1 /*- 2 * Copyright (c) 1982, 1986, 1989, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)kern_exit.c 8.7 (Berkeley) 2/12/94 35 */ 36 37 #include <sys/cdefs.h> 38 __FBSDID("$FreeBSD$"); 39 40 #include "opt_compat.h" 41 #include "opt_ktrace.h" 42 43 #include <sys/param.h> 44 #include <sys/systm.h> 45 #include <sys/sysproto.h> 46 #include <sys/capsicum.h> 47 #include <sys/eventhandler.h> 48 #include <sys/kernel.h> 49 #include <sys/malloc.h> 50 #include <sys/lock.h> 51 #include <sys/mutex.h> 52 #include <sys/proc.h> 53 #include <sys/procdesc.h> 54 #include <sys/pioctl.h> 55 #include <sys/jail.h> 56 #include <sys/tty.h> 57 #include <sys/wait.h> 58 #include <sys/vmmeter.h> 59 #include <sys/vnode.h> 60 #include <sys/racct.h> 61 #include <sys/resourcevar.h> 62 #include <sys/sbuf.h> 63 #include <sys/signalvar.h> 64 #include <sys/sched.h> 65 #include <sys/sx.h> 66 #include <sys/syscallsubr.h> 67 #include <sys/syslog.h> 68 #include <sys/ptrace.h> 69 #include <sys/acct.h> /* for acct_process() function prototype */ 70 #include <sys/filedesc.h> 71 #include <sys/sdt.h> 72 #include <sys/shm.h> 73 #include <sys/sem.h> 74 #include <sys/umtx.h> 75 #ifdef KTRACE 76 #include <sys/ktrace.h> 77 #endif 78 79 #include <security/audit/audit.h> 80 #include <security/mac/mac_framework.h> 81 82 #include <vm/vm.h> 83 #include <vm/vm_extern.h> 84 #include <vm/vm_param.h> 85 #include <vm/pmap.h> 86 #include <vm/vm_map.h> 87 #include <vm/vm_page.h> 88 #include <vm/uma.h> 89 #include <vm/vm_domain.h> 90 91 #ifdef KDTRACE_HOOKS 92 #include <sys/dtrace_bsd.h> 93 dtrace_execexit_func_t dtrace_fasttrap_exit; 94 #endif 95 96 SDT_PROVIDER_DECLARE(proc); 97 SDT_PROBE_DEFINE1(proc, kernel, , exit, "int"); 98 99 /* Hook for NFS teardown procedure. */ 100 void (*nlminfo_release_p)(struct proc *p); 101 102 struct proc * 103 proc_realparent(struct proc *child) 104 { 105 struct proc *p, *parent; 106 107 sx_assert(&proctree_lock, SX_LOCKED); 108 if ((child->p_treeflag & P_TREE_ORPHANED) == 0) { 109 if (child->p_oppid == 0 || 110 child->p_pptr->p_pid == child->p_oppid) 111 parent = child->p_pptr; 112 else 113 parent = initproc; 114 return (parent); 115 } 116 for (p = child; (p->p_treeflag & P_TREE_FIRST_ORPHAN) == 0;) { 117 /* Cannot use LIST_PREV(), since the list head is not known. */ 118 p = __containerof(p->p_orphan.le_prev, struct proc, 119 p_orphan.le_next); 120 KASSERT((p->p_treeflag & P_TREE_ORPHANED) != 0, 121 ("missing P_ORPHAN %p", p)); 122 } 123 parent = __containerof(p->p_orphan.le_prev, struct proc, 124 p_orphans.lh_first); 125 return (parent); 126 } 127 128 void 129 reaper_abandon_children(struct proc *p, bool exiting) 130 { 131 struct proc *p1, *p2, *ptmp; 132 133 sx_assert(&proctree_lock, SX_LOCKED); 134 KASSERT(p != initproc, ("reaper_abandon_children for initproc")); 135 if ((p->p_treeflag & P_TREE_REAPER) == 0) 136 return; 137 p1 = p->p_reaper; 138 LIST_FOREACH_SAFE(p2, &p->p_reaplist, p_reapsibling, ptmp) { 139 LIST_REMOVE(p2, p_reapsibling); 140 p2->p_reaper = p1; 141 p2->p_reapsubtree = p->p_reapsubtree; 142 LIST_INSERT_HEAD(&p1->p_reaplist, p2, p_reapsibling); 143 if (exiting && p2->p_pptr == p) { 144 PROC_LOCK(p2); 145 proc_reparent(p2, p1); 146 PROC_UNLOCK(p2); 147 } 148 } 149 KASSERT(LIST_EMPTY(&p->p_reaplist), ("p_reaplist not empty")); 150 p->p_treeflag &= ~P_TREE_REAPER; 151 } 152 153 static void 154 clear_orphan(struct proc *p) 155 { 156 struct proc *p1; 157 158 sx_assert(&proctree_lock, SA_XLOCKED); 159 if ((p->p_treeflag & P_TREE_ORPHANED) == 0) 160 return; 161 if ((p->p_treeflag & P_TREE_FIRST_ORPHAN) != 0) { 162 p1 = LIST_NEXT(p, p_orphan); 163 if (p1 != NULL) 164 p1->p_treeflag |= P_TREE_FIRST_ORPHAN; 165 p->p_treeflag &= ~P_TREE_FIRST_ORPHAN; 166 } 167 LIST_REMOVE(p, p_orphan); 168 p->p_treeflag &= ~P_TREE_ORPHANED; 169 } 170 171 /* 172 * exit -- death of process. 173 */ 174 void 175 sys_sys_exit(struct thread *td, struct sys_exit_args *uap) 176 { 177 178 exit1(td, uap->rval, 0); 179 /* NOTREACHED */ 180 } 181 182 /* 183 * Exit: deallocate address space and other resources, change proc state to 184 * zombie, and unlink proc from allproc and parent's lists. Save exit status 185 * and rusage for wait(). Check for child processes and orphan them. 186 */ 187 void 188 exit1(struct thread *td, int rval, int signo) 189 { 190 struct proc *p, *nq, *q, *t; 191 struct thread *tdt; 192 struct vnode *ttyvp = NULL; 193 194 mtx_assert(&Giant, MA_NOTOWNED); 195 KASSERT(rval == 0 || signo == 0, ("exit1 rv %d sig %d", rval, signo)); 196 197 p = td->td_proc; 198 /* 199 * XXX in case we're rebooting we just let init die in order to 200 * work around an unsolved stack overflow seen very late during 201 * shutdown on sparc64 when the gmirror worker process exists. 202 */ 203 if (p == initproc && rebooting == 0) { 204 printf("init died (signal %d, exit %d)\n", signo, rval); 205 panic("Going nowhere without my init!"); 206 } 207 208 /* 209 * Deref SU mp, since the thread does not return to userspace. 210 */ 211 if (softdep_ast_cleanup != NULL) 212 softdep_ast_cleanup(); 213 214 /* 215 * MUST abort all other threads before proceeding past here. 216 */ 217 PROC_LOCK(p); 218 /* 219 * First check if some other thread or external request got 220 * here before us. If so, act appropriately: exit or suspend. 221 * We must ensure that stop requests are handled before we set 222 * P_WEXIT. 223 */ 224 thread_suspend_check(0); 225 while (p->p_flag & P_HADTHREADS) { 226 /* 227 * Kill off the other threads. This requires 228 * some co-operation from other parts of the kernel 229 * so it may not be instantaneous. With this state set 230 * any thread entering the kernel from userspace will 231 * thread_exit() in trap(). Any thread attempting to 232 * sleep will return immediately with EINTR or EWOULDBLOCK 233 * which will hopefully force them to back out to userland 234 * freeing resources as they go. Any thread attempting 235 * to return to userland will thread_exit() from userret(). 236 * thread_exit() will unsuspend us when the last of the 237 * other threads exits. 238 * If there is already a thread singler after resumption, 239 * calling thread_single will fail; in that case, we just 240 * re-check all suspension request, the thread should 241 * either be suspended there or exit. 242 */ 243 if (!thread_single(p, SINGLE_EXIT)) 244 /* 245 * All other activity in this process is now 246 * stopped. Threading support has been turned 247 * off. 248 */ 249 break; 250 /* 251 * Recheck for new stop or suspend requests which 252 * might appear while process lock was dropped in 253 * thread_single(). 254 */ 255 thread_suspend_check(0); 256 } 257 KASSERT(p->p_numthreads == 1, 258 ("exit1: proc %p exiting with %d threads", p, p->p_numthreads)); 259 racct_sub(p, RACCT_NTHR, 1); 260 261 /* Let event handler change exit status */ 262 p->p_xexit = rval; 263 p->p_xsig = signo; 264 265 /* 266 * Wakeup anyone in procfs' PIOCWAIT. They should have a hold 267 * on our vmspace, so we should block below until they have 268 * released their reference to us. Note that if they have 269 * requested S_EXIT stops we will block here until they ack 270 * via PIOCCONT. 271 */ 272 _STOPEVENT(p, S_EXIT, 0); 273 274 /* 275 * Ignore any pending request to stop due to a stop signal. 276 * Once P_WEXIT is set, future requests will be ignored as 277 * well. 278 */ 279 p->p_flag &= ~P_STOPPED_SIG; 280 KASSERT(!P_SHOULDSTOP(p), ("exiting process is stopped")); 281 282 /* 283 * Note that we are exiting and do another wakeup of anyone in 284 * PIOCWAIT in case they aren't listening for S_EXIT stops or 285 * decided to wait again after we told them we are exiting. 286 */ 287 p->p_flag |= P_WEXIT; 288 wakeup(&p->p_stype); 289 290 /* 291 * Wait for any processes that have a hold on our vmspace to 292 * release their reference. 293 */ 294 while (p->p_lock > 0) 295 msleep(&p->p_lock, &p->p_mtx, PWAIT, "exithold", 0); 296 297 PROC_UNLOCK(p); 298 /* Drain the limit callout while we don't have the proc locked */ 299 callout_drain(&p->p_limco); 300 301 #ifdef AUDIT 302 /* 303 * The Sun BSM exit token contains two components: an exit status as 304 * passed to exit(), and a return value to indicate what sort of exit 305 * it was. The exit status is WEXITSTATUS(rv), but it's not clear 306 * what the return value is. 307 */ 308 AUDIT_ARG_EXIT(rval, 0); 309 AUDIT_SYSCALL_EXIT(0, td); 310 #endif 311 312 /* Are we a task leader with peers? */ 313 if (p->p_peers != NULL && p == p->p_leader) { 314 mtx_lock(&ppeers_lock); 315 q = p->p_peers; 316 while (q != NULL) { 317 PROC_LOCK(q); 318 kern_psignal(q, SIGKILL); 319 PROC_UNLOCK(q); 320 q = q->p_peers; 321 } 322 while (p->p_peers != NULL) 323 msleep(p, &ppeers_lock, PWAIT, "exit1", 0); 324 mtx_unlock(&ppeers_lock); 325 } 326 327 /* 328 * Check if any loadable modules need anything done at process exit. 329 * E.g. SYSV IPC stuff. 330 * Event handler could change exit status. 331 * XXX what if one of these generates an error? 332 */ 333 EVENTHANDLER_INVOKE(process_exit, p); 334 335 /* 336 * If parent is waiting for us to exit or exec, 337 * P_PPWAIT is set; we will wakeup the parent below. 338 */ 339 PROC_LOCK(p); 340 stopprofclock(p); 341 p->p_flag &= ~(P_TRACED | P_PPWAIT | P_PPTRACE); 342 343 /* 344 * Stop the real interval timer. If the handler is currently 345 * executing, prevent it from rearming itself and let it finish. 346 */ 347 if (timevalisset(&p->p_realtimer.it_value) && 348 callout_stop(&p->p_itcallout) == 0) { 349 timevalclear(&p->p_realtimer.it_interval); 350 msleep(&p->p_itcallout, &p->p_mtx, PWAIT, "ritwait", 0); 351 KASSERT(!timevalisset(&p->p_realtimer.it_value), 352 ("realtime timer is still armed")); 353 } 354 PROC_UNLOCK(p); 355 356 /* 357 * Reset any sigio structures pointing to us as a result of 358 * F_SETOWN with our pid. 359 */ 360 funsetownlst(&p->p_sigiolst); 361 362 /* 363 * If this process has an nlminfo data area (for lockd), release it 364 */ 365 if (nlminfo_release_p != NULL && p->p_nlminfo != NULL) 366 (*nlminfo_release_p)(p); 367 368 /* 369 * Close open files and release open-file table. 370 * This may block! 371 */ 372 fdescfree(td); 373 374 /* 375 * If this thread tickled GEOM, we need to wait for the giggling to 376 * stop before we return to userland 377 */ 378 if (td->td_pflags & TDP_GEOM) 379 g_waitidle(); 380 381 /* 382 * Remove ourself from our leader's peer list and wake our leader. 383 */ 384 if (p->p_leader->p_peers != NULL) { 385 mtx_lock(&ppeers_lock); 386 if (p->p_leader->p_peers != NULL) { 387 q = p->p_leader; 388 while (q->p_peers != p) 389 q = q->p_peers; 390 q->p_peers = p->p_peers; 391 wakeup(p->p_leader); 392 } 393 mtx_unlock(&ppeers_lock); 394 } 395 396 vmspace_exit(td); 397 398 sx_xlock(&proctree_lock); 399 if (SESS_LEADER(p)) { 400 struct session *sp = p->p_session; 401 struct tty *tp; 402 403 /* 404 * s_ttyp is not zero'd; we use this to indicate that 405 * the session once had a controlling terminal. (for 406 * logging and informational purposes) 407 */ 408 SESS_LOCK(sp); 409 ttyvp = sp->s_ttyvp; 410 tp = sp->s_ttyp; 411 sp->s_ttyvp = NULL; 412 sp->s_ttydp = NULL; 413 sp->s_leader = NULL; 414 SESS_UNLOCK(sp); 415 416 /* 417 * Signal foreground pgrp and revoke access to 418 * controlling terminal if it has not been revoked 419 * already. 420 * 421 * Because the TTY may have been revoked in the mean 422 * time and could already have a new session associated 423 * with it, make sure we don't send a SIGHUP to a 424 * foreground process group that does not belong to this 425 * session. 426 */ 427 428 if (tp != NULL) { 429 tty_lock(tp); 430 if (tp->t_session == sp) 431 tty_signal_pgrp(tp, SIGHUP); 432 tty_unlock(tp); 433 } 434 435 if (ttyvp != NULL) { 436 sx_xunlock(&proctree_lock); 437 if (vn_lock(ttyvp, LK_EXCLUSIVE) == 0) { 438 VOP_REVOKE(ttyvp, REVOKEALL); 439 VOP_UNLOCK(ttyvp, 0); 440 } 441 sx_xlock(&proctree_lock); 442 } 443 } 444 fixjobc(p, p->p_pgrp, 0); 445 sx_xunlock(&proctree_lock); 446 (void)acct_process(td); 447 448 /* Release the TTY now we've unlocked everything. */ 449 if (ttyvp != NULL) 450 vrele(ttyvp); 451 #ifdef KTRACE 452 ktrprocexit(td); 453 #endif 454 /* 455 * Release reference to text vnode 456 */ 457 if (p->p_textvp != NULL) { 458 vrele(p->p_textvp); 459 p->p_textvp = NULL; 460 } 461 462 /* 463 * Release our limits structure. 464 */ 465 lim_free(p->p_limit); 466 p->p_limit = NULL; 467 468 tidhash_remove(td); 469 470 /* 471 * Remove proc from allproc queue and pidhash chain. 472 * Place onto zombproc. Unlink from parent's child list. 473 */ 474 sx_xlock(&allproc_lock); 475 LIST_REMOVE(p, p_list); 476 LIST_INSERT_HEAD(&zombproc, p, p_list); 477 LIST_REMOVE(p, p_hash); 478 sx_xunlock(&allproc_lock); 479 480 /* 481 * Call machine-dependent code to release any 482 * machine-dependent resources other than the address space. 483 * The address space is released by "vmspace_exitfree(p)" in 484 * vm_waitproc(). 485 */ 486 cpu_exit(td); 487 488 WITNESS_WARN(WARN_PANIC, NULL, "process (pid %d) exiting", p->p_pid); 489 490 /* 491 * Reparent all children processes: 492 * - traced ones to the original parent (or init if we are that parent) 493 * - the rest to init 494 */ 495 sx_xlock(&proctree_lock); 496 q = LIST_FIRST(&p->p_children); 497 if (q != NULL) /* only need this if any child is S_ZOMB */ 498 wakeup(q->p_reaper); 499 for (; q != NULL; q = nq) { 500 nq = LIST_NEXT(q, p_sibling); 501 PROC_LOCK(q); 502 q->p_sigparent = SIGCHLD; 503 504 if (!(q->p_flag & P_TRACED)) { 505 proc_reparent(q, q->p_reaper); 506 } else { 507 /* 508 * Traced processes are killed since their existence 509 * means someone is screwing up. 510 */ 511 t = proc_realparent(q); 512 if (t == p) { 513 proc_reparent(q, q->p_reaper); 514 } else { 515 PROC_LOCK(t); 516 proc_reparent(q, t); 517 PROC_UNLOCK(t); 518 } 519 /* 520 * Since q was found on our children list, the 521 * proc_reparent() call moved q to the orphan 522 * list due to present P_TRACED flag. Clear 523 * orphan link for q now while q is locked. 524 */ 525 clear_orphan(q); 526 q->p_flag &= ~(P_TRACED | P_STOPPED_TRACE); 527 FOREACH_THREAD_IN_PROC(q, tdt) 528 tdt->td_dbgflags &= ~TDB_SUSPEND; 529 kern_psignal(q, SIGKILL); 530 } 531 PROC_UNLOCK(q); 532 } 533 534 /* 535 * Also get rid of our orphans. 536 */ 537 while ((q = LIST_FIRST(&p->p_orphans)) != NULL) { 538 PROC_LOCK(q); 539 CTR2(KTR_PTRACE, "exit: pid %d, clearing orphan %d", p->p_pid, 540 q->p_pid); 541 clear_orphan(q); 542 PROC_UNLOCK(q); 543 } 544 545 /* Save exit status. */ 546 PROC_LOCK(p); 547 p->p_xthread = td; 548 549 /* Tell the prison that we are gone. */ 550 prison_proc_free(p->p_ucred->cr_prison); 551 552 #ifdef KDTRACE_HOOKS 553 /* 554 * Tell the DTrace fasttrap provider about the exit if it 555 * has declared an interest. 556 */ 557 if (dtrace_fasttrap_exit) 558 dtrace_fasttrap_exit(p); 559 #endif 560 561 /* 562 * Notify interested parties of our demise. 563 */ 564 KNOTE_LOCKED(&p->p_klist, NOTE_EXIT); 565 566 #ifdef KDTRACE_HOOKS 567 int reason = CLD_EXITED; 568 if (WCOREDUMP(signo)) 569 reason = CLD_DUMPED; 570 else if (WIFSIGNALED(signo)) 571 reason = CLD_KILLED; 572 SDT_PROBE1(proc, kernel, , exit, reason); 573 #endif 574 575 /* 576 * Just delete all entries in the p_klist. At this point we won't 577 * report any more events, and there are nasty race conditions that 578 * can beat us if we don't. 579 */ 580 knlist_clear(&p->p_klist, 1); 581 582 /* 583 * If this is a process with a descriptor, we may not need to deliver 584 * a signal to the parent. proctree_lock is held over 585 * procdesc_exit() to serialize concurrent calls to close() and 586 * exit(). 587 */ 588 if (p->p_procdesc == NULL || procdesc_exit(p)) { 589 /* 590 * Notify parent that we're gone. If parent has the 591 * PS_NOCLDWAIT flag set, or if the handler is set to SIG_IGN, 592 * notify process 1 instead (and hope it will handle this 593 * situation). 594 */ 595 PROC_LOCK(p->p_pptr); 596 mtx_lock(&p->p_pptr->p_sigacts->ps_mtx); 597 if (p->p_pptr->p_sigacts->ps_flag & 598 (PS_NOCLDWAIT | PS_CLDSIGIGN)) { 599 struct proc *pp; 600 601 mtx_unlock(&p->p_pptr->p_sigacts->ps_mtx); 602 pp = p->p_pptr; 603 PROC_UNLOCK(pp); 604 proc_reparent(p, p->p_reaper); 605 p->p_sigparent = SIGCHLD; 606 PROC_LOCK(p->p_pptr); 607 608 /* 609 * Notify parent, so in case he was wait(2)ing or 610 * executing waitpid(2) with our pid, he will 611 * continue. 612 */ 613 wakeup(pp); 614 } else 615 mtx_unlock(&p->p_pptr->p_sigacts->ps_mtx); 616 617 if (p->p_pptr == p->p_reaper || p->p_pptr == initproc) 618 childproc_exited(p); 619 else if (p->p_sigparent != 0) { 620 if (p->p_sigparent == SIGCHLD) 621 childproc_exited(p); 622 else /* LINUX thread */ 623 kern_psignal(p->p_pptr, p->p_sigparent); 624 } 625 } else 626 PROC_LOCK(p->p_pptr); 627 sx_xunlock(&proctree_lock); 628 629 /* 630 * The state PRS_ZOMBIE prevents other proesses from sending 631 * signal to the process, to avoid memory leak, we free memory 632 * for signal queue at the time when the state is set. 633 */ 634 sigqueue_flush(&p->p_sigqueue); 635 sigqueue_flush(&td->td_sigqueue); 636 637 /* 638 * We have to wait until after acquiring all locks before 639 * changing p_state. We need to avoid all possible context 640 * switches (including ones from blocking on a mutex) while 641 * marked as a zombie. We also have to set the zombie state 642 * before we release the parent process' proc lock to avoid 643 * a lost wakeup. So, we first call wakeup, then we grab the 644 * sched lock, update the state, and release the parent process' 645 * proc lock. 646 */ 647 wakeup(p->p_pptr); 648 cv_broadcast(&p->p_pwait); 649 sched_exit(p->p_pptr, td); 650 umtx_thread_exit(td); 651 PROC_SLOCK(p); 652 p->p_state = PRS_ZOMBIE; 653 PROC_UNLOCK(p->p_pptr); 654 655 /* 656 * Hopefully no one will try to deliver a signal to the process this 657 * late in the game. 658 */ 659 knlist_destroy(&p->p_klist); 660 661 /* 662 * Save our children's rusage information in our exit rusage. 663 */ 664 PROC_STATLOCK(p); 665 ruadd(&p->p_ru, &p->p_rux, &p->p_stats->p_cru, &p->p_crux); 666 PROC_STATUNLOCK(p); 667 668 /* 669 * Make sure the scheduler takes this thread out of its tables etc. 670 * This will also release this thread's reference to the ucred. 671 * Other thread parts to release include pcb bits and such. 672 */ 673 thread_exit(); 674 } 675 676 677 #ifndef _SYS_SYSPROTO_H_ 678 struct abort2_args { 679 char *why; 680 int nargs; 681 void **args; 682 }; 683 #endif 684 685 int 686 sys_abort2(struct thread *td, struct abort2_args *uap) 687 { 688 struct proc *p = td->td_proc; 689 struct sbuf *sb; 690 void *uargs[16]; 691 int error, i, sig; 692 693 /* 694 * Do it right now so we can log either proper call of abort2(), or 695 * note, that invalid argument was passed. 512 is big enough to 696 * handle 16 arguments' descriptions with additional comments. 697 */ 698 sb = sbuf_new(NULL, NULL, 512, SBUF_FIXEDLEN); 699 sbuf_clear(sb); 700 sbuf_printf(sb, "%s(pid %d uid %d) aborted: ", 701 p->p_comm, p->p_pid, td->td_ucred->cr_uid); 702 /* 703 * Since we can't return from abort2(), send SIGKILL in cases, where 704 * abort2() was called improperly 705 */ 706 sig = SIGKILL; 707 /* Prevent from DoSes from user-space. */ 708 if (uap->nargs < 0 || uap->nargs > 16) 709 goto out; 710 if (uap->nargs > 0) { 711 if (uap->args == NULL) 712 goto out; 713 error = copyin(uap->args, uargs, uap->nargs * sizeof(void *)); 714 if (error != 0) 715 goto out; 716 } 717 /* 718 * Limit size of 'reason' string to 128. Will fit even when 719 * maximal number of arguments was chosen to be logged. 720 */ 721 if (uap->why != NULL) { 722 error = sbuf_copyin(sb, uap->why, 128); 723 if (error < 0) 724 goto out; 725 } else { 726 sbuf_printf(sb, "(null)"); 727 } 728 if (uap->nargs > 0) { 729 sbuf_printf(sb, "("); 730 for (i = 0;i < uap->nargs; i++) 731 sbuf_printf(sb, "%s%p", i == 0 ? "" : ", ", uargs[i]); 732 sbuf_printf(sb, ")"); 733 } 734 /* 735 * Final stage: arguments were proper, string has been 736 * successfully copied from userspace, and copying pointers 737 * from user-space succeed. 738 */ 739 sig = SIGABRT; 740 out: 741 if (sig == SIGKILL) { 742 sbuf_trim(sb); 743 sbuf_printf(sb, " (Reason text inaccessible)"); 744 } 745 sbuf_cat(sb, "\n"); 746 sbuf_finish(sb); 747 log(LOG_INFO, "%s", sbuf_data(sb)); 748 sbuf_delete(sb); 749 exit1(td, 0, sig); 750 return (0); 751 } 752 753 754 #ifdef COMPAT_43 755 /* 756 * The dirty work is handled by kern_wait(). 757 */ 758 int 759 owait(struct thread *td, struct owait_args *uap __unused) 760 { 761 int error, status; 762 763 error = kern_wait(td, WAIT_ANY, &status, 0, NULL); 764 if (error == 0) 765 td->td_retval[1] = status; 766 return (error); 767 } 768 #endif /* COMPAT_43 */ 769 770 /* 771 * The dirty work is handled by kern_wait(). 772 */ 773 int 774 sys_wait4(struct thread *td, struct wait4_args *uap) 775 { 776 struct rusage ru, *rup; 777 int error, status; 778 779 if (uap->rusage != NULL) 780 rup = &ru; 781 else 782 rup = NULL; 783 error = kern_wait(td, uap->pid, &status, uap->options, rup); 784 if (uap->status != NULL && error == 0) 785 error = copyout(&status, uap->status, sizeof(status)); 786 if (uap->rusage != NULL && error == 0) 787 error = copyout(&ru, uap->rusage, sizeof(struct rusage)); 788 return (error); 789 } 790 791 int 792 sys_wait6(struct thread *td, struct wait6_args *uap) 793 { 794 struct __wrusage wru, *wrup; 795 siginfo_t si, *sip; 796 idtype_t idtype; 797 id_t id; 798 int error, status; 799 800 idtype = uap->idtype; 801 id = uap->id; 802 803 if (uap->wrusage != NULL) 804 wrup = &wru; 805 else 806 wrup = NULL; 807 808 if (uap->info != NULL) { 809 sip = &si; 810 bzero(sip, sizeof(*sip)); 811 } else 812 sip = NULL; 813 814 /* 815 * We expect all callers of wait6() to know about WEXITED and 816 * WTRAPPED. 817 */ 818 error = kern_wait6(td, idtype, id, &status, uap->options, wrup, sip); 819 820 if (uap->status != NULL && error == 0) 821 error = copyout(&status, uap->status, sizeof(status)); 822 if (uap->wrusage != NULL && error == 0) 823 error = copyout(&wru, uap->wrusage, sizeof(wru)); 824 if (uap->info != NULL && error == 0) 825 error = copyout(&si, uap->info, sizeof(si)); 826 return (error); 827 } 828 829 /* 830 * Reap the remains of a zombie process and optionally return status and 831 * rusage. Asserts and will release both the proctree_lock and the process 832 * lock as part of its work. 833 */ 834 void 835 proc_reap(struct thread *td, struct proc *p, int *status, int options) 836 { 837 struct proc *q, *t; 838 839 sx_assert(&proctree_lock, SA_XLOCKED); 840 PROC_LOCK_ASSERT(p, MA_OWNED); 841 PROC_SLOCK_ASSERT(p, MA_OWNED); 842 KASSERT(p->p_state == PRS_ZOMBIE, ("proc_reap: !PRS_ZOMBIE")); 843 844 q = td->td_proc; 845 846 PROC_SUNLOCK(p); 847 if (status) 848 *status = KW_EXITCODE(p->p_xexit, p->p_xsig); 849 if (options & WNOWAIT) { 850 /* 851 * Only poll, returning the status. Caller does not wish to 852 * release the proc struct just yet. 853 */ 854 PROC_UNLOCK(p); 855 sx_xunlock(&proctree_lock); 856 return; 857 } 858 859 PROC_LOCK(q); 860 sigqueue_take(p->p_ksi); 861 PROC_UNLOCK(q); 862 863 /* 864 * If we got the child via a ptrace 'attach', we need to give it back 865 * to the old parent. 866 */ 867 if (p->p_oppid != 0 && p->p_oppid != p->p_pptr->p_pid) { 868 PROC_UNLOCK(p); 869 t = proc_realparent(p); 870 PROC_LOCK(t); 871 PROC_LOCK(p); 872 CTR2(KTR_PTRACE, 873 "wait: traced child %d moved back to parent %d", p->p_pid, 874 t->p_pid); 875 proc_reparent(p, t); 876 p->p_oppid = 0; 877 PROC_UNLOCK(p); 878 pksignal(t, SIGCHLD, p->p_ksi); 879 wakeup(t); 880 cv_broadcast(&p->p_pwait); 881 PROC_UNLOCK(t); 882 sx_xunlock(&proctree_lock); 883 return; 884 } 885 p->p_oppid = 0; 886 PROC_UNLOCK(p); 887 888 /* 889 * Remove other references to this process to ensure we have an 890 * exclusive reference. 891 */ 892 sx_xlock(&allproc_lock); 893 LIST_REMOVE(p, p_list); /* off zombproc */ 894 sx_xunlock(&allproc_lock); 895 LIST_REMOVE(p, p_sibling); 896 reaper_abandon_children(p, true); 897 LIST_REMOVE(p, p_reapsibling); 898 PROC_LOCK(p); 899 clear_orphan(p); 900 PROC_UNLOCK(p); 901 leavepgrp(p); 902 if (p->p_procdesc != NULL) 903 procdesc_reap(p); 904 sx_xunlock(&proctree_lock); 905 906 /* 907 * Removal from allproc list and process group list paired with 908 * PROC_LOCK which was executed during that time should guarantee 909 * nothing can reach this process anymore. As such further locking 910 * is unnecessary. 911 */ 912 p->p_xexit = p->p_xsig = 0; /* XXX: why? */ 913 914 PROC_LOCK(q); 915 ruadd(&q->p_stats->p_cru, &q->p_crux, &p->p_ru, &p->p_rux); 916 PROC_UNLOCK(q); 917 918 /* 919 * Decrement the count of procs running with this uid. 920 */ 921 (void)chgproccnt(p->p_ucred->cr_ruidinfo, -1, 0); 922 923 /* 924 * Destroy resource accounting information associated with the process. 925 */ 926 #ifdef RACCT 927 if (racct_enable) { 928 PROC_LOCK(p); 929 racct_sub(p, RACCT_NPROC, 1); 930 PROC_UNLOCK(p); 931 } 932 #endif 933 racct_proc_exit(p); 934 935 /* 936 * Free credentials, arguments, and sigacts. 937 */ 938 crfree(p->p_ucred); 939 proc_set_cred(p, NULL); 940 pargs_drop(p->p_args); 941 p->p_args = NULL; 942 sigacts_free(p->p_sigacts); 943 p->p_sigacts = NULL; 944 945 /* 946 * Do any thread-system specific cleanups. 947 */ 948 thread_wait(p); 949 950 /* 951 * Give vm and machine-dependent layer a chance to free anything that 952 * cpu_exit couldn't release while still running in process context. 953 */ 954 vm_waitproc(p); 955 #ifdef MAC 956 mac_proc_destroy(p); 957 #endif 958 /* 959 * Free any domain policy that's still hiding around. 960 */ 961 vm_domain_policy_cleanup(&p->p_vm_dom_policy); 962 963 KASSERT(FIRST_THREAD_IN_PROC(p), 964 ("proc_reap: no residual thread!")); 965 uma_zfree(proc_zone, p); 966 atomic_add_int(&nprocs, -1); 967 } 968 969 static int 970 proc_to_reap(struct thread *td, struct proc *p, idtype_t idtype, id_t id, 971 int *status, int options, struct __wrusage *wrusage, siginfo_t *siginfo, 972 int check_only) 973 { 974 struct rusage *rup; 975 976 sx_assert(&proctree_lock, SA_XLOCKED); 977 978 PROC_LOCK(p); 979 980 switch (idtype) { 981 case P_ALL: 982 if (p->p_procdesc != NULL) { 983 PROC_UNLOCK(p); 984 return (0); 985 } 986 break; 987 case P_PID: 988 if (p->p_pid != (pid_t)id) { 989 PROC_UNLOCK(p); 990 return (0); 991 } 992 break; 993 case P_PGID: 994 if (p->p_pgid != (pid_t)id) { 995 PROC_UNLOCK(p); 996 return (0); 997 } 998 break; 999 case P_SID: 1000 if (p->p_session->s_sid != (pid_t)id) { 1001 PROC_UNLOCK(p); 1002 return (0); 1003 } 1004 break; 1005 case P_UID: 1006 if (p->p_ucred->cr_uid != (uid_t)id) { 1007 PROC_UNLOCK(p); 1008 return (0); 1009 } 1010 break; 1011 case P_GID: 1012 if (p->p_ucred->cr_gid != (gid_t)id) { 1013 PROC_UNLOCK(p); 1014 return (0); 1015 } 1016 break; 1017 case P_JAILID: 1018 if (p->p_ucred->cr_prison->pr_id != (int)id) { 1019 PROC_UNLOCK(p); 1020 return (0); 1021 } 1022 break; 1023 /* 1024 * It seems that the thread structures get zeroed out 1025 * at process exit. This makes it impossible to 1026 * support P_SETID, P_CID or P_CPUID. 1027 */ 1028 default: 1029 PROC_UNLOCK(p); 1030 return (0); 1031 } 1032 1033 if (p_canwait(td, p)) { 1034 PROC_UNLOCK(p); 1035 return (0); 1036 } 1037 1038 if (((options & WEXITED) == 0) && (p->p_state == PRS_ZOMBIE)) { 1039 PROC_UNLOCK(p); 1040 return (0); 1041 } 1042 1043 /* 1044 * This special case handles a kthread spawned by linux_clone 1045 * (see linux_misc.c). The linux_wait4 and linux_waitpid 1046 * functions need to be able to distinguish between waiting 1047 * on a process and waiting on a thread. It is a thread if 1048 * p_sigparent is not SIGCHLD, and the WLINUXCLONE option 1049 * signifies we want to wait for threads and not processes. 1050 */ 1051 if ((p->p_sigparent != SIGCHLD) ^ 1052 ((options & WLINUXCLONE) != 0)) { 1053 PROC_UNLOCK(p); 1054 return (0); 1055 } 1056 1057 if (siginfo != NULL) { 1058 bzero(siginfo, sizeof(*siginfo)); 1059 siginfo->si_errno = 0; 1060 1061 /* 1062 * SUSv4 requires that the si_signo value is always 1063 * SIGCHLD. Obey it despite the rfork(2) interface 1064 * allows to request other signal for child exit 1065 * notification. 1066 */ 1067 siginfo->si_signo = SIGCHLD; 1068 1069 /* 1070 * This is still a rough estimate. We will fix the 1071 * cases TRAPPED, STOPPED, and CONTINUED later. 1072 */ 1073 if (WCOREDUMP(p->p_xsig)) { 1074 siginfo->si_code = CLD_DUMPED; 1075 siginfo->si_status = WTERMSIG(p->p_xsig); 1076 } else if (WIFSIGNALED(p->p_xsig)) { 1077 siginfo->si_code = CLD_KILLED; 1078 siginfo->si_status = WTERMSIG(p->p_xsig); 1079 } else { 1080 siginfo->si_code = CLD_EXITED; 1081 siginfo->si_status = p->p_xexit; 1082 } 1083 1084 siginfo->si_pid = p->p_pid; 1085 siginfo->si_uid = p->p_ucred->cr_uid; 1086 1087 /* 1088 * The si_addr field would be useful additional 1089 * detail, but apparently the PC value may be lost 1090 * when we reach this point. bzero() above sets 1091 * siginfo->si_addr to NULL. 1092 */ 1093 } 1094 1095 /* 1096 * There should be no reason to limit resources usage info to 1097 * exited processes only. A snapshot about any resources used 1098 * by a stopped process may be exactly what is needed. 1099 */ 1100 if (wrusage != NULL) { 1101 rup = &wrusage->wru_self; 1102 *rup = p->p_ru; 1103 PROC_STATLOCK(p); 1104 calcru(p, &rup->ru_utime, &rup->ru_stime); 1105 PROC_STATUNLOCK(p); 1106 1107 rup = &wrusage->wru_children; 1108 *rup = p->p_stats->p_cru; 1109 calccru(p, &rup->ru_utime, &rup->ru_stime); 1110 } 1111 1112 if (p->p_state == PRS_ZOMBIE && !check_only) { 1113 PROC_SLOCK(p); 1114 proc_reap(td, p, status, options); 1115 return (-1); 1116 } 1117 PROC_UNLOCK(p); 1118 return (1); 1119 } 1120 1121 int 1122 kern_wait(struct thread *td, pid_t pid, int *status, int options, 1123 struct rusage *rusage) 1124 { 1125 struct __wrusage wru, *wrup; 1126 idtype_t idtype; 1127 id_t id; 1128 int ret; 1129 1130 /* 1131 * Translate the special pid values into the (idtype, pid) 1132 * pair for kern_wait6. The WAIT_MYPGRP case is handled by 1133 * kern_wait6() on its own. 1134 */ 1135 if (pid == WAIT_ANY) { 1136 idtype = P_ALL; 1137 id = 0; 1138 } else if (pid < 0) { 1139 idtype = P_PGID; 1140 id = (id_t)-pid; 1141 } else { 1142 idtype = P_PID; 1143 id = (id_t)pid; 1144 } 1145 1146 if (rusage != NULL) 1147 wrup = &wru; 1148 else 1149 wrup = NULL; 1150 1151 /* 1152 * For backward compatibility we implicitly add flags WEXITED 1153 * and WTRAPPED here. 1154 */ 1155 options |= WEXITED | WTRAPPED; 1156 ret = kern_wait6(td, idtype, id, status, options, wrup, NULL); 1157 if (rusage != NULL) 1158 *rusage = wru.wru_self; 1159 return (ret); 1160 } 1161 1162 int 1163 kern_wait6(struct thread *td, idtype_t idtype, id_t id, int *status, 1164 int options, struct __wrusage *wrusage, siginfo_t *siginfo) 1165 { 1166 struct proc *p, *q; 1167 pid_t pid; 1168 int error, nfound, ret; 1169 1170 AUDIT_ARG_VALUE((int)idtype); /* XXX - This is likely wrong! */ 1171 AUDIT_ARG_PID((pid_t)id); /* XXX - This may be wrong! */ 1172 AUDIT_ARG_VALUE(options); 1173 1174 q = td->td_proc; 1175 1176 if ((pid_t)id == WAIT_MYPGRP && (idtype == P_PID || idtype == P_PGID)) { 1177 PROC_LOCK(q); 1178 id = (id_t)q->p_pgid; 1179 PROC_UNLOCK(q); 1180 idtype = P_PGID; 1181 } 1182 1183 /* If we don't know the option, just return. */ 1184 if ((options & ~(WUNTRACED | WNOHANG | WCONTINUED | WNOWAIT | 1185 WEXITED | WTRAPPED | WLINUXCLONE)) != 0) 1186 return (EINVAL); 1187 if ((options & (WEXITED | WUNTRACED | WCONTINUED | WTRAPPED)) == 0) { 1188 /* 1189 * We will be unable to find any matching processes, 1190 * because there are no known events to look for. 1191 * Prefer to return error instead of blocking 1192 * indefinitely. 1193 */ 1194 return (EINVAL); 1195 } 1196 1197 loop: 1198 if (q->p_flag & P_STATCHILD) { 1199 PROC_LOCK(q); 1200 q->p_flag &= ~P_STATCHILD; 1201 PROC_UNLOCK(q); 1202 } 1203 nfound = 0; 1204 sx_xlock(&proctree_lock); 1205 LIST_FOREACH(p, &q->p_children, p_sibling) { 1206 pid = p->p_pid; 1207 ret = proc_to_reap(td, p, idtype, id, status, options, 1208 wrusage, siginfo, 0); 1209 if (ret == 0) 1210 continue; 1211 else if (ret == 1) 1212 nfound++; 1213 else { 1214 td->td_retval[0] = pid; 1215 return (0); 1216 } 1217 1218 PROC_LOCK(p); 1219 PROC_SLOCK(p); 1220 1221 if ((options & WTRAPPED) != 0 && 1222 (p->p_flag & P_TRACED) != 0 && 1223 (p->p_flag & (P_STOPPED_TRACE | P_STOPPED_SIG)) != 0 && 1224 (p->p_suspcount == p->p_numthreads) && 1225 ((p->p_flag & P_WAITED) == 0)) { 1226 PROC_SUNLOCK(p); 1227 if ((options & WNOWAIT) == 0) 1228 p->p_flag |= P_WAITED; 1229 sx_xunlock(&proctree_lock); 1230 1231 if (status != NULL) 1232 *status = W_STOPCODE(p->p_xsig); 1233 if (siginfo != NULL) { 1234 siginfo->si_status = p->p_xsig; 1235 siginfo->si_code = CLD_TRAPPED; 1236 } 1237 if ((options & WNOWAIT) == 0) { 1238 PROC_LOCK(q); 1239 sigqueue_take(p->p_ksi); 1240 PROC_UNLOCK(q); 1241 } 1242 1243 CTR4(KTR_PTRACE, 1244 "wait: returning trapped pid %d status %#x (xstat %d) xthread %d", 1245 p->p_pid, W_STOPCODE(p->p_xsig), p->p_xsig, 1246 p->p_xthread != NULL ? p->p_xthread->td_tid : -1); 1247 PROC_UNLOCK(p); 1248 td->td_retval[0] = pid; 1249 return (0); 1250 } 1251 if ((options & WUNTRACED) != 0 && 1252 (p->p_flag & P_STOPPED_SIG) != 0 && 1253 (p->p_suspcount == p->p_numthreads) && 1254 ((p->p_flag & P_WAITED) == 0)) { 1255 PROC_SUNLOCK(p); 1256 if ((options & WNOWAIT) == 0) 1257 p->p_flag |= P_WAITED; 1258 sx_xunlock(&proctree_lock); 1259 1260 if (status != NULL) 1261 *status = W_STOPCODE(p->p_xsig); 1262 if (siginfo != NULL) { 1263 siginfo->si_status = p->p_xsig; 1264 siginfo->si_code = CLD_STOPPED; 1265 } 1266 if ((options & WNOWAIT) == 0) { 1267 PROC_LOCK(q); 1268 sigqueue_take(p->p_ksi); 1269 PROC_UNLOCK(q); 1270 } 1271 1272 PROC_UNLOCK(p); 1273 td->td_retval[0] = pid; 1274 return (0); 1275 } 1276 PROC_SUNLOCK(p); 1277 if ((options & WCONTINUED) != 0 && 1278 (p->p_flag & P_CONTINUED) != 0) { 1279 sx_xunlock(&proctree_lock); 1280 if ((options & WNOWAIT) == 0) { 1281 p->p_flag &= ~P_CONTINUED; 1282 PROC_LOCK(q); 1283 sigqueue_take(p->p_ksi); 1284 PROC_UNLOCK(q); 1285 } 1286 PROC_UNLOCK(p); 1287 1288 if (status != NULL) 1289 *status = SIGCONT; 1290 if (siginfo != NULL) { 1291 siginfo->si_status = SIGCONT; 1292 siginfo->si_code = CLD_CONTINUED; 1293 } 1294 td->td_retval[0] = pid; 1295 return (0); 1296 } 1297 PROC_UNLOCK(p); 1298 } 1299 1300 /* 1301 * Look in the orphans list too, to allow the parent to 1302 * collect it's child exit status even if child is being 1303 * debugged. 1304 * 1305 * Debugger detaches from the parent upon successful 1306 * switch-over from parent to child. At this point due to 1307 * re-parenting the parent loses the child to debugger and a 1308 * wait4(2) call would report that it has no children to wait 1309 * for. By maintaining a list of orphans we allow the parent 1310 * to successfully wait until the child becomes a zombie. 1311 */ 1312 if (nfound == 0) { 1313 LIST_FOREACH(p, &q->p_orphans, p_orphan) { 1314 ret = proc_to_reap(td, p, idtype, id, NULL, options, 1315 NULL, NULL, 1); 1316 if (ret != 0) { 1317 KASSERT(ret != -1, ("reaped an orphan (pid %d)", 1318 (int)td->td_retval[0])); 1319 nfound++; 1320 break; 1321 } 1322 } 1323 } 1324 if (nfound == 0) { 1325 sx_xunlock(&proctree_lock); 1326 return (ECHILD); 1327 } 1328 if (options & WNOHANG) { 1329 sx_xunlock(&proctree_lock); 1330 td->td_retval[0] = 0; 1331 return (0); 1332 } 1333 PROC_LOCK(q); 1334 sx_xunlock(&proctree_lock); 1335 if (q->p_flag & P_STATCHILD) { 1336 q->p_flag &= ~P_STATCHILD; 1337 error = 0; 1338 } else 1339 error = msleep(q, &q->p_mtx, PWAIT | PCATCH, "wait", 0); 1340 PROC_UNLOCK(q); 1341 if (error) 1342 return (error); 1343 goto loop; 1344 } 1345 1346 /* 1347 * Make process 'parent' the new parent of process 'child'. 1348 * Must be called with an exclusive hold of proctree lock. 1349 */ 1350 void 1351 proc_reparent(struct proc *child, struct proc *parent) 1352 { 1353 1354 sx_assert(&proctree_lock, SX_XLOCKED); 1355 PROC_LOCK_ASSERT(child, MA_OWNED); 1356 if (child->p_pptr == parent) 1357 return; 1358 1359 PROC_LOCK(child->p_pptr); 1360 sigqueue_take(child->p_ksi); 1361 PROC_UNLOCK(child->p_pptr); 1362 LIST_REMOVE(child, p_sibling); 1363 LIST_INSERT_HEAD(&parent->p_children, child, p_sibling); 1364 1365 clear_orphan(child); 1366 if (child->p_flag & P_TRACED) { 1367 if (LIST_EMPTY(&child->p_pptr->p_orphans)) { 1368 child->p_treeflag |= P_TREE_FIRST_ORPHAN; 1369 LIST_INSERT_HEAD(&child->p_pptr->p_orphans, child, 1370 p_orphan); 1371 } else { 1372 LIST_INSERT_AFTER(LIST_FIRST(&child->p_pptr->p_orphans), 1373 child, p_orphan); 1374 } 1375 child->p_treeflag |= P_TREE_ORPHANED; 1376 } 1377 1378 child->p_pptr = parent; 1379 } 1380