	 * forces the process to stop.
1004 	 */
1005 	if (!(flags & PGRAB_RDONLY)) {
1006 		int niter = 0;
1007 		while ((P->status.pr_lwp.pr_flags & (PR_STOPPED|PR_DSTOP)) ==
1008 		    PR_DSTOP && niter < 10 &&
1009 		    Pstopstatus(P, PCTWSTOP, 20) != 0) {
1010 			niter++;
1011 			if (flags & PGRAB_NOSTOP)
1012 				break;
1013 		}
1014 		if (niter == 10 && !(flags & PGRAB_NOSTOP)) {
1015 			/* Try it harder down below */
1016 			P->status.pr_lwp.pr_flags &= ~PR_DSTOP;
1017 		}
1018 	}
1019 
1020 	/*
1021 	 * If the process is not already stopped or directed to stop
1022 	 * and PGRAB_NOSTOP was not specified, stop the process now.
1023 	 */
1024 	if (!(P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) &&
1025 	    !(flags & PGRAB_NOSTOP)) {
1026 		/*
1027 		 * Stop the process, get its status and signal/syscall masks.
1028 		 */
1029 		if (((P->status.pr_lwp.pr_flags & PR_STOPPED) &&
1030 		    Pstopstatus(P, PCDSTOP, 0) != 0) ||
1031 		    Pstopstatus(P, PCSTOP, 2000) != 0) {
1032 #ifndef _LP64
1033 			if (errno == EOVERFLOW) {
1034 				rc = G_LP64;
1035 				goto err;
1036 			}
1037 #endif
1038 			if (P->state == PS_LOST) {	/* WoV */
1039 				(void) mutex_destroy(&P->proc_lock);
1040 				goto again;
1041 			}
1042 			if ((errno != EINTR && errno != ERESTART) ||
1043 			    (P->state != PS_STOP &&
1044 			    !(P->status.pr_flags & PR_DSTOP))) {
1045 				if (P->state != PS_RUN && errno != ENOENT) {
1046 					dprintf("Pgrab: failed to PCSTOP\n");
1047 					rc = G_STRANGE;
1048 				} else {
1049 					rc = G_ZOMB;
1050 				}
1051 				goto err;
1052 			}
1053 		}
1054 
1055 		/*
1056 		 * Process should now either be stopped via /proc or there
1057 		 * should be an outstanding stop directive.
1058 		 */
1059 		if (!(P->status.pr_flags & (PR_ISTOP|PR_DSTOP))) {
1060 			dprintf("Pgrab: process is not stopped\n");
1061 			rc = G_STRANGE;
1062 			goto err;
1063 		}
1064 #ifndef _LP64
1065 		/*
1066 		 * Test this again now because the 32-bit victim process may
1067 		 * have exec'd a 64-bit process in the meantime.
1068 		 */
1069 		if (P->status.pr_dmodel == PR_MODEL_LP64) {
1070 			rc = G_LP64;
1071 			goto err;
1072 		}
1073 #endif
1074 	}
1075 
1076 	/*
1077 	 * Cancel all tracing flags unless the PGRAB_RETAIN flag is set.
1078 	 */
1079 	if (!(flags & PGRAB_RETAIN)) {
1080 		(void) Psysentry(P, 0, FALSE);
1081 		(void) Psysexit(P, 0, FALSE);
1082 		(void) Psignal(P, 0, FALSE);
1083 		(void) Pfault(P, 0, FALSE);
1084 		Psync(P);
1085 	}
1086 
1087 	*perr = 0;
1088 	return (P);
1089 
1090 err:
1091 	Pfree(P);
1092 	*perr = rc;
1093 	return (NULL);
1094 }
1095 
1096 /*
1097  * Return a printable string corresponding to a Pgrab() error return.
1098  */
1099 const char *
1100 Pgrab_error(int error)
1101 {
1102 	const char *str;
1103 
1104 	switch (error) {
1105 	case G_NOPROC:
1106 		str = "no such process";
1107 		break;
1108 	case G_NOCORE:
1109 		str = "no such core file";
1110 		break;
1111 	case G_NOPROCORCORE:
1112 		str = "no such process or core file";
1113 		break;
1114 	case G_NOEXEC:
1115 		str = "cannot find executable file";
1116 		break;
1117 	case G_ZOMB:
1118 		str = "zombie process";
1119 		break;
1120 	case G_PERM:
1121 		str = "permission denied";
1122 		break;
1123 	case G_BUSY:
1124 		str = "process is traced";
1125 		break;
1126 	case G_SYS:
1127 		str = "system process";
1128 		break;
1129 	case G_SELF:
1130 		str = "attempt to grab self";
1131 		break;
1132 	case G_INTR:
1133 		str = "operation interrupted";
1134 		break;
1135 	case G_LP64:
1136 		str = "program is _LP64, self is not";
1137 		break;
1138 	case G_FORMAT:
1139 		str = "file is not an ELF core file";
1140 		break;
1141 	case G_ELF:
1142 		str = "libelf error";
1143 		break;
1144 	case G_NOTE:
1145 		str = "core file is corrupt or missing required data";
1146 		break;
1147 	case G_STRANGE:
1148 		str = "unanticipated system error";
1149 		break;
1150 	case G_ISAINVAL:
1151 		str = "wrong ELF machine type";
1152 		break;
1153 	case G_BADLWPS:
1154 		str = "bad lwp specification";
1155 		break;
1156 	case G_NOFD:
1157 		str = "too many open files";
1158 		break;
1159 	default:
1160 		str = "unknown error";
1161 		break;
1162 	}
1163 
1164 	return (str);
1165 }
1166 
1167 /*
1168  * Free a process control structure.
1169  * Close the file descriptors but don't do the Prelease logic.
1170  */
1171 void
1172 Pfree(struct ps_prochandle *P)
1173 {
1174 	uint_t i;
1175 
1176 	if (P->ucaddrs != NULL) {
1177 		free(P->ucaddrs);
1178 		P->ucaddrs = NULL;
1179 		P->ucnelems = 0;
1180 	}
1181 
1182 	(void) mutex_lock(&P->proc_lock);
1183 	if (P->hashtab != NULL) {
1184 		struct ps_lwphandle *L;
1185 		for (i = 0; i < HASHSIZE; i++) {
1186 			while ((L = P->hashtab[i]) != NULL)
1187 				Lfree_internal(P, L);
1188 		}
1189 		free(P->hashtab);
1190 	}
1191 
1192 	while (P->num_fd > 0) {
1193 		fd_info_t *fip = list_next(&P->fd_head);
1194 		list_unlink(fip);
1195 		free(fip);
1196 		P->num_fd--;
1197 	}
1198 	(void) mutex_unlock(&P->proc_lock);
1199 	(void) mutex_destroy(&P->proc_lock);
1200 
1201 	if (P->agentctlfd >= 0)
1202 		(void) close(P->agentctlfd);
1203 	if (P->agentstatfd >= 0)
1204 		(void) close(P->agentstatfd);
1205 	if (P->ctlfd >= 0)
1206 		(void) close(P->ctlfd);
1207 	if (P->asfd >= 0)
1208 		(void) close(P->asfd);
1209 	if (P->statfd >= 0)
1210 		(void) close(P->statfd);
1211 	Preset_maps(P);
1212 	P->ops.pop_fini(P, P->data);
1213 
1214 	/* clear out the structure as a precaution against reuse */
1215 	(void) memset(P, 0, sizeof (*P));
1216 	P->ctlfd = -1;
1217 	P->asfd = -1;
1218 	P->statfd = -1;
1219 	P->agentctlfd = -1;
1220 	P->agentstatfd = -1;
1221 
1222 	free(P);
1223 }
1224 
1225 /*
1226  * Return the state of the process, one of the PS_* values.
1227  */
1228 int
1229 Pstate(struct ps_prochandle *P)
1230 {
1231 	return (P->state);
1232 }
1233 
1234 /*
1235  * Return the open address space file descriptor for the process.
1236  * Clients must not close this file descriptor, not use it
1237  * after the process is freed.
1238  */
1239 int
1240 Pasfd(struct ps_prochandle *P)
1241 {
1242 	return (P->asfd);
1243 }
1244 
1245 /*
1246  * Return the open control file descriptor for the process.
1247  * Clients must not close this file descriptor, not use it
1248  * after the process is freed.
1249  */
1250 int
1251 Pctlfd(struct ps_prochandle *P)
1252 {
1253 	return (P->ctlfd);
1254 }
1255 
1256 /*
1257  * Return a pointer to the process psinfo structure.
1258  * Clients should not hold on to this pointer indefinitely.
1259  * It will become invalid on Prelease().
1260  */
1261 const psinfo_t *
1262 Ppsinfo(struct ps_prochandle *P)
1263 {
1264 	return (P->ops.pop_psinfo(P, &P->psinfo, P->data));
1265 }
1266 
1267 /*
1268  * Return a pointer to the process status structure.
1269  * Clients should not hold on to this pointer indefinitely.
1270  * It will become invalid on Prelease().
1271  */
1272 const pstatus_t *
1273 Pstatus(struct ps_prochandle *P)
1274 {
1275 	return (&P->status);
1276 }
1277 
1278 static void
1279 Pread_status(struct ps_prochandle *P)
1280 {
1281 	P->ops.pop_status(P, &P->status, P->data);
1282 }
1283 
1284 /*
1285  * Fill in a pointer to a process credentials structure.  The ngroups parameter
1286  * is the number of supplementary group entries allocated in the caller's cred
1287  * structure.  It should equal zero or one unless extra space has been
1288  * allocated for the group list by the caller.
1289  */
1290 int
1291 Pcred(struct ps_prochandle *P, prcred_t *pcrp, int ngroups)
1292 {
1293 	return (P->ops.pop_cred(P, pcrp, ngroups, P->data));
1294 }
1295 
1296 static prheader_t *
1297 Plstatus(struct ps_prochandle *P)
1298 {
1299 	return (P->ops.pop_lstatus(P, P->data));
1300 }
1301 
1302 static prheader_t *
1303 Plpsinfo(struct ps_prochandle *P)
1304 {
1305 	return (P->ops.pop_lpsinfo(P, P->data));
1306 }
1307 
1308 
1309 #if defined(__i386) || defined(__amd64)
1310 /*
1311  * Fill in a pointer to a process LDT structure.
1312  * The caller provides a buffer of size 'nldt * sizeof (struct ssd)';
1313  * If pldt == NULL or nldt == 0, we return the number of existing LDT entries.
1314  * Otherwise we return the actual number of LDT entries fetched (<= nldt).
1315  */
1316 int
1317 Pldt(struct ps_prochandle *P, struct ssd *pldt, int nldt)
1318 {
1319 	return (P->ops.pop_ldt(P, pldt, nldt, P->data));
1320 
1321 }
1322 #endif	/* __i386 */
1323 
1324 /* ARGSUSED */
1325 void
1326 Ppriv_free(struct ps_prochandle *P, prpriv_t *prv)
1327 {
1328 	free(prv);
1329 }
1330 
1331 /*
1332  * Return a malloced process privilege structure in *pprv.
1333  */
1334 int
1335 Ppriv(struct ps_prochandle *P, prpriv_t **pprv)
1336 {
1337 	return (P->ops.pop_priv(P, pprv, P->data));
1338 }
1339 
1340 int
1341 Psetpriv(struct ps_prochandle *P, prpriv_t *pprv)
1342 {
1343 	int rc;
1344 	long *ctl;
1345 	size_t sz;
1346 
1347 	if (P->state == PS_DEAD) {
1348 		errno = EBADF;
1349 		return (-1);
1350 	}
1351 
1352 	sz = PRIV_PRPRIV_SIZE(pprv) + sizeof (long);
1353 
1354 	sz = ((sz - 1) / sizeof (long) + 1) * sizeof (long);
1355 
1356 	ctl = malloc(sz);
1357 	if (ctl == NULL)
1358 		return (-1);
1359 
1360 	ctl[0] = PCSPRIV;
1361 
1362 	(void) memcpy(&ctl[1], pprv, PRIV_PRPRIV_SIZE(pprv));
1363 
1364 	if (write(P->ctlfd, ctl, sz) != sz)
1365 		rc = -1;
1366 	else
1367 		rc = 0;
1368 
1369 	free(ctl);
1370 
1371 	return (rc);
1372 }
1373 
1374 void *
1375 Pprivinfo(struct ps_prochandle *P)
1376 {
1377 	core_info_t *core = P->data;
1378 
1379 	/* Use default from libc */
1380 	if (P->state != PS_DEAD)
1381 		return (NULL);
1382 
1383 	return (core->core_privinfo);
1384 }
1385 
1386 /*
1387  * Ensure that all cached state is written to the process.
1388  * The cached state is the LWP's signal mask and registers
1389  * and the process's tracing flags.
1390  */
1391 void
1392 Psync(struct ps_prochandle *P)
1393 {
1394 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
1395 	long cmd[6];
1396 	iovec_t iov[12];
1397 	int n = 0;
1398 
1399 	if (P->flags & SETHOLD) {
1400 		cmd[0] = PCSHOLD;
1401 		iov[n].iov_base = (caddr_t)&cmd[0];
1402 		iov[n++].iov_len = sizeof (long);
1403 		iov[n].iov_base = (caddr_t)&P->status.pr_lwp.pr_lwphold;
1404 		iov[n++].iov_len = sizeof (P->status.pr_lwp.pr_lwphold);
1405 	}
1406 	if (P->flags & SETREGS) {
1407 		cmd[1] = PCSREG;
1408 #ifdef __i386
1409 		/* XX64 we should probably restore REG_GS after this */
1410 		if (ctlfd == P->agentctlfd)
1411 			P->status.pr_lwp.pr_reg[GS] = 0;
1412 #elif defined(__amd64)
1413 		/* XX64 */
1414 #endif
1415 		iov[n].iov_base = (caddr_t)&cmd[1];
1416 		iov[n++].iov_len = sizeof (long);
1417 		iov[n].iov_base = (caddr_t)&P->status.pr_lwp.pr_reg[0];
1418 		iov[n++].iov_len = sizeof (P->status.pr_lwp.pr_reg);
1419 	}
1420 	if (P->flags & SETSIG) {
1421 		cmd[2] = PCSTRACE;
1422 		iov[n].iov_base = (caddr_t)&cmd[2];
1423 		iov[n++].iov_len = sizeof (long);
1424 		iov[n].iov_base = (caddr_t)&P->status.pr_sigtrace;
1425 		iov[n++].iov_len = sizeof (P->status.pr_sigtrace);
1426 	}
1427 	if (P->flags & SETFAULT) {
1428 		cmd[3] = PCSFAULT;
1429 		iov[n].iov_base = (caddr_t)&cmd[3];
1430 		iov[n++].iov_len = sizeof (long);
1431 		iov[n].iov_base = (caddr_t)&P->status.pr_flttrace;
1432 		iov[n++].iov_len = sizeof (P->status.pr_flttrace);
1433 	}
1434 	if (P->flags & SETENTRY) {
1435 		cmd[4] = PCSENTRY;
1436 		iov[n].iov_base = (caddr_t)&cmd[4];
1437 		iov[n++].iov_len = sizeof (long);
1438 		iov[n].iov_base = (caddr_t)&P->status.pr_sysentry;
1439 		iov[n++].iov_len = sizeof (P->status.pr_sysentry);
1440 	}
1441 	if (P->flags & SETEXIT) {
1442 		cmd[5] = PCSEXIT;
1443 		iov[n].iov_base = (caddr_t)&cmd[5];
1444 		iov[n++].iov_len = sizeof (long);
1445 		iov[n].iov_base = (caddr_t)&P->status.pr_sysexit;
1446 		iov[n++].iov_len = sizeof (P->status.pr_sysexit);
1447 	}
1448 
1449 	if (n == 0 || writev(ctlfd, iov, n) < 0)
1450 		return;		/* nothing to do or write failed */
1451 
1452 	P->flags &= ~(SETSIG|SETFAULT|SETENTRY|SETEXIT|SETHOLD|SETREGS);
1453 }
1454 
1455 /*
1456  * Reopen the /proc file (after PS_LOST).
1457  */
1458 int
1459 Preopen(struct ps_prochandle *P)
1460 {
1461 	int fd;
1462 	char procname[PATH_MAX];
1463 	char *fname;
1464 
1465 	if (P->state == PS_DEAD || P->state == PS_IDLE)
1466 		return (0);
1467 
1468 	if (P->agentcnt > 0) {
1469 		P->agentcnt = 1;
1470 		Pdestroy_agent(P);
1471 	}
1472 
1473 	(void) snprintf(procname, sizeof (procname), "%s/%d/",
1474 	    procfs_path, (int)P->pid);
1475 	fname = procname + strlen(procname);
1476 
1477 	(void) strcpy(fname, "as");
1478 	if ((fd = open(procname, O_RDWR)) < 0 ||
1479 	    close(P->asfd) < 0 ||
1480 	    (fd = dupfd(fd, P->asfd)) != P->asfd) {
1481 		dprintf("Preopen: failed to open %s: %s\n",
1482 		    procname, strerror(errno));
1483 		if (fd >= 0)
1484 			(void) close(fd);
1485 		return (-1);
1486 	}
1487 	P->asfd = fd;
1488 
1489 	(void) strcpy(fname, "status");
1490 	if ((fd = open(procname, O_RDONLY)) < 0 ||
1491 	    close(P->statfd) < 0 ||
1492 	    (fd = dupfd(fd, P->statfd)) != P->statfd) {
1493 		dprintf("Preopen: failed to open %s: %s\n",
1494 		    procname, strerror(errno));
1495 		if (fd >= 0)
1496 			(void) close(fd);
1497 		return (-1);
1498 	}
1499 	P->statfd = fd;
1500 
1501 	(void) strcpy(fname, "ctl");
1502 	if ((fd = open(procname, O_WRONLY)) < 0 ||
1503 	    close(P->ctlfd) < 0 ||
1504 	    (fd = dupfd(fd, P->ctlfd)) != P->ctlfd) {
1505 		dprintf("Preopen: failed to open %s: %s\n",
1506 		    procname, strerror(errno));
1507 		if (fd >= 0)
1508 			(void) close(fd);
1509 		return (-1);
1510 	}
1511 	P->ctlfd = fd;
1512 
1513 	/*
1514 	 * Set the state to PS_RUN and wait for the process to stop so that
1515 	 * we re-read the status from the new P->statfd.  If this fails, Pwait
1516 	 * will reset the state to PS_LOST and we fail the reopen.  Before
1517 	 * returning, we also forge a bit of P->status to allow the debugger to
1518 	 * see that we are PS_LOST following a successful exec.
1519 	 */
1520 	P->state = PS_RUN;
1521 	if (Pwait(P, 0) == -1) {
1522 #ifdef _ILP32
1523 		if (errno == EOVERFLOW)
1524 			P->status.pr_dmodel = PR_MODEL_LP64;
1525 #endif
1526 		P->status.pr_lwp.pr_why = PR_SYSEXIT;
1527 		P->status.pr_lwp.pr_what = SYS_execve;
1528 		P->status.pr_lwp.pr_errno = 0;
1529 		return (-1);
1530 	}
1531 
1532 	/*
1533 	 * The process should be stopped on exec (REQUESTED)
1534 	 * or else should be stopped on exit from exec() (SYSEXIT)
1535 	 */
1536 	if (P->state == PS_STOP &&
1537 	    (P->status.pr_lwp.pr_why == PR_REQUESTED ||
1538 	    (P->status.pr_lwp.pr_why == PR_SYSEXIT &&
1539 	    P->status.pr_lwp.pr_what == SYS_execve))) {
1540 		/* fake up stop-on-exit-from-execve */
1541 		if (P->status.pr_lwp.pr_why == PR_REQUESTED) {
1542 			P->status.pr_lwp.pr_why = PR_SYSEXIT;
1543 			P->status.pr_lwp.pr_what = SYS_execve;
1544 			P->status.pr_lwp.pr_errno = 0;
1545 		}
1546 	} else {
1547 		dprintf("Preopen: expected REQUESTED or "
1548 		    "SYSEXIT(SYS_execve) stop\n");
1549 	}
1550 
1551 	return (0);
1552 }
1553 
1554 /*
1555  * Define all settable flags other than the microstate accounting flags.
1556  */
1557 #define	ALL_SETTABLE_FLAGS (PR_FORK|PR_RLC|PR_KLC|PR_ASYNC|PR_BPTADJ|PR_PTRACE)
1558 
1559 /*
1560  * Restore /proc tracing flags to their original values
1561  * in preparation for releasing the process.
1562  * Also called by Pcreate() to clear all tracing flags.
1563  */
1564 static void
1565 restore_tracing_flags(struct ps_prochandle *P)
1566 {
1567 	long flags;
1568 	long cmd[4];
1569 	iovec_t iov[8];
1570 
1571 	if (P->flags & CREATED) {
1572 		/* we created this process; clear all tracing flags */
1573 		premptyset(&P->status.pr_sigtrace);
1574 		premptyset(&P->status.pr_flttrace);
1575 		premptyset(&P->status.pr_sysentry);
1576 		premptyset(&P->status.pr_sysexit);
1577 		if ((P->status.pr_flags & ALL_SETTABLE_FLAGS) != 0)
1578 			(void) Punsetflags(P, ALL_SETTABLE_FLAGS);
1579 	} else {
1580 		/* we grabbed the process; restore its tracing flags */
1581 		P->status.pr_sigtrace = P->orig_status.pr_sigtrace;
1582 		P->status.pr_flttrace = P->orig_status.pr_flttrace;
1583 		P->status.pr_sysentry = P->orig_status.pr_sysentry;
1584 		P->status.pr_sysexit  = P->orig_status.pr_sysexit;
1585 		if ((P->status.pr_flags & ALL_SETTABLE_FLAGS) !=
1586 		    (flags = (P->orig_status.pr_flags & ALL_SETTABLE_FLAGS))) {
1587 			(void) Punsetflags(P, ALL_SETTABLE_FLAGS);
1588 			if (flags)
1589 				(void) Psetflags(P, flags);
1590 		}
1591 	}
1592 
1593 	cmd[0] = PCSTRACE;
1594 	iov[0].iov_base = (caddr_t)&cmd[0];
1595 	iov[0].iov_len = sizeof (long);
1596 	iov[1].iov_base = (caddr_t)&P->status.pr_sigtrace;
1597 	iov[1].iov_len = sizeof (P->status.pr_sigtrace);
1598 
1599 	cmd[1] = PCSFAULT;
1600 	iov[2].iov_base = (caddr_t)&cmd[1];
1601 	iov[2].iov_len = sizeof (long);
1602 	iov[3].iov_base = (caddr_t)&P->status.pr_flttrace;
1603 	iov[3].iov_len = sizeof (P->status.pr_flttrace);
1604 
1605 	cmd[2] = PCSENTRY;
1606 	iov[4].iov_base = (caddr_t)&cmd[2];
1607 	iov[4].iov_len = sizeof (long);
1608 	iov[5].iov_base = (caddr_t)&P->status.pr_sysentry;
1609 	iov[5].iov_len = sizeof (P->status.pr_sysentry);
1610 
1611 	cmd[3] = PCSEXIT;
1612 	iov[6].iov_base = (caddr_t)&cmd[3];
1613 	iov[6].iov_len = sizeof (long);
1614 	iov[7].iov_base = (caddr_t)&P->status.pr_sysexit;
1615 	iov[7].iov_len = sizeof (P->status.pr_sysexit);
1616 
1617 	(void) writev(P->ctlfd, iov, 8);
1618 
1619 	P->flags &= ~(SETSIG|SETFAULT|SETENTRY|SETEXIT);
1620 }
1621 
1622 /*
1623  * Release the process.  Frees the process control structure.
1624  * flags:
1625  *	PRELEASE_CLEAR	Clear all tracing flags.
1626  *	PRELEASE_RETAIN	Retain current tracing flags.
1627  *	PRELEASE_HANG	Leave the process stopped and abandoned.
1628  *	PRELEASE_KILL	Terminate the process with SIGKILL.
1629  */
1630 void
1631 Prelease(struct ps_prochandle *P, int flags)
1632 {
1633 	if (P->state == PS_DEAD) {
1634 		dprintf("Prelease: releasing handle %p PS_DEAD of pid %d\n",
1635 		    (void *)P, (int)P->pid);
1636 		Pfree(P);
1637 		return;
1638 	}
1639 
1640 	if (P->state == PS_IDLE) {
1641 		file_info_t *fptr = list_next(&P->file_head);
1642 		dprintf("Prelease: releasing handle %p PS_IDLE of file %s\n",
1643 		    (void *)P, fptr->file_pname);
1644 		Pfree(P);
1645 		return;
1646 	}
1647 
1648 	dprintf("Prelease: releasing handle %p pid %d\n",
1649 	    (void *)P, (int)P->pid);
1650 
1651 	if (P->ctlfd == -1) {
1652 		Pfree(P);
1653 		return;
1654 	}
1655 
1656 	if (P->agentcnt > 0) {
1657 		P->agentcnt = 1;
1658 		Pdestroy_agent(P);
1659 	}
1660 
1661 	/*
1662 	 * Attempt to stop the process.
1663 	 */
1664 	P->state = PS_RUN;
1665 	(void) Pstop(P, 1000);
1666 
1667 	if (flags & PRELEASE_KILL) {
1668 		if (P->state == PS_STOP)
1669 			(void) Psetrun(P, SIGKILL, 0);
1670 		(void) kill(P->pid, SIGKILL);
1671 		Pfree(P);
1672 		return;
1673 	}
1674 
1675 	/*
1676 	 * If we lost control, all we can do now is close the files.
1677 	 * In this case, the last close sets the process running.
1678 	 */
1679 	if (P->state != PS_STOP &&
1680 	    (P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) == 0) {
1681 		Pfree(P);
1682 		return;
1683 	}
1684 
1685 	/*
1686 	 * We didn't lose control; we do more.
1687 	 */
1688 	Psync(P);
1689 
1690 	if (flags & PRELEASE_CLEAR)
1691 		P->flags |= CREATED;
1692 
1693 	if (!(flags & PRELEASE_RETAIN))
1694 		restore_tracing_flags(P);
1695 
1696 	if (flags & PRELEASE_HANG) {
1697 		/* Leave the process stopped and abandoned */
1698 		(void) Punsetflags(P, PR_RLC|PR_KLC);
1699 		Pfree(P);
1700 		return;
1701 	}
1702 
1703 	/*
1704 	 * Set the process running if we created it or if it was
1705 	 * not originally stopped or directed to stop via /proc
1706 	 * or if we were given the PRELEASE_CLEAR flag.
1707 	 */
1708 	if ((P->flags & CREATED) ||
1709 	    (P->orig_status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) == 0) {
1710 		(void) Psetflags(P, PR_RLC);
1711 		/*
1712 		 * We do this repeatedly because the process may have
1713 		 * more than one LWP stopped on an event of interest.
1714 		 * This makes sure all of them are set running.
1715 		 */
1716 		do {
1717 			if (Psetrun(P, 0, 0) == -1 && errno == EBUSY)
1718 				break; /* Agent LWP may be stuck */
1719 		} while (Pstopstatus(P, PCNULL, 0) == 0 &&
1720 		    P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP));
1721 
1722 		if (P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP))
1723 			dprintf("Prelease: failed to set process running\n");
1724 	}
1725 
1726 	Pfree(P);
1727 }
1728 
1729 /* debugging */
1730 void
1731 prldump(const char *caller, lwpstatus_t *lsp)
1732 {
1733 	char name[32];
1734 	uint32_t bits;
1735 
1736 	switch (lsp->pr_why) {
1737 	case PR_REQUESTED:
1738 		dprintf("%s: REQUESTED\n", caller);
1739 		break;
1740 	case PR_SIGNALLED:
1741 		dprintf("%s: SIGNALLED %s\n", caller,
1742 		    proc_signame(lsp->pr_what, name, sizeof (name)));
1743 		break;
1744 	case PR_FAULTED:
1745 		dprintf("%s: FAULTED %s\n", caller,
1746 		    proc_fltname(lsp->pr_what, name, sizeof (name)));
1747 		break;
1748 	case PR_SYSENTRY:
1749 		dprintf("%s: SYSENTRY %s\n", caller,
1750 		    proc_sysname(lsp->pr_what, name, sizeof (name)));
1751 		break;
1752 	case PR_SYSEXIT:
1753 		dprintf("%s: SYSEXIT %s\n", caller,
1754 		    proc_sysname(lsp->pr_what, name, sizeof (name)));
1755 		break;
1756 	case PR_JOBCONTROL:
1757 		dprintf("%s: JOBCONTROL %s\n", caller,
1758 		    proc_signame(lsp->pr_what, name, sizeof (name)));
1759 		break;
1760 	case PR_SUSPENDED:
1761 		dprintf("%s: SUSPENDED\n", caller);
1762 		break;
1763 	default:
1764 		dprintf("%s: Unknown\n", caller);
1765 		break;
1766 	}
1767 
1768 	if (lsp->pr_cursig)
1769 		dprintf("%s: p_cursig  = %d\n", caller, lsp->pr_cursig);
1770 
1771 	bits = *((uint32_t *)&lsp->pr_lwppend);
1772 	if (bits)
1773 		dprintf("%s: pr_lwppend = 0x%.8X\n", caller, bits);
1774 }
1775 
1776 /* debugging */
1777 static void
1778 prdump(struct ps_prochandle *P)
1779 {
1780 	uint32_t bits;
1781 
1782 	prldump("Pstopstatus", &P->status.pr_lwp);
1783 
1784 	bits = *((uint32_t *)&P->status.pr_sigpend);
1785 	if (bits)
1786 		dprintf("Pstopstatus: pr_sigpend = 0x%.8X\n", bits);
1787 }
1788 
1789 /*
1790  * Wait for the specified process to stop or terminate.
1791  * Or, just get the current status (PCNULL).
1792  * Or, direct it to stop and get the current status (PCDSTOP).
1793  * If the agent LWP exists, do these things to the agent,
1794  * else do these things to the process as a whole.
1795  */
1796 int
1797 Pstopstatus(struct ps_prochandle *P,
1798 	long request,		/* PCNULL, PCDSTOP, PCSTOP, PCWSTOP */
1799 	uint_t msec)		/* if non-zero, timeout in milliseconds */
1800 {
1801 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
1802 	long ctl[3];
1803 	ssize_t rc;
1804 	int err;
1805 	int old_state = P->state;
1806 
1807 	switch (P->state) {
1808 	case PS_RUN:
1809 		break;
1810 	case PS_STOP:
1811 		if (request != PCNULL && request != PCDSTOP)
1812 			return (0);
1813 		break;
1814 	case PS_LOST:
1815 		if (request != PCNULL) {
1816 			errno = EAGAIN;
1817 			return (-1);
1818 		}
1819 		break;
1820 	case PS_UNDEAD:
1821 	case PS_DEAD:
1822 	case PS_IDLE:
1823 		if (request != PCNULL) {
1824 			errno = ENOENT;
1825 			return (-1);
1826 		}
1827 		break;
1828 	default:	/* corrupted state */
1829 		dprintf("Pstopstatus: corrupted state: %d\n", P->state);
1830 		errno = EINVAL;
1831 		return (-1);
1832 	}
1833 
1834 	ctl[0] = PCDSTOP;
1835 	ctl[1] = PCTWSTOP;
1836 	ctl[2] = (long)msec;
1837 	rc = 0;
1838 	switch (request) {
1839 	case PCSTOP:
1840 		rc = write(ctlfd, &ctl[0], 3*sizeof (long));
1841 		break;
1842 	case PCWSTOP:
1843 		rc = write(ctlfd, &ctl[1], 2*sizeof (long));
1844 		break;
1845 	case PCDSTOP:
1846 		rc = write(ctlfd, &ctl[0], 1*sizeof (long));
1847 		break;
1848 	case PCNULL:
1849 		if (P->state == PS_DEAD || P->state == PS_IDLE)
1850 			return (0);
1851 		break;
1852 	default:	/* programming error */
1853 		errno = EINVAL;
1854 		return (-1);
1855 	}
1856 	err = (rc < 0)? errno : 0;
1857 	Psync(P);
1858 
1859 	if (P->agentstatfd < 0) {
1860 		if (pread(P->statfd, &P->status,
1861 		    sizeof (P->status), (off_t)0) < 0)
1862 			err = errno;
1863 	} else {
1864 		if (pread(P->agentstatfd, &P->status.pr_lwp,
1865 		    sizeof (P->status.pr_lwp), (off_t)0) < 0)
1866 			err = errno;
1867 		P->status.pr_flags = P->status.pr_lwp.pr_flags;
1868 	}
1869 
1870 	if (err) {
1871 		switch (err) {
1872 		case EINTR:		/* user typed ctl-C */
1873 		case ERESTART:
1874 			dprintf("Pstopstatus: EINTR\n");
1875 			break;
1876 		case EAGAIN:		/* we lost control of the the process */
1877 		case EOVERFLOW:
1878 			dprintf("Pstopstatus: PS_LOST, errno=%d\n", err);
1879 			P->state = PS_LOST;
1880 			break;
1881 		default:		/* check for dead process */
1882 			if (_libproc_debug) {
1883 				const char *errstr;
1884 
1885 				switch (request) {
1886 				case PCNULL:
1887 					errstr = "Pstopstatus PCNULL"; break;
1888 				case PCSTOP:
1889 					errstr = "Pstopstatus PCSTOP"; break;
1890 				case PCDSTOP:
1891 					errstr = "Pstopstatus PCDSTOP"; break;
1892 				case PCWSTOP:
1893 					errstr = "Pstopstatus PCWSTOP"; break;
1894 				default:
1895 					errstr = "Pstopstatus PC???"; break;
1896 				}
1897 				dprintf("%s: %s\n", errstr, strerror(err));
1898 			}
1899 			deadcheck(P);
1900 			break;
1901 		}
1902 		if (err != EINTR && err != ERESTART) {
1903 			errno = err;
1904 			return (-1);
1905 		}
1906 	}
1907 
1908 	if (!(P->status.pr_flags & PR_STOPPED)) {
1909 		P->state = PS_RUN;
1910 		if (request == PCNULL || request == PCDSTOP || msec != 0)
1911 			return (0);
1912 		dprintf("Pstopstatus: process is not stopped\n");
1913 		errno = EPROTO;
1914 		return (-1);
1915 	}
1916 
1917 	P->state = PS_STOP;
1918 
1919 	if (_libproc_debug)	/* debugging */
1920 		prdump(P);
1921 
1922 	/*
1923 	 * If the process was already stopped coming into Pstopstatus(),
1924 	 * then don't use its PC to set P->sysaddr since it may have been
1925 	 * changed since the time the process originally stopped.
1926 	 */
1927 	if (old_state == PS_STOP)
1928 		return (0);
1929 
1930 	switch (P->status.pr_lwp.pr_why) {
1931 	case PR_SYSENTRY:
1932 	case PR_SYSEXIT:
1933 		if (Pissyscall_prev(P, P->status.pr_lwp.pr_reg[R_PC],
1934 		    &P->sysaddr) == 0)
1935 			P->sysaddr = P->status.pr_lwp.pr_reg[R_PC];
1936 		break;
1937 	case PR_REQUESTED:
1938 	case PR_SIGNALLED:
1939 	case PR_FAULTED:
1940 	case PR_JOBCONTROL:
1941 	case PR_SUSPENDED:
1942 		break;
1943 	default:
1944 		errno = EPROTO;
1945 		return (-1);
1946 	}
1947 
1948 	return (0);
1949 }
1950 
1951 /*
1952  * Wait for the process to stop for any reason.
1953  */
1954 int
1955 Pwait(struct ps_prochandle *P, uint_t msec)
1956 {
1957 	return (Pstopstatus(P, PCWSTOP, msec));
1958 }
1959 
1960 /*
1961  * Direct the process to stop; wait for it to stop.
1962  */
1963 int
1964 Pstop(struct ps_prochandle *P, uint_t msec)
1965 {
1966 	return (Pstopstatus(P, PCSTOP, msec));
1967 }
1968 
1969 /*
1970  * Direct the process to stop; don't wait.
1971  */
1972 int
1973 Pdstop(struct ps_prochandle *P)
1974 {
1975 	return (Pstopstatus(P, PCDSTOP, 0));
1976 }
1977 
1978 static void
1979 deadcheck(struct ps_prochandle *P)
1980 {
1981 	int fd;
1982 	void *buf;
1983 	size_t size;
1984 
1985 	if (P->statfd < 0)
1986 		P->state = PS_UNDEAD;
1987 	else {
1988 		if (P->agentstatfd < 0) {
1989 			fd = P->statfd;
1990 			buf = &P->status;
1991 			size = sizeof (P->status);
1992 		} else {
1993 			fd = P->agentstatfd;
1994 			buf = &P->status.pr_lwp;
1995 			size = sizeof (P->status.pr_lwp);
1996 		}
1997 		while (pread(fd, buf, size, (off_t)0) != size) {
1998 			switch (errno) {
1999 			default:
2000 				P->state = PS_UNDEAD;
2001 				break;
2002 			case EINTR:
2003 			case ERESTART:
2004 				continue;
2005 			case EAGAIN:
2006 				P->state = PS_LOST;
2007 				break;
2008 			}
2009 			break;
2010 		}
2011 		P->status.pr_flags = P->status.pr_lwp.pr_flags;
2012 	}
2013 }
2014 
2015 /*
2016  * Get the value of one register from stopped process.
2017  */
2018 int
2019 Pgetareg(struct ps_prochandle *P, int regno, prgreg_t *preg)
2020 {
2021 	if (regno < 0 || regno >= NPRGREG) {
2022 		errno = EINVAL;
2023 		return (-1);
2024 	}
2025 
2026 	if (P->state == PS_IDLE) {
2027 		errno = ENODATA;
2028 		return (-1);
2029 	}
2030 
2031 	if (P->state != PS_STOP && P->state != PS_DEAD) {
2032 		errno = EBUSY;
2033 		return (-1);
2034 	}
2035 
2036 	*preg = P->status.pr_lwp.pr_reg[regno];
2037 	return (0);
2038 }
2039 
2040 /*
2041  * Put value of one register into stopped process.
2042  */
2043 int
2044 Pputareg(struct ps_prochandle *P, int regno, prgreg_t reg)
2045 {
2046 	if (regno < 0 || regno >= NPRGREG) {
2047 		errno = EINVAL;
2048 		return (-1);
2049 	}
2050 
2051 	if (P->state != PS_STOP) {
2052 		errno = EBUSY;
2053 		return (-1);
2054 	}
2055 
2056 	P->status.pr_lwp.pr_reg[regno] = reg;
2057 	P->flags |= SETREGS;	/* set registers before continuing */
2058 	return (0);
2059 }
2060 
2061 int
2062 Psetrun(struct ps_prochandle *P,
2063 	int sig,	/* signal to pass to process */
2064 	int flags)	/* PRSTEP|PRSABORT|PRSTOP|PRCSIG|PRCFAULT */
2065 {
2066 	int ctlfd = (P->agentctlfd >= 0) ? P->agentctlfd : P->ctlfd;
2067 	int sbits = (PR_DSTOP | PR_ISTOP | PR_ASLEEP);
2068 
2069 	long ctl[1 +					/* PCCFAULT	*/
2070 	    1 + sizeof (siginfo_t)/sizeof (long) +	/* PCSSIG/PCCSIG */
2071 	    2 ];					/* PCRUN	*/
2072 
2073 	long *ctlp = ctl;
2074 	size_t size;
2075 
2076 	if (P->state != PS_STOP && (P->status.pr_lwp.pr_flags & sbits) == 0) {
2077 		errno = EBUSY;
2078 		return (-1);
2079 	}
2080 
2081 	Psync(P);	/* flush tracing flags and registers */
2082 
2083 	if (flags & PRCFAULT) {		/* clear current fault */
2084 		*ctlp++ = PCCFAULT;
2085 		flags &= ~PRCFAULT;
2086 	}
2087 
2088 	if (flags & PRCSIG) {		/* clear current signal */
2089 		*ctlp++ = PCCSIG;
2090 		flags &= ~PRCSIG;
2091 	} else if (sig && sig != P->status.pr_lwp.pr_cursig) {
2092 		/* make current signal */
2093 		siginfo_t *infop;
2094 
2095 		*ctlp++ = PCSSIG;
2096 		infop = (siginfo_t *)ctlp;
2097 		(void) memset(infop, 0, sizeof (*infop));
2098 		infop->si_signo = sig;
2099 		ctlp += sizeof (siginfo_t) / sizeof (long);
2100 	}
2101 
2102 	*ctlp++ = PCRUN;
2103 	*ctlp++ = flags;
2104 	size = (char *)ctlp - (char *)ctl;
2105 
2106 	P->info_valid = 0;	/* will need to update map and file info */
2107 
2108 	/*
2109 	 * If we've cached ucontext-list information while we were stopped,
2110 	 * free it now.
2111 	 */
2112 	if (P->ucaddrs != NULL) {
2113 		free(P->ucaddrs);
2114 		P->ucaddrs = NULL;
2115 		P->ucnelems = 0;
2116 	}
2117 
2118 	if (write(ctlfd, ctl, size) != size) {
2119 		/* If it is dead or lost, return the real status, not PS_RUN */
2120 		if (errno == ENOENT || errno == EAGAIN) {
2121 			(void) Pstopstatus(P, PCNULL, 0);
2122 			return (0);
2123 		}
2124 		/* If it is not in a jobcontrol stop, issue an error message */
2125 		if (errno != EBUSY ||
2126 		    P->status.pr_lwp.pr_why != PR_JOBCONTROL) {
2127 			dprintf("Psetrun: %s\n", strerror(errno));
2128 			return (-1);
2129 		}
2130 		/* Otherwise pretend that the job-stopped process is running */
2131 	}
2132 
2133 	P->state = PS_RUN;
2134 	return (0);
2135 }
2136 
2137 ssize_t
2138 Pread(struct ps_prochandle *P,
2139 	void *buf,		/* caller's buffer */
2140 	size_t nbyte,		/* number of bytes to read */
2141 	uintptr_t address)	/* address in process */
2142 {
2143 	return (P->ops.pop_pread(P, buf, nbyte, address, P->data));
2144 }
2145 
2146 ssize_t
2147 Pread_string(struct ps_prochandle *P,
2148 	char *buf,		/* caller's buffer */
2149 	size_t size,		/* upper limit on bytes to read */
2150 	uintptr_t addr)		/* address in process */
2151 {
2152 	enum { STRSZ = 40 };
2153 	char string[STRSZ + 1];
2154 	ssize_t leng = 0;
2155 	int nbyte;
2156 
2157 	if (size < 2) {
2158 		errno = EINVAL;
2159 		return (-1);
2160 	}
2161 
2162 	size--;			/* ensure trailing null fits in buffer */
2163 
2164 	*buf = '\0';
2165 	string[STRSZ] = '\0';
2166 
2167 	for (nbyte = STRSZ; nbyte == STRSZ && leng < size; addr += STRSZ) {
2168 		if ((nbyte = P->ops.pop_pread(P, string, STRSZ, addr,
2169 		    P->data)) <= 0) {
2170 			buf[leng] = '\0';
2171 			return (leng ? leng : -1);
2172 		}
2173 		if ((nbyte = strlen(string)) > 0) {
2174 			if (leng + nbyte > size)
2175 				nbyte = size - leng;
2176 			(void) strncpy(buf + leng, string, nbyte);
2177 			leng += nbyte;
2178 		}
2179 	}
2180 	buf[leng] = '\0';
2181 	return (leng);
2182 }
2183 
2184 ssize_t
2185 Pwrite(struct ps_prochandle *P,
2186 	const void *buf,	/* caller's buffer */
2187 	size_t nbyte,		/* number of bytes to write */
2188 	uintptr_t address)	/* address in process */
2189 {
2190 	return (P->ops.pop_pwrite(P, buf, nbyte, address, P->data));
2191 }
2192 
2193 int
2194 Pclearsig(struct ps_prochandle *P)
2195 {
2196 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2197 	long ctl = PCCSIG;
2198 
2199 	if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
2200 		return (-1);
2201 	P->status.pr_lwp.pr_cursig = 0;
2202 	return (0);
2203 }
2204 
2205 int
2206 Pclearfault(struct ps_prochandle *P)
2207 {
2208 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2209 	long ctl = PCCFAULT;
2210 
2211 	if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
2212 		return (-1);
2213 	return (0);
2214 }
2215 
2216 /*
2217  * Set a breakpoint trap, return original instruction.
2218  */
2219 int
2220 Psetbkpt(struct ps_prochandle *P, uintptr_t address, ulong_t *saved)
2221 {
2222 	long ctl[1 + sizeof (priovec_t) / sizeof (long) +	/* PCREAD */
2223 	    1 + sizeof (priovec_t) / sizeof (long)];	/* PCWRITE */
2224 	long *ctlp = ctl;
2225 	size_t size;
2226 	priovec_t *iovp;
2227 	instr_t bpt = BPT;
2228 	instr_t old;
2229 
2230 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2231 	    P->state == PS_IDLE) {
2232 		errno = ENOENT;
2233 		return (-1);
2234 	}
2235 
2236 	/* fetch the old instruction */
2237 	*ctlp++ = PCREAD;
2238 	iovp = (priovec_t *)ctlp;
2239 	iovp->pio_base = &old;
2240 	iovp->pio_len = sizeof (old);
2241 	iovp->pio_offset = address;
2242 	ctlp += sizeof (priovec_t) / sizeof (long);
2243 
2244 	/* write the BPT instruction */
2245 	*ctlp++ = PCWRITE;
2246 	iovp = (priovec_t *)ctlp;
2247 	iovp->pio_base = &bpt;
2248 	iovp->pio_len = sizeof (bpt);
2249 	iovp->pio_offset = address;
2250 	ctlp += sizeof (priovec_t) / sizeof (long);
2251 
2252 	size = (char *)ctlp - (char *)ctl;
2253 	if (write(P->ctlfd, ctl, size) != size)
2254 		return (-1);
2255 
2256 	/*
2257 	 * Fail if there was already a breakpoint there from another debugger
2258 	 * or DTrace's user-level tracing on x86.
2259 	 */
2260 	if (old == BPT) {
2261 		errno = EBUSY;
2262 		return (-1);
2263 	}
2264 
2265 	*saved = (ulong_t)old;
2266 	return (0);
2267 }
2268 
2269 /*
2270  * Restore original instruction where a breakpoint was set.
2271  */
2272 int
2273 Pdelbkpt(struct ps_prochandle *P, uintptr_t address, ulong_t saved)
2274 {
2275 	instr_t old = (instr_t)saved;
2276 	instr_t cur;
2277 
2278 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2279 	    P->state == PS_IDLE) {
2280 		errno = ENOENT;
2281 		return (-1);
2282 	}
2283 
2284 	/*
2285 	 * If the breakpoint instruction we had placed has been overwritten
2286 	 * with a new instruction, then don't try to replace it with the
2287 	 * old instruction. Doing do can cause problems with self-modifying
2288 	 * code -- PLTs for example. If the Pread() fails, we assume that we
2289 	 * should proceed though most likely the Pwrite() will also fail.
2290 	 */
2291 	if (Pread(P, &cur, sizeof (cur), address) == sizeof (cur) &&
2292 	    cur != BPT)
2293 		return (0);
2294 
2295 	if (Pwrite(P, &old, sizeof (old), address) != sizeof (old))
2296 		return (-1);
2297 
2298 	return (0);
2299 }
2300 
2301 /*
2302  * Common code for Pxecbkpt() and Lxecbkpt().
2303  * Develop the array of requests that will do the job, then
2304  * write them to the specified control file descriptor.
2305  * Return the non-zero errno if the write fails.
2306  */
2307 static int
2308 execute_bkpt(
2309 	int ctlfd,		/* process or LWP control file descriptor */
2310 	const fltset_t *faultset,	/* current set of traced faults */
2311 	const sigset_t *sigmask,	/* current signal mask */
2312 	uintptr_t address,		/* address of breakpint */
2313 	ulong_t saved)			/* the saved instruction */
2314 {
2315 	long ctl[
2316 	    1 + sizeof (sigset_t) / sizeof (long) +		/* PCSHOLD */
2317 	    1 + sizeof (fltset_t) / sizeof (long) +		/* PCSFAULT */
2318 	    1 + sizeof (priovec_t) / sizeof (long) +		/* PCWRITE */
2319 	    2 +							/* PCRUN */
2320 	    1 +							/* PCWSTOP */
2321 	    1 +							/* PCCFAULT */
2322 	    1 + sizeof (priovec_t) / sizeof (long) +		/* PCWRITE */
2323 	    1 + sizeof (fltset_t) / sizeof (long) +		/* PCSFAULT */
2324 	    1 + sizeof (sigset_t) / sizeof (long)];		/* PCSHOLD */
2325 	long *ctlp = ctl;
2326 	sigset_t unblock;
2327 	size_t size;
2328 	ssize_t ssize;
2329 	priovec_t *iovp;
2330 	sigset_t *holdp;
2331 	fltset_t *faultp;
2332 	instr_t old = (instr_t)saved;
2333 	instr_t bpt = BPT;
2334 	int error = 0;
2335 
2336 	/* block our signals for the duration */
2337 	(void) sigprocmask(SIG_BLOCK, &blockable_sigs, &unblock);
2338 
2339 	/* hold posted signals */
2340 	*ctlp++ = PCSHOLD;
2341 	holdp = (sigset_t *)ctlp;
2342 	prfillset(holdp);
2343 	prdelset(holdp, SIGKILL);
2344 	prdelset(holdp, SIGSTOP);
2345 	ctlp += sizeof (sigset_t) / sizeof (long);
2346 
2347 	/* force tracing of FLTTRACE */
2348 	if (!(prismember(faultset, FLTTRACE))) {
2349 		*ctlp++ = PCSFAULT;
2350 		faultp = (fltset_t *)ctlp;
2351 		*faultp = *faultset;
2352 		praddset(faultp, FLTTRACE);
2353 		ctlp += sizeof (fltset_t) / sizeof (long);
2354 	}
2355 
2356 	/* restore the old instruction */
2357 	*ctlp++ = PCWRITE;
2358 	iovp = (priovec_t *)ctlp;
2359 	iovp->pio_base = &old;
2360 	iovp->pio_len = sizeof (old);
2361 	iovp->pio_offset = address;
2362 	ctlp += sizeof (priovec_t) / sizeof (long);
2363 
2364 	/* clear current signal and fault; set running w/ single-step */
2365 	*ctlp++ = PCRUN;
2366 	*ctlp++ = PRCSIG | PRCFAULT | PRSTEP;
2367 
2368 	/* wait for stop, cancel the fault */
2369 	*ctlp++ = PCWSTOP;
2370 	*ctlp++ = PCCFAULT;
2371 
2372 	/* restore the breakpoint trap */
2373 	*ctlp++ = PCWRITE;
2374 	iovp = (priovec_t *)ctlp;
2375 	iovp->pio_base = &bpt;
2376 	iovp->pio_len = sizeof (bpt);
2377 	iovp->pio_offset = address;
2378 	ctlp += sizeof (priovec_t) / sizeof (long);
2379 
2380 	/* restore fault tracing set */
2381 	if (!(prismember(faultset, FLTTRACE))) {
2382 		*ctlp++ = PCSFAULT;
2383 		*(fltset_t *)ctlp = *faultset;
2384 		ctlp += sizeof (fltset_t) / sizeof (long);
2385 	}
2386 
2387 	/* restore the hold mask */
2388 	*ctlp++ = PCSHOLD;
2389 	*(sigset_t *)ctlp = *sigmask;
2390 	ctlp += sizeof (sigset_t) / sizeof (long);
2391 
2392 	size = (char *)ctlp - (char *)ctl;
2393 	if ((ssize = write(ctlfd, ctl, size)) != size)
2394 		error = (ssize == -1)? errno : EINTR;
2395 	(void) sigprocmask(SIG_SETMASK, &unblock, NULL);
2396 	return (error);
2397 }
2398 
2399 /*
2400  * Step over a breakpoint, i.e., execute the instruction that
2401  * really belongs at the breakpoint location (the current %pc)
2402  * and leave the process stopped at the next instruction.
2403  */
2404 int
2405 Pxecbkpt(struct ps_prochandle *P, ulong_t saved)
2406 {
2407 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2408 	int rv, error;
2409 
2410 	if (P->state != PS_STOP) {
2411 		errno = EBUSY;
2412 		return (-1);
2413 	}
2414 
2415 	Psync(P);
2416 
2417 	error = execute_bkpt(ctlfd,
2418 	    &P->status.pr_flttrace, &P->status.pr_lwp.pr_lwphold,
2419 	    P->status.pr_lwp.pr_reg[R_PC], saved);
2420 	rv = Pstopstatus(P, PCNULL, 0);
2421 
2422 	if (error != 0) {
2423 		if (P->status.pr_lwp.pr_why == PR_JOBCONTROL &&
2424 		    error == EBUSY) {	/* jobcontrol stop -- back off */
2425 			P->state = PS_RUN;
2426 			return (0);
2427 		}
2428 		if (error == ENOENT)
2429 			return (0);
2430 		errno = error;
2431 		return (-1);
2432 	}
2433 
2434 	return (rv);
2435 }
2436 
2437 /*
2438  * Install the watchpoint described by wp.
2439  */
2440 int
2441 Psetwapt(struct ps_prochandle *P, const prwatch_t *wp)
2442 {
2443 	long ctl[1 + sizeof (prwatch_t) / sizeof (long)];
2444 	prwatch_t *cwp = (prwatch_t *)&ctl[1];
2445 
2446 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2447 	    P->state == PS_IDLE) {
2448 		errno = ENOENT;
2449 		return (-1);
2450 	}
2451 
2452 	ctl[0] = PCWATCH;
2453 	cwp->pr_vaddr = wp->pr_vaddr;
2454 	cwp->pr_size = wp->pr_size;
2455 	cwp->pr_wflags = wp->pr_wflags;
2456 
2457 	if (write(P->ctlfd, ctl, sizeof (ctl)) != sizeof (ctl))
2458 		return (-1);
2459 
2460 	return (0);
2461 }
2462 
2463 /*
2464  * Remove the watchpoint described by wp.
2465  */
2466 int
2467 Pdelwapt(struct ps_prochandle *P, const prwatch_t *wp)
2468 {
2469 	long ctl[1 + sizeof (prwatch_t) / sizeof (long)];
2470 	prwatch_t *cwp = (prwatch_t *)&ctl[1];
2471 
2472 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2473 	    P->state == PS_IDLE) {
2474 		errno = ENOENT;
2475 		return (-1);
2476 	}
2477 
2478 	ctl[0] = PCWATCH;
2479 	cwp->pr_vaddr = wp->pr_vaddr;
2480 	cwp->pr_size = wp->pr_size;
2481 	cwp->pr_wflags = 0;
2482 
2483 	if (write(P->ctlfd, ctl, sizeof (ctl)) != sizeof (ctl))
2484 		return (-1);
2485 
2486 	return (0);
2487 }
2488 
2489 /*
2490  * Common code for Pxecwapt() and Lxecwapt().  Develop the array of requests
2491  * that will do the job, then write them to the specified control file
2492  * descriptor.  Return the non-zero errno if the write fails.
2493  */
2494 static int
2495 execute_wapt(
2496 	int ctlfd,		/* process or LWP control file descriptor */
2497 	const fltset_t *faultset,	/* current set of traced faults */
2498 	const sigset_t *sigmask,	/* current signal mask */
2499 	const prwatch_t *wp)		/* watchpoint descriptor */
2500 {
2501 	long ctl[
2502 	    1 + sizeof (sigset_t) / sizeof (long) +		/* PCSHOLD */
2503 	    1 + sizeof (fltset_t) / sizeof (long) +		/* PCSFAULT */
2504 	    1 + sizeof (prwatch_t) / sizeof (long) +		/* PCWATCH */
2505 	    2 +							/* PCRUN */
2506 	    1 +							/* PCWSTOP */
2507 	    1 +							/* PCCFAULT */
2508 	    1 + sizeof (prwatch_t) / sizeof (long) +		/* PCWATCH */
2509 	    1 + sizeof (fltset_t) / sizeof (long) +		/* PCSFAULT */
2510 	    1 + sizeof (sigset_t) / sizeof (long)];		/* PCSHOLD */
2511 
2512 	long *ctlp = ctl;
2513 	int error = 0;
2514 
2515 	sigset_t unblock;
2516 	sigset_t *holdp;
2517 	fltset_t *faultp;
2518 	prwatch_t *prw;
2519 	ssize_t ssize;
2520 	size_t size;
2521 
2522 	(void) sigprocmask(SIG_BLOCK, &blockable_sigs, &unblock);
2523 
2524 	/*
2525 	 * Hold all posted signals in the victim process prior to stepping.
2526 	 */
2527 	*ctlp++ = PCSHOLD;
2528 	holdp = (sigset_t *)ctlp;
2529 	prfillset(holdp);
2530 	prdelset(holdp, SIGKILL);
2531 	prdelset(holdp, SIGSTOP);
2532 	ctlp += sizeof (sigset_t) / sizeof (long);
2533 
2534 	/*
2535 	 * Force tracing of FLTTRACE since we need to single step.
2536 	 */
2537 	if (!(prismember(faultset, FLTTRACE))) {
2538 		*ctlp++ = PCSFAULT;
2539 		faultp = (fltset_t *)ctlp;
2540 		*faultp = *faultset;
2541 		praddset(faultp, FLTTRACE);
2542 		ctlp += sizeof (fltset_t) / sizeof (long);
2543 	}
2544 
2545 	/*
2546 	 * Clear only the current watchpoint by setting pr_wflags to zero.
2547 	 */
2548 	*ctlp++ = PCWATCH;
2549 	prw = (prwatch_t *)ctlp;
2550 	prw->pr_vaddr = wp->pr_vaddr;
2551 	prw->pr_size = wp->pr_size;
2552 	prw->pr_wflags = 0;
2553 	ctlp += sizeof (prwatch_t) / sizeof (long);
2554 
2555 	/*
2556 	 * Clear the current signal and fault; set running with single-step.
2557 	 * Then wait for the victim to stop and cancel the FLTTRACE.
2558 	 */
2559 	*ctlp++ = PCRUN;
2560 	*ctlp++ = PRCSIG | PRCFAULT | PRSTEP;
2561 	*ctlp++ = PCWSTOP;
2562 	*ctlp++ = PCCFAULT;
2563 
2564 	/*
2565 	 * Restore the current watchpoint.
2566 	 */
2567 	*ctlp++ = PCWATCH;
2568 	(void) memcpy(ctlp, wp, sizeof (prwatch_t));
2569 	ctlp += sizeof (prwatch_t) / sizeof (long);
2570 
2571 	/*
2572 	 * Restore fault tracing set if we modified it.
2573 	 */
2574 	if (!(prismember(faultset, FLTTRACE))) {
2575 		*ctlp++ = PCSFAULT;
2576 		*(fltset_t *)ctlp = *faultset;
2577 		ctlp += sizeof (fltset_t) / sizeof (long);
2578 	}
2579 
2580 	/*
2581 	 * Restore the hold mask to the current hold mask (i.e. the one
2582 	 * before we executed any of the previous operations).
2583 	 */
2584 	*ctlp++ = PCSHOLD;
2585 	*(sigset_t *)ctlp = *sigmask;
2586 	ctlp += sizeof (sigset_t) / sizeof (long);
2587 
2588 	size = (char *)ctlp - (char *)ctl;
2589 	if ((ssize = write(ctlfd, ctl, size)) != size)
2590 		error = (ssize == -1)? errno : EINTR;
2591 	(void) sigprocmask(SIG_SETMASK, &unblock, NULL);
2592 	return (error);
2593 }
2594 
2595 /*
2596  * Step over a watchpoint, i.e., execute the instruction that was stopped by
2597  * the watchpoint, and then leave the LWP stopped at the next instruction.
2598  */
2599 int
2600 Pxecwapt(struct ps_prochandle *P, const prwatch_t *wp)
2601 {
2602 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2603 	int rv, error;
2604 
2605 	if (P->state != PS_STOP) {
2606 		errno = EBUSY;
2607 		return (-1);
2608 	}
2609 
2610 	Psync(P);
2611 	error = execute_wapt(ctlfd,
2612 	    &P->status.pr_flttrace, &P->status.pr_lwp.pr_lwphold, wp);
2613 	rv = Pstopstatus(P, PCNULL, 0);
2614 
2615 	if (error != 0) {
2616 		if (P->status.pr_lwp.pr_why == PR_JOBCONTROL &&
2617 		    error == EBUSY) {	/* jobcontrol stop -- back off */
2618 			P->state = PS_RUN;
2619 			return (0);
2620 		}
2621 		if (error == ENOENT)
2622 			return (0);
2623 		errno = error;
2624 		return (-1);
2625 	}
2626 
2627 	return (rv);
2628 }
2629 
2630 int
2631 Psetflags(struct ps_prochandle *P, long flags)
2632 {
2633 	int rc;
2634 	long ctl[2];
2635 
2636 	ctl[0] = PCSET;
2637 	ctl[1] = flags;
2638 
2639 	if (write(P->ctlfd, ctl, 2*sizeof (long)) != 2*sizeof (long)) {
2640 		rc = -1;
2641 	} else {
2642 		P->status.pr_flags |= flags;
2643 		P->status.pr_lwp.pr_flags |= flags;
2644 		rc = 0;
2645 	}
2646 
2647 	return (rc);
2648 }
2649 
2650 int
2651 Punsetflags(struct ps_prochandle *P, long flags)
2652 {
2653 	int rc;
2654 	long ctl[2];
2655 
2656 	ctl[0] = PCUNSET;
2657 	ctl[1] = flags;
2658 
2659 	if (write(P->ctlfd, ctl, 2*sizeof (long)) != 2*sizeof (long)) {
2660 		rc = -1;
2661 	} else {
2662 		P->status.pr_flags &= ~flags;
2663 		P->status.pr_lwp.pr_flags &= ~flags;
2664 		rc = 0;
2665 	}
2666 
2667 	return (rc);
2668 }
2669 
2670 /*
2671  * Common function to allow clients to manipulate the action to be taken
2672  * on receipt of a signal, receipt of machine fault, entry to a system call,
2673  * or exit from a system call.  We make use of our private prset_* functions
2674  * in order to make this code be common.  The 'which' parameter identifies
2675  * the code for the event of interest (0 means change the entire set), and
2676  * the 'stop' parameter is a boolean indicating whether the process should
2677  * stop when the event of interest occurs.  The previous value is returned
2678  * to the caller; -1 is returned if an error occurred.
2679  */
2680 static int
2681 Psetaction(struct ps_prochandle *P, void *sp, size_t size,
2682     uint_t flag, int max, int which, int stop)
2683 {
2684 	int oldval;
2685 
2686 	if (which < 0 || which > max) {
2687 		errno = EINVAL;
2688 		return (-1);
2689 	}
2690 
2691 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2692 	    P->state == PS_IDLE) {
2693 		errno = ENOENT;
2694 		return (-1);
2695 	}
2696 
2697 	oldval = prset_ismember(sp, size, which) ? TRUE : FALSE;
2698 
2699 	if (stop) {
2700 		if (which == 0) {
2701 			prset_fill(sp, size);
2702 			P->flags |= flag;
2703 		} else if (!oldval) {
2704 			prset_add(sp, size, which);
2705 			P->flags |= flag;
2706 		}
2707 	} else {
2708 		if (which == 0) {
2709 			prset_empty(sp, size);
2710 			P->flags |= flag;
2711 		} else if (oldval) {
2712 			prset_del(sp, size, which);
2713 			P->flags |= flag;
2714 		}
2715 	}
2716 
2717 	if (P->state == PS_RUN)
2718 		Psync(P);
2719 
2720 	return (oldval);
2721 }
2722 
2723 /*
2724  * Set action on specified signal.
2725  */
2726 int
2727 Psignal(struct ps_prochandle *P, int which, int stop)
2728 {
2729 	int oldval;
2730 
2731 	if (which == SIGKILL && stop != 0) {
2732 		errno = EINVAL;
2733 		return (-1);
2734 	}
2735 
2736 	oldval = Psetaction(P, &P->status.pr_sigtrace, sizeof (sigset_t),
2737 	    SETSIG, PRMAXSIG, which, stop);
2738 
2739 	if (oldval != -1 && which == 0 && stop != 0)
2740 		prdelset(&P->status.pr_sigtrace, SIGKILL);
2741 
2742 	return (oldval);
2743 }
2744 
2745 /*
2746  * Set all signal tracing flags.
2747  */
2748 void
2749 Psetsignal(struct ps_prochandle *P, const sigset_t *set)
2750 {
2751 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2752 	    P->state == PS_IDLE)
2753 		return;
2754 
2755 	P->status.pr_sigtrace = *set;
2756 	P->flags |= SETSIG;
2757 
2758 	if (P->state == PS_RUN)
2759 		Psync(P);
2760 }
2761 
2762 /*
2763  * Set action on specified fault.
2764  */
2765 int
2766 Pfault(struct ps_prochandle *P, int which, int stop)
2767 {
2768 	return (Psetaction(P, &P->status.pr_flttrace, sizeof (fltset_t),
2769 	    SETFAULT, PRMAXFAULT, which, stop));
2770 }
2771 
2772 /*
2773  * Set all machine fault tracing flags.
2774  */
2775 void
2776 Psetfault(struct ps_prochandle *P, const fltset_t *set)
2777 {
2778 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2779 	    P->state == PS_IDLE)
2780 		return;
2781 
2782 	P->status.pr_flttrace = *set;
2783 	P->flags |= SETFAULT;
2784 
2785 	if (P->state == PS_RUN)
2786 		Psync(P);
2787 }
2788 
2789 /*
2790  * Set action on specified system call entry.
2791  */
2792 int
2793 Psysentry(struct ps_prochandle *P, int which, int stop)
2794 {
2795 	return (Psetaction(P, &P->status.pr_sysentry, sizeof (sysset_t),
2796 	    SETENTRY, PRMAXSYS, which, stop));
2797 }
2798 
2799 /*
2800  * Set all system call entry tracing flags.
2801  */
2802 void
2803 Psetsysentry(struct ps_prochandle *P, const sysset_t *set)
2804 {
2805 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2806 	    P->state == PS_IDLE)
2807 		return;
2808 
2809 	P->status.pr_sysentry = *set;
2810 	P->flags |= SETENTRY;
2811 
2812 	if (P->state == PS_RUN)
2813 		Psync(P);
2814 }
2815 
2816 /*
2817  * Set action on specified system call exit.
2818  */
2819 int
2820 Psysexit(struct ps_prochandle *P, int which, int stop)
2821 {
2822 	return (Psetaction(P, &P->status.pr_sysexit, sizeof (sysset_t),
2823 	    SETEXIT, PRMAXSYS, which, stop));
2824 }
2825 
2826 /*
2827  * Set all system call exit tracing flags.
2828  */
2829 void
2830 Psetsysexit(struct ps_prochandle *P, const sysset_t *set)
2831 {
2832 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2833 	    P->state == PS_IDLE)
2834 		return;
2835 
2836 	P->status.pr_sysexit = *set;
2837 	P->flags |= SETEXIT;
2838 
2839 	if (P->state == PS_RUN)
2840 		Psync(P);
2841 }
2842 
2843 /*
2844  * Utility function to read the contents of a file that contains a
2845  * prheader_t at the start (/proc/pid/lstatus or /proc/pid/lpsinfo).
2846  * Returns a malloc()d buffer or NULL on failure.
2847  */
2848 static prheader_t *
2849 read_lfile(struct ps_prochandle *P, const char *lname)
2850 {
2851 	prheader_t *Lhp;
2852 	char lpath[PATH_MAX];
2853 	struct stat64 statb;
2854 	int fd;
2855 	size_t size;
2856 	ssize_t rval;
2857 
2858 	(void) snprintf(lpath, sizeof (lpath), "%s/%d/%s", procfs_path,
2859 	    (int)P->status.pr_pid, lname);
2860 	if ((fd = open(lpath, O_RDONLY)) < 0 || fstat64(fd, &statb) != 0) {
2861 		if (fd >= 0)
2862 			(void) close(fd);
2863 		return (NULL);
2864 	}
2865 
2866 	/*
2867 	 * 'size' is just the initial guess at the buffer size.
2868 	 * It will have to grow if the number of lwps increases
2869 	 * while we are looking at the process.
2870 	 * 'size' must be larger than the actual file size.
2871 	 */
2872 	size = statb.st_size + 32;
2873 
2874 	for (;;) {
2875 		if ((Lhp = malloc(size)) == NULL)
2876 			break;
2877 		if ((rval = pread(fd, Lhp, size, 0)) < 0 ||
2878 		    rval <= sizeof (prheader_t)) {
2879 			free(Lhp);
2880 			Lhp = NULL;
2881 			break;
2882 		}
2883 		if (rval < size)
2884 			break;
2885 		/* need a bigger buffer */
2886 		free(Lhp);
2887 		size *= 2;
2888 	}
2889 
2890 	(void) close(fd);
2891 	return (Lhp);
2892 }
2893 
2894 /*
2895  * LWP iteration interface.
2896  */
2897 int
2898 Plwp_iter(struct ps_prochandle *P, proc_lwp_f *func, void *cd)
2899 {
2900 	prheader_t *Lhp;
2901 	lwpstatus_t *Lsp;
2902 	long nlwp;
2903 	int rv;
2904 
2905 	switch (P->state) {
2906 	case PS_RUN:
2907 		(void) Pstopstatus(P, PCNULL, 0);
2908 		break;
2909 
2910 	case PS_STOP:
2911 		Psync(P);
2912 		break;
2913 
2914 	case PS_IDLE:
2915 		errno = ENODATA;
2916 		return (-1);
2917 	}
2918 
2919 	/*
2920 	 * For either live processes or cores, the single LWP case is easy:
2921 	 * the pstatus_t contains the lwpstatus_t for the only LWP.
2922 	 */
2923 	if (P->status.pr_nlwp <= 1)
2924 		return (func(cd, &P->status.pr_lwp));
2925 
2926 	/*
2927 	 * For the core file multi-LWP case, we just iterate through the
2928 	 * list of LWP structs we read in from the core file.
2929 	 */
2930 	if (P->state == PS_DEAD) {
2931 		core_info_t *core = P->data;
2932 		lwp_info_t *lwp = list_prev(&core->core_lwp_head);
2933 		uint_t i;
2934 
2935 		for (i = 0; i < core->core_nlwp; i++, lwp = list_prev(lwp)) {
2936 			if (lwp->lwp_psinfo.pr_sname != 'Z' &&
2937 			    (rv = func(cd, &lwp->lwp_status)) != 0)
2938 				break;
2939 		}
2940 
2941 		return (rv);
2942 	}
2943 
2944 	/*
2945 	 * For the live process multi-LWP case, we have to work a little
2946 	 * harder: the /proc/pid/lstatus file has the array of LWP structs.
2947 	 */
2948 	if ((Lhp = Plstatus(P)) == NULL)
2949 		return (-1);
2950 
2951 	for (nlwp = Lhp->pr_nent, Lsp = (lwpstatus_t *)(uintptr_t)(Lhp + 1);
2952 	    nlwp > 0;
2953 	    nlwp--, Lsp = (lwpstatus_t *)((uintptr_t)Lsp + Lhp->pr_entsize)) {
2954 		if ((rv = func(cd, Lsp)) != 0)
2955 			break;
2956 	}
2957 
2958 	free(Lhp);
2959 	return (rv);
2960 }
2961 
2962 /*
2963  * Extended LWP iteration interface.
2964  * Iterate over all LWPs, active and zombie.
2965  */
2966 int
2967 Plwp_iter_all(struct ps_prochandle *P, proc_lwp_all_f *func, void *cd)
2968 {
2969 	prheader_t *Lhp = NULL;
2970 	lwpstatus_t *Lsp;
2971 	lwpstatus_t *sp;
2972 	prheader_t *Lphp = NULL;
2973 	lwpsinfo_t *Lpsp;
2974 	long nstat;
2975 	long ninfo;
2976 	int rv;
2977 
2978 retry:
2979 	if (Lhp != NULL)
2980 		free(Lhp);
2981 	if (Lphp != NULL)
2982 		free(Lphp);
2983 	if (P->state == PS_RUN)
2984 		(void) Pstopstatus(P, PCNULL, 0);
2985 	(void) Ppsinfo(P);
2986 
2987 	if (P->state == PS_STOP)
2988 		Psync(P);
2989 
2990 	/*
2991 	 * For either live processes or cores, the single LWP case is easy:
2992 	 * the pstatus_t contains the lwpstatus_t for the only LWP and
2993 	 * the psinfo_t contains the lwpsinfo_t for the only LWP.
2994 	 */
2995 	if (P->status.pr_nlwp + P->status.pr_nzomb <= 1)
2996 		return (func(cd, &P->status.pr_lwp, &P->psinfo.pr_lwp));
2997 
2998 	/*
2999 	 * For the core file multi-LWP case, we just iterate through the
3000 	 * list of LWP structs we read in from the core file.
3001 	 */
3002 	if (P->state == PS_DEAD) {
3003 		core_info_t *core = P->data;
3004 		lwp_info_t *lwp = list_prev(&core->core_lwp_head);
3005 		uint_t i;
3006 
3007 		for (i = 0; i < core->core_nlwp; i++, lwp = list_prev(lwp)) {
3008 			sp = (lwp->lwp_psinfo.pr_sname == 'Z')? NULL :
3009 			    &lwp->lwp_status;
3010 			if ((rv = func(cd, sp, &lwp->lwp_psinfo)) != 0)
3011 				break;
3012 		}
3013 
3014 		return (rv);
3015 	}
3016 
3017 	/*
3018 	 * For all other cases retrieve the array of lwpstatus_t's and
3019 	 * lwpsinfo_t's.
3020 	 */
3021 	if ((Lhp = Plstatus(P)) == NULL)
3022 		return (-1);
3023 	if ((Lphp = Plpsinfo(P)) == NULL) {
3024 		free(Lhp);
3025 		return (-1);
3026 	}
3027 
3028 	/*
3029 	 * If we are looking at a running process, or one we do not control,
3030 	 * the active and zombie lwps in the process may have changed since
3031 	 * we read the process status structure.  If so, just start over.
3032 	 */
3033 	if (Lhp->pr_nent != P->status.pr_nlwp ||
3034 	    Lphp->pr_nent != P->status.pr_nlwp + P->status.pr_nzomb)
3035 		goto retry;
3036 
3037 	/*
3038 	 * To be perfectly safe, prescan the two arrays, checking consistency.
3039 	 * We rely on /proc giving us lwpstatus_t's and lwpsinfo_t's in the
3040 	 * same order (the lwp directory order) in their respective files.
3041 	 * We also rely on there being (possibly) more lwpsinfo_t's than
3042 	 * lwpstatus_t's (the extra lwpsinfo_t's are for zombie lwps).
3043 	 */
3044 	Lsp = (lwpstatus_t *)(uintptr_t)(Lhp + 1);
3045 	Lpsp = (lwpsinfo_t *)(uintptr_t)(Lphp + 1);
3046 	nstat = Lhp->pr_nent;
3047 	for (ninfo = Lphp->pr_nent; ninfo != 0; ninfo--) {
3048 		if (Lpsp->pr_sname != 'Z') {
3049 			/*
3050 			 * Not a zombie lwp; check for matching lwpids.
3051 			 */
3052 			if (nstat == 0 || Lsp->pr_lwpid != Lpsp->pr_lwpid)
3053 				goto retry;
3054 			Lsp = (lwpstatus_t *)((uintptr_t)Lsp + Lhp->pr_entsize);
3055 			nstat--;
3056 		}
3057 		Lpsp = (lwpsinfo_t *)((uintptr_t)Lpsp + Lphp->pr_entsize);
3058 	}
3059 	if (nstat != 0)
3060 		goto retry;
3061 
3062 	/*
3063 	 * Rescan, this time for real.
3064 	 */
3065 	Lsp = (lwpstatus_t *)(uintptr_t)(Lhp + 1);
3066 	Lpsp = (lwpsinfo_t *)(uintptr_t)(Lphp + 1);
3067 	for (ninfo = Lphp->pr_nent; ninfo != 0; ninfo--) {
3068 		if (Lpsp->pr_sname != 'Z') {
3069 			sp = Lsp;
3070 			Lsp = (lwpstatus_t *)((uintptr_t)Lsp + Lhp->pr_entsize);
3071 		} else {
3072 			sp = NULL;
3073 		}
3074 		if ((rv = func(cd, sp, Lpsp)) != 0)
3075 			break;
3076 		Lpsp = (lwpsinfo_t *)((uintptr_t)Lpsp + Lphp->pr_entsize);
3077 	}
3078 
3079 	free(Lhp);
3080 	free(Lphp);
3081 	return (rv);
3082 }
3083 
3084 core_content_t
3085 Pcontent(struct ps_prochandle *P)
3086 {
3087 	core_info_t *core = P->data;
3088 
3089 	if (P->state == PS_DEAD)
3090 		return (core->core_content);
3091 	if (P->state == PS_IDLE)
3092 		return (CC_CONTENT_TEXT | CC_CONTENT_DATA | CC_CONTENT_CTF);
3093 
3094 	return (CC_CONTENT_ALL);
3095 }
3096 
3097 /*
3098  * =================================================================
3099  * The remainder of the functions in this file are for the
3100  * control of individual LWPs in the controlled process.
3101  * =================================================================
3102  */
3103 
3104 /*
3105  * Find an entry in the process hash table for the specified lwpid.
3106  * The entry will either point to an existing struct ps_lwphandle
3107  * or it will point to an empty slot for a new struct ps_lwphandle.
3108  */
3109 static struct ps_lwphandle **
3110 Lfind(struct ps_prochandle *P, lwpid_t lwpid)
3111 {
3112 	struct ps_lwphandle **Lp;
3113 	struct ps_lwphandle *L;
3114 
3115 	for (Lp = &P->hashtab[lwpid % (HASHSIZE - 1)];
3116 	    (L = *Lp) != NULL; Lp = &L->lwp_hash)
3117 		if (L->lwp_id == lwpid)
3118 			break;
3119 	return (Lp);
3120 }
3121 
3122 /*
3123  * Grab an LWP contained within the controlled process.
3124  * Return an opaque pointer to its LWP control structure.
3125  *	perr: pointer to error return code.
3126  */
3127 struct ps_lwphandle *
3128 Lgrab(struct ps_prochandle *P, lwpid_t lwpid, int *perr)
3129 {
3130 	struct ps_lwphandle **Lp;
3131 	struct ps_lwphandle *L;
3132 	int fd;
3133 	char procname[PATH_MAX];
3134 	char *fname;
3135 	int rc = 0;
3136 
3137 	(void) mutex_lock(&P->proc_lock);
3138 
3139 	if (P->state == PS_UNDEAD || P->state == PS_IDLE)
3140 		rc = G_NOPROC;
3141 	else if (P->hashtab == NULL &&
3142 	    (P->hashtab = calloc(HASHSIZE, sizeof (struct ps_lwphandle *)))
3143 	    == NULL)
3144 		rc = G_STRANGE;
3145 	else if (*(Lp = Lfind(P, lwpid)) != NULL)
3146 		rc = G_BUSY;
3147 	else if ((L = malloc(sizeof (struct ps_lwphandle))) == NULL)
3148 		rc = G_STRANGE;
3149 	if (rc) {
3150 		*perr = rc;
3151 		(void) mutex_unlock(&P->proc_lock);
3152 		return (NULL);
3153 	}
3154 
3155 	(void) memset(L, 0, sizeof (*L));
3156 	L->lwp_ctlfd = -1;
3157 	L->lwp_statfd = -1;
3158 	L->lwp_proc = P;
3159 	L->lwp_id = lwpid;
3160 	*Lp = L;	/* insert into the hash table */
3161 
3162 	if (P->state == PS_DEAD) {	/* core file */
3163 		if (getlwpstatus(P, lwpid, &L->lwp_status) == -1) {
3164 			rc = G_NOPROC;
3165 			goto err;
3166 		}
3167 		L->lwp_state = PS_DEAD;
3168 		*perr = 0;
3169 		(void) mutex_unlock(&P->proc_lock);
3170 		return (L);
3171 	}
3172 
3173 	/*
3174 	 * Open the /proc/<pid>/lwp/<lwpid> files
3175 	 */
3176 	(void) snprintf(procname, sizeof (procname), "%s/%d/lwp/%d/",
3177 	    procfs_path, (int)P->pid, (int)lwpid);
3178 	fname = procname + strlen(procname);
3179 	(void) set_minfd();
3180 
3181 	(void) strcpy(fname, "lwpstatus");
3182 	if ((fd = open(procname, O_RDONLY)) < 0 ||
3183 	    (fd = dupfd(fd, 0)) < 0) {
3184 		switch (errno) {
3185 		case ENOENT:
3186 			rc = G_NOPROC;
3187 			break;
3188 		default:
3189 			dprintf("Lgrab: failed to open %s: %s\n",
3190 			    procname, strerror(errno));
3191 			rc = G_STRANGE;
3192 			break;
3193 		}
3194 		goto err;
3195 	}
3196 	L->lwp_statfd = fd;
3197 
3198 	if (pread(fd, &L->lwp_status, sizeof (L->lwp_status), (off_t)0) < 0) {
3199 		switch (errno) {
3200 		case ENOENT:
3201 			rc = G_NOPROC;
3202 			break;
3203 		default:
3204 			dprintf("Lgrab: failed to read %s: %s\n",
3205 			    procname, strerror(errno));
3206 			rc = G_STRANGE;
3207 			break;
3208 		}
3209 		goto err;
3210 	}
3211 
3212 	(void) strcpy(fname, "lwpctl");
3213 	if ((fd = open(procname, O_WRONLY)) < 0 ||
3214 	    (fd = dupfd(fd, 0)) < 0) {
3215 		switch (errno) {
3216 		case ENOENT:
3217 			rc = G_NOPROC;
3218 			break;
3219 		default:
3220 			dprintf("Lgrab: failed to open %s: %s\n",
3221 			    procname, strerror(errno));
3222 			rc = G_STRANGE;
3223 			break;
3224 		}
3225 		goto err;
3226 	}
3227 	L->lwp_ctlfd = fd;
3228 
3229 	L->lwp_state =
3230 	    ((L->lwp_status.pr_flags & (PR_STOPPED|PR_ISTOP))
3231 	    == (PR_STOPPED|PR_ISTOP))?
3232 	    PS_STOP : PS_RUN;
3233 
3234 	*perr = 0;
3235 	(void) mutex_unlock(&P->proc_lock);
3236 	return (L);
3237 
3238 err:
3239 	Lfree_internal(P, L);
3240 	*perr = rc;
3241 	(void) mutex_unlock(&P->proc_lock);
3242 	return (NULL);
3243 }
3244 
3245 /*
3246  * Return a printable string corresponding to an Lgrab() error return.
3247  */
3248 const char *
3249 Lgrab_error(int error)
3250 {
3251 	const char *str;
3252 
3253 	switch (error) {
3254 	case G_NOPROC:
3255 		str = "no such LWP";
3256 		break;
3257 	case G_BUSY:
3258 		str = "LWP already grabbed";
3259 		break;
3260 	case G_STRANGE:
3261 		str = "unanticipated system error";
3262 		break;
3263 	default:
3264 		str = "unknown error";
3265 		break;
3266 	}
3267 
3268 	return (str);
3269 }
3270 
3271 /*
3272  * Free an LWP control structure.
3273  */
3274 void
3275 Lfree(struct ps_lwphandle *L)
3276 {
3277 	struct ps_prochandle *P = L->lwp_proc;
3278 
3279 	(void) mutex_lock(&P->proc_lock);
3280 	Lfree_internal(P, L);
3281 	(void) mutex_unlock(&P->proc_lock);
3282 }
3283 
3284 static void
3285 Lfree_internal(struct ps_prochandle *P, struct ps_lwphandle *L)
3286 {
3287 	*Lfind(P, L->lwp_id) = L->lwp_hash;	/* delete from hash table */
3288 	if (L->lwp_ctlfd >= 0)
3289 		(void) close(L->lwp_ctlfd);
3290 	if (L->lwp_statfd >= 0)
3291 		(void) close(L->lwp_statfd);
3292 
3293 	/* clear out the structure as a precaution against reuse */
3294 	(void) memset(L, 0, sizeof (*L));
3295 	L->lwp_ctlfd = -1;
3296 	L->lwp_statfd = -1;
3297 
3298 	free(L);
3299 }
3300 
3301 /*
3302  * Return the state of the process, one of the PS_* values.
3303  */
3304 int
3305 Lstate(struct ps_lwphandle *L)
3306 {
3307 	return (L->lwp_state);
3308 }
3309 
3310 /*
3311  * Return the open control file descriptor for the LWP.
3312  * Clients must not close this file descriptor, nor use it
3313  * after the LWP is freed.
3314  */
3315 int
3316 Lctlfd(struct ps_lwphandle *L)
3317 {
3318 	return (L->lwp_ctlfd);
3319 }
3320 
3321 /*
3322  * Return a pointer to the LWP lwpsinfo structure.
3323  * Clients should not hold on to this pointer indefinitely.
3324  * It will become invalid on Lfree().
3325  */
3326 const lwpsinfo_t *
3327 Lpsinfo(struct ps_lwphandle *L)
3328 {
3329 	if (Plwp_getpsinfo(L->lwp_proc, L->lwp_id, &L->lwp_psinfo) == -1)
3330 		return (NULL);
3331 
3332 	return (&L->lwp_psinfo);
3333 }
3334 
3335 /*
3336  * Return a pointer to the LWP status structure.
3337  * Clients should not hold on to this pointer indefinitely.
3338  * It will become invalid on Lfree().
3339  */
3340 const lwpstatus_t *
3341 Lstatus(struct ps_lwphandle *L)
3342 {
3343 	return (&L->lwp_status);
3344 }
3345 
3346 /*
3347  * Given an LWP handle, return the process handle.
3348  */
3349 struct ps_prochandle *
3350 Lprochandle(struct ps_lwphandle *L)
3351 {
3352 	return (L->lwp_proc);
3353 }
3354 
3355 /*
3356  * Ensure that all cached state is written to the LWP.
3357  * The cached state is the LWP's signal mask and registers.
3358  */
3359 void
3360 Lsync(struct ps_lwphandle *L)
3361 {
3362 	int ctlfd = L->lwp_ctlfd;
3363 	long cmd[2];
3364 	iovec_t iov[4];
3365 	int n = 0;
3366 
3367 	if (L->lwp_flags & SETHOLD) {
3368 		cmd[0] = PCSHOLD;
3369 		iov[n].iov_base = (caddr_t)&cmd[0];
3370 		iov[n++].iov_len = sizeof (long);
3371 		iov[n].iov_base = (caddr_t)&L->lwp_status.pr_lwphold;
3372 		iov[n++].iov_len = sizeof (L->lwp_status.pr_lwphold);
3373 	}
3374 	if (L->lwp_flags & SETREGS) {
3375 		cmd[1] = PCSREG;
3376 		iov[n].iov_base = (caddr_t)&cmd[1];
3377 		iov[n++].iov_len = sizeof (long);
3378 		iov[n].iov_base = (caddr_t)&L->lwp_status.pr_reg[0];
3379 		iov[n++].iov_len = sizeof (L->lwp_status.pr_reg);
3380 	}
3381 
3382 	if (n == 0 || writev(ctlfd, iov, n) < 0)
3383 		return;		/* nothing to do or write failed */
3384 
3385 	L->lwp_flags &= ~(SETHOLD|SETREGS);
3386 }
3387 
3388 /*
3389  * Wait for the specified LWP to stop or terminate.
3390  * Or, just get the current status (PCNULL).
3391  * Or, direct it to stop and get the current status (PCDSTOP).
3392  */
3393 static int
3394 Lstopstatus(struct ps_lwphandle *L,
3395 	long request,		/* PCNULL, PCDSTOP, PCSTOP, PCWSTOP */
3396 	uint_t msec)		/* if non-zero, timeout in milliseconds */
3397 {
3398 	int ctlfd = L->lwp_ctlfd;
3399 	long ctl[3];
3400 	ssize_t rc;
3401 	int err;
3402 
3403 	switch (L->lwp_state) {
3404 	case PS_RUN:
3405 		break;
3406 	case PS_STOP:
3407 		if (request != PCNULL && request != PCDSTOP)
3408 			return (0);
3409 		break;
3410 	case PS_LOST:
3411 		if (request != PCNULL) {
3412 			errno = EAGAIN;
3413 			return (-1);
3414 		}
3415 		break;
3416 	case PS_UNDEAD:
3417 	case PS_DEAD:
3418 		if (request != PCNULL) {
3419 			errno = ENOENT;
3420 			return (-1);
3421 		}
3422 		break;
3423 	default:	/* corrupted state */
3424 		dprintf("Lstopstatus: corrupted state: %d\n", L->lwp_state);
3425 		errno = EINVAL;
3426 		return (-1);
3427 	}
3428 
3429 	ctl[0] = PCDSTOP;
3430 	ctl[1] = PCTWSTOP;
3431 	ctl[2] = (long)msec;
3432 	rc = 0;
3433 	switch (request) {
3434 	case PCSTOP:
3435 		rc = write(ctlfd, &ctl[0], 3*sizeof (long));
3436 		break;
3437 	case PCWSTOP:
3438 		rc = write(ctlfd, &ctl[1], 2*sizeof (long));
3439 		break;
3440 	case PCDSTOP:
3441 		rc = write(ctlfd, &ctl[0], 1*sizeof (long));
3442 		break;
3443 	case PCNULL:
3444 		if (L->lwp_state == PS_DEAD)
3445 			return (0); /* Nothing else to do for cores */
3446 		break;
3447 	default:	/* programming error */
3448 		errno = EINVAL;
3449 		return (-1);
3450 	}
3451 	err = (rc < 0)? errno : 0;
3452 	Lsync(L);
3453 
3454 	if (pread(L->lwp_statfd, &L->lwp_status,
3455 	    sizeof (L->lwp_status), (off_t)0) < 0)
3456 		err = errno;
3457 
3458 	if (err) {
3459 		switch (err) {
3460 		case EINTR:		/* user typed ctl-C */
3461 		case ERESTART:
3462 			dprintf("Lstopstatus: EINTR\n");
3463 			break;
3464 		case EAGAIN:		/* we lost control of the the process */
3465 			dprintf("Lstopstatus: EAGAIN\n");
3466 			L->lwp_state = PS_LOST;
3467 			errno = err;
3468 			return (-1);
3469 		default:
3470 			if (_libproc_debug) {
3471 				const char *errstr;
3472 
3473 				switch (request) {
3474 				case PCNULL:
3475 					errstr = "Lstopstatus PCNULL"; break;
3476 				case PCSTOP:
3477 					errstr = "Lstopstatus PCSTOP"; break;
3478 				case PCDSTOP:
3479 					errstr = "Lstopstatus PCDSTOP"; break;
3480 				case PCWSTOP:
3481 					errstr = "Lstopstatus PCWSTOP"; break;
3482 				default:
3483 					errstr = "Lstopstatus PC???"; break;
3484 				}
3485 				dprintf("%s: %s\n", errstr, strerror(err));
3486 			}
3487 			L->lwp_state = PS_UNDEAD;
3488 			errno = err;
3489 			return (-1);
3490 		}
3491 	}
3492 
3493 	if ((L->lwp_status.pr_flags & (PR_STOPPED|PR_ISTOP))
3494 	    != (PR_STOPPED|PR_ISTOP)) {
3495 		L->lwp_state = PS_RUN;
3496 		if (request == PCNULL || request == PCDSTOP || msec != 0)
3497 			return (0);
3498 		dprintf("Lstopstatus: LWP is not stopped\n");
3499 		errno = EPROTO;
3500 		return (-1);
3501 	}
3502 
3503 	L->lwp_state = PS_STOP;
3504 
3505 	if (_libproc_debug)	/* debugging */
3506 		prldump("Lstopstatus", &L->lwp_status);
3507 
3508 	switch (L->lwp_status.pr_why) {
3509 	case PR_SYSENTRY:
3510 	case PR_SYSEXIT:
3511 	case PR_REQUESTED:
3512 	case PR_SIGNALLED:
3513 	case PR_FAULTED:
3514 	case