xref: /freebsd/sys/kern/kern_procctl.c (revision edf8578117e8844e02c0121147f45e4609b30680)
1 /*-
2  * Copyright (c) 2014 John Baldwin
3  * Copyright (c) 2014, 2016 The FreeBSD Foundation
4  *
5  * Portions of this software were developed by Konstantin Belousov
6  * under sponsorship from the FreeBSD Foundation.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  */
29 
30 #include <sys/cdefs.h>
31 #include <sys/param.h>
32 #include <sys/_unrhdr.h>
33 #include <sys/systm.h>
34 #include <sys/capsicum.h>
35 #include <sys/lock.h>
36 #include <sys/mman.h>
37 #include <sys/mutex.h>
38 #include <sys/priv.h>
39 #include <sys/proc.h>
40 #include <sys/procctl.h>
41 #include <sys/sx.h>
42 #include <sys/syscallsubr.h>
43 #include <sys/sysproto.h>
44 #include <sys/taskqueue.h>
45 #include <sys/wait.h>
46 
47 #include <vm/vm.h>
48 #include <vm/pmap.h>
49 #include <vm/vm_map.h>
50 #include <vm/vm_extern.h>
51 
52 static int
53 protect_setchild(struct thread *td, struct proc *p, int flags)
54 {
55 
56 	PROC_LOCK_ASSERT(p, MA_OWNED);
57 	if (p->p_flag & P_SYSTEM || p_cansched(td, p) != 0)
58 		return (0);
59 	if (flags & PPROT_SET) {
60 		p->p_flag |= P_PROTECTED;
61 		if (flags & PPROT_INHERIT)
62 			p->p_flag2 |= P2_INHERIT_PROTECTED;
63 	} else {
64 		p->p_flag &= ~P_PROTECTED;
65 		p->p_flag2 &= ~P2_INHERIT_PROTECTED;
66 	}
67 	return (1);
68 }
69 
70 static int
71 protect_setchildren(struct thread *td, struct proc *top, int flags)
72 {
73 	struct proc *p;
74 	int ret;
75 
76 	p = top;
77 	ret = 0;
78 	sx_assert(&proctree_lock, SX_LOCKED);
79 	for (;;) {
80 		ret |= protect_setchild(td, p, flags);
81 		PROC_UNLOCK(p);
82 		/*
83 		 * If this process has children, descend to them next,
84 		 * otherwise do any siblings, and if done with this level,
85 		 * follow back up the tree (but not past top).
86 		 */
87 		if (!LIST_EMPTY(&p->p_children))
88 			p = LIST_FIRST(&p->p_children);
89 		else for (;;) {
90 			if (p == top) {
91 				PROC_LOCK(p);
92 				return (ret);
93 			}
94 			if (LIST_NEXT(p, p_sibling)) {
95 				p = LIST_NEXT(p, p_sibling);
96 				break;
97 			}
98 			p = p->p_pptr;
99 		}
100 		PROC_LOCK(p);
101 	}
102 }
103 
104 static int
105 protect_set(struct thread *td, struct proc *p, void *data)
106 {
107 	int error, flags, ret;
108 
109 	flags = *(int *)data;
110 	switch (PPROT_OP(flags)) {
111 	case PPROT_SET:
112 	case PPROT_CLEAR:
113 		break;
114 	default:
115 		return (EINVAL);
116 	}
117 
118 	if ((PPROT_FLAGS(flags) & ~(PPROT_DESCEND | PPROT_INHERIT)) != 0)
119 		return (EINVAL);
120 
121 	error = priv_check(td, PRIV_VM_MADV_PROTECT);
122 	if (error)
123 		return (error);
124 
125 	if (flags & PPROT_DESCEND)
126 		ret = protect_setchildren(td, p, flags);
127 	else
128 		ret = protect_setchild(td, p, flags);
129 	if (ret == 0)
130 		return (EPERM);
131 	return (0);
132 }
133 
134 static int
135 reap_acquire(struct thread *td, struct proc *p, void *data __unused)
136 {
137 
138 	sx_assert(&proctree_lock, SX_XLOCKED);
139 	if (p != td->td_proc)
140 		return (EPERM);
141 	if ((p->p_treeflag & P_TREE_REAPER) != 0)
142 		return (EBUSY);
143 	p->p_treeflag |= P_TREE_REAPER;
144 	/*
145 	 * We do not reattach existing children and the whole tree
146 	 * under them to us, since p->p_reaper already seen them.
147 	 */
148 	return (0);
149 }
150 
151 static int
152 reap_release(struct thread *td, struct proc *p, void *data __unused)
153 {
154 
155 	sx_assert(&proctree_lock, SX_XLOCKED);
156 	if (p != td->td_proc)
157 		return (EPERM);
158 	if (p == initproc)
159 		return (EINVAL);
160 	if ((p->p_treeflag & P_TREE_REAPER) == 0)
161 		return (EINVAL);
162 	reaper_abandon_children(p, false);
163 	return (0);
164 }
165 
166 static int
167 reap_status(struct thread *td, struct proc *p, void *data)
168 {
169 	struct proc *reap, *p2, *first_p;
170 	struct procctl_reaper_status *rs;
171 
172 	rs = data;
173 	sx_assert(&proctree_lock, SX_LOCKED);
174 	if ((p->p_treeflag & P_TREE_REAPER) == 0) {
175 		reap = p->p_reaper;
176 	} else {
177 		reap = p;
178 		rs->rs_flags |= REAPER_STATUS_OWNED;
179 	}
180 	if (reap == initproc)
181 		rs->rs_flags |= REAPER_STATUS_REALINIT;
182 	rs->rs_reaper = reap->p_pid;
183 	rs->rs_descendants = 0;
184 	rs->rs_children = 0;
185 	if (!LIST_EMPTY(&reap->p_reaplist)) {
186 		first_p = LIST_FIRST(&reap->p_children);
187 		if (first_p == NULL)
188 			first_p = LIST_FIRST(&reap->p_reaplist);
189 		rs->rs_pid = first_p->p_pid;
190 		LIST_FOREACH(p2, &reap->p_reaplist, p_reapsibling) {
191 			if (proc_realparent(p2) == reap)
192 				rs->rs_children++;
193 			rs->rs_descendants++;
194 		}
195 	} else {
196 		rs->rs_pid = -1;
197 	}
198 	return (0);
199 }
200 
201 static int
202 reap_getpids(struct thread *td, struct proc *p, void *data)
203 {
204 	struct proc *reap, *p2;
205 	struct procctl_reaper_pidinfo *pi, *pip;
206 	struct procctl_reaper_pids *rp;
207 	u_int i, n;
208 	int error;
209 
210 	rp = data;
211 	sx_assert(&proctree_lock, SX_LOCKED);
212 	PROC_UNLOCK(p);
213 	reap = (p->p_treeflag & P_TREE_REAPER) == 0 ? p->p_reaper : p;
214 	n = i = 0;
215 	error = 0;
216 	LIST_FOREACH(p2, &reap->p_reaplist, p_reapsibling)
217 		n++;
218 	sx_unlock(&proctree_lock);
219 	if (rp->rp_count < n)
220 		n = rp->rp_count;
221 	pi = malloc(n * sizeof(*pi), M_TEMP, M_WAITOK);
222 	sx_slock(&proctree_lock);
223 	LIST_FOREACH(p2, &reap->p_reaplist, p_reapsibling) {
224 		if (i == n)
225 			break;
226 		pip = &pi[i];
227 		bzero(pip, sizeof(*pip));
228 		pip->pi_pid = p2->p_pid;
229 		pip->pi_subtree = p2->p_reapsubtree;
230 		pip->pi_flags = REAPER_PIDINFO_VALID;
231 		if (proc_realparent(p2) == reap)
232 			pip->pi_flags |= REAPER_PIDINFO_CHILD;
233 		if ((p2->p_treeflag & P_TREE_REAPER) != 0)
234 			pip->pi_flags |= REAPER_PIDINFO_REAPER;
235 		if ((p2->p_flag & P_STOPPED) != 0)
236 			pip->pi_flags |= REAPER_PIDINFO_STOPPED;
237 		if (p2->p_state == PRS_ZOMBIE)
238 			pip->pi_flags |= REAPER_PIDINFO_ZOMBIE;
239 		else if ((p2->p_flag & P_WEXIT) != 0)
240 			pip->pi_flags |= REAPER_PIDINFO_EXITING;
241 		i++;
242 	}
243 	sx_sunlock(&proctree_lock);
244 	error = copyout(pi, rp->rp_pids, i * sizeof(*pi));
245 	free(pi, M_TEMP);
246 	sx_slock(&proctree_lock);
247 	PROC_LOCK(p);
248 	return (error);
249 }
250 
251 struct reap_kill_proc_work {
252 	struct ucred *cr;
253 	struct proc *target;
254 	ksiginfo_t *ksi;
255 	struct procctl_reaper_kill *rk;
256 	int *error;
257 	struct task t;
258 };
259 
260 static void
261 reap_kill_proc_locked(struct reap_kill_proc_work *w)
262 {
263 	int error1;
264 	bool need_stop;
265 
266 	PROC_LOCK_ASSERT(w->target, MA_OWNED);
267 	PROC_ASSERT_HELD(w->target);
268 
269 	error1 = cr_cansignal(w->cr, w->target, w->rk->rk_sig);
270 	if (error1 != 0) {
271 		if (*w->error == ESRCH) {
272 			w->rk->rk_fpid = w->target->p_pid;
273 			*w->error = error1;
274 		}
275 		return;
276 	}
277 
278 	/*
279 	 * The need_stop indicates if the target process needs to be
280 	 * suspended before being signalled.  This is needed when we
281 	 * guarantee that all processes in subtree are signalled,
282 	 * avoiding the race with some process not yet fully linked
283 	 * into all structures during fork, ignored by iterator, and
284 	 * then escaping signalling.
285 	 *
286 	 * The thread cannot usefully stop itself anyway, and if other
287 	 * thread of the current process forks while the current
288 	 * thread signals the whole subtree, it is an application
289 	 * race.
290 	 */
291 	if ((w->target->p_flag & (P_KPROC | P_SYSTEM | P_STOPPED)) == 0)
292 		need_stop = thread_single(w->target, SINGLE_ALLPROC) == 0;
293 	else
294 		need_stop = false;
295 
296 	(void)pksignal(w->target, w->rk->rk_sig, w->ksi);
297 	w->rk->rk_killed++;
298 	*w->error = error1;
299 
300 	if (need_stop)
301 		thread_single_end(w->target, SINGLE_ALLPROC);
302 }
303 
304 static void
305 reap_kill_proc_work(void *arg, int pending __unused)
306 {
307 	struct reap_kill_proc_work *w;
308 
309 	w = arg;
310 	PROC_LOCK(w->target);
311 	if ((w->target->p_flag2 & P2_WEXIT) == 0)
312 		reap_kill_proc_locked(w);
313 	PROC_UNLOCK(w->target);
314 
315 	sx_xlock(&proctree_lock);
316 	w->target = NULL;
317 	wakeup(&w->target);
318 	sx_xunlock(&proctree_lock);
319 }
320 
321 struct reap_kill_tracker {
322 	struct proc *parent;
323 	TAILQ_ENTRY(reap_kill_tracker) link;
324 };
325 
326 TAILQ_HEAD(reap_kill_tracker_head, reap_kill_tracker);
327 
328 static void
329 reap_kill_sched(struct reap_kill_tracker_head *tracker, struct proc *p2)
330 {
331 	struct reap_kill_tracker *t;
332 
333 	PROC_LOCK(p2);
334 	if ((p2->p_flag2 & P2_WEXIT) != 0) {
335 		PROC_UNLOCK(p2);
336 		return;
337 	}
338 	_PHOLD_LITE(p2);
339 	PROC_UNLOCK(p2);
340 	t = malloc(sizeof(struct reap_kill_tracker), M_TEMP, M_WAITOK);
341 	t->parent = p2;
342 	TAILQ_INSERT_TAIL(tracker, t, link);
343 }
344 
345 static void
346 reap_kill_sched_free(struct reap_kill_tracker *t)
347 {
348 	PRELE(t->parent);
349 	free(t, M_TEMP);
350 }
351 
352 static void
353 reap_kill_children(struct thread *td, struct proc *reaper,
354     struct procctl_reaper_kill *rk, ksiginfo_t *ksi, int *error)
355 {
356 	struct proc *p2;
357 	int error1;
358 
359 	LIST_FOREACH(p2, &reaper->p_children, p_sibling) {
360 		PROC_LOCK(p2);
361 		if ((p2->p_flag2 & P2_WEXIT) == 0) {
362 			error1 = p_cansignal(td, p2, rk->rk_sig);
363 			if (error1 != 0) {
364 				if (*error == ESRCH) {
365 					rk->rk_fpid = p2->p_pid;
366 					*error = error1;
367 				}
368 
369 				/*
370 				 * Do not end the loop on error,
371 				 * signal everything we can.
372 				 */
373 			} else {
374 				(void)pksignal(p2, rk->rk_sig, ksi);
375 				rk->rk_killed++;
376 			}
377 		}
378 		PROC_UNLOCK(p2);
379 	}
380 }
381 
382 static bool
383 reap_kill_subtree_once(struct thread *td, struct proc *p, struct proc *reaper,
384     struct unrhdr *pids, struct reap_kill_proc_work *w)
385 {
386 	struct reap_kill_tracker_head tracker;
387 	struct reap_kill_tracker *t;
388 	struct proc *p2;
389 	int r, xlocked;
390 	bool res, st;
391 
392 	res = false;
393 	TAILQ_INIT(&tracker);
394 	reap_kill_sched(&tracker, reaper);
395 	while ((t = TAILQ_FIRST(&tracker)) != NULL) {
396 		TAILQ_REMOVE(&tracker, t, link);
397 
398 		/*
399 		 * Since reap_kill_proc() drops proctree_lock sx, it
400 		 * is possible that the tracked reaper is no longer.
401 		 * In this case the subtree is reparented to the new
402 		 * reaper, which should handle it.
403 		 */
404 		if ((t->parent->p_treeflag & P_TREE_REAPER) == 0) {
405 			reap_kill_sched_free(t);
406 			res = true;
407 			continue;
408 		}
409 
410 		LIST_FOREACH(p2, &t->parent->p_reaplist, p_reapsibling) {
411 			if (t->parent == reaper &&
412 			    (w->rk->rk_flags & REAPER_KILL_SUBTREE) != 0 &&
413 			    p2->p_reapsubtree != w->rk->rk_subtree)
414 				continue;
415 			if ((p2->p_treeflag & P_TREE_REAPER) != 0)
416 				reap_kill_sched(&tracker, p2);
417 
418 			/*
419 			 * Handle possible pid reuse.  If we recorded
420 			 * p2 as killed but its p_flag2 does not
421 			 * confirm it, that means that the process
422 			 * terminated and its id was reused by other
423 			 * process in the reaper subtree.
424 			 *
425 			 * Unlocked read of p2->p_flag2 is fine, it is
426 			 * our thread that set the tested flag.
427 			 */
428 			if (alloc_unr_specific(pids, p2->p_pid) != p2->p_pid &&
429 			    (atomic_load_int(&p2->p_flag2) &
430 			    (P2_REAPKILLED | P2_WEXIT)) != 0)
431 				continue;
432 
433 			if (p2 == td->td_proc) {
434 				if ((p2->p_flag & P_HADTHREADS) != 0 &&
435 				    (p2->p_flag2 & P2_WEXIT) == 0) {
436 					xlocked = sx_xlocked(&proctree_lock);
437 					sx_unlock(&proctree_lock);
438 					st = true;
439 				} else {
440 					st = false;
441 				}
442 				PROC_LOCK(p2);
443 				/*
444 				 * sapblk ensures that only one thread
445 				 * in the system sets this flag.
446 				 */
447 				p2->p_flag2 |= P2_REAPKILLED;
448 				if (st)
449 					r = thread_single(p2, SINGLE_NO_EXIT);
450 				(void)pksignal(p2, w->rk->rk_sig, w->ksi);
451 				w->rk->rk_killed++;
452 				if (st && r == 0)
453 					thread_single_end(p2, SINGLE_NO_EXIT);
454 				PROC_UNLOCK(p2);
455 				if (st) {
456 					if (xlocked)
457 						sx_xlock(&proctree_lock);
458 					else
459 						sx_slock(&proctree_lock);
460 				}
461 			} else {
462 				PROC_LOCK(p2);
463 				if ((p2->p_flag2 & P2_WEXIT) == 0) {
464 					_PHOLD_LITE(p2);
465 					p2->p_flag2 |= P2_REAPKILLED;
466 					PROC_UNLOCK(p2);
467 					w->target = p2;
468 					taskqueue_enqueue(taskqueue_thread,
469 					    &w->t);
470 					while (w->target != NULL) {
471 						sx_sleep(&w->target,
472 						    &proctree_lock, PWAIT,
473 						    "reapst", 0);
474 					}
475 					PROC_LOCK(p2);
476 					_PRELE(p2);
477 				}
478 				PROC_UNLOCK(p2);
479 			}
480 			res = true;
481 		}
482 		reap_kill_sched_free(t);
483 	}
484 	return (res);
485 }
486 
487 static void
488 reap_kill_subtree(struct thread *td, struct proc *p, struct proc *reaper,
489     struct reap_kill_proc_work *w)
490 {
491 	struct unrhdr pids;
492 	void *ihandle;
493 	struct proc *p2;
494 	int pid;
495 
496 	/*
497 	 * pids records processes which were already signalled, to
498 	 * avoid doubling signals to them if iteration needs to be
499 	 * repeated.
500 	 */
501 	init_unrhdr(&pids, 1, PID_MAX, UNR_NO_MTX);
502 	PROC_LOCK(td->td_proc);
503 	if ((td->td_proc->p_flag2 & P2_WEXIT) != 0) {
504 		PROC_UNLOCK(td->td_proc);
505 		goto out;
506 	}
507 	PROC_UNLOCK(td->td_proc);
508 	while (reap_kill_subtree_once(td, p, reaper, &pids, w))
509 	       ;
510 
511 	ihandle = create_iter_unr(&pids);
512 	while ((pid = next_iter_unr(ihandle)) != -1) {
513 		p2 = pfind(pid);
514 		if (p2 != NULL) {
515 			p2->p_flag2 &= ~P2_REAPKILLED;
516 			PROC_UNLOCK(p2);
517 		}
518 	}
519 	free_iter_unr(ihandle);
520 
521 out:
522 	clean_unrhdr(&pids);
523 	clear_unrhdr(&pids);
524 }
525 
526 static bool
527 reap_kill_sapblk(struct thread *td __unused, void *data)
528 {
529 	struct procctl_reaper_kill *rk;
530 
531 	rk = data;
532 	return ((rk->rk_flags & REAPER_KILL_CHILDREN) == 0);
533 }
534 
535 static int
536 reap_kill(struct thread *td, struct proc *p, void *data)
537 {
538 	struct reap_kill_proc_work w;
539 	struct proc *reaper;
540 	ksiginfo_t ksi;
541 	struct procctl_reaper_kill *rk;
542 	int error;
543 
544 	rk = data;
545 	sx_assert(&proctree_lock, SX_LOCKED);
546 	if (IN_CAPABILITY_MODE(td))
547 		return (ECAPMODE);
548 	if (rk->rk_sig <= 0 || rk->rk_sig > _SIG_MAXSIG ||
549 	    (rk->rk_flags & ~(REAPER_KILL_CHILDREN |
550 	    REAPER_KILL_SUBTREE)) != 0 || (rk->rk_flags &
551 	    (REAPER_KILL_CHILDREN | REAPER_KILL_SUBTREE)) ==
552 	    (REAPER_KILL_CHILDREN | REAPER_KILL_SUBTREE))
553 		return (EINVAL);
554 	PROC_UNLOCK(p);
555 	reaper = (p->p_treeflag & P_TREE_REAPER) == 0 ? p->p_reaper : p;
556 	ksiginfo_init(&ksi);
557 	ksi.ksi_signo = rk->rk_sig;
558 	ksi.ksi_code = SI_USER;
559 	ksi.ksi_pid = td->td_proc->p_pid;
560 	ksi.ksi_uid = td->td_ucred->cr_ruid;
561 	error = ESRCH;
562 	rk->rk_killed = 0;
563 	rk->rk_fpid = -1;
564 	if ((rk->rk_flags & REAPER_KILL_CHILDREN) != 0) {
565 		reap_kill_children(td, reaper, rk, &ksi, &error);
566 	} else {
567 		w.cr = crhold(td->td_ucred);
568 		w.ksi = &ksi;
569 		w.rk = rk;
570 		w.error = &error;
571 		TASK_INIT(&w.t, 0, reap_kill_proc_work, &w);
572 
573 		/*
574 		 * Prevent swapout, since w, ksi, and possibly rk, are
575 		 * allocated on the stack.  We sleep in
576 		 * reap_kill_subtree_once() waiting for task to
577 		 * complete single-threading.
578 		 */
579 		PHOLD(td->td_proc);
580 
581 		reap_kill_subtree(td, p, reaper, &w);
582 		PRELE(td->td_proc);
583 		crfree(w.cr);
584 	}
585 	PROC_LOCK(p);
586 	return (error);
587 }
588 
589 static int
590 trace_ctl(struct thread *td, struct proc *p, void *data)
591 {
592 	int state;
593 
594 	PROC_LOCK_ASSERT(p, MA_OWNED);
595 	state = *(int *)data;
596 
597 	/*
598 	 * Ktrace changes p_traceflag from or to zero under the
599 	 * process lock, so the test does not need to acquire ktrace
600 	 * mutex.
601 	 */
602 	if ((p->p_flag & P_TRACED) != 0 || p->p_traceflag != 0)
603 		return (EBUSY);
604 
605 	switch (state) {
606 	case PROC_TRACE_CTL_ENABLE:
607 		if (td->td_proc != p)
608 			return (EPERM);
609 		p->p_flag2 &= ~(P2_NOTRACE | P2_NOTRACE_EXEC);
610 		break;
611 	case PROC_TRACE_CTL_DISABLE_EXEC:
612 		p->p_flag2 |= P2_NOTRACE_EXEC | P2_NOTRACE;
613 		break;
614 	case PROC_TRACE_CTL_DISABLE:
615 		if ((p->p_flag2 & P2_NOTRACE_EXEC) != 0) {
616 			KASSERT((p->p_flag2 & P2_NOTRACE) != 0,
617 			    ("dandling P2_NOTRACE_EXEC"));
618 			if (td->td_proc != p)
619 				return (EPERM);
620 			p->p_flag2 &= ~P2_NOTRACE_EXEC;
621 		} else {
622 			p->p_flag2 |= P2_NOTRACE;
623 		}
624 		break;
625 	default:
626 		return (EINVAL);
627 	}
628 	return (0);
629 }
630 
631 static int
632 trace_status(struct thread *td, struct proc *p, void *data)
633 {
634 	int *status;
635 
636 	status = data;
637 	if ((p->p_flag2 & P2_NOTRACE) != 0) {
638 		KASSERT((p->p_flag & P_TRACED) == 0,
639 		    ("%d traced but tracing disabled", p->p_pid));
640 		*status = -1;
641 	} else if ((p->p_flag & P_TRACED) != 0) {
642 		*status = p->p_pptr->p_pid;
643 	} else {
644 		*status = 0;
645 	}
646 	return (0);
647 }
648 
649 static int
650 trapcap_ctl(struct thread *td, struct proc *p, void *data)
651 {
652 	int state;
653 
654 	PROC_LOCK_ASSERT(p, MA_OWNED);
655 	state = *(int *)data;
656 
657 	switch (state) {
658 	case PROC_TRAPCAP_CTL_ENABLE:
659 		p->p_flag2 |= P2_TRAPCAP;
660 		break;
661 	case PROC_TRAPCAP_CTL_DISABLE:
662 		p->p_flag2 &= ~P2_TRAPCAP;
663 		break;
664 	default:
665 		return (EINVAL);
666 	}
667 	return (0);
668 }
669 
670 static int
671 trapcap_status(struct thread *td, struct proc *p, void *data)
672 {
673 	int *status;
674 
675 	status = data;
676 	*status = (p->p_flag2 & P2_TRAPCAP) != 0 ? PROC_TRAPCAP_CTL_ENABLE :
677 	    PROC_TRAPCAP_CTL_DISABLE;
678 	return (0);
679 }
680 
681 static int
682 no_new_privs_ctl(struct thread *td, struct proc *p, void *data)
683 {
684 	int state;
685 
686 	PROC_LOCK_ASSERT(p, MA_OWNED);
687 	state = *(int *)data;
688 
689 	if (state != PROC_NO_NEW_PRIVS_ENABLE)
690 		return (EINVAL);
691 	p->p_flag2 |= P2_NO_NEW_PRIVS;
692 	return (0);
693 }
694 
695 static int
696 no_new_privs_status(struct thread *td, struct proc *p, void *data)
697 {
698 
699 	*(int *)data = (p->p_flag2 & P2_NO_NEW_PRIVS) != 0 ?
700 	    PROC_NO_NEW_PRIVS_ENABLE : PROC_NO_NEW_PRIVS_DISABLE;
701 	return (0);
702 }
703 
704 static int
705 protmax_ctl(struct thread *td, struct proc *p, void *data)
706 {
707 	int state;
708 
709 	PROC_LOCK_ASSERT(p, MA_OWNED);
710 	state = *(int *)data;
711 
712 	switch (state) {
713 	case PROC_PROTMAX_FORCE_ENABLE:
714 		p->p_flag2 &= ~P2_PROTMAX_DISABLE;
715 		p->p_flag2 |= P2_PROTMAX_ENABLE;
716 		break;
717 	case PROC_PROTMAX_FORCE_DISABLE:
718 		p->p_flag2 |= P2_PROTMAX_DISABLE;
719 		p->p_flag2 &= ~P2_PROTMAX_ENABLE;
720 		break;
721 	case PROC_PROTMAX_NOFORCE:
722 		p->p_flag2 &= ~(P2_PROTMAX_ENABLE | P2_PROTMAX_DISABLE);
723 		break;
724 	default:
725 		return (EINVAL);
726 	}
727 	return (0);
728 }
729 
730 static int
731 protmax_status(struct thread *td, struct proc *p, void *data)
732 {
733 	int d;
734 
735 	switch (p->p_flag2 & (P2_PROTMAX_ENABLE | P2_PROTMAX_DISABLE)) {
736 	case 0:
737 		d = PROC_PROTMAX_NOFORCE;
738 		break;
739 	case P2_PROTMAX_ENABLE:
740 		d = PROC_PROTMAX_FORCE_ENABLE;
741 		break;
742 	case P2_PROTMAX_DISABLE:
743 		d = PROC_PROTMAX_FORCE_DISABLE;
744 		break;
745 	}
746 	if (kern_mmap_maxprot(p, PROT_READ) == PROT_READ)
747 		d |= PROC_PROTMAX_ACTIVE;
748 	*(int *)data = d;
749 	return (0);
750 }
751 
752 static int
753 aslr_ctl(struct thread *td, struct proc *p, void *data)
754 {
755 	int state;
756 
757 	PROC_LOCK_ASSERT(p, MA_OWNED);
758 	state = *(int *)data;
759 
760 	switch (state) {
761 	case PROC_ASLR_FORCE_ENABLE:
762 		p->p_flag2 &= ~P2_ASLR_DISABLE;
763 		p->p_flag2 |= P2_ASLR_ENABLE;
764 		break;
765 	case PROC_ASLR_FORCE_DISABLE:
766 		p->p_flag2 |= P2_ASLR_DISABLE;
767 		p->p_flag2 &= ~P2_ASLR_ENABLE;
768 		break;
769 	case PROC_ASLR_NOFORCE:
770 		p->p_flag2 &= ~(P2_ASLR_ENABLE | P2_ASLR_DISABLE);
771 		break;
772 	default:
773 		return (EINVAL);
774 	}
775 	return (0);
776 }
777 
778 static int
779 aslr_status(struct thread *td, struct proc *p, void *data)
780 {
781 	struct vmspace *vm;
782 	int d;
783 
784 	switch (p->p_flag2 & (P2_ASLR_ENABLE | P2_ASLR_DISABLE)) {
785 	case 0:
786 		d = PROC_ASLR_NOFORCE;
787 		break;
788 	case P2_ASLR_ENABLE:
789 		d = PROC_ASLR_FORCE_ENABLE;
790 		break;
791 	case P2_ASLR_DISABLE:
792 		d = PROC_ASLR_FORCE_DISABLE;
793 		break;
794 	}
795 	if ((p->p_flag & P_WEXIT) == 0) {
796 		_PHOLD(p);
797 		PROC_UNLOCK(p);
798 		vm = vmspace_acquire_ref(p);
799 		if (vm != NULL) {
800 			if ((vm->vm_map.flags & MAP_ASLR) != 0)
801 				d |= PROC_ASLR_ACTIVE;
802 			vmspace_free(vm);
803 		}
804 		PROC_LOCK(p);
805 		_PRELE(p);
806 	}
807 	*(int *)data = d;
808 	return (0);
809 }
810 
811 static int
812 stackgap_ctl(struct thread *td, struct proc *p, void *data)
813 {
814 	int state;
815 
816 	PROC_LOCK_ASSERT(p, MA_OWNED);
817 	state = *(int *)data;
818 
819 	if ((state & ~(PROC_STACKGAP_ENABLE | PROC_STACKGAP_DISABLE |
820 	    PROC_STACKGAP_ENABLE_EXEC | PROC_STACKGAP_DISABLE_EXEC)) != 0)
821 		return (EINVAL);
822 	switch (state & (PROC_STACKGAP_ENABLE | PROC_STACKGAP_DISABLE)) {
823 	case PROC_STACKGAP_ENABLE:
824 		if ((p->p_flag2 & P2_STKGAP_DISABLE) != 0)
825 			return (EINVAL);
826 		break;
827 	case PROC_STACKGAP_DISABLE:
828 		p->p_flag2 |= P2_STKGAP_DISABLE;
829 		break;
830 	case 0:
831 		break;
832 	default:
833 		return (EINVAL);
834 	}
835 	switch (state & (PROC_STACKGAP_ENABLE_EXEC |
836 	    PROC_STACKGAP_DISABLE_EXEC)) {
837 	case PROC_STACKGAP_ENABLE_EXEC:
838 		p->p_flag2 &= ~P2_STKGAP_DISABLE_EXEC;
839 		break;
840 	case PROC_STACKGAP_DISABLE_EXEC:
841 		p->p_flag2 |= P2_STKGAP_DISABLE_EXEC;
842 		break;
843 	case 0:
844 		break;
845 	default:
846 		return (EINVAL);
847 	}
848 	return (0);
849 }
850 
851 static int
852 stackgap_status(struct thread *td, struct proc *p, void *data)
853 {
854 	int d;
855 
856 	PROC_LOCK_ASSERT(p, MA_OWNED);
857 
858 	d = (p->p_flag2 & P2_STKGAP_DISABLE) != 0 ? PROC_STACKGAP_DISABLE :
859 	    PROC_STACKGAP_ENABLE;
860 	d |= (p->p_flag2 & P2_STKGAP_DISABLE_EXEC) != 0 ?
861 	    PROC_STACKGAP_DISABLE_EXEC : PROC_STACKGAP_ENABLE_EXEC;
862 	*(int *)data = d;
863 	return (0);
864 }
865 
866 static int
867 wxmap_ctl(struct thread *td, struct proc *p, void *data)
868 {
869 	struct vmspace *vm;
870 	vm_map_t map;
871 	int state;
872 
873 	PROC_LOCK_ASSERT(p, MA_OWNED);
874 	if ((p->p_flag & P_WEXIT) != 0)
875 		return (ESRCH);
876 	state = *(int *)data;
877 
878 	switch (state) {
879 	case PROC_WX_MAPPINGS_PERMIT:
880 		p->p_flag2 |= P2_WXORX_DISABLE;
881 		_PHOLD(p);
882 		PROC_UNLOCK(p);
883 		vm = vmspace_acquire_ref(p);
884 		if (vm != NULL) {
885 			map = &vm->vm_map;
886 			vm_map_lock(map);
887 			map->flags &= ~MAP_WXORX;
888 			vm_map_unlock(map);
889 			vmspace_free(vm);
890 		}
891 		PROC_LOCK(p);
892 		_PRELE(p);
893 		break;
894 	case PROC_WX_MAPPINGS_DISALLOW_EXEC:
895 		p->p_flag2 |= P2_WXORX_ENABLE_EXEC;
896 		break;
897 	default:
898 		return (EINVAL);
899 	}
900 
901 	return (0);
902 }
903 
904 static int
905 wxmap_status(struct thread *td, struct proc *p, void *data)
906 {
907 	struct vmspace *vm;
908 	int d;
909 
910 	PROC_LOCK_ASSERT(p, MA_OWNED);
911 	if ((p->p_flag & P_WEXIT) != 0)
912 		return (ESRCH);
913 
914 	d = 0;
915 	if ((p->p_flag2 & P2_WXORX_DISABLE) != 0)
916 		d |= PROC_WX_MAPPINGS_PERMIT;
917 	if ((p->p_flag2 & P2_WXORX_ENABLE_EXEC) != 0)
918 		d |= PROC_WX_MAPPINGS_DISALLOW_EXEC;
919 	_PHOLD(p);
920 	PROC_UNLOCK(p);
921 	vm = vmspace_acquire_ref(p);
922 	if (vm != NULL) {
923 		if ((vm->vm_map.flags & MAP_WXORX) != 0)
924 			d |= PROC_WXORX_ENFORCE;
925 		vmspace_free(vm);
926 	}
927 	PROC_LOCK(p);
928 	_PRELE(p);
929 	*(int *)data = d;
930 	return (0);
931 }
932 
933 static int
934 pdeathsig_ctl(struct thread *td, struct proc *p, void *data)
935 {
936 	int signum;
937 
938 	signum = *(int *)data;
939 	if (p != td->td_proc || (signum != 0 && !_SIG_VALID(signum)))
940 		return (EINVAL);
941 	p->p_pdeathsig = signum;
942 	return (0);
943 }
944 
945 static int
946 pdeathsig_status(struct thread *td, struct proc *p, void *data)
947 {
948 	if (p != td->td_proc)
949 		return (EINVAL);
950 	*(int *)data = p->p_pdeathsig;
951 	return (0);
952 }
953 
954 enum {
955 	PCTL_SLOCKED,
956 	PCTL_XLOCKED,
957 	PCTL_UNLOCKED,
958 };
959 
960 struct procctl_cmd_info {
961 	int lock_tree;
962 	bool one_proc : 1;
963 	bool esrch_is_einval : 1;
964 	bool copyout_on_error : 1;
965 	bool no_nonnull_data : 1;
966 	bool need_candebug : 1;
967 	int copyin_sz;
968 	int copyout_sz;
969 	int (*exec)(struct thread *, struct proc *, void *);
970 	bool (*sapblk)(struct thread *, void *);
971 };
972 static const struct procctl_cmd_info procctl_cmds_info[] = {
973 	[PROC_SPROTECT] =
974 	    { .lock_tree = PCTL_SLOCKED, .one_proc = false,
975 	      .esrch_is_einval = false, .no_nonnull_data = false,
976 	      .need_candebug = false,
977 	      .copyin_sz = sizeof(int), .copyout_sz = 0,
978 	      .exec = protect_set, .copyout_on_error = false, },
979 	[PROC_REAP_ACQUIRE] =
980 	    { .lock_tree = PCTL_XLOCKED, .one_proc = true,
981 	      .esrch_is_einval = false, .no_nonnull_data = true,
982 	      .need_candebug = false,
983 	      .copyin_sz = 0, .copyout_sz = 0,
984 	      .exec = reap_acquire, .copyout_on_error = false, },
985 	[PROC_REAP_RELEASE] =
986 	    { .lock_tree = PCTL_XLOCKED, .one_proc = true,
987 	      .esrch_is_einval = false, .no_nonnull_data = true,
988 	      .need_candebug = false,
989 	      .copyin_sz = 0, .copyout_sz = 0,
990 	      .exec = reap_release, .copyout_on_error = false, },
991 	[PROC_REAP_STATUS] =
992 	    { .lock_tree = PCTL_SLOCKED, .one_proc = true,
993 	      .esrch_is_einval = false, .no_nonnull_data = false,
994 	      .need_candebug = false,
995 	      .copyin_sz = 0,
996 	      .copyout_sz = sizeof(struct procctl_reaper_status),
997 	      .exec = reap_status, .copyout_on_error = false, },
998 	[PROC_REAP_GETPIDS] =
999 	    { .lock_tree = PCTL_SLOCKED, .one_proc = true,
1000 	      .esrch_is_einval = false, .no_nonnull_data = false,
1001 	      .need_candebug = false,
1002 	      .copyin_sz = sizeof(struct procctl_reaper_pids),
1003 	      .copyout_sz = 0,
1004 	      .exec = reap_getpids, .copyout_on_error = false, },
1005 	[PROC_REAP_KILL] =
1006 	    { .lock_tree = PCTL_SLOCKED, .one_proc = true,
1007 	      .esrch_is_einval = false, .no_nonnull_data = false,
1008 	      .need_candebug = false,
1009 	      .copyin_sz = sizeof(struct procctl_reaper_kill),
1010 	      .copyout_sz = sizeof(struct procctl_reaper_kill),
1011 	      .exec = reap_kill, .copyout_on_error = true,
1012 	      .sapblk = reap_kill_sapblk, },
1013 	[PROC_TRACE_CTL] =
1014 	    { .lock_tree = PCTL_SLOCKED, .one_proc = false,
1015 	      .esrch_is_einval = false, .no_nonnull_data = false,
1016 	      .need_candebug = true,
1017 	      .copyin_sz = sizeof(int), .copyout_sz = 0,
1018 	      .exec = trace_ctl, .copyout_on_error = false, },
1019 	[PROC_TRACE_STATUS] =
1020 	    { .lock_tree = PCTL_UNLOCKED, .one_proc = true,
1021 	      .esrch_is_einval = false, .no_nonnull_data = false,
1022 	      .need_candebug = false,
1023 	      .copyin_sz = 0, .copyout_sz = sizeof(int),
1024 	      .exec = trace_status, .copyout_on_error = false, },
1025 	[PROC_TRAPCAP_CTL] =
1026 	    { .lock_tree = PCTL_SLOCKED, .one_proc = false,
1027 	      .esrch_is_einval = false, .no_nonnull_data = false,
1028 	      .need_candebug = true,
1029 	      .copyin_sz = sizeof(int), .copyout_sz = 0,
1030 	      .exec = trapcap_ctl, .copyout_on_error = false, },
1031 	[PROC_TRAPCAP_STATUS] =
1032 	    { .lock_tree = PCTL_UNLOCKED, .one_proc = true,
1033 	      .esrch_is_einval = false, .no_nonnull_data = false,
1034 	      .need_candebug = false,
1035 	      .copyin_sz = 0, .copyout_sz = sizeof(int),
1036 	      .exec = trapcap_status, .copyout_on_error = false, },
1037 	[PROC_PDEATHSIG_CTL] =
1038 	    { .lock_tree = PCTL_UNLOCKED, .one_proc = true,
1039 	      .esrch_is_einval = true, .no_nonnull_data = false,
1040 	      .need_candebug = false,
1041 	      .copyin_sz = sizeof(int), .copyout_sz = 0,
1042 	      .exec = pdeathsig_ctl, .copyout_on_error = false, },
1043 	[PROC_PDEATHSIG_STATUS] =
1044 	    { .lock_tree = PCTL_UNLOCKED, .one_proc = true,
1045 	      .esrch_is_einval = true, .no_nonnull_data = false,
1046 	      .need_candebug = false,
1047 	      .copyin_sz = 0, .copyout_sz = sizeof(int),
1048 	      .exec = pdeathsig_status, .copyout_on_error = false, },
1049 	[PROC_ASLR_CTL] =
1050 	    { .lock_tree = PCTL_UNLOCKED, .one_proc = true,
1051 	      .esrch_is_einval = false, .no_nonnull_data = false,
1052 	      .need_candebug = true,
1053 	      .copyin_sz = sizeof(int), .copyout_sz = 0,
1054 	      .exec = aslr_ctl, .copyout_on_error = false, },
1055 	[PROC_ASLR_STATUS] =
1056 	    { .lock_tree = PCTL_UNLOCKED, .one_proc = true,
1057 	      .esrch_is_einval = false, .no_nonnull_data = false,
1058 	      .need_candebug = false,
1059 	      .copyin_sz = 0, .copyout_sz = sizeof(int),
1060 	      .exec = aslr_status, .copyout_on_error = false, },
1061 	[PROC_PROTMAX_CTL] =
1062 	    { .lock_tree = PCTL_UNLOCKED, .one_proc = true,
1063 	      .esrch_is_einval = false, .no_nonnull_data = false,
1064 	      .need_candebug = true,
1065 	      .copyin_sz = sizeof(int), .copyout_sz = 0,
1066 	      .exec = protmax_ctl, .copyout_on_error = false, },
1067 	[PROC_PROTMAX_STATUS] =
1068 	    { .lock_tree = PCTL_UNLOCKED, .one_proc = true,
1069 	      .esrch_is_einval = false, .no_nonnull_data = false,
1070 	      .need_candebug = false,
1071 	      .copyin_sz = 0, .copyout_sz = sizeof(int),
1072 	      .exec = protmax_status, .copyout_on_error = false, },
1073 	[PROC_STACKGAP_CTL] =
1074 	    { .lock_tree = PCTL_UNLOCKED, .one_proc = true,
1075 	      .esrch_is_einval = false, .no_nonnull_data = false,
1076 	      .need_candebug = true,
1077 	      .copyin_sz = sizeof(int), .copyout_sz = 0,
1078 	      .exec = stackgap_ctl, .copyout_on_error = false, },
1079 	[PROC_STACKGAP_STATUS] =
1080 	    { .lock_tree = PCTL_UNLOCKED, .one_proc = true,
1081 	      .esrch_is_einval = false, .no_nonnull_data = false,
1082 	      .need_candebug = false,
1083 	      .copyin_sz = 0, .copyout_sz = sizeof(int),
1084 	      .exec = stackgap_status, .copyout_on_error = false, },
1085 	[PROC_NO_NEW_PRIVS_CTL] =
1086 	    { .lock_tree = PCTL_SLOCKED, .one_proc = true,
1087 	      .esrch_is_einval = false, .no_nonnull_data = false,
1088 	      .need_candebug = true,
1089 	      .copyin_sz = sizeof(int), .copyout_sz = 0,
1090 	      .exec = no_new_privs_ctl, .copyout_on_error = false, },
1091 	[PROC_NO_NEW_PRIVS_STATUS] =
1092 	    { .lock_tree = PCTL_UNLOCKED, .one_proc = true,
1093 	      .esrch_is_einval = false, .no_nonnull_data = false,
1094 	      .need_candebug = false,
1095 	      .copyin_sz = 0, .copyout_sz = sizeof(int),
1096 	      .exec = no_new_privs_status, .copyout_on_error = false, },
1097 	[PROC_WXMAP_CTL] =
1098 	    { .lock_tree = PCTL_UNLOCKED, .one_proc = true,
1099 	      .esrch_is_einval = false, .no_nonnull_data = false,
1100 	      .need_candebug = true,
1101 	      .copyin_sz = sizeof(int), .copyout_sz = 0,
1102 	      .exec = wxmap_ctl, .copyout_on_error = false, },
1103 	[PROC_WXMAP_STATUS] =
1104 	    { .lock_tree = PCTL_UNLOCKED, .one_proc = true,
1105 	      .esrch_is_einval = false, .no_nonnull_data = false,
1106 	      .need_candebug = false,
1107 	      .copyin_sz = 0, .copyout_sz = sizeof(int),
1108 	      .exec = wxmap_status, .copyout_on_error = false, },
1109 };
1110 
1111 int
1112 sys_procctl(struct thread *td, struct procctl_args *uap)
1113 {
1114 	union {
1115 		struct procctl_reaper_status rs;
1116 		struct procctl_reaper_pids rp;
1117 		struct procctl_reaper_kill rk;
1118 		int flags;
1119 	} x;
1120 	const struct procctl_cmd_info *cmd_info;
1121 	int error, error1;
1122 
1123 	if (uap->com >= PROC_PROCCTL_MD_MIN)
1124 		return (cpu_procctl(td, uap->idtype, uap->id,
1125 		    uap->com, uap->data));
1126 	if (uap->com == 0 || uap->com >= nitems(procctl_cmds_info))
1127 		return (EINVAL);
1128 	cmd_info = &procctl_cmds_info[uap->com];
1129 	bzero(&x, sizeof(x));
1130 
1131 	if (cmd_info->copyin_sz > 0) {
1132 		error = copyin(uap->data, &x, cmd_info->copyin_sz);
1133 		if (error != 0)
1134 			return (error);
1135 	} else if (cmd_info->no_nonnull_data && uap->data != NULL) {
1136 		return (EINVAL);
1137 	}
1138 
1139 	error = kern_procctl(td, uap->idtype, uap->id, uap->com, &x);
1140 
1141 	if (cmd_info->copyout_sz > 0 && (error == 0 ||
1142 	    cmd_info->copyout_on_error)) {
1143 		error1 = copyout(&x, uap->data, cmd_info->copyout_sz);
1144 		if (error == 0)
1145 			error = error1;
1146 	}
1147 	return (error);
1148 }
1149 
1150 static int
1151 kern_procctl_single(struct thread *td, struct proc *p, int com, void *data)
1152 {
1153 
1154 	PROC_LOCK_ASSERT(p, MA_OWNED);
1155 	return (procctl_cmds_info[com].exec(td, p, data));
1156 }
1157 
1158 int
1159 kern_procctl(struct thread *td, idtype_t idtype, id_t id, int com, void *data)
1160 {
1161 	struct pgrp *pg;
1162 	struct proc *p;
1163 	const struct procctl_cmd_info *cmd_info;
1164 	int error, first_error, ok;
1165 	bool sapblk;
1166 
1167 	MPASS(com > 0 && com < nitems(procctl_cmds_info));
1168 	cmd_info = &procctl_cmds_info[com];
1169 	if (idtype != P_PID && cmd_info->one_proc)
1170 		return (EINVAL);
1171 
1172 	sapblk = false;
1173 	if (cmd_info->sapblk != NULL) {
1174 		sapblk = cmd_info->sapblk(td, data);
1175 		if (sapblk && !stop_all_proc_block())
1176 			return (ERESTART);
1177 	}
1178 
1179 	switch (cmd_info->lock_tree) {
1180 	case PCTL_XLOCKED:
1181 		sx_xlock(&proctree_lock);
1182 		break;
1183 	case PCTL_SLOCKED:
1184 		sx_slock(&proctree_lock);
1185 		break;
1186 	default:
1187 		break;
1188 	}
1189 
1190 	switch (idtype) {
1191 	case P_PID:
1192 		if (id == 0) {
1193 			p = td->td_proc;
1194 			error = 0;
1195 			PROC_LOCK(p);
1196 		} else {
1197 			p = pfind(id);
1198 			if (p == NULL) {
1199 				error = cmd_info->esrch_is_einval ?
1200 				    EINVAL : ESRCH;
1201 				break;
1202 			}
1203 			error = cmd_info->need_candebug ? p_candebug(td, p) :
1204 			    p_cansee(td, p);
1205 		}
1206 		if (error == 0)
1207 			error = kern_procctl_single(td, p, com, data);
1208 		PROC_UNLOCK(p);
1209 		break;
1210 	case P_PGID:
1211 		/*
1212 		 * Attempt to apply the operation to all members of the
1213 		 * group.  Ignore processes in the group that can't be
1214 		 * seen.  Ignore errors so long as at least one process is
1215 		 * able to complete the request successfully.
1216 		 */
1217 		pg = pgfind(id);
1218 		if (pg == NULL) {
1219 			error = ESRCH;
1220 			break;
1221 		}
1222 		PGRP_UNLOCK(pg);
1223 		ok = 0;
1224 		first_error = 0;
1225 		LIST_FOREACH(p, &pg->pg_members, p_pglist) {
1226 			PROC_LOCK(p);
1227 			if (p->p_state == PRS_NEW ||
1228 			    p->p_state == PRS_ZOMBIE ||
1229 			    (cmd_info->need_candebug ? p_candebug(td, p) :
1230 			    p_cansee(td, p)) != 0) {
1231 				PROC_UNLOCK(p);
1232 				continue;
1233 			}
1234 			error = kern_procctl_single(td, p, com, data);
1235 			PROC_UNLOCK(p);
1236 			if (error == 0)
1237 				ok = 1;
1238 			else if (first_error == 0)
1239 				first_error = error;
1240 		}
1241 		if (ok)
1242 			error = 0;
1243 		else if (first_error != 0)
1244 			error = first_error;
1245 		else
1246 			/*
1247 			 * Was not able to see any processes in the
1248 			 * process group.
1249 			 */
1250 			error = ESRCH;
1251 		break;
1252 	default:
1253 		error = EINVAL;
1254 		break;
1255 	}
1256 
1257 	switch (cmd_info->lock_tree) {
1258 	case PCTL_XLOCKED:
1259 		sx_xunlock(&proctree_lock);
1260 		break;
1261 	case PCTL_SLOCKED:
1262 		sx_sunlock(&proctree_lock);
1263 		break;
1264 	default:
1265 		break;
1266 	}
1267 	if (sapblk)
1268 		stop_all_proc_unblock();
1269 	return (error);
1270 }
1271