1*d1e6057fSAlan Somers /*-
2*d1e6057fSAlan Somers * SPDX-License-Identifier: BSD-2-Clause
3*d1e6057fSAlan Somers *
4*d1e6057fSAlan Somers * Copyright (c) 2026 ConnectWise
5*d1e6057fSAlan Somers *
6*d1e6057fSAlan Somers * Redistribution and use in source and binary forms, with or without
7*d1e6057fSAlan Somers * modification, are permitted provided that the following conditions
8*d1e6057fSAlan Somers * are met:
9*d1e6057fSAlan Somers * 1. Redistributions of source code must retain the above copyright
10*d1e6057fSAlan Somers * notice, this list of conditions and the following disclaimer.
11*d1e6057fSAlan Somers * 2. Redistributions in binary form must reproduce the above copyright
12*d1e6057fSAlan Somers * notice, this list of conditions and the following disclaimer in the
13*d1e6057fSAlan Somers * documentation and/or other materials provided with the distribution.
14*d1e6057fSAlan Somers *
15*d1e6057fSAlan Somers * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16*d1e6057fSAlan Somers * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17*d1e6057fSAlan Somers * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18*d1e6057fSAlan Somers * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19*d1e6057fSAlan Somers * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20*d1e6057fSAlan Somers * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21*d1e6057fSAlan Somers * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22*d1e6057fSAlan Somers * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23*d1e6057fSAlan Somers * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24*d1e6057fSAlan Somers * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25*d1e6057fSAlan Somers * SUCH DAMAGE.
26*d1e6057fSAlan Somers */
27*d1e6057fSAlan Somers
28*d1e6057fSAlan Somers #include <sys/types.h>
29*d1e6057fSAlan Somers #include <sys/user.h>
30*d1e6057fSAlan Somers #include <sys/procdesc.h>
31*d1e6057fSAlan Somers #include <sys/wait.h>
32*d1e6057fSAlan Somers
33*d1e6057fSAlan Somers #include <atf-c.h>
34*d1e6057fSAlan Somers #include <stdio.h>
35*d1e6057fSAlan Somers #include <string.h>
36*d1e6057fSAlan Somers #include <unistd.h>
37*d1e6057fSAlan Somers
basic_usage(int rfflags)38*d1e6057fSAlan Somers static void basic_usage(int rfflags) {
39*d1e6057fSAlan Somers int pd = -1;
40*d1e6057fSAlan Somers pid_t pid, pd_pid, waited_pid;
41*d1e6057fSAlan Somers int r, status;
42*d1e6057fSAlan Somers
43*d1e6057fSAlan Somers pid = pdrfork(&pd, 0, rfflags);
44*d1e6057fSAlan Somers ATF_REQUIRE_MSG(pid >= 0, "rfork failed with %s", strerror(errno));
45*d1e6057fSAlan Somers if (pid == 0) {
46*d1e6057fSAlan Somers /* In child */
47*d1e6057fSAlan Somers _exit(0);
48*d1e6057fSAlan Somers }
49*d1e6057fSAlan Somers ATF_REQUIRE_MSG(pd >= 0, "rfork did not return a process descriptor");
50*d1e6057fSAlan Somers r = pdgetpid(pd, &pd_pid);
51*d1e6057fSAlan Somers ATF_CHECK_EQ_MSG(r, 0, "pdgetpid failed: %s", strerror(errno));
52*d1e6057fSAlan Somers
53*d1e6057fSAlan Somers /* We should be able to collect the child's status */
54*d1e6057fSAlan Somers waited_pid = waitpid(pid, &status, WEXITED | WNOWAIT);
55*d1e6057fSAlan Somers ATF_CHECK_EQ(waited_pid, pid);
56*d1e6057fSAlan Somers
57*d1e6057fSAlan Somers /* But after closing the process descriptor, we won't */
58*d1e6057fSAlan Somers close(pd);
59*d1e6057fSAlan Somers waited_pid = waitpid(pid, &status, WEXITED | WNOHANG);
60*d1e6057fSAlan Somers ATF_CHECK_EQ(-1, waited_pid);
61*d1e6057fSAlan Somers ATF_CHECK_EQ(ECHILD, errno);
62*d1e6057fSAlan Somers }
63*d1e6057fSAlan Somers
64*d1e6057fSAlan Somers /* pdrfork does not return a process descriptor to the child */
65*d1e6057fSAlan Somers ATF_TC_WITHOUT_HEAD(child_gets_no_pidfd);
ATF_TC_BODY(child_gets_no_pidfd,tc)66*d1e6057fSAlan Somers ATF_TC_BODY(child_gets_no_pidfd, tc)
67*d1e6057fSAlan Somers {
68*d1e6057fSAlan Somers int pd = -1;
69*d1e6057fSAlan Somers pid_t pid, pd_pid, waited_pid;
70*d1e6057fSAlan Somers int r, status;
71*d1e6057fSAlan Somers
72*d1e6057fSAlan Somers pid = pdrfork(&pd, 0, RFPROC | RFPROCDESC);
73*d1e6057fSAlan Somers ATF_REQUIRE_MSG(pid >= 0, "rfork failed with %s", strerror(errno));
74*d1e6057fSAlan Somers if (pid == 0) {
75*d1e6057fSAlan Somers /*
76*d1e6057fSAlan Somers * In child. We can't do very much here before we exec, so
77*d1e6057fSAlan Somers * just use our exit status to report success.
78*d1e6057fSAlan Somers */
79*d1e6057fSAlan Somers _exit(pd == -1);
80*d1e6057fSAlan Somers }
81*d1e6057fSAlan Somers ATF_REQUIRE_MSG(pd >= 0, "rfork did not return a process descriptor");
82*d1e6057fSAlan Somers r = pdgetpid(pd, &pd_pid);
83*d1e6057fSAlan Somers ATF_CHECK_EQ_MSG(r, 0, "pdgetpid failed: %s", strerror(errno));
84*d1e6057fSAlan Somers
85*d1e6057fSAlan Somers waited_pid = waitpid(pid, &status, WEXITED | WNOWAIT);
86*d1e6057fSAlan Somers ATF_CHECK_EQ(waited_pid, pid);
87*d1e6057fSAlan Somers ATF_REQUIRE(WIFEXITED(status) && (WEXITSTATUS(status) == true));
88*d1e6057fSAlan Somers
89*d1e6057fSAlan Somers close(pd);
90*d1e6057fSAlan Somers }
91*d1e6057fSAlan Somers
92*d1e6057fSAlan Somers /* If the pidfd argument is invalid, the error should be handled gracefully */
93*d1e6057fSAlan Somers ATF_TC_WITHOUT_HEAD(efault);
ATF_TC_BODY(efault,tc)94*d1e6057fSAlan Somers ATF_TC_BODY(efault, tc)
95*d1e6057fSAlan Somers {
96*d1e6057fSAlan Somers ATF_REQUIRE_ERRNO(EFAULT, pdrfork((int*)-1, 0, RFPROC | RFPROCDESC) < 0);
97*d1e6057fSAlan Somers }
98*d1e6057fSAlan Somers
99*d1e6057fSAlan Somers /* Invalid combinations of flags should return EINVAL */
100*d1e6057fSAlan Somers ATF_TC_WITHOUT_HEAD(einval);
ATF_TC_BODY(einval,tc)101*d1e6057fSAlan Somers ATF_TC_BODY(einval, tc)
102*d1e6057fSAlan Somers {
103*d1e6057fSAlan Somers int pd = -1;
104*d1e6057fSAlan Somers
105*d1e6057fSAlan Somers ATF_CHECK_ERRNO(EINVAL, pdrfork(&pd, -1, RFSPAWN) < 0);
106*d1e6057fSAlan Somers ATF_CHECK_ERRNO(EINVAL, pdrfork(&pd, 0, -1) < 0);
107*d1e6057fSAlan Somers ATF_CHECK_ERRNO(EINVAL, pdrfork(&pd, 0, RFSPAWN | RFNOWAIT) < 0);
108*d1e6057fSAlan Somers ATF_CHECK_ERRNO(EINVAL, pdrfork(&pd, 0, RFPROC | RFFDG| RFCFDG) < 0);
109*d1e6057fSAlan Somers ATF_CHECK_ERRNO(EINVAL, pdrfork(&pd, 0, RFPROCDESC) < 0);
110*d1e6057fSAlan Somers }
111*d1e6057fSAlan Somers
112*d1e6057fSAlan Somers /*
113*d1e6057fSAlan Somers * Without RFSPAWN, RFPROC, or RFPROCDESC, an existing process may be modified
114*d1e6057fSAlan Somers */
115*d1e6057fSAlan Somers ATF_TC_WITHOUT_HEAD(modify_child);
ATF_TC_BODY(modify_child,tc)116*d1e6057fSAlan Somers ATF_TC_BODY(modify_child, tc)
117*d1e6057fSAlan Somers {
118*d1e6057fSAlan Somers int fdp = -1;
119*d1e6057fSAlan Somers pid_t pid1, pid2;
120*d1e6057fSAlan Somers
121*d1e6057fSAlan Somers pid1 = pdfork(&fdp, 0);
122*d1e6057fSAlan Somers if (pid1 == 0)
123*d1e6057fSAlan Somers _exit(0);
124*d1e6057fSAlan Somers ATF_REQUIRE_MSG(pid1 >= 0, "pdfork failed: %s", strerror(errno));
125*d1e6057fSAlan Somers ATF_REQUIRE_MSG(fdp >= 0, "pdfork didn't return a process descriptor");
126*d1e6057fSAlan Somers
127*d1e6057fSAlan Somers pid2 = pdrfork(&fdp, 0, RFNOWAIT);
128*d1e6057fSAlan Somers ATF_REQUIRE_MSG(pid2 >= 0, "pdrfork failed: %s", strerror(errno));
129*d1e6057fSAlan Somers ATF_CHECK_EQ_MSG(pid2, 0,
130*d1e6057fSAlan Somers "pdrfork created a process even though we told it not to");
131*d1e6057fSAlan Somers
132*d1e6057fSAlan Somers close(fdp);
133*d1e6057fSAlan Somers }
134*d1e6057fSAlan Somers
135*d1e6057fSAlan Somers /*
136*d1e6057fSAlan Somers * Basic usage with RFPROC. No process descriptor will be created.
137*d1e6057fSAlan Somers * I'm not sure why you would use pdrfork in this case instead of plain rfork
138*d1e6057fSAlan Somers */
139*d1e6057fSAlan Somers ATF_TC_WITHOUT_HEAD(rfproc);
ATF_TC_BODY(rfproc,tc)140*d1e6057fSAlan Somers ATF_TC_BODY(rfproc, tc)
141*d1e6057fSAlan Somers {
142*d1e6057fSAlan Somers int pd = -1;
143*d1e6057fSAlan Somers pid_t pid;
144*d1e6057fSAlan Somers
145*d1e6057fSAlan Somers pid = pdrfork(&pd, 0, RFPROC);
146*d1e6057fSAlan Somers ATF_REQUIRE_MSG(pid > 0, "rfork failed with %s", strerror(errno));
147*d1e6057fSAlan Somers if (pid == 0)
148*d1e6057fSAlan Somers _exit(0);
149*d1e6057fSAlan Somers
150*d1e6057fSAlan Somers ATF_REQUIRE_EQ_MSG(pd, -1,
151*d1e6057fSAlan Somers "rfork(RFPROC) returned a process descriptor");
152*d1e6057fSAlan Somers }
153*d1e6057fSAlan Somers
154*d1e6057fSAlan Somers /* basic usage with RFPROCDESC */
155*d1e6057fSAlan Somers ATF_TC_WITHOUT_HEAD(rfprocdesc);
ATF_TC_BODY(rfprocdesc,tc)156*d1e6057fSAlan Somers ATF_TC_BODY(rfprocdesc, tc)
157*d1e6057fSAlan Somers {
158*d1e6057fSAlan Somers basic_usage(RFPROC | RFPROCDESC);
159*d1e6057fSAlan Somers }
160*d1e6057fSAlan Somers
161*d1e6057fSAlan Somers /* basic usage with RFSPAWN */
162*d1e6057fSAlan Somers /*
163*d1e6057fSAlan Somers * Skip on i386 and x86_64 because RFSPAWN cannot be used from C code on those
164*d1e6057fSAlan Somers * architectures. See lib/libc/gen/posix_spawn.c for details.
165*d1e6057fSAlan Somers */
166*d1e6057fSAlan Somers #if !(defined(__i386__)) && !(defined(__amd64__))
167*d1e6057fSAlan Somers ATF_TC_WITHOUT_HEAD(rfspawn);
ATF_TC_BODY(rfspawn,tc)168*d1e6057fSAlan Somers ATF_TC_BODY(rfspawn, tc)
169*d1e6057fSAlan Somers {
170*d1e6057fSAlan Somers basic_usage(RFSPAWN);
171*d1e6057fSAlan Somers }
172*d1e6057fSAlan Somers #endif
173*d1e6057fSAlan Somers
ATF_TP_ADD_TCS(tp)174*d1e6057fSAlan Somers ATF_TP_ADD_TCS(tp)
175*d1e6057fSAlan Somers {
176*d1e6057fSAlan Somers ATF_TP_ADD_TC(tp, child_gets_no_pidfd);
177*d1e6057fSAlan Somers ATF_TP_ADD_TC(tp, efault);
178*d1e6057fSAlan Somers ATF_TP_ADD_TC(tp, einval);
179*d1e6057fSAlan Somers ATF_TP_ADD_TC(tp, modify_child);
180*d1e6057fSAlan Somers ATF_TP_ADD_TC(tp, rfproc);
181*d1e6057fSAlan Somers ATF_TP_ADD_TC(tp, rfprocdesc);
182*d1e6057fSAlan Somers #if !(defined(__i386__)) && !(defined(__amd64__))
183*d1e6057fSAlan Somers ATF_TP_ADD_TC(tp, rfspawn);
184*d1e6057fSAlan Somers #endif
185*d1e6057fSAlan Somers
186*d1e6057fSAlan Somers return (atf_no_error());
187*d1e6057fSAlan Somers }
188