xref: /freebsd/tests/sys/kern/ptrace_test.c (revision 058ac3e8063366dafa634d9107642e12b038bf09)
1 /*-
2  * Copyright (c) 2015 John Baldwin <jhb@FreeBSD.org>
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23  * SUCH DAMAGE.
24  */
25 
26 #include <sys/cdefs.h>
27 __FBSDID("$FreeBSD$");
28 
29 #include <sys/types.h>
30 #include <sys/cpuset.h>
31 #include <sys/elf.h>
32 #include <sys/event.h>
33 #include <sys/file.h>
34 #include <sys/time.h>
35 #include <sys/procctl.h>
36 #include <sys/procdesc.h>
37 #include <sys/ptrace.h>
38 #include <sys/procfs.h>
39 #include <sys/queue.h>
40 #include <sys/runq.h>
41 #include <sys/syscall.h>
42 #include <sys/sysctl.h>
43 #include <sys/user.h>
44 #include <sys/wait.h>
45 #include <errno.h>
46 #include <machine/cpufunc.h>
47 #include <pthread.h>
48 #include <sched.h>
49 #include <semaphore.h>
50 #include <signal.h>
51 #include <stdarg.h>
52 #include <stdio.h>
53 #include <stdlib.h>
54 #include <unistd.h>
55 #include <atf-c.h>
56 
57 /*
58  * Architectures with a user-visible breakpoint().
59  */
60 #if defined(__aarch64__) || defined(__amd64__) || defined(__arm__) ||	\
61     defined(__i386__) || defined(__riscv)
62 #define	HAVE_BREAKPOINT
63 #endif
64 
65 /*
66  * Adjust PC to skip over a breakpoint when stopped for a breakpoint trap.
67  */
68 #ifdef HAVE_BREAKPOINT
69 #if defined(__aarch64__)
70 #define	SKIP_BREAK(reg)	((reg)->elr += 4)
71 #elif defined(__amd64__) || defined(__i386__)
72 #define	SKIP_BREAK(reg)
73 #elif defined(__arm__)
74 #define	SKIP_BREAK(reg)	((reg)->r_pc += 4)
75 #elif defined(__riscv)
76 #define	SKIP_BREAK(reg)	((reg)->sepc += 4)
77 #endif
78 #endif
79 
80 /*
81  * A variant of ATF_REQUIRE that is suitable for use in child
82  * processes.  This only works if the parent process is tripped up by
83  * the early exit and fails some requirement itself.
84  */
85 #define	CHILD_REQUIRE(exp) do {				\
86 	if (!(exp))					\
87 		child_fail_require(__FILE__, __LINE__,	\
88 		    #exp " not met\n");			\
89 } while (0)
90 
91 #define	CHILD_REQUIRE_EQ(actual, expected) do {			\
92 	__typeof__(expected) _e = expected;			\
93 	__typeof__(actual) _a = actual;				\
94 	if (_e != _a)						\
95 		child_fail_require(__FILE__, __LINE__, #actual	\
96 		    " (%jd) == " #expected " (%jd) not met\n",	\
97 		    (intmax_t)_a, (intmax_t)_e);		\
98 } while (0)
99 
100 static __dead2 void
101 child_fail_require(const char *file, int line, const char *fmt, ...)
102 {
103 	va_list ap;
104 	char buf[1024];
105 
106 	/* Use write() not fprintf() to avoid possible duplicate output. */
107 	snprintf(buf, sizeof(buf), "%s:%d: ", file, line);
108 	write(STDERR_FILENO, buf, strlen(buf));
109 	va_start(ap, fmt);
110 	vsnprintf(buf, sizeof(buf), fmt, ap);
111 	write(STDERR_FILENO, buf, strlen(buf));
112 	va_end(ap);
113 
114 	_exit(32);
115 }
116 
117 #define	REQUIRE_EQ(actual, expected) do {				\
118 	__typeof__(expected) _e = expected;				\
119 	__typeof__(actual) _a = actual;					\
120 	ATF_REQUIRE_MSG(_e == _a, #actual " (%jd) == "			\
121 	    #expected " (%jd) not met", (intmax_t)_a, (intmax_t)_e);	\
122 } while (0)
123 
124 static void
125 trace_me(void)
126 {
127 
128 	/* Attach the parent process as a tracer of this process. */
129 	CHILD_REQUIRE(ptrace(PT_TRACE_ME, 0, NULL, 0) != -1);
130 
131 	/* Trigger a stop. */
132 	raise(SIGSTOP);
133 }
134 
135 static void
136 attach_child(pid_t pid)
137 {
138 	pid_t wpid;
139 	int status;
140 
141 	REQUIRE_EQ(ptrace(PT_ATTACH, pid, NULL, 0), 0);
142 
143 	wpid = waitpid(pid, &status, 0);
144 	REQUIRE_EQ(wpid, pid);
145 	ATF_REQUIRE(WIFSTOPPED(status));
146 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
147 }
148 
149 static void
150 wait_for_zombie(pid_t pid)
151 {
152 
153 	/*
154 	 * Wait for a process to exit.  This is kind of gross, but
155 	 * there is not a better way.
156 	 *
157 	 * Prior to r325719, the kern.proc.pid.<pid> sysctl failed
158 	 * with ESRCH.  After that change, a valid struct kinfo_proc
159 	 * is returned for zombies with ki_stat set to SZOMB.
160 	 */
161 	for (;;) {
162 		struct kinfo_proc kp;
163 		size_t len;
164 		int mib[4];
165 
166 		mib[0] = CTL_KERN;
167 		mib[1] = KERN_PROC;
168 		mib[2] = KERN_PROC_PID;
169 		mib[3] = pid;
170 		len = sizeof(kp);
171 		if (sysctl(mib, nitems(mib), &kp, &len, NULL, 0) == -1) {
172 			REQUIRE_EQ(errno, ESRCH);
173 			break;
174 		}
175 		if (kp.ki_stat == SZOMB)
176 			break;
177 		usleep(5000);
178 	}
179 }
180 
181 /*
182  * Verify that a parent debugger process "sees" the exit of a debugged
183  * process exactly once when attached via PT_TRACE_ME.
184  */
185 ATF_TC_WITHOUT_HEAD(ptrace__parent_wait_after_trace_me);
186 ATF_TC_BODY(ptrace__parent_wait_after_trace_me, tc)
187 {
188 	pid_t child, wpid;
189 	int status;
190 
191 	ATF_REQUIRE((child = fork()) != -1);
192 	if (child == 0) {
193 		/* Child process. */
194 		trace_me();
195 
196 		_exit(1);
197 	}
198 
199 	/* Parent process. */
200 
201 	/* The first wait() should report the stop from SIGSTOP. */
202 	wpid = waitpid(child, &status, 0);
203 	REQUIRE_EQ(wpid, child);
204 	ATF_REQUIRE(WIFSTOPPED(status));
205 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
206 
207 	/* Continue the child ignoring the SIGSTOP. */
208 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
209 
210 	/* The second wait() should report the exit status. */
211 	wpid = waitpid(child, &status, 0);
212 	REQUIRE_EQ(wpid, child);
213 	ATF_REQUIRE(WIFEXITED(status));
214 	REQUIRE_EQ(WEXITSTATUS(status), 1);
215 
216 	/* The child should no longer exist. */
217 	wpid = waitpid(child, &status, 0);
218 	REQUIRE_EQ(wpid, -1);
219 	REQUIRE_EQ(errno, ECHILD);
220 }
221 
222 /*
223  * Verify that a parent debugger process "sees" the exit of a debugged
224  * process exactly once when attached via PT_ATTACH.
225  */
226 ATF_TC_WITHOUT_HEAD(ptrace__parent_wait_after_attach);
227 ATF_TC_BODY(ptrace__parent_wait_after_attach, tc)
228 {
229 	pid_t child, wpid;
230 	int cpipe[2], status;
231 	char c;
232 
233 	REQUIRE_EQ(pipe(cpipe), 0);
234 	ATF_REQUIRE((child = fork()) != -1);
235 	if (child == 0) {
236 		/* Child process. */
237 		close(cpipe[0]);
238 
239 		/* Wait for the parent to attach. */
240 		CHILD_REQUIRE_EQ(0, read(cpipe[1], &c, sizeof(c)));
241 
242 		_exit(1);
243 	}
244 	close(cpipe[1]);
245 
246 	/* Parent process. */
247 
248 	/* Attach to the child process. */
249 	attach_child(child);
250 
251 	/* Continue the child ignoring the SIGSTOP. */
252 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
253 
254 	/* Signal the child to exit. */
255 	close(cpipe[0]);
256 
257 	/* The second wait() should report the exit status. */
258 	wpid = waitpid(child, &status, 0);
259 	REQUIRE_EQ(wpid, child);
260 	ATF_REQUIRE(WIFEXITED(status));
261 	REQUIRE_EQ(WEXITSTATUS(status), 1);
262 
263 	/* The child should no longer exist. */
264 	wpid = waitpid(child, &status, 0);
265 	REQUIRE_EQ(wpid, -1);
266 	REQUIRE_EQ(errno, ECHILD);
267 }
268 
269 /*
270  * Verify that a parent process "sees" the exit of a debugged process only
271  * after the debugger has seen it.
272  */
273 ATF_TC_WITHOUT_HEAD(ptrace__parent_sees_exit_after_child_debugger);
274 ATF_TC_BODY(ptrace__parent_sees_exit_after_child_debugger, tc)
275 {
276 	pid_t child, debugger, wpid;
277 	int cpipe[2], dpipe[2], status;
278 	char c;
279 
280 	REQUIRE_EQ(pipe(cpipe), 0);
281 	ATF_REQUIRE((child = fork()) != -1);
282 
283 	if (child == 0) {
284 		/* Child process. */
285 		close(cpipe[0]);
286 
287 		/* Wait for parent to be ready. */
288 		CHILD_REQUIRE_EQ(read(cpipe[1], &c, sizeof(c)),
289 		    (ssize_t)sizeof(c));
290 
291 		_exit(1);
292 	}
293 	close(cpipe[1]);
294 
295 	REQUIRE_EQ(pipe(dpipe), 0);
296 	ATF_REQUIRE((debugger = fork()) != -1);
297 
298 	if (debugger == 0) {
299 		/* Debugger process. */
300 		close(dpipe[0]);
301 
302 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
303 
304 		wpid = waitpid(child, &status, 0);
305 		CHILD_REQUIRE_EQ(wpid, child);
306 		CHILD_REQUIRE(WIFSTOPPED(status));
307 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
308 
309 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
310 
311 		/* Signal parent that debugger is attached. */
312 		CHILD_REQUIRE_EQ(write(dpipe[1], &c, sizeof(c)),
313 		    (ssize_t)sizeof(c));
314 
315 		/* Wait for parent's failed wait. */
316 		CHILD_REQUIRE_EQ(read(dpipe[1], &c, sizeof(c)), 0);
317 
318 		wpid = waitpid(child, &status, 0);
319 		CHILD_REQUIRE_EQ(wpid, child);
320 		CHILD_REQUIRE(WIFEXITED(status));
321 		CHILD_REQUIRE_EQ(WEXITSTATUS(status), 1);
322 
323 		_exit(0);
324 	}
325 	close(dpipe[1]);
326 
327 	/* Parent process. */
328 
329 	/* Wait for the debugger to attach to the child. */
330 	REQUIRE_EQ(read(dpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
331 
332 	/* Release the child. */
333 	REQUIRE_EQ(write(cpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
334 	REQUIRE_EQ(read(cpipe[0], &c, sizeof(c)), 0);
335 	close(cpipe[0]);
336 
337 	wait_for_zombie(child);
338 
339 	/*
340 	 * This wait should return a pid of 0 to indicate no status to
341 	 * report.  The parent should see the child as non-exited
342 	 * until the debugger sees the exit.
343 	 */
344 	wpid = waitpid(child, &status, WNOHANG);
345 	REQUIRE_EQ(wpid, 0);
346 
347 	/* Signal the debugger to wait for the child. */
348 	close(dpipe[0]);
349 
350 	/* Wait for the debugger. */
351 	wpid = waitpid(debugger, &status, 0);
352 	REQUIRE_EQ(wpid, debugger);
353 	ATF_REQUIRE(WIFEXITED(status));
354 	REQUIRE_EQ(WEXITSTATUS(status), 0);
355 
356 	/* The child process should now be ready. */
357 	wpid = waitpid(child, &status, WNOHANG);
358 	REQUIRE_EQ(wpid, child);
359 	ATF_REQUIRE(WIFEXITED(status));
360 	REQUIRE_EQ(WEXITSTATUS(status), 1);
361 }
362 
363 /*
364  * Verify that a parent process "sees" the exit of a debugged process
365  * only after a non-direct-child debugger has seen it.  In particular,
366  * various wait() calls in the parent must avoid failing with ESRCH by
367  * checking the parent's orphan list for the debugee.
368  */
369 ATF_TC_WITHOUT_HEAD(ptrace__parent_sees_exit_after_unrelated_debugger);
370 ATF_TC_BODY(ptrace__parent_sees_exit_after_unrelated_debugger, tc)
371 {
372 	pid_t child, debugger, fpid, wpid;
373 	int cpipe[2], dpipe[2], status;
374 	char c;
375 
376 	REQUIRE_EQ(pipe(cpipe), 0);
377 	ATF_REQUIRE((child = fork()) != -1);
378 
379 	if (child == 0) {
380 		/* Child process. */
381 		close(cpipe[0]);
382 
383 		/* Wait for parent to be ready. */
384 		CHILD_REQUIRE_EQ(read(cpipe[1], &c, sizeof(c)),
385 		    (ssize_t)sizeof(c));
386 
387 		_exit(1);
388 	}
389 	close(cpipe[1]);
390 
391 	REQUIRE_EQ(pipe(dpipe), 0);
392 	ATF_REQUIRE((debugger = fork()) != -1);
393 
394 	if (debugger == 0) {
395 		/* Debugger parent. */
396 
397 		/*
398 		 * Fork again and drop the debugger parent so that the
399 		 * debugger is not a child of the main parent.
400 		 */
401 		CHILD_REQUIRE((fpid = fork()) != -1);
402 		if (fpid != 0)
403 			_exit(2);
404 
405 		/* Debugger process. */
406 		close(dpipe[0]);
407 
408 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
409 
410 		wpid = waitpid(child, &status, 0);
411 		CHILD_REQUIRE_EQ(wpid, child);
412 		CHILD_REQUIRE(WIFSTOPPED(status));
413 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
414 
415 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
416 
417 		/* Signal parent that debugger is attached. */
418 		CHILD_REQUIRE_EQ(write(dpipe[1], &c, sizeof(c)),
419 		    (ssize_t)sizeof(c));
420 
421 		/* Wait for parent's failed wait. */
422 		CHILD_REQUIRE_EQ(read(dpipe[1], &c, sizeof(c)),
423 		    (ssize_t)sizeof(c));
424 
425 		wpid = waitpid(child, &status, 0);
426 		CHILD_REQUIRE_EQ(wpid, child);
427 		CHILD_REQUIRE(WIFEXITED(status));
428 		CHILD_REQUIRE_EQ(WEXITSTATUS(status), 1);
429 
430 		_exit(0);
431 	}
432 	close(dpipe[1]);
433 
434 	/* Parent process. */
435 
436 	/* Wait for the debugger parent process to exit. */
437 	wpid = waitpid(debugger, &status, 0);
438 	REQUIRE_EQ(wpid, debugger);
439 	ATF_REQUIRE(WIFEXITED(status));
440 	REQUIRE_EQ(WEXITSTATUS(status), 2);
441 
442 	/* A WNOHANG wait here should see the non-exited child. */
443 	wpid = waitpid(child, &status, WNOHANG);
444 	REQUIRE_EQ(wpid, 0);
445 
446 	/* Wait for the debugger to attach to the child. */
447 	REQUIRE_EQ(read(dpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
448 
449 	/* Release the child. */
450 	REQUIRE_EQ(write(cpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
451 	REQUIRE_EQ(read(cpipe[0], &c, sizeof(c)), 0);
452 	close(cpipe[0]);
453 
454 	wait_for_zombie(child);
455 
456 	/*
457 	 * This wait should return a pid of 0 to indicate no status to
458 	 * report.  The parent should see the child as non-exited
459 	 * until the debugger sees the exit.
460 	 */
461 	wpid = waitpid(child, &status, WNOHANG);
462 	REQUIRE_EQ(wpid, 0);
463 
464 	/* Signal the debugger to wait for the child. */
465 	REQUIRE_EQ(write(dpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
466 
467 	/* Wait for the debugger. */
468 	REQUIRE_EQ(read(dpipe[0], &c, sizeof(c)), 0);
469 	close(dpipe[0]);
470 
471 	/* The child process should now be ready. */
472 	wpid = waitpid(child, &status, WNOHANG);
473 	REQUIRE_EQ(wpid, child);
474 	ATF_REQUIRE(WIFEXITED(status));
475 	REQUIRE_EQ(WEXITSTATUS(status), 1);
476 }
477 
478 /*
479  * Make sure that we can collect the exit status of an orphaned process.
480  */
481 ATF_TC_WITHOUT_HEAD(ptrace__parent_exits_before_child);
482 ATF_TC_BODY(ptrace__parent_exits_before_child, tc)
483 {
484 	ssize_t n;
485 	int cpipe1[2], cpipe2[2], gcpipe[2], status;
486 	pid_t child, gchild;
487 
488 	REQUIRE_EQ(pipe(cpipe1), 0);
489 	REQUIRE_EQ(pipe(cpipe2), 0);
490 	REQUIRE_EQ(pipe(gcpipe), 0);
491 
492 	REQUIRE_EQ(procctl(P_PID, getpid(), PROC_REAP_ACQUIRE, NULL), 0);
493 
494 	ATF_REQUIRE((child = fork()) != -1);
495 	if (child == 0) {
496 		CHILD_REQUIRE((gchild = fork()) != -1);
497 		if (gchild == 0) {
498 			status = 1;
499 			do {
500 				n = read(gcpipe[0], &status, sizeof(status));
501 			} while (n == -1 && errno == EINTR);
502 			_exit(status);
503 		}
504 
505 		CHILD_REQUIRE_EQ(write(cpipe1[1], &gchild, sizeof(gchild)),
506 		    (ssize_t)sizeof(gchild));
507 		CHILD_REQUIRE_EQ(read(cpipe2[0], &status, sizeof(status)),
508 		    (ssize_t)sizeof(status));
509 		_exit(status);
510 	}
511 
512 	REQUIRE_EQ(read(cpipe1[0], &gchild, sizeof(gchild)),
513 	    (ssize_t)sizeof(gchild));
514 
515 	REQUIRE_EQ(ptrace(PT_ATTACH, gchild, NULL, 0), 0);
516 
517 	status = 0;
518 	REQUIRE_EQ(write(cpipe2[1], &status, sizeof(status)),
519 	    (ssize_t)sizeof(status));
520 	REQUIRE_EQ(waitpid(child, &status, 0), child);
521 	ATF_REQUIRE(WIFEXITED(status));
522 	REQUIRE_EQ(WEXITSTATUS(status), 0);
523 
524 	status = 0;
525 	REQUIRE_EQ(write(gcpipe[1], &status, sizeof(status)),
526 	    (ssize_t)sizeof(status));
527 	REQUIRE_EQ(waitpid(gchild, &status, 0), gchild);
528 	ATF_REQUIRE(WIFSTOPPED(status));
529 	REQUIRE_EQ(ptrace(PT_DETACH, gchild, (caddr_t)1, 0), 0);
530 	REQUIRE_EQ(waitpid(gchild, &status, 0), gchild);
531 	ATF_REQUIRE(WIFEXITED(status));
532 	REQUIRE_EQ(WEXITSTATUS(status), 0);
533 
534 	REQUIRE_EQ(close(cpipe1[0]), 0);
535 	REQUIRE_EQ(close(cpipe1[1]), 0);
536 	REQUIRE_EQ(close(cpipe2[0]), 0);
537 	REQUIRE_EQ(close(cpipe2[1]), 0);
538 	REQUIRE_EQ(close(gcpipe[0]), 0);
539 	REQUIRE_EQ(close(gcpipe[1]), 0);
540 }
541 
542 /*
543  * The parent process should always act the same regardless of how the
544  * debugger is attached to it.
545  */
546 static __dead2 void
547 follow_fork_parent(bool use_vfork)
548 {
549 	pid_t fpid, wpid;
550 	int status;
551 
552 	if (use_vfork)
553 		CHILD_REQUIRE((fpid = vfork()) != -1);
554 	else
555 		CHILD_REQUIRE((fpid = fork()) != -1);
556 
557 	if (fpid == 0)
558 		/* Child */
559 		_exit(2);
560 
561 	wpid = waitpid(fpid, &status, 0);
562 	CHILD_REQUIRE_EQ(wpid, fpid);
563 	CHILD_REQUIRE(WIFEXITED(status));
564 	CHILD_REQUIRE_EQ(WEXITSTATUS(status), 2);
565 
566 	_exit(1);
567 }
568 
569 /*
570  * Helper routine for follow fork tests.  This waits for two stops
571  * that report both "sides" of a fork.  It returns the pid of the new
572  * child process.
573  */
574 static pid_t
575 handle_fork_events(pid_t parent, struct ptrace_lwpinfo *ppl)
576 {
577 	struct ptrace_lwpinfo pl;
578 	bool fork_reported[2];
579 	pid_t child, wpid;
580 	int i, status;
581 
582 	fork_reported[0] = false;
583 	fork_reported[1] = false;
584 	child = -1;
585 
586 	/*
587 	 * Each process should report a fork event.  The parent should
588 	 * report a PL_FLAG_FORKED event, and the child should report
589 	 * a PL_FLAG_CHILD event.
590 	 */
591 	for (i = 0; i < 2; i++) {
592 		wpid = wait(&status);
593 		ATF_REQUIRE(wpid > 0);
594 		ATF_REQUIRE(WIFSTOPPED(status));
595 
596 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
597 		    sizeof(pl)) != -1);
598 		ATF_REQUIRE((pl.pl_flags & (PL_FLAG_FORKED | PL_FLAG_CHILD)) !=
599 		    0);
600 		ATF_REQUIRE((pl.pl_flags & (PL_FLAG_FORKED | PL_FLAG_CHILD)) !=
601 		    (PL_FLAG_FORKED | PL_FLAG_CHILD));
602 		if (pl.pl_flags & PL_FLAG_CHILD) {
603 			ATF_REQUIRE(wpid != parent);
604 			REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
605 			ATF_REQUIRE(!fork_reported[1]);
606 			if (child == -1)
607 				child = wpid;
608 			else
609 				REQUIRE_EQ(child, wpid);
610 			if (ppl != NULL)
611 				ppl[1] = pl;
612 			fork_reported[1] = true;
613 		} else {
614 			REQUIRE_EQ(wpid, parent);
615 			REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
616 			ATF_REQUIRE(!fork_reported[0]);
617 			if (child == -1)
618 				child = pl.pl_child_pid;
619 			else
620 				REQUIRE_EQ(child, pl.pl_child_pid);
621 			if (ppl != NULL)
622 				ppl[0] = pl;
623 			fork_reported[0] = true;
624 		}
625 	}
626 
627 	return (child);
628 }
629 
630 /*
631  * Verify that a new child process is stopped after a followed fork and
632  * that the traced parent sees the exit of the child after the debugger
633  * when both processes remain attached to the debugger.
634  */
635 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_both_attached);
636 ATF_TC_BODY(ptrace__follow_fork_both_attached, tc)
637 {
638 	pid_t children[2], fpid, wpid;
639 	int status;
640 
641 	ATF_REQUIRE((fpid = fork()) != -1);
642 	if (fpid == 0) {
643 		trace_me();
644 		follow_fork_parent(false);
645 	}
646 
647 	/* Parent process. */
648 	children[0] = fpid;
649 
650 	/* The first wait() should report the stop from SIGSTOP. */
651 	wpid = waitpid(children[0], &status, 0);
652 	REQUIRE_EQ(wpid, children[0]);
653 	ATF_REQUIRE(WIFSTOPPED(status));
654 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
655 
656 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
657 
658 	/* Continue the child ignoring the SIGSTOP. */
659 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
660 
661 	children[1] = handle_fork_events(children[0], NULL);
662 	ATF_REQUIRE(children[1] > 0);
663 
664 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
665 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
666 
667 	/*
668 	 * The child can't exit until the grandchild reports status, so the
669 	 * grandchild should report its exit first to the debugger.
670 	 */
671 	wpid = wait(&status);
672 	REQUIRE_EQ(wpid, children[1]);
673 	ATF_REQUIRE(WIFEXITED(status));
674 	REQUIRE_EQ(WEXITSTATUS(status), 2);
675 
676 	wpid = wait(&status);
677 	REQUIRE_EQ(wpid, children[0]);
678 	ATF_REQUIRE(WIFEXITED(status));
679 	REQUIRE_EQ(WEXITSTATUS(status), 1);
680 
681 	wpid = wait(&status);
682 	REQUIRE_EQ(wpid, -1);
683 	REQUIRE_EQ(errno, ECHILD);
684 }
685 
686 /*
687  * Verify that a new child process is stopped after a followed fork
688  * and that the traced parent sees the exit of the child when the new
689  * child process is detached after it reports its fork.
690  */
691 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_child_detached);
692 ATF_TC_BODY(ptrace__follow_fork_child_detached, tc)
693 {
694 	pid_t children[2], fpid, wpid;
695 	int status;
696 
697 	ATF_REQUIRE((fpid = fork()) != -1);
698 	if (fpid == 0) {
699 		trace_me();
700 		follow_fork_parent(false);
701 	}
702 
703 	/* Parent process. */
704 	children[0] = fpid;
705 
706 	/* The first wait() should report the stop from SIGSTOP. */
707 	wpid = waitpid(children[0], &status, 0);
708 	REQUIRE_EQ(wpid, children[0]);
709 	ATF_REQUIRE(WIFSTOPPED(status));
710 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
711 
712 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
713 
714 	/* Continue the child ignoring the SIGSTOP. */
715 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
716 
717 	children[1] = handle_fork_events(children[0], NULL);
718 	ATF_REQUIRE(children[1] > 0);
719 
720 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
721 	ATF_REQUIRE(ptrace(PT_DETACH, children[1], (caddr_t)1, 0) != -1);
722 
723 	/*
724 	 * Should not see any status from the grandchild now, only the
725 	 * child.
726 	 */
727 	wpid = wait(&status);
728 	REQUIRE_EQ(wpid, children[0]);
729 	ATF_REQUIRE(WIFEXITED(status));
730 	REQUIRE_EQ(WEXITSTATUS(status), 1);
731 
732 	wpid = wait(&status);
733 	REQUIRE_EQ(wpid, -1);
734 	REQUIRE_EQ(errno, ECHILD);
735 }
736 
737 /*
738  * Verify that a new child process is stopped after a followed fork
739  * and that the traced parent sees the exit of the child when the
740  * traced parent is detached after the fork.
741  */
742 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_parent_detached);
743 ATF_TC_BODY(ptrace__follow_fork_parent_detached, tc)
744 {
745 	pid_t children[2], fpid, wpid;
746 	int status;
747 
748 	ATF_REQUIRE((fpid = fork()) != -1);
749 	if (fpid == 0) {
750 		trace_me();
751 		follow_fork_parent(false);
752 	}
753 
754 	/* Parent process. */
755 	children[0] = fpid;
756 
757 	/* The first wait() should report the stop from SIGSTOP. */
758 	wpid = waitpid(children[0], &status, 0);
759 	REQUIRE_EQ(wpid, children[0]);
760 	ATF_REQUIRE(WIFSTOPPED(status));
761 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
762 
763 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
764 
765 	/* Continue the child ignoring the SIGSTOP. */
766 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
767 
768 	children[1] = handle_fork_events(children[0], NULL);
769 	ATF_REQUIRE(children[1] > 0);
770 
771 	ATF_REQUIRE(ptrace(PT_DETACH, children[0], (caddr_t)1, 0) != -1);
772 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
773 
774 	/*
775 	 * The child can't exit until the grandchild reports status, so the
776 	 * grandchild should report its exit first to the debugger.
777 	 *
778 	 * Even though the child process is detached, it is still a
779 	 * child of the debugger, so it will still report it's exit
780 	 * after the grandchild.
781 	 */
782 	wpid = wait(&status);
783 	REQUIRE_EQ(wpid, children[1]);
784 	ATF_REQUIRE(WIFEXITED(status));
785 	REQUIRE_EQ(WEXITSTATUS(status), 2);
786 
787 	wpid = wait(&status);
788 	REQUIRE_EQ(wpid, children[0]);
789 	ATF_REQUIRE(WIFEXITED(status));
790 	REQUIRE_EQ(WEXITSTATUS(status), 1);
791 
792 	wpid = wait(&status);
793 	REQUIRE_EQ(wpid, -1);
794 	REQUIRE_EQ(errno, ECHILD);
795 }
796 
797 static void
798 attach_fork_parent(int cpipe[2])
799 {
800 	pid_t fpid;
801 
802 	close(cpipe[0]);
803 
804 	/* Double-fork to disassociate from the debugger. */
805 	CHILD_REQUIRE((fpid = fork()) != -1);
806 	if (fpid != 0)
807 		_exit(3);
808 
809 	/* Send the pid of the disassociated child to the debugger. */
810 	fpid = getpid();
811 	CHILD_REQUIRE_EQ(write(cpipe[1], &fpid, sizeof(fpid)),
812 	    (ssize_t)sizeof(fpid));
813 
814 	/* Wait for the debugger to attach. */
815 	CHILD_REQUIRE_EQ(read(cpipe[1], &fpid, sizeof(fpid)), 0);
816 }
817 
818 /*
819  * Verify that a new child process is stopped after a followed fork and
820  * that the traced parent sees the exit of the child after the debugger
821  * when both processes remain attached to the debugger.  In this test
822  * the parent that forks is not a direct child of the debugger.
823  */
824 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_both_attached_unrelated_debugger);
825 ATF_TC_BODY(ptrace__follow_fork_both_attached_unrelated_debugger, tc)
826 {
827 	pid_t children[2], fpid, wpid;
828 	int cpipe[2], status;
829 
830 	REQUIRE_EQ(pipe(cpipe), 0);
831 	ATF_REQUIRE((fpid = fork()) != -1);
832 	if (fpid == 0) {
833 		attach_fork_parent(cpipe);
834 		follow_fork_parent(false);
835 	}
836 
837 	/* Parent process. */
838 	close(cpipe[1]);
839 
840 	/* Wait for the direct child to exit. */
841 	wpid = waitpid(fpid, &status, 0);
842 	REQUIRE_EQ(wpid, fpid);
843 	ATF_REQUIRE(WIFEXITED(status));
844 	REQUIRE_EQ(WEXITSTATUS(status), 3);
845 
846 	/* Read the pid of the fork parent. */
847 	REQUIRE_EQ(read(cpipe[0], &children[0], sizeof(children[0])),
848 	    (ssize_t)sizeof(children[0]));
849 
850 	/* Attach to the fork parent. */
851 	attach_child(children[0]);
852 
853 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
854 
855 	/* Continue the fork parent ignoring the SIGSTOP. */
856 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
857 
858 	/* Signal the fork parent to continue. */
859 	close(cpipe[0]);
860 
861 	children[1] = handle_fork_events(children[0], NULL);
862 	ATF_REQUIRE(children[1] > 0);
863 
864 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
865 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
866 
867 	/*
868 	 * The fork parent can't exit until the child reports status,
869 	 * so the child should report its exit first to the debugger.
870 	 */
871 	wpid = wait(&status);
872 	REQUIRE_EQ(wpid, children[1]);
873 	ATF_REQUIRE(WIFEXITED(status));
874 	REQUIRE_EQ(WEXITSTATUS(status), 2);
875 
876 	wpid = wait(&status);
877 	REQUIRE_EQ(wpid, children[0]);
878 	ATF_REQUIRE(WIFEXITED(status));
879 	REQUIRE_EQ(WEXITSTATUS(status), 1);
880 
881 	wpid = wait(&status);
882 	REQUIRE_EQ(wpid, -1);
883 	REQUIRE_EQ(errno, ECHILD);
884 }
885 
886 /*
887  * Verify that a new child process is stopped after a followed fork
888  * and that the traced parent sees the exit of the child when the new
889  * child process is detached after it reports its fork.  In this test
890  * the parent that forks is not a direct child of the debugger.
891  */
892 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_child_detached_unrelated_debugger);
893 ATF_TC_BODY(ptrace__follow_fork_child_detached_unrelated_debugger, tc)
894 {
895 	pid_t children[2], fpid, wpid;
896 	int cpipe[2], status;
897 
898 	REQUIRE_EQ(pipe(cpipe), 0);
899 	ATF_REQUIRE((fpid = fork()) != -1);
900 	if (fpid == 0) {
901 		attach_fork_parent(cpipe);
902 		follow_fork_parent(false);
903 	}
904 
905 	/* Parent process. */
906 	close(cpipe[1]);
907 
908 	/* Wait for the direct child to exit. */
909 	wpid = waitpid(fpid, &status, 0);
910 	REQUIRE_EQ(wpid, fpid);
911 	ATF_REQUIRE(WIFEXITED(status));
912 	REQUIRE_EQ(WEXITSTATUS(status), 3);
913 
914 	/* Read the pid of the fork parent. */
915 	REQUIRE_EQ(read(cpipe[0], &children[0], sizeof(children[0])),
916 	    (ssize_t)sizeof(children[0]));
917 
918 	/* Attach to the fork parent. */
919 	attach_child(children[0]);
920 
921 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
922 
923 	/* Continue the fork parent ignoring the SIGSTOP. */
924 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
925 
926 	/* Signal the fork parent to continue. */
927 	close(cpipe[0]);
928 
929 	children[1] = handle_fork_events(children[0], NULL);
930 	ATF_REQUIRE(children[1] > 0);
931 
932 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
933 	ATF_REQUIRE(ptrace(PT_DETACH, children[1], (caddr_t)1, 0) != -1);
934 
935 	/*
936 	 * Should not see any status from the child now, only the fork
937 	 * parent.
938 	 */
939 	wpid = wait(&status);
940 	REQUIRE_EQ(wpid, children[0]);
941 	ATF_REQUIRE(WIFEXITED(status));
942 	REQUIRE_EQ(WEXITSTATUS(status), 1);
943 
944 	wpid = wait(&status);
945 	REQUIRE_EQ(wpid, -1);
946 	REQUIRE_EQ(errno, ECHILD);
947 }
948 
949 /*
950  * Verify that a new child process is stopped after a followed fork
951  * and that the traced parent sees the exit of the child when the
952  * traced parent is detached after the fork.  In this test the parent
953  * that forks is not a direct child of the debugger.
954  */
955 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_parent_detached_unrelated_debugger);
956 ATF_TC_BODY(ptrace__follow_fork_parent_detached_unrelated_debugger, tc)
957 {
958 	pid_t children[2], fpid, wpid;
959 	int cpipe[2], status;
960 
961 	REQUIRE_EQ(pipe(cpipe), 0);
962 	ATF_REQUIRE((fpid = fork()) != -1);
963 	if (fpid == 0) {
964 		attach_fork_parent(cpipe);
965 		follow_fork_parent(false);
966 	}
967 
968 	/* Parent process. */
969 	close(cpipe[1]);
970 
971 	/* Wait for the direct child to exit. */
972 	wpid = waitpid(fpid, &status, 0);
973 	REQUIRE_EQ(wpid, fpid);
974 	ATF_REQUIRE(WIFEXITED(status));
975 	REQUIRE_EQ(WEXITSTATUS(status), 3);
976 
977 	/* Read the pid of the fork parent. */
978 	REQUIRE_EQ(read(cpipe[0], &children[0], sizeof(children[0])),
979 	    (ssize_t)sizeof(children[0]));
980 
981 	/* Attach to the fork parent. */
982 	attach_child(children[0]);
983 
984 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
985 
986 	/* Continue the fork parent ignoring the SIGSTOP. */
987 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
988 
989 	/* Signal the fork parent to continue. */
990 	close(cpipe[0]);
991 
992 	children[1] = handle_fork_events(children[0], NULL);
993 	ATF_REQUIRE(children[1] > 0);
994 
995 	ATF_REQUIRE(ptrace(PT_DETACH, children[0], (caddr_t)1, 0) != -1);
996 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
997 
998 	/*
999 	 * Should not see any status from the fork parent now, only
1000 	 * the child.
1001 	 */
1002 	wpid = wait(&status);
1003 	REQUIRE_EQ(wpid, children[1]);
1004 	ATF_REQUIRE(WIFEXITED(status));
1005 	REQUIRE_EQ(WEXITSTATUS(status), 2);
1006 
1007 	wpid = wait(&status);
1008 	REQUIRE_EQ(wpid, -1);
1009 	REQUIRE_EQ(errno, ECHILD);
1010 }
1011 
1012 /*
1013  * Verify that a child process does not see an unrelated debugger as its
1014  * parent but sees its original parent process.
1015  */
1016 ATF_TC_WITHOUT_HEAD(ptrace__getppid);
1017 ATF_TC_BODY(ptrace__getppid, tc)
1018 {
1019 	pid_t child, debugger, ppid, wpid;
1020 	int cpipe[2], dpipe[2], status;
1021 	char c;
1022 
1023 	REQUIRE_EQ(pipe(cpipe), 0);
1024 	ATF_REQUIRE((child = fork()) != -1);
1025 
1026 	if (child == 0) {
1027 		/* Child process. */
1028 		close(cpipe[0]);
1029 
1030 		/* Wait for parent to be ready. */
1031 		CHILD_REQUIRE_EQ(read(cpipe[1], &c, sizeof(c)),
1032 		    (ssize_t)sizeof(c));
1033 
1034 		/* Report the parent PID to the parent. */
1035 		ppid = getppid();
1036 		CHILD_REQUIRE_EQ(write(cpipe[1], &ppid, sizeof(ppid)),
1037 		    (ssize_t)sizeof(ppid));
1038 
1039 		_exit(1);
1040 	}
1041 	close(cpipe[1]);
1042 
1043 	REQUIRE_EQ(pipe(dpipe), 0);
1044 	ATF_REQUIRE((debugger = fork()) != -1);
1045 
1046 	if (debugger == 0) {
1047 		/* Debugger process. */
1048 		close(dpipe[0]);
1049 
1050 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
1051 
1052 		wpid = waitpid(child, &status, 0);
1053 		CHILD_REQUIRE_EQ(wpid, child);
1054 		CHILD_REQUIRE(WIFSTOPPED(status));
1055 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1056 
1057 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
1058 
1059 		/* Signal parent that debugger is attached. */
1060 		CHILD_REQUIRE_EQ(write(dpipe[1], &c, sizeof(c)),
1061 		    (ssize_t)sizeof(c));
1062 
1063 		/* Wait for traced child to exit. */
1064 		wpid = waitpid(child, &status, 0);
1065 		CHILD_REQUIRE_EQ(wpid, child);
1066 		CHILD_REQUIRE(WIFEXITED(status));
1067 		CHILD_REQUIRE_EQ(WEXITSTATUS(status), 1);
1068 
1069 		_exit(0);
1070 	}
1071 	close(dpipe[1]);
1072 
1073 	/* Parent process. */
1074 
1075 	/* Wait for the debugger to attach to the child. */
1076 	REQUIRE_EQ(read(dpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
1077 
1078 	/* Release the child. */
1079 	REQUIRE_EQ(write(cpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
1080 
1081 	/* Read the parent PID from the child. */
1082 	REQUIRE_EQ(read(cpipe[0], &ppid, sizeof(ppid)), (ssize_t)sizeof(ppid));
1083 	close(cpipe[0]);
1084 
1085 	REQUIRE_EQ(ppid, getpid());
1086 
1087 	/* Wait for the debugger. */
1088 	wpid = waitpid(debugger, &status, 0);
1089 	REQUIRE_EQ(wpid, debugger);
1090 	ATF_REQUIRE(WIFEXITED(status));
1091 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1092 
1093 	/* The child process should now be ready. */
1094 	wpid = waitpid(child, &status, WNOHANG);
1095 	REQUIRE_EQ(wpid, child);
1096 	ATF_REQUIRE(WIFEXITED(status));
1097 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1098 }
1099 
1100 /*
1101  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1102  * child process created via fork() reports the correct value.
1103  */
1104 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_fork);
1105 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_fork, tc)
1106 {
1107 	struct ptrace_lwpinfo pl[2];
1108 	pid_t children[2], fpid, wpid;
1109 	int status;
1110 
1111 	ATF_REQUIRE((fpid = fork()) != -1);
1112 	if (fpid == 0) {
1113 		trace_me();
1114 		follow_fork_parent(false);
1115 	}
1116 
1117 	/* Parent process. */
1118 	children[0] = fpid;
1119 
1120 	/* The first wait() should report the stop from SIGSTOP. */
1121 	wpid = waitpid(children[0], &status, 0);
1122 	REQUIRE_EQ(wpid, children[0]);
1123 	ATF_REQUIRE(WIFSTOPPED(status));
1124 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1125 
1126 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
1127 
1128 	/* Continue the child ignoring the SIGSTOP. */
1129 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1130 
1131 	/* Wait for both halves of the fork event to get reported. */
1132 	children[1] = handle_fork_events(children[0], pl);
1133 	ATF_REQUIRE(children[1] > 0);
1134 
1135 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_SCX) != 0);
1136 	ATF_REQUIRE((pl[1].pl_flags & PL_FLAG_SCX) != 0);
1137 	REQUIRE_EQ(pl[0].pl_syscall_code, (unsigned)SYS_fork);
1138 	REQUIRE_EQ(pl[0].pl_syscall_code, pl[1].pl_syscall_code);
1139 	REQUIRE_EQ(pl[0].pl_syscall_narg, pl[1].pl_syscall_narg);
1140 
1141 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1142 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1143 
1144 	/*
1145 	 * The child can't exit until the grandchild reports status, so the
1146 	 * grandchild should report its exit first to the debugger.
1147 	 */
1148 	wpid = wait(&status);
1149 	REQUIRE_EQ(wpid, children[1]);
1150 	ATF_REQUIRE(WIFEXITED(status));
1151 	REQUIRE_EQ(WEXITSTATUS(status), 2);
1152 
1153 	wpid = wait(&status);
1154 	REQUIRE_EQ(wpid, children[0]);
1155 	ATF_REQUIRE(WIFEXITED(status));
1156 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1157 
1158 	wpid = wait(&status);
1159 	REQUIRE_EQ(wpid, -1);
1160 	REQUIRE_EQ(errno, ECHILD);
1161 }
1162 
1163 /*
1164  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1165  * child process created via vfork() reports the correct value.
1166  */
1167 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_vfork);
1168 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_vfork, tc)
1169 {
1170 	struct ptrace_lwpinfo pl[2];
1171 	pid_t children[2], fpid, wpid;
1172 	int status;
1173 
1174 	ATF_REQUIRE((fpid = fork()) != -1);
1175 	if (fpid == 0) {
1176 		trace_me();
1177 		follow_fork_parent(true);
1178 	}
1179 
1180 	/* Parent process. */
1181 	children[0] = fpid;
1182 
1183 	/* The first wait() should report the stop from SIGSTOP. */
1184 	wpid = waitpid(children[0], &status, 0);
1185 	REQUIRE_EQ(wpid, children[0]);
1186 	ATF_REQUIRE(WIFSTOPPED(status));
1187 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1188 
1189 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
1190 
1191 	/* Continue the child ignoring the SIGSTOP. */
1192 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1193 
1194 	/* Wait for both halves of the fork event to get reported. */
1195 	children[1] = handle_fork_events(children[0], pl);
1196 	ATF_REQUIRE(children[1] > 0);
1197 
1198 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_SCX) != 0);
1199 	ATF_REQUIRE((pl[1].pl_flags & PL_FLAG_SCX) != 0);
1200 	REQUIRE_EQ(pl[0].pl_syscall_code, (unsigned)SYS_vfork);
1201 	REQUIRE_EQ(pl[0].pl_syscall_code, pl[1].pl_syscall_code);
1202 	REQUIRE_EQ(pl[0].pl_syscall_narg, pl[1].pl_syscall_narg);
1203 
1204 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1205 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1206 
1207 	/*
1208 	 * The child can't exit until the grandchild reports status, so the
1209 	 * grandchild should report its exit first to the debugger.
1210 	 */
1211 	wpid = wait(&status);
1212 	REQUIRE_EQ(wpid, children[1]);
1213 	ATF_REQUIRE(WIFEXITED(status));
1214 	REQUIRE_EQ(WEXITSTATUS(status), 2);
1215 
1216 	wpid = wait(&status);
1217 	REQUIRE_EQ(wpid, children[0]);
1218 	ATF_REQUIRE(WIFEXITED(status));
1219 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1220 
1221 	wpid = wait(&status);
1222 	REQUIRE_EQ(wpid, -1);
1223 	REQUIRE_EQ(errno, ECHILD);
1224 }
1225 
1226 static void *
1227 simple_thread(void *arg __unused)
1228 {
1229 
1230 	pthread_exit(NULL);
1231 }
1232 
1233 static __dead2 void
1234 simple_thread_main(void)
1235 {
1236 	pthread_t thread;
1237 
1238 	CHILD_REQUIRE_EQ(pthread_create(&thread, NULL, simple_thread, NULL), 0);
1239 	CHILD_REQUIRE_EQ(pthread_join(thread, NULL), 0);
1240 	exit(1);
1241 }
1242 
1243 /*
1244  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1245  * thread reports the correct value.
1246  */
1247 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_thread);
1248 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_thread, tc)
1249 {
1250 	struct ptrace_lwpinfo pl;
1251 	pid_t fpid, wpid;
1252 	lwpid_t mainlwp;
1253 	int status;
1254 
1255 	ATF_REQUIRE((fpid = fork()) != -1);
1256 	if (fpid == 0) {
1257 		trace_me();
1258 		simple_thread_main();
1259 	}
1260 
1261 	/* The first wait() should report the stop from SIGSTOP. */
1262 	wpid = waitpid(fpid, &status, 0);
1263 	REQUIRE_EQ(wpid, fpid);
1264 	ATF_REQUIRE(WIFSTOPPED(status));
1265 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1266 
1267 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1268 	    sizeof(pl)) != -1);
1269 	mainlwp = pl.pl_lwpid;
1270 
1271 	/*
1272 	 * Continue the child ignoring the SIGSTOP and tracing all
1273 	 * system call exits.
1274 	 */
1275 	ATF_REQUIRE(ptrace(PT_TO_SCX, fpid, (caddr_t)1, 0) != -1);
1276 
1277 	/*
1278 	 * Wait for the new thread to arrive.  pthread_create() might
1279 	 * invoke any number of system calls.  For now we just wait
1280 	 * for the new thread to arrive and make sure it reports a
1281 	 * valid system call code.  If ptrace grows thread event
1282 	 * reporting then this test can be made more precise.
1283 	 */
1284 	for (;;) {
1285 		wpid = waitpid(fpid, &status, 0);
1286 		REQUIRE_EQ(wpid, fpid);
1287 		ATF_REQUIRE(WIFSTOPPED(status));
1288 		REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1289 
1290 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1291 		    sizeof(pl)) != -1);
1292 		ATF_REQUIRE((pl.pl_flags & PL_FLAG_SCX) != 0);
1293 		ATF_REQUIRE(pl.pl_syscall_code != 0);
1294 		if (pl.pl_lwpid != mainlwp)
1295 			/* New thread seen. */
1296 			break;
1297 
1298 		REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1299 	}
1300 
1301 	/* Wait for the child to exit. */
1302 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1303 	for (;;) {
1304 		wpid = waitpid(fpid, &status, 0);
1305 		REQUIRE_EQ(wpid, fpid);
1306 		if (WIFEXITED(status))
1307 			break;
1308 
1309 		ATF_REQUIRE(WIFSTOPPED(status));
1310 		REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1311 		REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1312 	}
1313 
1314 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1315 
1316 	wpid = wait(&status);
1317 	REQUIRE_EQ(wpid, -1);
1318 	REQUIRE_EQ(errno, ECHILD);
1319 }
1320 
1321 /*
1322  * Verify that the expected LWP events are reported for a child thread.
1323  */
1324 ATF_TC_WITHOUT_HEAD(ptrace__lwp_events);
1325 ATF_TC_BODY(ptrace__lwp_events, tc)
1326 {
1327 	struct ptrace_lwpinfo pl;
1328 	pid_t fpid, wpid;
1329 	lwpid_t lwps[2];
1330 	int status;
1331 
1332 	ATF_REQUIRE((fpid = fork()) != -1);
1333 	if (fpid == 0) {
1334 		trace_me();
1335 		simple_thread_main();
1336 	}
1337 
1338 	/* The first wait() should report the stop from SIGSTOP. */
1339 	wpid = waitpid(fpid, &status, 0);
1340 	REQUIRE_EQ(wpid, fpid);
1341 	ATF_REQUIRE(WIFSTOPPED(status));
1342 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1343 
1344 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1345 	    sizeof(pl)) != -1);
1346 	lwps[0] = pl.pl_lwpid;
1347 
1348 	REQUIRE_EQ(ptrace(PT_LWP_EVENTS, wpid, NULL, 1), 0);
1349 
1350 	/* Continue the child ignoring the SIGSTOP. */
1351 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1352 
1353 	/* The first event should be for the child thread's birth. */
1354 	wpid = waitpid(fpid, &status, 0);
1355 	REQUIRE_EQ(wpid, fpid);
1356 	ATF_REQUIRE(WIFSTOPPED(status));
1357 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1358 
1359 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1360 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
1361 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1362 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
1363 	lwps[1] = pl.pl_lwpid;
1364 
1365 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1366 
1367 	/* The next event should be for the child thread's death. */
1368 	wpid = waitpid(fpid, &status, 0);
1369 	REQUIRE_EQ(wpid, fpid);
1370 	ATF_REQUIRE(WIFSTOPPED(status));
1371 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1372 
1373 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1374 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_EXITED | PL_FLAG_SCE)),
1375 	    (PL_FLAG_EXITED | PL_FLAG_SCE));
1376 	REQUIRE_EQ(pl.pl_lwpid, lwps[1]);
1377 
1378 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1379 
1380 	/* The last event should be for the child process's exit. */
1381 	wpid = waitpid(fpid, &status, 0);
1382 	ATF_REQUIRE(WIFEXITED(status));
1383 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1384 
1385 	wpid = wait(&status);
1386 	REQUIRE_EQ(wpid, -1);
1387 	REQUIRE_EQ(errno, ECHILD);
1388 }
1389 
1390 static void *
1391 exec_thread(void *arg __unused)
1392 {
1393 
1394 	execl("/usr/bin/true", "true", NULL);
1395 	exit(127);
1396 }
1397 
1398 static __dead2 void
1399 exec_thread_main(void)
1400 {
1401 	pthread_t thread;
1402 
1403 	CHILD_REQUIRE_EQ(pthread_create(&thread, NULL, exec_thread, NULL), 0);
1404 	for (;;)
1405 		sleep(60);
1406 	exit(1);
1407 }
1408 
1409 /*
1410  * Verify that the expected LWP events are reported for a multithreaded
1411  * process that calls execve(2).
1412  */
1413 ATF_TC_WITHOUT_HEAD(ptrace__lwp_events_exec);
1414 ATF_TC_BODY(ptrace__lwp_events_exec, tc)
1415 {
1416 	struct ptrace_lwpinfo pl;
1417 	pid_t fpid, wpid;
1418 	lwpid_t lwps[2];
1419 	int status;
1420 
1421 	ATF_REQUIRE((fpid = fork()) != -1);
1422 	if (fpid == 0) {
1423 		trace_me();
1424 		exec_thread_main();
1425 	}
1426 
1427 	/* The first wait() should report the stop from SIGSTOP. */
1428 	wpid = waitpid(fpid, &status, 0);
1429 	REQUIRE_EQ(wpid, fpid);
1430 	ATF_REQUIRE(WIFSTOPPED(status));
1431 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1432 
1433 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1434 	    sizeof(pl)) != -1);
1435 	lwps[0] = pl.pl_lwpid;
1436 
1437 	REQUIRE_EQ(ptrace(PT_LWP_EVENTS, wpid, NULL, 1), 0);
1438 
1439 	/* Continue the child ignoring the SIGSTOP. */
1440 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1441 
1442 	/* The first event should be for the child thread's birth. */
1443 	wpid = waitpid(fpid, &status, 0);
1444 	REQUIRE_EQ(wpid, fpid);
1445 	ATF_REQUIRE(WIFSTOPPED(status));
1446 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1447 
1448 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1449 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
1450 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1451 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
1452 	lwps[1] = pl.pl_lwpid;
1453 
1454 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1455 
1456 	/*
1457 	 * The next event should be for the main thread's death due to
1458 	 * single threading from execve().
1459 	 */
1460 	wpid = waitpid(fpid, &status, 0);
1461 	REQUIRE_EQ(wpid, fpid);
1462 	ATF_REQUIRE(WIFSTOPPED(status));
1463 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1464 
1465 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1466 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_EXITED | PL_FLAG_SCE)),
1467 	    (PL_FLAG_EXITED));
1468 	REQUIRE_EQ(pl.pl_lwpid, lwps[0]);
1469 
1470 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1471 
1472 	/* The next event should be for the child process's exec. */
1473 	wpid = waitpid(fpid, &status, 0);
1474 	ATF_REQUIRE(WIFSTOPPED(status));
1475 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1476 
1477 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1478 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_EXEC | PL_FLAG_SCX)),
1479 	    (PL_FLAG_EXEC | PL_FLAG_SCX));
1480 	REQUIRE_EQ(pl.pl_lwpid, lwps[1]);
1481 
1482 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1483 
1484 	/* The last event should be for the child process's exit. */
1485 	wpid = waitpid(fpid, &status, 0);
1486 	ATF_REQUIRE(WIFEXITED(status));
1487 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1488 
1489 	wpid = wait(&status);
1490 	REQUIRE_EQ(wpid, -1);
1491 	REQUIRE_EQ(errno, ECHILD);
1492 }
1493 
1494 static void
1495 handler(int sig __unused)
1496 {
1497 }
1498 
1499 static void
1500 signal_main(void)
1501 {
1502 
1503 	signal(SIGINFO, handler);
1504 	raise(SIGINFO);
1505 	exit(0);
1506 }
1507 
1508 /*
1509  * Verify that the expected ptrace event is reported for a signal.
1510  */
1511 ATF_TC_WITHOUT_HEAD(ptrace__siginfo);
1512 ATF_TC_BODY(ptrace__siginfo, tc)
1513 {
1514 	struct ptrace_lwpinfo pl;
1515 	pid_t fpid, wpid;
1516 	int status;
1517 
1518 	ATF_REQUIRE((fpid = fork()) != -1);
1519 	if (fpid == 0) {
1520 		trace_me();
1521 		signal_main();
1522 	}
1523 
1524 	/* The first wait() should report the stop from SIGSTOP. */
1525 	wpid = waitpid(fpid, &status, 0);
1526 	REQUIRE_EQ(wpid, fpid);
1527 	ATF_REQUIRE(WIFSTOPPED(status));
1528 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1529 
1530 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1531 
1532 	/* The next event should be for the SIGINFO. */
1533 	wpid = waitpid(fpid, &status, 0);
1534 	ATF_REQUIRE(WIFSTOPPED(status));
1535 	REQUIRE_EQ(WSTOPSIG(status), SIGINFO);
1536 
1537 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1538 	REQUIRE_EQ(pl.pl_event, PL_EVENT_SIGNAL);
1539 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
1540 	REQUIRE_EQ(pl.pl_siginfo.si_code, SI_LWP);
1541 	REQUIRE_EQ(pl.pl_siginfo.si_pid, wpid);
1542 
1543 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1544 
1545 	/* The last event should be for the child process's exit. */
1546 	wpid = waitpid(fpid, &status, 0);
1547 	ATF_REQUIRE(WIFEXITED(status));
1548 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1549 
1550 	wpid = wait(&status);
1551 	REQUIRE_EQ(wpid, -1);
1552 	REQUIRE_EQ(errno, ECHILD);
1553 }
1554 
1555 /*
1556  * Verify that the expected ptrace events are reported for PTRACE_EXEC.
1557  */
1558 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_exec_disable);
1559 ATF_TC_BODY(ptrace__ptrace_exec_disable, tc)
1560 {
1561 	pid_t fpid, wpid;
1562 	int events, status;
1563 
1564 	ATF_REQUIRE((fpid = fork()) != -1);
1565 	if (fpid == 0) {
1566 		trace_me();
1567 		exec_thread(NULL);
1568 	}
1569 
1570 	/* The first wait() should report the stop from SIGSTOP. */
1571 	wpid = waitpid(fpid, &status, 0);
1572 	REQUIRE_EQ(wpid, fpid);
1573 	ATF_REQUIRE(WIFSTOPPED(status));
1574 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1575 
1576 	events = 0;
1577 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
1578 	    sizeof(events)) == 0);
1579 
1580 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1581 
1582 	/* Should get one event at exit. */
1583 	wpid = waitpid(fpid, &status, 0);
1584 	ATF_REQUIRE(WIFEXITED(status));
1585 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1586 
1587 	wpid = wait(&status);
1588 	REQUIRE_EQ(wpid, -1);
1589 	REQUIRE_EQ(errno, ECHILD);
1590 }
1591 
1592 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_exec_enable);
1593 ATF_TC_BODY(ptrace__ptrace_exec_enable, tc)
1594 {
1595 	struct ptrace_lwpinfo pl;
1596 	pid_t fpid, wpid;
1597 	int events, status;
1598 
1599 	ATF_REQUIRE((fpid = fork()) != -1);
1600 	if (fpid == 0) {
1601 		trace_me();
1602 		exec_thread(NULL);
1603 	}
1604 
1605 	/* The first wait() should report the stop from SIGSTOP. */
1606 	wpid = waitpid(fpid, &status, 0);
1607 	REQUIRE_EQ(wpid, fpid);
1608 	ATF_REQUIRE(WIFSTOPPED(status));
1609 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1610 
1611 	events = PTRACE_EXEC;
1612 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
1613 	    sizeof(events)) == 0);
1614 
1615 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1616 
1617 	/* The next event should be for the child process's exec. */
1618 	wpid = waitpid(fpid, &status, 0);
1619 	ATF_REQUIRE(WIFSTOPPED(status));
1620 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1621 
1622 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1623 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_EXEC | PL_FLAG_SCX)),
1624 	    (PL_FLAG_EXEC | PL_FLAG_SCX));
1625 
1626 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1627 
1628 	/* The last event should be for the child process's exit. */
1629 	wpid = waitpid(fpid, &status, 0);
1630 	ATF_REQUIRE(WIFEXITED(status));
1631 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1632 
1633 	wpid = wait(&status);
1634 	REQUIRE_EQ(wpid, -1);
1635 	REQUIRE_EQ(errno, ECHILD);
1636 }
1637 
1638 ATF_TC_WITHOUT_HEAD(ptrace__event_mask);
1639 ATF_TC_BODY(ptrace__event_mask, tc)
1640 {
1641 	pid_t fpid, wpid;
1642 	int events, status;
1643 
1644 	ATF_REQUIRE((fpid = fork()) != -1);
1645 	if (fpid == 0) {
1646 		trace_me();
1647 		exit(0);
1648 	}
1649 
1650 	/* The first wait() should report the stop from SIGSTOP. */
1651 	wpid = waitpid(fpid, &status, 0);
1652 	REQUIRE_EQ(wpid, fpid);
1653 	ATF_REQUIRE(WIFSTOPPED(status));
1654 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1655 
1656 	/* PT_FOLLOW_FORK should toggle the state of PTRACE_FORK. */
1657 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, fpid, NULL, 1) != -1);
1658 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1659 	    sizeof(events)) == 0);
1660 	ATF_REQUIRE(events & PTRACE_FORK);
1661 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, fpid, NULL, 0) != -1);
1662 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1663 	    sizeof(events)) == 0);
1664 	ATF_REQUIRE(!(events & PTRACE_FORK));
1665 
1666 	/* PT_LWP_EVENTS should toggle the state of PTRACE_LWP. */
1667 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, fpid, NULL, 1) != -1);
1668 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1669 	    sizeof(events)) == 0);
1670 	ATF_REQUIRE(events & PTRACE_LWP);
1671 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, fpid, NULL, 0) != -1);
1672 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1673 	    sizeof(events)) == 0);
1674 	ATF_REQUIRE(!(events & PTRACE_LWP));
1675 
1676 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1677 
1678 	/* Should get one event at exit. */
1679 	wpid = waitpid(fpid, &status, 0);
1680 	ATF_REQUIRE(WIFEXITED(status));
1681 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1682 
1683 	wpid = wait(&status);
1684 	REQUIRE_EQ(wpid, -1);
1685 	REQUIRE_EQ(errno, ECHILD);
1686 }
1687 
1688 /*
1689  * Verify that the expected ptrace events are reported for PTRACE_VFORK.
1690  */
1691 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_vfork);
1692 ATF_TC_BODY(ptrace__ptrace_vfork, tc)
1693 {
1694 	struct ptrace_lwpinfo pl;
1695 	pid_t fpid, wpid;
1696 	int events, status;
1697 
1698 	ATF_REQUIRE((fpid = fork()) != -1);
1699 	if (fpid == 0) {
1700 		trace_me();
1701 		follow_fork_parent(true);
1702 	}
1703 
1704 	/* The first wait() should report the stop from SIGSTOP. */
1705 	wpid = waitpid(fpid, &status, 0);
1706 	REQUIRE_EQ(wpid, fpid);
1707 	ATF_REQUIRE(WIFSTOPPED(status));
1708 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1709 
1710 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1711 	    sizeof(events)) == 0);
1712 	events |= PTRACE_VFORK;
1713 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
1714 	    sizeof(events)) == 0);
1715 
1716 	/* Continue the child ignoring the SIGSTOP. */
1717 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) != -1);
1718 
1719 	/* The next event should report the end of the vfork. */
1720 	wpid = wait(&status);
1721 	REQUIRE_EQ(wpid, fpid);
1722 	ATF_REQUIRE(WIFSTOPPED(status));
1723 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1724 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1725 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_VFORK_DONE) != 0);
1726 
1727 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) != -1);
1728 
1729 	wpid = wait(&status);
1730 	REQUIRE_EQ(wpid, fpid);
1731 	ATF_REQUIRE(WIFEXITED(status));
1732 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1733 
1734 	wpid = wait(&status);
1735 	REQUIRE_EQ(wpid, -1);
1736 	REQUIRE_EQ(errno, ECHILD);
1737 }
1738 
1739 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_vfork_follow);
1740 ATF_TC_BODY(ptrace__ptrace_vfork_follow, tc)
1741 {
1742 	struct ptrace_lwpinfo pl[2];
1743 	pid_t children[2], fpid, wpid;
1744 	int events, status;
1745 
1746 	ATF_REQUIRE((fpid = fork()) != -1);
1747 	if (fpid == 0) {
1748 		trace_me();
1749 		follow_fork_parent(true);
1750 	}
1751 
1752 	/* Parent process. */
1753 	children[0] = fpid;
1754 
1755 	/* The first wait() should report the stop from SIGSTOP. */
1756 	wpid = waitpid(children[0], &status, 0);
1757 	REQUIRE_EQ(wpid, children[0]);
1758 	ATF_REQUIRE(WIFSTOPPED(status));
1759 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1760 
1761 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, children[0], (caddr_t)&events,
1762 	    sizeof(events)) == 0);
1763 	events |= PTRACE_FORK | PTRACE_VFORK;
1764 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, children[0], (caddr_t)&events,
1765 	    sizeof(events)) == 0);
1766 
1767 	/* Continue the child ignoring the SIGSTOP. */
1768 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1769 
1770 	/* Wait for both halves of the fork event to get reported. */
1771 	children[1] = handle_fork_events(children[0], pl);
1772 	ATF_REQUIRE(children[1] > 0);
1773 
1774 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_VFORKED) != 0);
1775 
1776 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1777 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1778 
1779 	/*
1780 	 * The child can't exit until the grandchild reports status, so the
1781 	 * grandchild should report its exit first to the debugger.
1782 	 */
1783 	wpid = waitpid(children[1], &status, 0);
1784 	REQUIRE_EQ(wpid, children[1]);
1785 	ATF_REQUIRE(WIFEXITED(status));
1786 	REQUIRE_EQ(WEXITSTATUS(status), 2);
1787 
1788 	/*
1789 	 * The child should report it's vfork() completion before it
1790 	 * exits.
1791 	 */
1792 	wpid = wait(&status);
1793 	REQUIRE_EQ(wpid, children[0]);
1794 	ATF_REQUIRE(WIFSTOPPED(status));
1795 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1796 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl[0], sizeof(pl[0])) !=
1797 	    -1);
1798 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_VFORK_DONE) != 0);
1799 
1800 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1801 
1802 	wpid = wait(&status);
1803 	REQUIRE_EQ(wpid, children[0]);
1804 	ATF_REQUIRE(WIFEXITED(status));
1805 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1806 
1807 	wpid = wait(&status);
1808 	REQUIRE_EQ(wpid, -1);
1809 	REQUIRE_EQ(errno, ECHILD);
1810 }
1811 
1812 #ifdef HAVE_BREAKPOINT
1813 /*
1814  * Verify that no more events are reported after PT_KILL except for the
1815  * process exit when stopped due to a breakpoint trap.
1816  */
1817 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_breakpoint);
1818 ATF_TC_BODY(ptrace__PT_KILL_breakpoint, tc)
1819 {
1820 	pid_t fpid, wpid;
1821 	int status;
1822 
1823 	ATF_REQUIRE((fpid = fork()) != -1);
1824 	if (fpid == 0) {
1825 		trace_me();
1826 		breakpoint();
1827 		exit(1);
1828 	}
1829 
1830 	/* The first wait() should report the stop from SIGSTOP. */
1831 	wpid = waitpid(fpid, &status, 0);
1832 	REQUIRE_EQ(wpid, fpid);
1833 	ATF_REQUIRE(WIFSTOPPED(status));
1834 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1835 
1836 	/* Continue the child ignoring the SIGSTOP. */
1837 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1838 
1839 	/* The second wait() should report hitting the breakpoint. */
1840 	wpid = waitpid(fpid, &status, 0);
1841 	REQUIRE_EQ(wpid, fpid);
1842 	ATF_REQUIRE(WIFSTOPPED(status));
1843 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1844 
1845 	/* Kill the child process. */
1846 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
1847 
1848 	/* The last wait() should report the SIGKILL. */
1849 	wpid = waitpid(fpid, &status, 0);
1850 	REQUIRE_EQ(wpid, fpid);
1851 	ATF_REQUIRE(WIFSIGNALED(status));
1852 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
1853 
1854 	wpid = wait(&status);
1855 	REQUIRE_EQ(wpid, -1);
1856 	REQUIRE_EQ(errno, ECHILD);
1857 }
1858 #endif /* HAVE_BREAKPOINT */
1859 
1860 /*
1861  * Verify that no more events are reported after PT_KILL except for the
1862  * process exit when stopped inside of a system call.
1863  */
1864 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_system_call);
1865 ATF_TC_BODY(ptrace__PT_KILL_system_call, tc)
1866 {
1867 	struct ptrace_lwpinfo pl;
1868 	pid_t fpid, wpid;
1869 	int status;
1870 
1871 	ATF_REQUIRE((fpid = fork()) != -1);
1872 	if (fpid == 0) {
1873 		trace_me();
1874 		getpid();
1875 		exit(1);
1876 	}
1877 
1878 	/* The first wait() should report the stop from SIGSTOP. */
1879 	wpid = waitpid(fpid, &status, 0);
1880 	REQUIRE_EQ(wpid, fpid);
1881 	ATF_REQUIRE(WIFSTOPPED(status));
1882 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1883 
1884 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
1885 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
1886 
1887 	/* The second wait() should report a system call entry for getpid(). */
1888 	wpid = waitpid(fpid, &status, 0);
1889 	REQUIRE_EQ(wpid, fpid);
1890 	ATF_REQUIRE(WIFSTOPPED(status));
1891 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1892 
1893 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1894 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
1895 
1896 	/* Kill the child process. */
1897 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
1898 
1899 	/* The last wait() should report the SIGKILL. */
1900 	wpid = waitpid(fpid, &status, 0);
1901 	REQUIRE_EQ(wpid, fpid);
1902 	ATF_REQUIRE(WIFSIGNALED(status));
1903 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
1904 
1905 	wpid = wait(&status);
1906 	REQUIRE_EQ(wpid, -1);
1907 	REQUIRE_EQ(errno, ECHILD);
1908 }
1909 
1910 /*
1911  * Verify that no more events are reported after PT_KILL except for the
1912  * process exit when killing a multithreaded process.
1913  */
1914 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_threads);
1915 ATF_TC_BODY(ptrace__PT_KILL_threads, tc)
1916 {
1917 	struct ptrace_lwpinfo pl;
1918 	pid_t fpid, wpid;
1919 	lwpid_t main_lwp;
1920 	int status;
1921 
1922 	ATF_REQUIRE((fpid = fork()) != -1);
1923 	if (fpid == 0) {
1924 		trace_me();
1925 		simple_thread_main();
1926 	}
1927 
1928 	/* The first wait() should report the stop from SIGSTOP. */
1929 	wpid = waitpid(fpid, &status, 0);
1930 	REQUIRE_EQ(wpid, fpid);
1931 	ATF_REQUIRE(WIFSTOPPED(status));
1932 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1933 
1934 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1935 	    sizeof(pl)) != -1);
1936 	main_lwp = pl.pl_lwpid;
1937 
1938 	REQUIRE_EQ(ptrace(PT_LWP_EVENTS, wpid, NULL, 1), 0);
1939 
1940 	/* Continue the child ignoring the SIGSTOP. */
1941 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1942 
1943 	/* The first event should be for the child thread's birth. */
1944 	wpid = waitpid(fpid, &status, 0);
1945 	REQUIRE_EQ(wpid, fpid);
1946 	ATF_REQUIRE(WIFSTOPPED(status));
1947 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1948 
1949 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1950 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
1951 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1952 	ATF_REQUIRE(pl.pl_lwpid != main_lwp);
1953 
1954 	/* Kill the child process. */
1955 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
1956 
1957 	/* The last wait() should report the SIGKILL. */
1958 	wpid = waitpid(fpid, &status, 0);
1959 	REQUIRE_EQ(wpid, fpid);
1960 	ATF_REQUIRE(WIFSIGNALED(status));
1961 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
1962 
1963 	wpid = wait(&status);
1964 	REQUIRE_EQ(wpid, -1);
1965 	REQUIRE_EQ(errno, ECHILD);
1966 }
1967 
1968 static void *
1969 mask_usr1_thread(void *arg)
1970 {
1971 	pthread_barrier_t *pbarrier;
1972 	sigset_t sigmask;
1973 
1974 	pbarrier = (pthread_barrier_t*)arg;
1975 
1976 	sigemptyset(&sigmask);
1977 	sigaddset(&sigmask, SIGUSR1);
1978 	CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
1979 
1980 	/* Sync up with other thread after sigmask updated. */
1981 	pthread_barrier_wait(pbarrier);
1982 
1983 	for (;;)
1984 		sleep(60);
1985 
1986 	return (NULL);
1987 }
1988 
1989 /*
1990  * Verify that the SIGKILL from PT_KILL takes priority over other signals
1991  * and prevents spurious stops due to those other signals.
1992  */
1993 ATF_TC(ptrace__PT_KILL_competing_signal);
1994 ATF_TC_HEAD(ptrace__PT_KILL_competing_signal, tc)
1995 {
1996 
1997 	atf_tc_set_md_var(tc, "require.user", "root");
1998 }
1999 ATF_TC_BODY(ptrace__PT_KILL_competing_signal, tc)
2000 {
2001 	pid_t fpid, wpid;
2002 	int status;
2003 	cpuset_t setmask;
2004 	pthread_t t;
2005 	pthread_barrier_t barrier;
2006 	struct sched_param sched_param;
2007 
2008 	ATF_REQUIRE((fpid = fork()) != -1);
2009 	if (fpid == 0) {
2010 		/* Bind to one CPU so only one thread at a time will run. */
2011 		CPU_ZERO(&setmask);
2012 		CPU_SET(0, &setmask);
2013 		cpusetid_t setid;
2014 		CHILD_REQUIRE_EQ(cpuset(&setid), 0);
2015 		CHILD_REQUIRE(cpuset_setaffinity(CPU_LEVEL_CPUSET,
2016 		    CPU_WHICH_CPUSET, setid, sizeof(setmask), &setmask) == 0);
2017 
2018 		CHILD_REQUIRE_EQ(pthread_barrier_init(&barrier, NULL, 2), 0);
2019 
2020 		CHILD_REQUIRE(pthread_create(&t, NULL, mask_usr1_thread,
2021 		    (void*)&barrier) == 0);
2022 
2023 		/*
2024 		 * Give the main thread higher priority. The test always
2025 		 * assumes that, if both threads are able to run, the main
2026 		 * thread runs first.
2027 		 */
2028 		sched_param.sched_priority =
2029 		    (sched_get_priority_max(SCHED_FIFO) +
2030 		    sched_get_priority_min(SCHED_FIFO)) / 2;
2031 		CHILD_REQUIRE(pthread_setschedparam(pthread_self(),
2032 		    SCHED_FIFO, &sched_param) == 0);
2033 		sched_param.sched_priority -= RQ_PPQ;
2034 		CHILD_REQUIRE(pthread_setschedparam(t, SCHED_FIFO,
2035 		    &sched_param) == 0);
2036 
2037 		sigset_t sigmask;
2038 		sigemptyset(&sigmask);
2039 		sigaddset(&sigmask, SIGUSR2);
2040 		CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
2041 
2042 		/* Sync up with other thread after sigmask updated. */
2043 		pthread_barrier_wait(&barrier);
2044 
2045 		trace_me();
2046 
2047 		for (;;)
2048 			sleep(60);
2049 
2050 		exit(1);
2051 	}
2052 
2053 	/* The first wait() should report the stop from SIGSTOP. */
2054 	wpid = waitpid(fpid, &status, 0);
2055 	REQUIRE_EQ(wpid, fpid);
2056 	ATF_REQUIRE(WIFSTOPPED(status));
2057 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2058 
2059 	/* Continue the child ignoring the SIGSTOP. */
2060 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2061 
2062 	/* Send a signal that only the second thread can handle. */
2063 	REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
2064 
2065 	/* The second wait() should report the SIGUSR2. */
2066 	wpid = waitpid(fpid, &status, 0);
2067 	REQUIRE_EQ(wpid, fpid);
2068 	ATF_REQUIRE(WIFSTOPPED(status));
2069 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
2070 
2071 	/* Send a signal that only the first thread can handle. */
2072 	REQUIRE_EQ(kill(fpid, SIGUSR1), 0);
2073 
2074 	/* Replace the SIGUSR2 with a kill. */
2075 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
2076 
2077 	/* The last wait() should report the SIGKILL (not the SIGUSR signal). */
2078 	wpid = waitpid(fpid, &status, 0);
2079 	REQUIRE_EQ(wpid, fpid);
2080 	ATF_REQUIRE(WIFSIGNALED(status));
2081 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
2082 
2083 	wpid = wait(&status);
2084 	REQUIRE_EQ(wpid, -1);
2085 	REQUIRE_EQ(errno, ECHILD);
2086 }
2087 
2088 /*
2089  * Verify that the SIGKILL from PT_KILL takes priority over other stop events
2090  * and prevents spurious stops caused by those events.
2091  */
2092 ATF_TC(ptrace__PT_KILL_competing_stop);
2093 ATF_TC_HEAD(ptrace__PT_KILL_competing_stop, tc)
2094 {
2095 
2096 	atf_tc_set_md_var(tc, "require.user", "root");
2097 }
2098 ATF_TC_BODY(ptrace__PT_KILL_competing_stop, tc)
2099 {
2100 	pid_t fpid, wpid;
2101 	int status;
2102 	cpuset_t setmask;
2103 	pthread_t t;
2104 	pthread_barrier_t barrier;
2105 	lwpid_t main_lwp;
2106 	struct ptrace_lwpinfo pl;
2107 	struct sched_param sched_param;
2108 
2109 	ATF_REQUIRE((fpid = fork()) != -1);
2110 	if (fpid == 0) {
2111 		trace_me();
2112 
2113 		/* Bind to one CPU so only one thread at a time will run. */
2114 		CPU_ZERO(&setmask);
2115 		CPU_SET(0, &setmask);
2116 		cpusetid_t setid;
2117 		CHILD_REQUIRE_EQ(cpuset(&setid), 0);
2118 		CHILD_REQUIRE(cpuset_setaffinity(CPU_LEVEL_CPUSET,
2119 		    CPU_WHICH_CPUSET, setid, sizeof(setmask), &setmask) == 0);
2120 
2121 		CHILD_REQUIRE_EQ(pthread_barrier_init(&barrier, NULL, 2), 0);
2122 
2123 		CHILD_REQUIRE(pthread_create(&t, NULL, mask_usr1_thread,
2124 		    (void*)&barrier) == 0);
2125 
2126 		/*
2127 		 * Give the main thread higher priority. The test always
2128 		 * assumes that, if both threads are able to run, the main
2129 		 * thread runs first.
2130 		 */
2131 		sched_param.sched_priority =
2132 		    (sched_get_priority_max(SCHED_FIFO) +
2133 		    sched_get_priority_min(SCHED_FIFO)) / 2;
2134 		CHILD_REQUIRE(pthread_setschedparam(pthread_self(),
2135 		    SCHED_FIFO, &sched_param) == 0);
2136 		sched_param.sched_priority -= RQ_PPQ;
2137 		CHILD_REQUIRE(pthread_setschedparam(t, SCHED_FIFO,
2138 		    &sched_param) == 0);
2139 
2140 		sigset_t sigmask;
2141 		sigemptyset(&sigmask);
2142 		sigaddset(&sigmask, SIGUSR2);
2143 		CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
2144 
2145 		/* Sync up with other thread after sigmask updated. */
2146 		pthread_barrier_wait(&barrier);
2147 
2148 		/* Sync up with the test before doing the getpid(). */
2149 		raise(SIGSTOP);
2150 
2151 		getpid();
2152 		exit(1);
2153 	}
2154 
2155 	/* The first wait() should report the stop from SIGSTOP. */
2156 	wpid = waitpid(fpid, &status, 0);
2157 	REQUIRE_EQ(wpid, fpid);
2158 	ATF_REQUIRE(WIFSTOPPED(status));
2159 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2160 
2161 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2162 	main_lwp = pl.pl_lwpid;
2163 
2164 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2165 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2166 
2167 	/*
2168 	 * Continue until child is done with setup, which is indicated with
2169 	 * SIGSTOP. Ignore system calls in the meantime.
2170 	 */
2171 	for (;;) {
2172 		wpid = waitpid(fpid, &status, 0);
2173 		REQUIRE_EQ(wpid, fpid);
2174 		ATF_REQUIRE(WIFSTOPPED(status));
2175 		if (WSTOPSIG(status) == SIGTRAP) {
2176 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
2177 			    sizeof(pl)) != -1);
2178 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2179 		} else {
2180 			REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2181 			break;
2182 		}
2183 		REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2184 	}
2185 
2186 	/* Proceed, allowing main thread to hit syscall entry for getpid(). */
2187 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2188 
2189 	wpid = waitpid(fpid, &status, 0);
2190 	REQUIRE_EQ(wpid, fpid);
2191 	ATF_REQUIRE(WIFSTOPPED(status));
2192 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2193 
2194 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
2195 	    sizeof(pl)) != -1);
2196 	REQUIRE_EQ(pl.pl_lwpid, main_lwp);
2197 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2198 	/* Prevent the main thread from hitting its syscall exit for now. */
2199 	REQUIRE_EQ(ptrace(PT_SUSPEND, main_lwp, 0, 0), 0);
2200 
2201 	/*
2202 	 * Proceed, allowing second thread to hit syscall exit for
2203 	 * pthread_barrier_wait().
2204 	 */
2205 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2206 
2207 	wpid = waitpid(fpid, &status, 0);
2208 	REQUIRE_EQ(wpid, fpid);
2209 	ATF_REQUIRE(WIFSTOPPED(status));
2210 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2211 
2212 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
2213 	    sizeof(pl)) != -1);
2214 	ATF_REQUIRE(pl.pl_lwpid != main_lwp);
2215 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
2216 
2217 	/* Send a signal that only the second thread can handle. */
2218 	REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
2219 
2220 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2221 
2222 	/* The next wait() should report the SIGUSR2. */
2223 	wpid = waitpid(fpid, &status, 0);
2224 	REQUIRE_EQ(wpid, fpid);
2225 	ATF_REQUIRE(WIFSTOPPED(status));
2226 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
2227 
2228 	/* Allow the main thread to try to finish its system call. */
2229 	REQUIRE_EQ(ptrace(PT_RESUME, main_lwp, 0, 0), 0);
2230 
2231 	/*
2232 	 * At this point, the main thread is in the middle of a system call and
2233 	 * has been resumed. The second thread has taken a SIGUSR2 which will
2234 	 * be replaced with a SIGKILL below. The main thread will get to run
2235 	 * first. It should notice the kill request (even though the signal
2236 	 * replacement occurred in the other thread) and exit accordingly.  It
2237 	 * should not stop for the system call exit event.
2238 	 */
2239 
2240 	/* Replace the SIGUSR2 with a kill. */
2241 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
2242 
2243 	/* The last wait() should report the SIGKILL (not a syscall exit). */
2244 	wpid = waitpid(fpid, &status, 0);
2245 	REQUIRE_EQ(wpid, fpid);
2246 	ATF_REQUIRE(WIFSIGNALED(status));
2247 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
2248 
2249 	wpid = wait(&status);
2250 	REQUIRE_EQ(wpid, -1);
2251 	REQUIRE_EQ(errno, ECHILD);
2252 }
2253 
2254 static void
2255 sigusr1_handler(int sig)
2256 {
2257 
2258 	CHILD_REQUIRE_EQ(sig, SIGUSR1);
2259 	_exit(2);
2260 }
2261 
2262 /*
2263  * Verify that even if the signal queue is full for a child process,
2264  * a PT_KILL will kill the process.
2265  */
2266 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_with_signal_full_sigqueue);
2267 ATF_TC_BODY(ptrace__PT_KILL_with_signal_full_sigqueue, tc)
2268 {
2269 	pid_t fpid, wpid;
2270 	int status;
2271 	int max_pending_per_proc;
2272 	size_t len;
2273 	int i;
2274 
2275 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_handler) != SIG_ERR);
2276 
2277 	ATF_REQUIRE((fpid = fork()) != -1);
2278 	if (fpid == 0) {
2279 		trace_me();
2280 		exit(1);
2281 	}
2282 
2283 	/* The first wait() should report the stop from SIGSTOP. */
2284 	wpid = waitpid(fpid, &status, 0);
2285 	REQUIRE_EQ(wpid, fpid);
2286 	ATF_REQUIRE(WIFSTOPPED(status));
2287 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2288 
2289 	len = sizeof(max_pending_per_proc);
2290 	ATF_REQUIRE(sysctlbyname("kern.sigqueue.max_pending_per_proc",
2291 	    &max_pending_per_proc, &len, NULL, 0) == 0);
2292 
2293 	/* Fill the signal queue. */
2294 	for (i = 0; i < max_pending_per_proc; ++i)
2295 		REQUIRE_EQ(kill(fpid, SIGUSR1), 0);
2296 
2297 	/* Kill the child process. */
2298 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
2299 
2300 	/* The last wait() should report the SIGKILL. */
2301 	wpid = waitpid(fpid, &status, 0);
2302 	REQUIRE_EQ(wpid, fpid);
2303 	ATF_REQUIRE(WIFSIGNALED(status));
2304 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
2305 
2306 	wpid = wait(&status);
2307 	REQUIRE_EQ(wpid, -1);
2308 	REQUIRE_EQ(errno, ECHILD);
2309 }
2310 
2311 /*
2312  * Verify that when stopped at a system call entry, a signal can be
2313  * requested with PT_CONTINUE which will be delivered once the system
2314  * call is complete.
2315  */
2316 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_system_call_entry);
2317 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_system_call_entry, tc)
2318 {
2319 	struct ptrace_lwpinfo pl;
2320 	pid_t fpid, wpid;
2321 	int status;
2322 
2323 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_handler) != SIG_ERR);
2324 
2325 	ATF_REQUIRE((fpid = fork()) != -1);
2326 	if (fpid == 0) {
2327 		trace_me();
2328 		getpid();
2329 		exit(1);
2330 	}
2331 
2332 	/* The first wait() should report the stop from SIGSTOP. */
2333 	wpid = waitpid(fpid, &status, 0);
2334 	REQUIRE_EQ(wpid, fpid);
2335 	ATF_REQUIRE(WIFSTOPPED(status));
2336 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2337 
2338 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2339 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2340 
2341 	/* The second wait() should report a system call entry for getpid(). */
2342 	wpid = waitpid(fpid, &status, 0);
2343 	REQUIRE_EQ(wpid, fpid);
2344 	ATF_REQUIRE(WIFSTOPPED(status));
2345 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2346 
2347 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2348 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2349 
2350 	/* Continue the child process with a signal. */
2351 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2352 
2353 	for (;;) {
2354 		/*
2355 		 * The last wait() should report exit 2, i.e., a normal _exit
2356 		 * from the signal handler. In the meantime, catch and proceed
2357 		 * past any syscall stops.
2358 		 */
2359 		wpid = waitpid(fpid, &status, 0);
2360 		REQUIRE_EQ(wpid, fpid);
2361 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2362 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2363 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2364 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2365 		} else {
2366 			ATF_REQUIRE(WIFEXITED(status));
2367 			REQUIRE_EQ(WEXITSTATUS(status), 2);
2368 			break;
2369 		}
2370 	}
2371 
2372 	wpid = wait(&status);
2373 	REQUIRE_EQ(wpid, -1);
2374 	REQUIRE_EQ(errno, ECHILD);
2375 }
2376 
2377 static void
2378 sigusr1_counting_handler(int sig)
2379 {
2380 	static int counter = 0;
2381 
2382 	CHILD_REQUIRE_EQ(sig, SIGUSR1);
2383 	counter++;
2384 	if (counter == 2)
2385 		_exit(2);
2386 }
2387 
2388 /*
2389  * Verify that, when continuing from a stop at system call entry and exit,
2390  * a signal can be requested from both stops, and both will be delivered when
2391  * the system call is complete.
2392  */
2393 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_system_call_entry_and_exit);
2394 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_system_call_entry_and_exit, tc)
2395 {
2396 	struct ptrace_lwpinfo pl;
2397 	pid_t fpid, wpid;
2398 	int status;
2399 
2400 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_counting_handler) != SIG_ERR);
2401 
2402 	ATF_REQUIRE((fpid = fork()) != -1);
2403 	if (fpid == 0) {
2404 		trace_me();
2405 		getpid();
2406 		exit(1);
2407 	}
2408 
2409 	/* The first wait() should report the stop from SIGSTOP. */
2410 	wpid = waitpid(fpid, &status, 0);
2411 	REQUIRE_EQ(wpid, fpid);
2412 	ATF_REQUIRE(WIFSTOPPED(status));
2413 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2414 
2415 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2416 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2417 
2418 	/* The second wait() should report a system call entry for getpid(). */
2419 	wpid = waitpid(fpid, &status, 0);
2420 	REQUIRE_EQ(wpid, fpid);
2421 	ATF_REQUIRE(WIFSTOPPED(status));
2422 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2423 
2424 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2425 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2426 
2427 	/* Continue the child process with a signal. */
2428 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2429 
2430 	/* The third wait() should report a system call exit for getpid(). */
2431 	wpid = waitpid(fpid, &status, 0);
2432 	REQUIRE_EQ(wpid, fpid);
2433 	ATF_REQUIRE(WIFSTOPPED(status));
2434 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2435 
2436 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2437 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
2438 
2439 	/* Continue the child process with a signal. */
2440 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2441 
2442 	for (;;) {
2443 		/*
2444 		 * The last wait() should report exit 2, i.e., a normal _exit
2445 		 * from the signal handler. In the meantime, catch and proceed
2446 		 * past any syscall stops.
2447 		 */
2448 		wpid = waitpid(fpid, &status, 0);
2449 		REQUIRE_EQ(wpid, fpid);
2450 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2451 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2452 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2453 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2454 		} else {
2455 			ATF_REQUIRE(WIFEXITED(status));
2456 			REQUIRE_EQ(WEXITSTATUS(status), 2);
2457 			break;
2458 		}
2459 	}
2460 
2461 	wpid = wait(&status);
2462 	REQUIRE_EQ(wpid, -1);
2463 	REQUIRE_EQ(errno, ECHILD);
2464 }
2465 
2466 /*
2467  * Verify that even if the signal queue is full for a child process,
2468  * a PT_CONTINUE with a signal will not result in loss of that signal.
2469  */
2470 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_full_sigqueue);
2471 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_full_sigqueue, tc)
2472 {
2473 	pid_t fpid, wpid;
2474 	int status;
2475 	int max_pending_per_proc;
2476 	size_t len;
2477 	int i;
2478 
2479 	ATF_REQUIRE(signal(SIGUSR2, handler) != SIG_ERR);
2480 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_handler) != SIG_ERR);
2481 
2482 	ATF_REQUIRE((fpid = fork()) != -1);
2483 	if (fpid == 0) {
2484 		trace_me();
2485 		exit(1);
2486 	}
2487 
2488 	/* The first wait() should report the stop from SIGSTOP. */
2489 	wpid = waitpid(fpid, &status, 0);
2490 	REQUIRE_EQ(wpid, fpid);
2491 	ATF_REQUIRE(WIFSTOPPED(status));
2492 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2493 
2494 	len = sizeof(max_pending_per_proc);
2495 	ATF_REQUIRE(sysctlbyname("kern.sigqueue.max_pending_per_proc",
2496 	    &max_pending_per_proc, &len, NULL, 0) == 0);
2497 
2498 	/* Fill the signal queue. */
2499 	for (i = 0; i < max_pending_per_proc; ++i)
2500 		REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
2501 
2502 	/* Continue with signal. */
2503 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2504 
2505 	for (;;) {
2506 		wpid = waitpid(fpid, &status, 0);
2507 		REQUIRE_EQ(wpid, fpid);
2508 		if (WIFSTOPPED(status)) {
2509 			REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
2510 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2511 		} else {
2512 			/*
2513 			 * The last wait() should report normal _exit from the
2514 			 * SIGUSR1 handler.
2515 			 */
2516 			ATF_REQUIRE(WIFEXITED(status));
2517 			REQUIRE_EQ(WEXITSTATUS(status), 2);
2518 			break;
2519 		}
2520 	}
2521 
2522 	wpid = wait(&status);
2523 	REQUIRE_EQ(wpid, -1);
2524 	REQUIRE_EQ(errno, ECHILD);
2525 }
2526 
2527 static sem_t sigusr1_sem;
2528 static int got_usr1;
2529 
2530 static void
2531 sigusr1_sempost_handler(int sig __unused)
2532 {
2533 
2534 	got_usr1++;
2535 	CHILD_REQUIRE_EQ(sem_post(&sigusr1_sem), 0);
2536 }
2537 
2538 /*
2539  * Verify that even if the signal queue is full for a child process,
2540  * and the signal is masked, a PT_CONTINUE with a signal will not
2541  * result in loss of that signal.
2542  */
2543 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_masked_full_sigqueue);
2544 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_masked_full_sigqueue, tc)
2545 {
2546 	struct ptrace_lwpinfo pl;
2547 	pid_t fpid, wpid;
2548 	int status, err;
2549 	int max_pending_per_proc;
2550 	size_t len;
2551 	int i;
2552 	sigset_t sigmask;
2553 
2554 	ATF_REQUIRE(signal(SIGUSR2, handler) != SIG_ERR);
2555 	REQUIRE_EQ(sem_init(&sigusr1_sem, 0, 0), 0);
2556 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
2557 
2558 	got_usr1 = 0;
2559 	ATF_REQUIRE((fpid = fork()) != -1);
2560 	if (fpid == 0) {
2561 		CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
2562 		CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
2563 		CHILD_REQUIRE_EQ(sigprocmask(SIG_BLOCK, &sigmask, NULL), 0);
2564 
2565 		trace_me();
2566 		CHILD_REQUIRE_EQ(got_usr1, 0);
2567 
2568 		/* Allow the pending SIGUSR1 in now. */
2569 		CHILD_REQUIRE_EQ(sigprocmask(SIG_UNBLOCK, &sigmask, NULL), 0);
2570 		/* Wait to receive the SIGUSR1. */
2571 		do {
2572 			err = sem_wait(&sigusr1_sem);
2573 			CHILD_REQUIRE(err == 0 || errno == EINTR);
2574 		} while (err != 0 && errno == EINTR);
2575 		CHILD_REQUIRE_EQ(got_usr1, 1);
2576 		exit(1);
2577 	}
2578 
2579 	/* The first wait() should report the stop from SIGSTOP. */
2580 	wpid = waitpid(fpid, &status, 0);
2581 	REQUIRE_EQ(wpid, fpid);
2582 	ATF_REQUIRE(WIFSTOPPED(status));
2583 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2584 
2585 	len = sizeof(max_pending_per_proc);
2586 	ATF_REQUIRE(sysctlbyname("kern.sigqueue.max_pending_per_proc",
2587 	    &max_pending_per_proc, &len, NULL, 0) == 0);
2588 
2589 	/* Fill the signal queue. */
2590 	for (i = 0; i < max_pending_per_proc; ++i)
2591 		REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
2592 
2593 	/* Continue with signal. */
2594 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2595 
2596 	/* Collect and ignore all of the SIGUSR2. */
2597 	for (i = 0; i < max_pending_per_proc; ++i) {
2598 		wpid = waitpid(fpid, &status, 0);
2599 		REQUIRE_EQ(wpid, fpid);
2600 		ATF_REQUIRE(WIFSTOPPED(status));
2601 		REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
2602 		REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2603 	}
2604 
2605 	/* Now our PT_CONTINUE'd SIGUSR1 should cause a stop after unmask. */
2606 	wpid = waitpid(fpid, &status, 0);
2607 	REQUIRE_EQ(wpid, fpid);
2608 	ATF_REQUIRE(WIFSTOPPED(status));
2609 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR1);
2610 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
2611 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGUSR1);
2612 
2613 	/* Continue the child, ignoring the SIGUSR1. */
2614 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2615 
2616 	/* The last wait() should report exit after receiving SIGUSR1. */
2617 	wpid = waitpid(fpid, &status, 0);
2618 	REQUIRE_EQ(wpid, fpid);
2619 	ATF_REQUIRE(WIFEXITED(status));
2620 	REQUIRE_EQ(WEXITSTATUS(status), 1);
2621 
2622 	wpid = wait(&status);
2623 	REQUIRE_EQ(wpid, -1);
2624 	REQUIRE_EQ(errno, ECHILD);
2625 }
2626 
2627 /*
2628  * Verify that, after stopping due to a signal, that signal can be
2629  * replaced with another signal.
2630  */
2631 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_change_sig);
2632 ATF_TC_BODY(ptrace__PT_CONTINUE_change_sig, tc)
2633 {
2634 	struct ptrace_lwpinfo pl;
2635 	pid_t fpid, wpid;
2636 	int status;
2637 
2638 	ATF_REQUIRE((fpid = fork()) != -1);
2639 	if (fpid == 0) {
2640 		trace_me();
2641 		sleep(20);
2642 		exit(1);
2643 	}
2644 
2645 	/* The first wait() should report the stop from SIGSTOP. */
2646 	wpid = waitpid(fpid, &status, 0);
2647 	REQUIRE_EQ(wpid, fpid);
2648 	ATF_REQUIRE(WIFSTOPPED(status));
2649 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2650 
2651 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2652 
2653 	/* Send a signal without ptrace. */
2654 	REQUIRE_EQ(kill(fpid, SIGINT), 0);
2655 
2656 	/* The second wait() should report a SIGINT was received. */
2657 	wpid = waitpid(fpid, &status, 0);
2658 	REQUIRE_EQ(wpid, fpid);
2659 	ATF_REQUIRE(WIFSTOPPED(status));
2660 	REQUIRE_EQ(WSTOPSIG(status), SIGINT);
2661 
2662 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2663 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
2664 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGINT);
2665 
2666 	/* Continue the child process with a different signal. */
2667 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGTERM), 0);
2668 
2669 	/*
2670 	 * The last wait() should report having died due to the new
2671 	 * signal, SIGTERM.
2672 	 */
2673 	wpid = waitpid(fpid, &status, 0);
2674 	REQUIRE_EQ(wpid, fpid);
2675 	ATF_REQUIRE(WIFSIGNALED(status));
2676 	REQUIRE_EQ(WTERMSIG(status), SIGTERM);
2677 
2678 	wpid = wait(&status);
2679 	REQUIRE_EQ(wpid, -1);
2680 	REQUIRE_EQ(errno, ECHILD);
2681 }
2682 
2683 /*
2684  * Verify that a signal can be passed through to the child even when there
2685  * was no true signal originally. Such cases arise when a SIGTRAP is
2686  * invented for e.g, system call stops.
2687  */
2688 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_sigtrap_system_call_entry);
2689 ATF_TC_BODY(ptrace__PT_CONTINUE_with_sigtrap_system_call_entry, tc)
2690 {
2691 	struct ptrace_lwpinfo pl;
2692 	struct rlimit rl;
2693 	pid_t fpid, wpid;
2694 	int status;
2695 
2696 	ATF_REQUIRE((fpid = fork()) != -1);
2697 	if (fpid == 0) {
2698 		trace_me();
2699 		/* SIGTRAP expected to cause exit on syscall entry. */
2700 		rl.rlim_cur = rl.rlim_max = 0;
2701 		REQUIRE_EQ(setrlimit(RLIMIT_CORE, &rl), 0);
2702 		getpid();
2703 		exit(1);
2704 	}
2705 
2706 	/* The first wait() should report the stop from SIGSTOP. */
2707 	wpid = waitpid(fpid, &status, 0);
2708 	REQUIRE_EQ(wpid, fpid);
2709 	ATF_REQUIRE(WIFSTOPPED(status));
2710 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2711 
2712 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2713 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2714 
2715 	/* The second wait() should report a system call entry for getpid(). */
2716 	wpid = waitpid(fpid, &status, 0);
2717 	REQUIRE_EQ(wpid, fpid);
2718 	ATF_REQUIRE(WIFSTOPPED(status));
2719 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2720 
2721 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2722 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2723 
2724 	/* Continue the child process with a SIGTRAP. */
2725 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGTRAP), 0);
2726 
2727 	for (;;) {
2728 		/*
2729 		 * The last wait() should report exit due to SIGTRAP.  In the
2730 		 * meantime, catch and proceed past any syscall stops.
2731 		 */
2732 		wpid = waitpid(fpid, &status, 0);
2733 		REQUIRE_EQ(wpid, fpid);
2734 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2735 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2736 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2737 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2738 		} else {
2739 			ATF_REQUIRE(WIFSIGNALED(status));
2740 			REQUIRE_EQ(WTERMSIG(status), SIGTRAP);
2741 			break;
2742 		}
2743 	}
2744 
2745 	wpid = wait(&status);
2746 	REQUIRE_EQ(wpid, -1);
2747 	REQUIRE_EQ(errno, ECHILD);
2748 }
2749 
2750 /*
2751  * A mixed bag PT_CONTINUE with signal test.
2752  */
2753 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_mix);
2754 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_mix, tc)
2755 {
2756 	struct ptrace_lwpinfo pl;
2757 	pid_t fpid, wpid;
2758 	int status;
2759 
2760 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_counting_handler) != SIG_ERR);
2761 
2762 	ATF_REQUIRE((fpid = fork()) != -1);
2763 	if (fpid == 0) {
2764 		trace_me();
2765 		getpid();
2766 		exit(1);
2767 	}
2768 
2769 	/* The first wait() should report the stop from SIGSTOP. */
2770 	wpid = waitpid(fpid, &status, 0);
2771 	REQUIRE_EQ(wpid, fpid);
2772 	ATF_REQUIRE(WIFSTOPPED(status));
2773 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2774 
2775 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2776 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2777 
2778 	/* The second wait() should report a system call entry for getpid(). */
2779 	wpid = waitpid(fpid, &status, 0);
2780 	REQUIRE_EQ(wpid, fpid);
2781 	ATF_REQUIRE(WIFSTOPPED(status));
2782 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2783 
2784 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2785 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2786 
2787 	/* Continue with the first SIGUSR1. */
2788 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2789 
2790 	/* The next wait() should report a system call exit for getpid(). */
2791 	wpid = waitpid(fpid, &status, 0);
2792 	REQUIRE_EQ(wpid, fpid);
2793 	ATF_REQUIRE(WIFSTOPPED(status));
2794 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2795 
2796 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2797 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
2798 
2799 	/* Send an ABRT without ptrace. */
2800 	REQUIRE_EQ(kill(fpid, SIGABRT), 0);
2801 
2802 	/* Continue normally. */
2803 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2804 
2805 	/* The next wait() should report the SIGABRT. */
2806 	wpid = waitpid(fpid, &status, 0);
2807 	REQUIRE_EQ(wpid, fpid);
2808 	ATF_REQUIRE(WIFSTOPPED(status));
2809 	REQUIRE_EQ(WSTOPSIG(status), SIGABRT);
2810 
2811 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2812 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
2813 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGABRT);
2814 
2815 	/* Continue, replacing the SIGABRT with another SIGUSR1. */
2816 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2817 
2818 	for (;;) {
2819 		/*
2820 		 * The last wait() should report exit 2, i.e., a normal _exit
2821 		 * from the signal handler. In the meantime, catch and proceed
2822 		 * past any syscall stops.
2823 		 */
2824 		wpid = waitpid(fpid, &status, 0);
2825 		REQUIRE_EQ(wpid, fpid);
2826 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2827 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2828 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2829 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2830 		} else {
2831 			ATF_REQUIRE(WIFEXITED(status));
2832 			REQUIRE_EQ(WEXITSTATUS(status), 2);
2833 			break;
2834 		}
2835 	}
2836 
2837 	wpid = wait(&status);
2838 	REQUIRE_EQ(wpid, -1);
2839 	REQUIRE_EQ(errno, ECHILD);
2840 }
2841 
2842 /*
2843  * Verify a signal delivered by ptrace is noticed by kevent(2).
2844  */
2845 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_kqueue);
2846 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_kqueue, tc)
2847 {
2848 	pid_t fpid, wpid;
2849 	int status, kq, nevents;
2850 	struct kevent kev;
2851 
2852 	ATF_REQUIRE(signal(SIGUSR1, SIG_IGN) != SIG_ERR);
2853 
2854 	ATF_REQUIRE((fpid = fork()) != -1);
2855 	if (fpid == 0) {
2856 		CHILD_REQUIRE((kq = kqueue()) > 0);
2857 		EV_SET(&kev, SIGUSR1, EVFILT_SIGNAL, EV_ADD, 0, 0, 0);
2858 		CHILD_REQUIRE_EQ(kevent(kq, &kev, 1, NULL, 0, NULL), 0);
2859 
2860 		trace_me();
2861 
2862 		for (;;) {
2863 			nevents = kevent(kq, NULL, 0, &kev, 1, NULL);
2864 			if (nevents == -1 && errno == EINTR)
2865 				continue;
2866 			CHILD_REQUIRE(nevents > 0);
2867 			CHILD_REQUIRE_EQ(kev.filter, EVFILT_SIGNAL);
2868 			CHILD_REQUIRE_EQ(kev.ident, (uintptr_t)SIGUSR1);
2869 			break;
2870 		}
2871 
2872 		exit(1);
2873 	}
2874 
2875 	/* The first wait() should report the stop from SIGSTOP. */
2876 	wpid = waitpid(fpid, &status, 0);
2877 	REQUIRE_EQ(wpid, fpid);
2878 	ATF_REQUIRE(WIFSTOPPED(status));
2879 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2880 
2881 	/* Continue with the SIGUSR1. */
2882 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2883 
2884 	/*
2885 	 * The last wait() should report normal exit with code 1.
2886 	 */
2887 	wpid = waitpid(fpid, &status, 0);
2888 	REQUIRE_EQ(wpid, fpid);
2889 	ATF_REQUIRE(WIFEXITED(status));
2890 	REQUIRE_EQ(WEXITSTATUS(status), 1);
2891 
2892 	wpid = wait(&status);
2893 	REQUIRE_EQ(wpid, -1);
2894 	REQUIRE_EQ(errno, ECHILD);
2895 }
2896 
2897 static void *
2898 signal_thread(void *arg)
2899 {
2900 	int err;
2901 	sigset_t sigmask;
2902 
2903 	pthread_barrier_t *pbarrier = (pthread_barrier_t*)arg;
2904 
2905 	/* Wait for this thread to receive a SIGUSR1. */
2906 	do {
2907 		err = sem_wait(&sigusr1_sem);
2908 		CHILD_REQUIRE(err == 0 || errno == EINTR);
2909 	} while (err != 0 && errno == EINTR);
2910 
2911 	/* Free our companion thread from the barrier. */
2912 	pthread_barrier_wait(pbarrier);
2913 
2914 	/*
2915 	 * Swap ignore duties; the next SIGUSR1 should go to the
2916 	 * other thread.
2917 	 */
2918 	CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
2919 	CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
2920 	CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
2921 
2922 	/* Sync up threads after swapping signal masks. */
2923 	pthread_barrier_wait(pbarrier);
2924 
2925 	/* Wait until our companion has received its SIGUSR1. */
2926 	pthread_barrier_wait(pbarrier);
2927 
2928 	return (NULL);
2929 }
2930 
2931 /*
2932  * Verify that a traced process with blocked signal received the
2933  * signal from kill() once unmasked.
2934  */
2935 ATF_TC_WITHOUT_HEAD(ptrace__killed_with_sigmask);
2936 ATF_TC_BODY(ptrace__killed_with_sigmask, tc)
2937 {
2938 	struct ptrace_lwpinfo pl;
2939 	pid_t fpid, wpid;
2940 	int status, err;
2941 	sigset_t sigmask;
2942 
2943 	REQUIRE_EQ(sem_init(&sigusr1_sem, 0, 0), 0);
2944 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
2945 	got_usr1 = 0;
2946 
2947 	ATF_REQUIRE((fpid = fork()) != -1);
2948 	if (fpid == 0) {
2949 		CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
2950 		CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
2951 		CHILD_REQUIRE_EQ(sigprocmask(SIG_BLOCK, &sigmask, NULL), 0);
2952 
2953 		trace_me();
2954 		CHILD_REQUIRE_EQ(got_usr1, 0);
2955 
2956 		/* Allow the pending SIGUSR1 in now. */
2957 		CHILD_REQUIRE_EQ(sigprocmask(SIG_UNBLOCK, &sigmask, NULL), 0);
2958 		/* Wait to receive a SIGUSR1. */
2959 		do {
2960 			err = sem_wait(&sigusr1_sem);
2961 			CHILD_REQUIRE(err == 0 || errno == EINTR);
2962 		} while (err != 0 && errno == EINTR);
2963 		CHILD_REQUIRE_EQ(got_usr1, 1);
2964 		exit(1);
2965 	}
2966 
2967 	/* The first wait() should report the stop from SIGSTOP. */
2968 	wpid = waitpid(fpid, &status, 0);
2969 	REQUIRE_EQ(wpid, fpid);
2970 	ATF_REQUIRE(WIFSTOPPED(status));
2971 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2972 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
2973 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGSTOP);
2974 
2975 	/* Send blocked SIGUSR1 which should cause a stop. */
2976 	REQUIRE_EQ(kill(fpid, SIGUSR1), 0);
2977 
2978 	/* Continue the child ignoring the SIGSTOP. */
2979 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2980 
2981 	/* The next wait() should report the kill(SIGUSR1) was received. */
2982 	wpid = waitpid(fpid, &status, 0);
2983 	REQUIRE_EQ(wpid, fpid);
2984 	ATF_REQUIRE(WIFSTOPPED(status));
2985 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR1);
2986 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
2987 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGUSR1);
2988 
2989 	/* Continue the child, allowing in the SIGUSR1. */
2990 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2991 
2992 	/* The last wait() should report normal exit with code 1. */
2993 	wpid = waitpid(fpid, &status, 0);
2994 	REQUIRE_EQ(wpid, fpid);
2995 	ATF_REQUIRE(WIFEXITED(status));
2996 	REQUIRE_EQ(WEXITSTATUS(status), 1);
2997 
2998 	wpid = wait(&status);
2999 	REQUIRE_EQ(wpid, -1);
3000 	REQUIRE_EQ(errno, ECHILD);
3001 }
3002 
3003 /*
3004  * Verify that a traced process with blocked signal received the
3005  * signal from PT_CONTINUE once unmasked.
3006  */
3007 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_sigmask);
3008 ATF_TC_BODY(ptrace__PT_CONTINUE_with_sigmask, tc)
3009 {
3010 	struct ptrace_lwpinfo pl;
3011 	pid_t fpid, wpid;
3012 	int status, err;
3013 	sigset_t sigmask;
3014 
3015 	REQUIRE_EQ(sem_init(&sigusr1_sem, 0, 0), 0);
3016 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
3017 	got_usr1 = 0;
3018 
3019 	ATF_REQUIRE((fpid = fork()) != -1);
3020 	if (fpid == 0) {
3021 		CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
3022 		CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
3023 		CHILD_REQUIRE_EQ(sigprocmask(SIG_BLOCK, &sigmask, NULL), 0);
3024 
3025 		trace_me();
3026 		CHILD_REQUIRE_EQ(got_usr1, 0);
3027 
3028 		/* Allow the pending SIGUSR1 in now. */
3029 		CHILD_REQUIRE_EQ(sigprocmask(SIG_UNBLOCK, &sigmask, NULL), 0);
3030 		/* Wait to receive a SIGUSR1. */
3031 		do {
3032 			err = sem_wait(&sigusr1_sem);
3033 			CHILD_REQUIRE(err == 0 || errno == EINTR);
3034 		} while (err != 0 && errno == EINTR);
3035 
3036 		CHILD_REQUIRE_EQ(got_usr1, 1);
3037 		exit(1);
3038 	}
3039 
3040 	/* The first wait() should report the stop from SIGSTOP. */
3041 	wpid = waitpid(fpid, &status, 0);
3042 	REQUIRE_EQ(wpid, fpid);
3043 	ATF_REQUIRE(WIFSTOPPED(status));
3044 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3045 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
3046 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGSTOP);
3047 
3048 	/* Continue the child replacing SIGSTOP with SIGUSR1. */
3049 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
3050 
3051 	/* The next wait() should report the SIGUSR1 was received. */
3052 	wpid = waitpid(fpid, &status, 0);
3053 	REQUIRE_EQ(wpid, fpid);
3054 	ATF_REQUIRE(WIFSTOPPED(status));
3055 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR1);
3056 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
3057 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGUSR1);
3058 
3059 	/* Continue the child, ignoring the SIGUSR1. */
3060 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3061 
3062 	/* The last wait() should report normal exit with code 1. */
3063 	wpid = waitpid(fpid, &status, 0);
3064 	REQUIRE_EQ(wpid, fpid);
3065 	ATF_REQUIRE(WIFEXITED(status));
3066 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3067 
3068 	wpid = wait(&status);
3069 	REQUIRE_EQ(wpid, -1);
3070 	REQUIRE_EQ(errno, ECHILD);
3071 }
3072 
3073 /*
3074  * Verify that if ptrace stops due to a signal but continues with
3075  * a different signal that the new signal is routed to a thread
3076  * that can accept it, and that the thread is awakened by the signal
3077  * in a timely manner.
3078  */
3079 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_thread_sigmask);
3080 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_thread_sigmask, tc)
3081 {
3082 	pid_t fpid, wpid;
3083 	int status, err;
3084 	pthread_t t;
3085 	sigset_t sigmask;
3086 	pthread_barrier_t barrier;
3087 
3088 	REQUIRE_EQ(pthread_barrier_init(&barrier, NULL, 2), 0);
3089 	REQUIRE_EQ(sem_init(&sigusr1_sem, 0, 0), 0);
3090 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
3091 
3092 	ATF_REQUIRE((fpid = fork()) != -1);
3093 	if (fpid == 0) {
3094 		CHILD_REQUIRE_EQ(pthread_create(&t, NULL, signal_thread,
3095 		    (void *)&barrier), 0);
3096 
3097 		/* The other thread should receive the first SIGUSR1. */
3098 		CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
3099 		CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
3100 		CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
3101 
3102 		trace_me();
3103 
3104 		/* Wait until other thread has received its SIGUSR1. */
3105 		pthread_barrier_wait(&barrier);
3106 
3107 		/*
3108 		 * Swap ignore duties; the next SIGUSR1 should go to this
3109 		 * thread.
3110 		 */
3111 		CHILD_REQUIRE_EQ(pthread_sigmask(SIG_UNBLOCK, &sigmask, NULL),
3112 		    0);
3113 
3114 		/* Sync up threads after swapping signal masks. */
3115 		pthread_barrier_wait(&barrier);
3116 
3117 		/*
3118 		 * Sync up with test code; we're ready for the next SIGUSR1
3119 		 * now.
3120 		 */
3121 		raise(SIGSTOP);
3122 
3123 		/* Wait for this thread to receive a SIGUSR1. */
3124 		do {
3125 			err = sem_wait(&sigusr1_sem);
3126 			CHILD_REQUIRE(err == 0 || errno == EINTR);
3127 		} while (err != 0 && errno == EINTR);
3128 
3129 		/* Free the other thread from the barrier. */
3130 		pthread_barrier_wait(&barrier);
3131 
3132 		CHILD_REQUIRE_EQ(pthread_join(t, NULL), 0);
3133 
3134 		exit(1);
3135 	}
3136 
3137 	/* The first wait() should report the stop from SIGSTOP. */
3138 	wpid = waitpid(fpid, &status, 0);
3139 	REQUIRE_EQ(wpid, fpid);
3140 	ATF_REQUIRE(WIFSTOPPED(status));
3141 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3142 
3143 	/* Continue the child ignoring the SIGSTOP. */
3144 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3145 
3146 	/*
3147 	 * Send a signal without ptrace that either thread will accept (USR2,
3148 	 * in this case).
3149 	 */
3150 	REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
3151 
3152 	/* The second wait() should report a SIGUSR2 was received. */
3153 	wpid = waitpid(fpid, &status, 0);
3154 	REQUIRE_EQ(wpid, fpid);
3155 	ATF_REQUIRE(WIFSTOPPED(status));
3156 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
3157 
3158 	/* Continue the child, changing the signal to USR1. */
3159 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
3160 
3161 	/* The next wait() should report the stop from SIGSTOP. */
3162 	wpid = waitpid(fpid, &status, 0);
3163 	REQUIRE_EQ(wpid, fpid);
3164 	ATF_REQUIRE(WIFSTOPPED(status));
3165 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3166 
3167 	/* Continue the child ignoring the SIGSTOP. */
3168 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3169 
3170 	REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
3171 
3172 	/* The next wait() should report a SIGUSR2 was received. */
3173 	wpid = waitpid(fpid, &status, 0);
3174 	REQUIRE_EQ(wpid, fpid);
3175 	ATF_REQUIRE(WIFSTOPPED(status));
3176 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
3177 
3178 	/* Continue the child, changing the signal to USR1. */
3179 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
3180 
3181 	/* The last wait() should report normal exit with code 1. */
3182 	wpid = waitpid(fpid, &status, 0);
3183 	REQUIRE_EQ(wpid, fpid);
3184 	ATF_REQUIRE(WIFEXITED(status));
3185 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3186 
3187 	wpid = wait(&status);
3188 	REQUIRE_EQ(wpid, -1);
3189 	REQUIRE_EQ(errno, ECHILD);
3190 }
3191 
3192 /*
3193  * Verify that PT_GETREGSET returns registers and PT_SETREGSET updates them.
3194  */
3195 ATF_TC_WITHOUT_HEAD(ptrace__PT_REGSET);
3196 ATF_TC_BODY(ptrace__PT_REGSET, tc)
3197 {
3198 #if defined(__aarch64__)
3199 	struct arm64_addr_mask addr_mask;
3200 #endif
3201 	struct prstatus prstatus;
3202 	struct iovec vec;
3203 	pid_t child, wpid;
3204 	int status;
3205 
3206 	ATF_REQUIRE((child = fork()) != -1);
3207 	if (child == 0) {
3208 		trace_me();
3209 		exit(1);
3210 	}
3211 
3212 	/* The first wait() should report the stop from SIGSTOP. */
3213 	wpid = waitpid(child, &status, 0);
3214 	REQUIRE_EQ(wpid, child);
3215 	ATF_REQUIRE(WIFSTOPPED(status));
3216 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3217 
3218 	/* Check the size is returned when vec.iov_base is NULL */
3219 	vec.iov_base = NULL;
3220 	vec.iov_len = 0;
3221 	ATF_REQUIRE(ptrace(PT_GETREGSET, wpid, (caddr_t)&vec, NT_PRSTATUS) !=
3222 	    -1);
3223 	ATF_REQUIRE(vec.iov_len == sizeof(prstatus));
3224 	ATF_REQUIRE(vec.iov_base == NULL);
3225 
3226 	/* Read the registers. */
3227 	memset(&prstatus, 0, sizeof(prstatus));
3228 	vec.iov_base = &prstatus;
3229 	ATF_REQUIRE(ptrace(PT_GETREGSET, wpid, (caddr_t)&vec, NT_PRSTATUS) !=
3230 	    -1);
3231 	ATF_REQUIRE(vec.iov_len == sizeof(prstatus));
3232 	ATF_REQUIRE(vec.iov_base == &prstatus);
3233 	ATF_REQUIRE(prstatus.pr_statussz == sizeof(prstatus));
3234 
3235 	/* Write the registers back. */
3236 	ATF_REQUIRE(ptrace(PT_SETREGSET, wpid, (caddr_t)&vec, NT_PRSTATUS) !=
3237 	    -1);
3238 
3239 #if defined(__aarch64__)
3240 	vec.iov_base = &addr_mask;
3241 	vec.iov_len = sizeof(addr_mask);
3242 	ATF_REQUIRE(ptrace(PT_GETREGSET, wpid, (caddr_t)&vec,
3243 	    NT_ARM_ADDR_MASK) != -1);
3244 	REQUIRE_EQ(addr_mask.code, addr_mask.data);
3245 	ATF_REQUIRE(addr_mask.code == 0 ||
3246 	    addr_mask.code == 0xff7f000000000000UL);
3247 #endif
3248 
3249 	REQUIRE_EQ(ptrace(PT_CONTINUE, child, (caddr_t)1, 0), 0);
3250 
3251 	/* The second wait() should report the exit status. */
3252 	wpid = waitpid(child, &status, 0);
3253 	REQUIRE_EQ(wpid, child);
3254 	ATF_REQUIRE(WIFEXITED(status));
3255 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3256 
3257 	/* The child should no longer exist. */
3258 	wpid = waitpid(child, &status, 0);
3259 	REQUIRE_EQ(wpid, -1);
3260 	REQUIRE_EQ(errno, ECHILD);
3261 }
3262 
3263 static void *
3264 raise_sigstop_thread(void *arg __unused)
3265 {
3266 
3267 	raise(SIGSTOP);
3268 	return NULL;
3269 }
3270 
3271 static void *
3272 sleep_thread(void *arg __unused)
3273 {
3274 
3275 	sleep(60);
3276 	return NULL;
3277 }
3278 
3279 static void
3280 terminate_with_pending_sigstop(bool sigstop_from_main_thread)
3281 {
3282 	pid_t fpid, wpid;
3283 	int status, i;
3284 	cpuset_t setmask;
3285 	cpusetid_t setid;
3286 	pthread_t t;
3287 
3288 	/*
3289 	 * Become the reaper for this process tree. We need to be able to check
3290 	 * that both child and grandchild have died.
3291 	 */
3292 	REQUIRE_EQ(procctl(P_PID, getpid(), PROC_REAP_ACQUIRE, NULL), 0);
3293 
3294 	fpid = fork();
3295 	ATF_REQUIRE(fpid >= 0);
3296 	if (fpid == 0) {
3297 		fpid = fork();
3298 		CHILD_REQUIRE(fpid >= 0);
3299 		if (fpid == 0) {
3300 			trace_me();
3301 
3302 			/* Pin to CPU 0 to serialize thread execution. */
3303 			CPU_ZERO(&setmask);
3304 			CPU_SET(0, &setmask);
3305 			CHILD_REQUIRE_EQ(cpuset(&setid), 0);
3306 			CHILD_REQUIRE(cpuset_setaffinity(CPU_LEVEL_CPUSET,
3307 			    CPU_WHICH_CPUSET, setid,
3308 			    sizeof(setmask), &setmask) == 0);
3309 
3310 			if (sigstop_from_main_thread) {
3311 				/*
3312 				 * We expect the SIGKILL sent when our parent
3313 				 * dies to be delivered to the new thread.
3314 				 * Raise the SIGSTOP in this thread so the
3315 				 * threads compete.
3316 				 */
3317 				CHILD_REQUIRE(pthread_create(&t, NULL,
3318 				    sleep_thread, NULL) == 0);
3319 				raise(SIGSTOP);
3320 			} else {
3321 				/*
3322 				 * We expect the SIGKILL to be delivered to
3323 				 * this thread. After creating the new thread,
3324 				 * just get off the CPU so the other thread can
3325 				 * raise the SIGSTOP.
3326 				 */
3327 				CHILD_REQUIRE(pthread_create(&t, NULL,
3328 				    raise_sigstop_thread, NULL) == 0);
3329 				sleep(60);
3330 			}
3331 
3332 			exit(0);
3333 		}
3334 		/* First stop is trace_me() immediately after fork. */
3335 		wpid = waitpid(fpid, &status, 0);
3336 		CHILD_REQUIRE_EQ(wpid, fpid);
3337 		CHILD_REQUIRE(WIFSTOPPED(status));
3338 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3339 
3340 		CHILD_REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3341 
3342 		/* Second stop is from the raise(SIGSTOP). */
3343 		wpid = waitpid(fpid, &status, 0);
3344 		CHILD_REQUIRE_EQ(wpid, fpid);
3345 		CHILD_REQUIRE(WIFSTOPPED(status));
3346 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3347 
3348 		/*
3349 		 * Terminate tracing process without detaching. Our child
3350 		 * should be killed.
3351 		 */
3352 		exit(0);
3353 	}
3354 
3355 	/*
3356 	 * We should get a normal exit from our immediate child and a SIGKILL
3357 	 * exit from our grandchild. The latter case is the interesting one.
3358 	 * Our grandchild should not have stopped due to the SIGSTOP that was
3359 	 * left dangling when its parent died.
3360 	 */
3361 	for (i = 0; i < 2; ++i) {
3362 		wpid = wait(&status);
3363 		if (wpid == fpid) {
3364 			ATF_REQUIRE(WIFEXITED(status));
3365 			REQUIRE_EQ(WEXITSTATUS(status), 0);
3366 		} else {
3367 			ATF_REQUIRE(WIFSIGNALED(status));
3368 			REQUIRE_EQ(WTERMSIG(status), SIGKILL);
3369 		}
3370 	}
3371 }
3372 
3373 /*
3374  * These two tests ensure that if the tracing process exits without detaching
3375  * just after the child received a SIGSTOP, the child is cleanly killed and
3376  * doesn't go to sleep due to the SIGSTOP. The parent's death will send a
3377  * SIGKILL to the child. If the SIGKILL and the SIGSTOP are handled by
3378  * different threads, the SIGKILL must win.  There are two variants of this
3379  * test, designed to catch the case where the SIGKILL is delivered to the
3380  * younger thread (the first test) and the case where the SIGKILL is delivered
3381  * to the older thread (the second test). This behavior has changed in the
3382  * past, so make no assumption.
3383  */
3384 ATF_TC(ptrace__parent_terminate_with_pending_sigstop1);
3385 ATF_TC_HEAD(ptrace__parent_terminate_with_pending_sigstop1, tc)
3386 {
3387 
3388 	atf_tc_set_md_var(tc, "require.user", "root");
3389 }
3390 ATF_TC_BODY(ptrace__parent_terminate_with_pending_sigstop1, tc)
3391 {
3392 
3393 	terminate_with_pending_sigstop(true);
3394 }
3395 
3396 ATF_TC(ptrace__parent_terminate_with_pending_sigstop2);
3397 ATF_TC_HEAD(ptrace__parent_terminate_with_pending_sigstop2, tc)
3398 {
3399 
3400 	atf_tc_set_md_var(tc, "require.user", "root");
3401 }
3402 ATF_TC_BODY(ptrace__parent_terminate_with_pending_sigstop2, tc)
3403 {
3404 
3405 	terminate_with_pending_sigstop(false);
3406 }
3407 
3408 /*
3409  * Verify that after ptrace() discards a SIGKILL signal, the event mask
3410  * is not modified.
3411  */
3412 ATF_TC_WITHOUT_HEAD(ptrace__event_mask_sigkill_discard);
3413 ATF_TC_BODY(ptrace__event_mask_sigkill_discard, tc)
3414 {
3415 	struct ptrace_lwpinfo pl;
3416 	pid_t fpid, wpid;
3417 	int status, event_mask, new_event_mask;
3418 
3419 	ATF_REQUIRE((fpid = fork()) != -1);
3420 	if (fpid == 0) {
3421 		trace_me();
3422 		raise(SIGSTOP);
3423 		exit(0);
3424 	}
3425 
3426 	/* The first wait() should report the stop from trace_me(). */
3427 	wpid = waitpid(fpid, &status, 0);
3428 	REQUIRE_EQ(wpid, fpid);
3429 	ATF_REQUIRE(WIFSTOPPED(status));
3430 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3431 
3432 	/* Set several unobtrusive event bits. */
3433 	event_mask = PTRACE_EXEC | PTRACE_FORK | PTRACE_LWP;
3434 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, wpid, (caddr_t)&event_mask,
3435 	    sizeof(event_mask)) == 0);
3436 
3437 	/* Send a SIGKILL without using ptrace. */
3438 	REQUIRE_EQ(kill(fpid, SIGKILL), 0);
3439 
3440 	/* Continue the child ignoring the SIGSTOP. */
3441 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3442 
3443 	/* The next stop should be due to the SIGKILL. */
3444 	wpid = waitpid(fpid, &status, 0);
3445 	REQUIRE_EQ(wpid, fpid);
3446 	ATF_REQUIRE(WIFSTOPPED(status));
3447 	REQUIRE_EQ(WSTOPSIG(status), SIGKILL);
3448 
3449 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3450 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3451 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGKILL);
3452 
3453 	/* Continue the child ignoring the SIGKILL. */
3454 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3455 
3456 	/* The next wait() should report the stop from SIGSTOP. */
3457 	wpid = waitpid(fpid, &status, 0);
3458 	REQUIRE_EQ(wpid, fpid);
3459 	ATF_REQUIRE(WIFSTOPPED(status));
3460 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3461 
3462 	/* Check the current event mask. It should not have changed. */
3463 	new_event_mask = 0;
3464 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, wpid, (caddr_t)&new_event_mask,
3465 	    sizeof(new_event_mask)) == 0);
3466 	REQUIRE_EQ(event_mask, new_event_mask);
3467 
3468 	/* Continue the child to let it exit. */
3469 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3470 
3471 	/* The last event should be for the child process's exit. */
3472 	wpid = waitpid(fpid, &status, 0);
3473 	ATF_REQUIRE(WIFEXITED(status));
3474 	REQUIRE_EQ(WEXITSTATUS(status), 0);
3475 
3476 	wpid = wait(&status);
3477 	REQUIRE_EQ(wpid, -1);
3478 	REQUIRE_EQ(errno, ECHILD);
3479 }
3480 
3481 static void *
3482 flock_thread(void *arg)
3483 {
3484 	int fd;
3485 
3486 	fd = *(int *)arg;
3487 	(void)flock(fd, LOCK_EX);
3488 	(void)flock(fd, LOCK_UN);
3489 	return (NULL);
3490 }
3491 
3492 /*
3493  * Verify that PT_ATTACH will suspend threads sleeping in an SBDRY section.
3494  * We rely on the fact that the lockf implementation sets SBDRY before blocking
3495  * on a lock. This is a regression test for r318191.
3496  */
3497 ATF_TC_WITHOUT_HEAD(ptrace__PT_ATTACH_with_SBDRY_thread);
3498 ATF_TC_BODY(ptrace__PT_ATTACH_with_SBDRY_thread, tc)
3499 {
3500 	pthread_barrier_t barrier;
3501 	pthread_barrierattr_t battr;
3502 	char tmpfile[64];
3503 	pid_t child, wpid;
3504 	int error, fd, i, status;
3505 
3506 	REQUIRE_EQ(pthread_barrierattr_init(&battr), 0);
3507 	ATF_REQUIRE(pthread_barrierattr_setpshared(&battr,
3508 	    PTHREAD_PROCESS_SHARED) == 0);
3509 	REQUIRE_EQ(pthread_barrier_init(&barrier, &battr, 2), 0);
3510 
3511 	(void)snprintf(tmpfile, sizeof(tmpfile), "./ptrace.XXXXXX");
3512 	fd = mkstemp(tmpfile);
3513 	ATF_REQUIRE(fd >= 0);
3514 
3515 	ATF_REQUIRE((child = fork()) != -1);
3516 	if (child == 0) {
3517 		pthread_t t[2];
3518 		int cfd;
3519 
3520 		error = pthread_barrier_wait(&barrier);
3521 		if (error != 0 && error != PTHREAD_BARRIER_SERIAL_THREAD)
3522 			_exit(1);
3523 
3524 		cfd = open(tmpfile, O_RDONLY);
3525 		if (cfd < 0)
3526 			_exit(1);
3527 
3528 		/*
3529 		 * We want at least two threads blocked on the file lock since
3530 		 * the SIGSTOP from PT_ATTACH may kick one of them out of
3531 		 * sleep.
3532 		 */
3533 		if (pthread_create(&t[0], NULL, flock_thread, &cfd) != 0)
3534 			_exit(1);
3535 		if (pthread_create(&t[1], NULL, flock_thread, &cfd) != 0)
3536 			_exit(1);
3537 		if (pthread_join(t[0], NULL) != 0)
3538 			_exit(1);
3539 		if (pthread_join(t[1], NULL) != 0)
3540 			_exit(1);
3541 		_exit(0);
3542 	}
3543 
3544 	REQUIRE_EQ(flock(fd, LOCK_EX), 0);
3545 
3546 	error = pthread_barrier_wait(&barrier);
3547 	ATF_REQUIRE(error == 0 || error == PTHREAD_BARRIER_SERIAL_THREAD);
3548 
3549 	/*
3550 	 * Give the child some time to block. Is there a better way to do this?
3551 	 */
3552 	sleep(1);
3553 
3554 	/*
3555 	 * Attach and give the child 3 seconds to stop.
3556 	 */
3557 	REQUIRE_EQ(ptrace(PT_ATTACH, child, NULL, 0), 0);
3558 	for (i = 0; i < 3; i++) {
3559 		wpid = waitpid(child, &status, WNOHANG);
3560 		if (wpid == child && WIFSTOPPED(status) &&
3561 		    WSTOPSIG(status) == SIGSTOP)
3562 			break;
3563 		sleep(1);
3564 	}
3565 	ATF_REQUIRE_MSG(i < 3, "failed to stop child process after PT_ATTACH");
3566 
3567 	REQUIRE_EQ(ptrace(PT_DETACH, child, NULL, 0), 0);
3568 
3569 	REQUIRE_EQ(flock(fd, LOCK_UN), 0);
3570 	REQUIRE_EQ(unlink(tmpfile), 0);
3571 	REQUIRE_EQ(close(fd), 0);
3572 }
3573 
3574 static void
3575 sigusr1_step_handler(int sig)
3576 {
3577 
3578 	CHILD_REQUIRE_EQ(sig, SIGUSR1);
3579 	raise(SIGABRT);
3580 }
3581 
3582 /*
3583  * Verify that PT_STEP with a signal invokes the signal before
3584  * stepping the next instruction (and that the next instruction is
3585  * stepped correctly).
3586  */
3587 ATF_TC_WITHOUT_HEAD(ptrace__PT_STEP_with_signal);
3588 ATF_TC_BODY(ptrace__PT_STEP_with_signal, tc)
3589 {
3590 	struct ptrace_lwpinfo pl;
3591 	pid_t fpid, wpid;
3592 	int status;
3593 
3594 	ATF_REQUIRE((fpid = fork()) != -1);
3595 	if (fpid == 0) {
3596 		trace_me();
3597 		signal(SIGUSR1, sigusr1_step_handler);
3598 		raise(SIGABRT);
3599 		exit(1);
3600 	}
3601 
3602 	/* The first wait() should report the stop from SIGSTOP. */
3603 	wpid = waitpid(fpid, &status, 0);
3604 	REQUIRE_EQ(wpid, fpid);
3605 	ATF_REQUIRE(WIFSTOPPED(status));
3606 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3607 
3608 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3609 
3610 	/* The next stop should report the SIGABRT in the child body. */
3611 	wpid = waitpid(fpid, &status, 0);
3612 	REQUIRE_EQ(wpid, fpid);
3613 	ATF_REQUIRE(WIFSTOPPED(status));
3614 	REQUIRE_EQ(WSTOPSIG(status), SIGABRT);
3615 
3616 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3617 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3618 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGABRT);
3619 
3620 	/* Step the child process inserting SIGUSR1. */
3621 	REQUIRE_EQ(ptrace(PT_STEP, fpid, (caddr_t)1, SIGUSR1), 0);
3622 
3623 	/* The next stop should report the SIGABRT in the signal handler. */
3624 	wpid = waitpid(fpid, &status, 0);
3625 	REQUIRE_EQ(wpid, fpid);
3626 	ATF_REQUIRE(WIFSTOPPED(status));
3627 	REQUIRE_EQ(WSTOPSIG(status), SIGABRT);
3628 
3629 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3630 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3631 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGABRT);
3632 
3633 	/* Continue the child process discarding the signal. */
3634 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3635 
3636 	/* The next stop should report a trace trap from PT_STEP. */
3637 	wpid = waitpid(fpid, &status, 0);
3638 	REQUIRE_EQ(wpid, fpid);
3639 	ATF_REQUIRE(WIFSTOPPED(status));
3640 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3641 
3642 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3643 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3644 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3645 	REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_TRACE);
3646 
3647 	/* Continue the child to let it exit. */
3648 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3649 
3650 	/* The last event should be for the child process's exit. */
3651 	wpid = waitpid(fpid, &status, 0);
3652 	ATF_REQUIRE(WIFEXITED(status));
3653 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3654 
3655 	wpid = wait(&status);
3656 	REQUIRE_EQ(wpid, -1);
3657 	REQUIRE_EQ(errno, ECHILD);
3658 }
3659 
3660 #ifdef HAVE_BREAKPOINT
3661 /*
3662  * Verify that a SIGTRAP event with the TRAP_BRKPT code is reported
3663  * for a breakpoint trap.
3664  */
3665 ATF_TC_WITHOUT_HEAD(ptrace__breakpoint_siginfo);
3666 ATF_TC_BODY(ptrace__breakpoint_siginfo, tc)
3667 {
3668 	struct ptrace_lwpinfo pl;
3669 	pid_t fpid, wpid;
3670 	int status;
3671 
3672 	ATF_REQUIRE((fpid = fork()) != -1);
3673 	if (fpid == 0) {
3674 		trace_me();
3675 		breakpoint();
3676 		exit(1);
3677 	}
3678 
3679 	/* The first wait() should report the stop from SIGSTOP. */
3680 	wpid = waitpid(fpid, &status, 0);
3681 	REQUIRE_EQ(wpid, fpid);
3682 	ATF_REQUIRE(WIFSTOPPED(status));
3683 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3684 
3685 	/* Continue the child ignoring the SIGSTOP. */
3686 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3687 
3688 	/* The second wait() should report hitting the breakpoint. */
3689 	wpid = waitpid(fpid, &status, 0);
3690 	REQUIRE_EQ(wpid, fpid);
3691 	ATF_REQUIRE(WIFSTOPPED(status));
3692 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3693 
3694 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3695 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3696 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3697 	REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_BRKPT);
3698 
3699 	/* Kill the child process. */
3700 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
3701 
3702 	/* The last wait() should report the SIGKILL. */
3703 	wpid = waitpid(fpid, &status, 0);
3704 	REQUIRE_EQ(wpid, fpid);
3705 	ATF_REQUIRE(WIFSIGNALED(status));
3706 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
3707 
3708 	wpid = wait(&status);
3709 	REQUIRE_EQ(wpid, -1);
3710 	REQUIRE_EQ(errno, ECHILD);
3711 }
3712 #endif /* HAVE_BREAKPOINT */
3713 
3714 /*
3715  * Verify that a SIGTRAP event with the TRAP_TRACE code is reported
3716  * for a single-step trap from PT_STEP.
3717  */
3718 ATF_TC_WITHOUT_HEAD(ptrace__step_siginfo);
3719 ATF_TC_BODY(ptrace__step_siginfo, tc)
3720 {
3721 	struct ptrace_lwpinfo pl;
3722 	pid_t fpid, wpid;
3723 	int status;
3724 
3725 	ATF_REQUIRE((fpid = fork()) != -1);
3726 	if (fpid == 0) {
3727 		trace_me();
3728 		exit(1);
3729 	}
3730 
3731 	/* The first wait() should report the stop from SIGSTOP. */
3732 	wpid = waitpid(fpid, &status, 0);
3733 	REQUIRE_EQ(wpid, fpid);
3734 	ATF_REQUIRE(WIFSTOPPED(status));
3735 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3736 
3737 	/* Step the child ignoring the SIGSTOP. */
3738 	REQUIRE_EQ(ptrace(PT_STEP, fpid, (caddr_t)1, 0), 0);
3739 
3740 	/* The second wait() should report a single-step trap. */
3741 	wpid = waitpid(fpid, &status, 0);
3742 	REQUIRE_EQ(wpid, fpid);
3743 	ATF_REQUIRE(WIFSTOPPED(status));
3744 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3745 
3746 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3747 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3748 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3749 	REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_TRACE);
3750 
3751 	/* Continue the child process. */
3752 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3753 
3754 	/* The last event should be for the child process's exit. */
3755 	wpid = waitpid(fpid, &status, 0);
3756 	ATF_REQUIRE(WIFEXITED(status));
3757 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3758 
3759 	wpid = wait(&status);
3760 	REQUIRE_EQ(wpid, -1);
3761 	REQUIRE_EQ(errno, ECHILD);
3762 }
3763 
3764 #if defined(HAVE_BREAKPOINT) && defined(SKIP_BREAK)
3765 static void *
3766 continue_thread(void *arg __unused)
3767 {
3768 	breakpoint();
3769 	return (NULL);
3770 }
3771 
3772 static __dead2 void
3773 continue_thread_main(void)
3774 {
3775 	pthread_t threads[2];
3776 
3777 	CHILD_REQUIRE(pthread_create(&threads[0], NULL, continue_thread,
3778 	    NULL) == 0);
3779 	CHILD_REQUIRE(pthread_create(&threads[1], NULL, continue_thread,
3780 	    NULL) == 0);
3781 	CHILD_REQUIRE_EQ(pthread_join(threads[0], NULL), 0);
3782 	CHILD_REQUIRE_EQ(pthread_join(threads[1], NULL), 0);
3783 	exit(1);
3784 }
3785 
3786 /*
3787  * Ensure that PT_CONTINUE clears the status of the thread that
3788  * triggered the stop even if a different thread's LWP was passed to
3789  * PT_CONTINUE.
3790  */
3791 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_different_thread);
3792 ATF_TC_BODY(ptrace__PT_CONTINUE_different_thread, tc)
3793 {
3794 	struct ptrace_lwpinfo pl;
3795 	pid_t fpid, wpid;
3796 	lwpid_t lwps[2];
3797 	bool hit_break[2];
3798 	struct reg reg;
3799 	int i, j, status;
3800 
3801 	ATF_REQUIRE((fpid = fork()) != -1);
3802 	if (fpid == 0) {
3803 		trace_me();
3804 		continue_thread_main();
3805 	}
3806 
3807 	/* The first wait() should report the stop from SIGSTOP. */
3808 	wpid = waitpid(fpid, &status, 0);
3809 	REQUIRE_EQ(wpid, fpid);
3810 	ATF_REQUIRE(WIFSTOPPED(status));
3811 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3812 
3813 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
3814 	    sizeof(pl)) != -1);
3815 
3816 	REQUIRE_EQ(ptrace(PT_LWP_EVENTS, wpid, NULL, 1), 0);
3817 
3818 	/* Continue the child ignoring the SIGSTOP. */
3819 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3820 
3821 	/* One of the new threads should report it's birth. */
3822 	wpid = waitpid(fpid, &status, 0);
3823 	REQUIRE_EQ(wpid, fpid);
3824 	ATF_REQUIRE(WIFSTOPPED(status));
3825 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3826 
3827 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3828 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
3829 	    (PL_FLAG_BORN | PL_FLAG_SCX));
3830 	lwps[0] = pl.pl_lwpid;
3831 
3832 	/*
3833 	 * Suspend this thread to ensure both threads are alive before
3834 	 * hitting the breakpoint.
3835 	 */
3836 	ATF_REQUIRE(ptrace(PT_SUSPEND, lwps[0], NULL, 0) != -1);
3837 
3838 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3839 
3840 	/* Second thread should report it's birth. */
3841 	wpid = waitpid(fpid, &status, 0);
3842 	REQUIRE_EQ(wpid, fpid);
3843 	ATF_REQUIRE(WIFSTOPPED(status));
3844 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3845 
3846 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3847 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
3848 	    (PL_FLAG_BORN | PL_FLAG_SCX));
3849 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
3850 	lwps[1] = pl.pl_lwpid;
3851 
3852 	/* Resume both threads waiting for breakpoint events. */
3853 	hit_break[0] = hit_break[1] = false;
3854 	ATF_REQUIRE(ptrace(PT_RESUME, lwps[0], NULL, 0) != -1);
3855 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3856 
3857 	/* One thread should report a breakpoint. */
3858 	wpid = waitpid(fpid, &status, 0);
3859 	REQUIRE_EQ(wpid, fpid);
3860 	ATF_REQUIRE(WIFSTOPPED(status));
3861 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3862 
3863 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3864 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3865 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3866 	REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_BRKPT);
3867 	if (pl.pl_lwpid == lwps[0])
3868 		i = 0;
3869 	else
3870 		i = 1;
3871 	hit_break[i] = true;
3872 	ATF_REQUIRE(ptrace(PT_GETREGS, pl.pl_lwpid, (caddr_t)&reg, 0) != -1);
3873 	SKIP_BREAK(&reg);
3874 	ATF_REQUIRE(ptrace(PT_SETREGS, pl.pl_lwpid, (caddr_t)&reg, 0) != -1);
3875 
3876 	/*
3877 	 * Resume both threads but pass the other thread's LWPID to
3878 	 * PT_CONTINUE.
3879 	 */
3880 	REQUIRE_EQ(ptrace(PT_CONTINUE, lwps[i ^ 1], (caddr_t)1, 0), 0);
3881 
3882 	/*
3883 	 * Will now get two thread exit events and one more breakpoint
3884 	 * event.
3885 	 */
3886 	for (j = 0; j < 3; j++) {
3887 		wpid = waitpid(fpid, &status, 0);
3888 		REQUIRE_EQ(wpid, fpid);
3889 		ATF_REQUIRE(WIFSTOPPED(status));
3890 		REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3891 
3892 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
3893 		    sizeof(pl)) != -1);
3894 
3895 		if (pl.pl_lwpid == lwps[0])
3896 			i = 0;
3897 		else
3898 			i = 1;
3899 
3900 		ATF_REQUIRE_MSG(lwps[i] != 0, "event for exited thread");
3901 		if (pl.pl_flags & PL_FLAG_EXITED) {
3902 			ATF_REQUIRE_MSG(hit_break[i],
3903 			    "exited thread did not report breakpoint");
3904 			lwps[i] = 0;
3905 		} else {
3906 			ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3907 			REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3908 			REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_BRKPT);
3909 			ATF_REQUIRE_MSG(!hit_break[i],
3910 			    "double breakpoint event");
3911 			hit_break[i] = true;
3912 			ATF_REQUIRE(ptrace(PT_GETREGS, pl.pl_lwpid, (caddr_t)&reg,
3913 			    0) != -1);
3914 			SKIP_BREAK(&reg);
3915 			ATF_REQUIRE(ptrace(PT_SETREGS, pl.pl_lwpid, (caddr_t)&reg,
3916 			    0) != -1);
3917 		}
3918 
3919 		REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3920 	}
3921 
3922 	/* Both threads should have exited. */
3923 	REQUIRE_EQ(lwps[0], 0);
3924 	REQUIRE_EQ(lwps[1], 0);
3925 
3926 	/* The last event should be for the child process's exit. */
3927 	wpid = waitpid(fpid, &status, 0);
3928 	ATF_REQUIRE(WIFEXITED(status));
3929 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3930 
3931 	wpid = wait(&status);
3932 	REQUIRE_EQ(wpid, -1);
3933 	REQUIRE_EQ(errno, ECHILD);
3934 }
3935 #endif
3936 
3937 /*
3938  * Verify that PT_LWPINFO doesn't return stale siginfo.
3939  */
3940 ATF_TC_WITHOUT_HEAD(ptrace__PT_LWPINFO_stale_siginfo);
3941 ATF_TC_BODY(ptrace__PT_LWPINFO_stale_siginfo, tc)
3942 {
3943 	struct ptrace_lwpinfo pl;
3944 	pid_t fpid, wpid;
3945 	int events, status;
3946 
3947 	ATF_REQUIRE((fpid = fork()) != -1);
3948 	if (fpid == 0) {
3949 		trace_me();
3950 		raise(SIGABRT);
3951 		exit(1);
3952 	}
3953 
3954 	/* The first wait() should report the stop from SIGSTOP. */
3955 	wpid = waitpid(fpid, &status, 0);
3956 	REQUIRE_EQ(wpid, fpid);
3957 	ATF_REQUIRE(WIFSTOPPED(status));
3958 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3959 
3960 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3961 
3962 	/* The next stop should report the SIGABRT in the child body. */
3963 	wpid = waitpid(fpid, &status, 0);
3964 	REQUIRE_EQ(wpid, fpid);
3965 	ATF_REQUIRE(WIFSTOPPED(status));
3966 	REQUIRE_EQ(WSTOPSIG(status), SIGABRT);
3967 
3968 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3969 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3970 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGABRT);
3971 
3972 	/*
3973 	 * Continue the process ignoring the signal, but enabling
3974 	 * syscall traps.
3975 	 */
3976 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
3977 
3978 	/*
3979 	 * The next stop should report a system call entry from
3980 	 * exit().  PL_FLAGS_SI should not be set.
3981 	 */
3982 	wpid = waitpid(fpid, &status, 0);
3983 	REQUIRE_EQ(wpid, fpid);
3984 	ATF_REQUIRE(WIFSTOPPED(status));
3985 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3986 
3987 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3988 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
3989 	REQUIRE_EQ((pl.pl_flags & PL_FLAG_SI), 0);
3990 
3991 	/* Disable syscall tracing and continue the child to let it exit. */
3992 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
3993 	    sizeof(events)) == 0);
3994 	events &= ~PTRACE_SYSCALL;
3995 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
3996 	    sizeof(events)) == 0);
3997 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3998 
3999 	/* The last event should be for the child process's exit. */
4000 	wpid = waitpid(fpid, &status, 0);
4001 	ATF_REQUIRE(WIFEXITED(status));
4002 	REQUIRE_EQ(WEXITSTATUS(status), 1);
4003 
4004 	wpid = wait(&status);
4005 	REQUIRE_EQ(wpid, -1);
4006 	REQUIRE_EQ(errno, ECHILD);
4007 }
4008 
4009 /*
4010  * A simple test of PT_GET_SC_ARGS and PT_GET_SC_RET.
4011  */
4012 ATF_TC_WITHOUT_HEAD(ptrace__syscall_args);
4013 ATF_TC_BODY(ptrace__syscall_args, tc)
4014 {
4015 	struct ptrace_lwpinfo pl;
4016 	struct ptrace_sc_ret psr;
4017 	pid_t fpid, wpid;
4018 	register_t args[2];
4019 	int events, status;
4020 
4021 	ATF_REQUIRE((fpid = fork()) != -1);
4022 	if (fpid == 0) {
4023 		trace_me();
4024 		kill(getpid(), 0);
4025 		/* Close a fd that should not exist. */
4026 		close(12345);
4027 		exit(1);
4028 	}
4029 
4030 	/* The first wait() should report the stop from SIGSTOP. */
4031 	wpid = waitpid(fpid, &status, 0);
4032 	REQUIRE_EQ(wpid, fpid);
4033 	ATF_REQUIRE(WIFSTOPPED(status));
4034 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4035 
4036 	/*
4037 	 * Continue the process ignoring the signal, but enabling
4038 	 * syscall traps.
4039 	 */
4040 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
4041 
4042 	/*
4043 	 * The next stop should be the syscall entry from getpid().
4044 	 */
4045 	wpid = waitpid(fpid, &status, 0);
4046 	REQUIRE_EQ(wpid, fpid);
4047 	ATF_REQUIRE(WIFSTOPPED(status));
4048 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4049 
4050 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4051 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
4052 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_getpid);
4053 
4054 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4055 
4056 	/*
4057 	 * The next stop should be the syscall exit from getpid().
4058 	 */
4059 	wpid = waitpid(fpid, &status, 0);
4060 	REQUIRE_EQ(wpid, fpid);
4061 	ATF_REQUIRE(WIFSTOPPED(status));
4062 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4063 
4064 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4065 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
4066 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_getpid);
4067 
4068 	ATF_REQUIRE(ptrace(PT_GET_SC_RET, wpid, (caddr_t)&psr,
4069 	    sizeof(psr)) != -1);
4070 	REQUIRE_EQ(psr.sr_error, 0);
4071 	REQUIRE_EQ(psr.sr_retval[0], wpid);
4072 
4073 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4074 
4075 	/*
4076 	 * The next stop should be the syscall entry from kill().
4077 	 */
4078 	wpid = waitpid(fpid, &status, 0);
4079 	REQUIRE_EQ(wpid, fpid);
4080 	ATF_REQUIRE(WIFSTOPPED(status));
4081 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4082 
4083 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4084 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
4085 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_kill);
4086 	REQUIRE_EQ(pl.pl_syscall_narg, 2u);
4087 
4088 	ATF_REQUIRE(ptrace(PT_GET_SC_ARGS, wpid, (caddr_t)args,
4089 	    sizeof(args)) != -1);
4090 	REQUIRE_EQ(args[0], wpid);
4091 	REQUIRE_EQ(args[1], 0);
4092 
4093 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4094 
4095 	/*
4096 	 * The next stop should be the syscall exit from kill().
4097 	 */
4098 	wpid = waitpid(fpid, &status, 0);
4099 	REQUIRE_EQ(wpid, fpid);
4100 	ATF_REQUIRE(WIFSTOPPED(status));
4101 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4102 
4103 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4104 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
4105 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_kill);
4106 
4107 	ATF_REQUIRE(ptrace(PT_GET_SC_RET, wpid, (caddr_t)&psr,
4108 	    sizeof(psr)) != -1);
4109 	REQUIRE_EQ(psr.sr_error, 0);
4110 
4111 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4112 
4113 	/*
4114 	 * The next stop should be the syscall entry from close().
4115 	 */
4116 	wpid = waitpid(fpid, &status, 0);
4117 	REQUIRE_EQ(wpid, fpid);
4118 	ATF_REQUIRE(WIFSTOPPED(status));
4119 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4120 
4121 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4122 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
4123 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_close);
4124 	REQUIRE_EQ(pl.pl_syscall_narg, 1u);
4125 
4126 	ATF_REQUIRE(ptrace(PT_GET_SC_ARGS, wpid, (caddr_t)args,
4127 	    sizeof(args)) != -1);
4128 	REQUIRE_EQ(args[0], 12345);
4129 
4130 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4131 
4132 	/*
4133 	 * The next stop should be the syscall exit from close().
4134 	 */
4135 	wpid = waitpid(fpid, &status, 0);
4136 	REQUIRE_EQ(wpid, fpid);
4137 	ATF_REQUIRE(WIFSTOPPED(status));
4138 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4139 
4140 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4141 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
4142 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_close);
4143 
4144 	ATF_REQUIRE(ptrace(PT_GET_SC_RET, wpid, (caddr_t)&psr,
4145 	    sizeof(psr)) != -1);
4146 	REQUIRE_EQ(psr.sr_error, EBADF);
4147 
4148 	/* Disable syscall tracing and continue the child to let it exit. */
4149 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
4150 	    sizeof(events)) == 0);
4151 	events &= ~PTRACE_SYSCALL;
4152 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
4153 	    sizeof(events)) == 0);
4154 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4155 
4156 	/* The last event should be for the child process's exit. */
4157 	wpid = waitpid(fpid, &status, 0);
4158 	ATF_REQUIRE(WIFEXITED(status));
4159 	REQUIRE_EQ(WEXITSTATUS(status), 1);
4160 
4161 	wpid = wait(&status);
4162 	REQUIRE_EQ(wpid, -1);
4163 	REQUIRE_EQ(errno, ECHILD);
4164 }
4165 
4166 /*
4167  * Verify that when the process is traced that it isn't reparent
4168  * to the init process when we close all process descriptors.
4169  */
4170 ATF_TC(ptrace__proc_reparent);
4171 ATF_TC_HEAD(ptrace__proc_reparent, tc)
4172 {
4173 
4174 	atf_tc_set_md_var(tc, "timeout", "2");
4175 }
4176 ATF_TC_BODY(ptrace__proc_reparent, tc)
4177 {
4178 	pid_t traced, debuger, wpid;
4179 	int pd, status;
4180 
4181 	traced = pdfork(&pd, 0);
4182 	ATF_REQUIRE(traced >= 0);
4183 	if (traced == 0) {
4184 		raise(SIGSTOP);
4185 		exit(0);
4186 	}
4187 	ATF_REQUIRE(pd >= 0);
4188 
4189 	debuger = fork();
4190 	ATF_REQUIRE(debuger >= 0);
4191 	if (debuger == 0) {
4192 		/* The traced process is reparented to debuger. */
4193 		REQUIRE_EQ(ptrace(PT_ATTACH, traced, 0, 0), 0);
4194 		wpid = waitpid(traced, &status, 0);
4195 		REQUIRE_EQ(wpid, traced);
4196 		ATF_REQUIRE(WIFSTOPPED(status));
4197 		REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4198 		REQUIRE_EQ(close(pd), 0);
4199 		REQUIRE_EQ(ptrace(PT_DETACH, traced, (caddr_t)1, 0), 0);
4200 
4201 		/* We closed pd so we should not have any child. */
4202 		wpid = wait(&status);
4203 		REQUIRE_EQ(wpid, -1);
4204 		REQUIRE_EQ(errno, ECHILD);
4205 
4206 		exit(0);
4207 	}
4208 
4209 	REQUIRE_EQ(close(pd), 0);
4210 	wpid = waitpid(debuger, &status, 0);
4211 	REQUIRE_EQ(wpid, debuger);
4212 	REQUIRE_EQ(WEXITSTATUS(status), 0);
4213 
4214 	/* Check if we still have any child. */
4215 	wpid = wait(&status);
4216 	REQUIRE_EQ(wpid, -1);
4217 	REQUIRE_EQ(errno, ECHILD);
4218 }
4219 
4220 /*
4221  * Ensure that traced processes created with pdfork(2) are visible to
4222  * waitid(P_ALL).
4223  */
4224 ATF_TC_WITHOUT_HEAD(ptrace__procdesc_wait_child);
4225 ATF_TC_BODY(ptrace__procdesc_wait_child, tc)
4226 {
4227 	pid_t child, wpid;
4228 	int pd, status;
4229 
4230 	child = pdfork(&pd, 0);
4231 	ATF_REQUIRE(child >= 0);
4232 
4233 	if (child == 0) {
4234 		trace_me();
4235 		(void)raise(SIGSTOP);
4236 		exit(0);
4237 	}
4238 
4239 	wpid = waitpid(child, &status, 0);
4240 	REQUIRE_EQ(wpid, child);
4241 	ATF_REQUIRE(WIFSTOPPED(status));
4242 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4243 
4244 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
4245 
4246 	wpid = wait(&status);
4247 	REQUIRE_EQ(wpid, child);
4248 	ATF_REQUIRE(WIFSTOPPED(status));
4249 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4250 
4251 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
4252 
4253 	/*
4254 	 * If process was created by pdfork, the return code have to
4255 	 * be collected through process descriptor.
4256 	 */
4257 	wpid = wait(&status);
4258 	REQUIRE_EQ(wpid, -1);
4259 	REQUIRE_EQ(errno, ECHILD);
4260 
4261 	ATF_REQUIRE(close(pd) != -1);
4262 }
4263 
4264 /*
4265  * Ensure that traced processes created with pdfork(2) are not visible
4266  * after returning to parent - waitid(P_ALL).
4267  */
4268 ATF_TC_WITHOUT_HEAD(ptrace__procdesc_reparent_wait_child);
4269 ATF_TC_BODY(ptrace__procdesc_reparent_wait_child, tc)
4270 {
4271 	pid_t traced, debuger, wpid;
4272 	int pd, status;
4273 
4274 	traced = pdfork(&pd, 0);
4275 	ATF_REQUIRE(traced >= 0);
4276 	if (traced == 0) {
4277 		raise(SIGSTOP);
4278 		exit(0);
4279 	}
4280 	ATF_REQUIRE(pd >= 0);
4281 
4282 	/* Wait until the child process has stopped before fork()ing again. */
4283 	REQUIRE_EQ(traced, waitpid(traced, &status, WSTOPPED));
4284 	debuger = fork();
4285 	ATF_REQUIRE(debuger >= 0);
4286 	if (debuger == 0) {
4287 		/* The traced process is reparented to debuger. */
4288 		REQUIRE_EQ(ptrace(PT_ATTACH, traced, 0, 0), 0);
4289 		wpid = waitpid(traced, &status, 0);
4290 		REQUIRE_EQ(wpid, traced);
4291 		ATF_REQUIRE(WIFSTOPPED(status));
4292 		REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4293 
4294 		/* Allow process to die. */
4295 		REQUIRE_EQ(ptrace(PT_CONTINUE, traced, (caddr_t)1, 0), 0);
4296 		wpid = waitpid(traced, &status, 0);
4297 		REQUIRE_EQ(wpid, traced);
4298 		ATF_REQUIRE(WIFEXITED(status));
4299 		REQUIRE_EQ(WEXITSTATUS(status), 0);
4300 
4301 		/* Reparent back to the orginal process. */
4302 		REQUIRE_EQ(close(pd), 0);
4303 		exit(0);
4304 	}
4305 
4306 	wpid = waitpid(debuger, &status, 0);
4307 	REQUIRE_EQ(wpid, debuger);
4308 	REQUIRE_EQ(WEXITSTATUS(status), 0);
4309 
4310 	/*
4311 	 * We have a child but it has a process descriptori
4312 	 * so we should not be able to collect it process.
4313 	 */
4314 	wpid = wait(&status);
4315 	REQUIRE_EQ(wpid, -1);
4316 	REQUIRE_EQ(errno, ECHILD);
4317 
4318 	REQUIRE_EQ(close(pd), 0);
4319 }
4320 
4321 ATF_TP_ADD_TCS(tp)
4322 {
4323 
4324 	ATF_TP_ADD_TC(tp, ptrace__parent_wait_after_trace_me);
4325 	ATF_TP_ADD_TC(tp, ptrace__parent_wait_after_attach);
4326 	ATF_TP_ADD_TC(tp, ptrace__parent_sees_exit_after_child_debugger);
4327 	ATF_TP_ADD_TC(tp, ptrace__parent_sees_exit_after_unrelated_debugger);
4328 	ATF_TP_ADD_TC(tp, ptrace__parent_exits_before_child);
4329 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_both_attached);
4330 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_child_detached);
4331 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_parent_detached);
4332 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_both_attached_unrelated_debugger);
4333 	ATF_TP_ADD_TC(tp,
4334 	    ptrace__follow_fork_child_detached_unrelated_debugger);
4335 	ATF_TP_ADD_TC(tp,
4336 	    ptrace__follow_fork_parent_detached_unrelated_debugger);
4337 	ATF_TP_ADD_TC(tp, ptrace__getppid);
4338 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_fork);
4339 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_vfork);
4340 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_thread);
4341 	ATF_TP_ADD_TC(tp, ptrace__lwp_events);
4342 	ATF_TP_ADD_TC(tp, ptrace__lwp_events_exec);
4343 	ATF_TP_ADD_TC(tp, ptrace__siginfo);
4344 	ATF_TP_ADD_TC(tp, ptrace__ptrace_exec_disable);
4345 	ATF_TP_ADD_TC(tp, ptrace__ptrace_exec_enable);
4346 	ATF_TP_ADD_TC(tp, ptrace__event_mask);
4347 	ATF_TP_ADD_TC(tp, ptrace__ptrace_vfork);
4348 	ATF_TP_ADD_TC(tp, ptrace__ptrace_vfork_follow);
4349 #ifdef HAVE_BREAKPOINT
4350 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_breakpoint);
4351 #endif
4352 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_system_call);
4353 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_threads);
4354 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_competing_signal);
4355 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_competing_stop);
4356 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_with_signal_full_sigqueue);
4357 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_system_call_entry);
4358 	ATF_TP_ADD_TC(tp,
4359 	    ptrace__PT_CONTINUE_with_signal_system_call_entry_and_exit);
4360 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_full_sigqueue);
4361 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_masked_full_sigqueue);
4362 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_change_sig);
4363 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_sigtrap_system_call_entry);
4364 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_mix);
4365 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_kqueue);
4366 	ATF_TP_ADD_TC(tp, ptrace__killed_with_sigmask);
4367 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_sigmask);
4368 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_thread_sigmask);
4369 	ATF_TP_ADD_TC(tp, ptrace__PT_REGSET);
4370 	ATF_TP_ADD_TC(tp, ptrace__parent_terminate_with_pending_sigstop1);
4371 	ATF_TP_ADD_TC(tp, ptrace__parent_terminate_with_pending_sigstop2);
4372 	ATF_TP_ADD_TC(tp, ptrace__event_mask_sigkill_discard);
4373 	ATF_TP_ADD_TC(tp, ptrace__PT_ATTACH_with_SBDRY_thread);
4374 	ATF_TP_ADD_TC(tp, ptrace__PT_STEP_with_signal);
4375 #ifdef HAVE_BREAKPOINT
4376 	ATF_TP_ADD_TC(tp, ptrace__breakpoint_siginfo);
4377 #endif
4378 	ATF_TP_ADD_TC(tp, ptrace__step_siginfo);
4379 #if defined(HAVE_BREAKPOINT) && defined(SKIP_BREAK)
4380 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_different_thread);
4381 #endif
4382 	ATF_TP_ADD_TC(tp, ptrace__PT_LWPINFO_stale_siginfo);
4383 	ATF_TP_ADD_TC(tp, ptrace__syscall_args);
4384 	ATF_TP_ADD_TC(tp, ptrace__proc_reparent);
4385 	ATF_TP_ADD_TC(tp, ptrace__procdesc_wait_child);
4386 	ATF_TP_ADD_TC(tp, ptrace__procdesc_reparent_wait_child);
4387 
4388 	return (atf_no_error());
4389 }
4390