xref: /freebsd/tests/sys/kern/ptrace_test.c (revision 0e8011faf58b743cc652e3b2ad0f7671227610df)
1 /*-
2  * Copyright (c) 2015 John Baldwin <jhb@FreeBSD.org>
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23  * SUCH DAMAGE.
24  */
25 
26 #include <sys/types.h>
27 #include <sys/cpuset.h>
28 #include <sys/elf.h>
29 #include <sys/event.h>
30 #include <sys/file.h>
31 #include <sys/time.h>
32 #include <sys/procctl.h>
33 #include <sys/procdesc.h>
34 #include <sys/ptrace.h>
35 #include <sys/procfs.h>
36 #include <sys/queue.h>
37 #include <sys/runq.h>
38 #include <sys/syscall.h>
39 #include <sys/sysctl.h>
40 #include <sys/user.h>
41 #include <sys/wait.h>
42 #include <errno.h>
43 #include <machine/cpufunc.h>
44 #include <pthread.h>
45 #include <sched.h>
46 #include <semaphore.h>
47 #include <signal.h>
48 #include <stdarg.h>
49 #include <stdio.h>
50 #include <stdlib.h>
51 #include <unistd.h>
52 #include <atf-c.h>
53 
54 /*
55  * Architectures with a user-visible breakpoint().
56  */
57 #if defined(__aarch64__) || defined(__amd64__) || defined(__arm__) ||	\
58     defined(__i386__) || defined(__riscv)
59 #define	HAVE_BREAKPOINT
60 #endif
61 
62 /*
63  * Adjust PC to skip over a breakpoint when stopped for a breakpoint trap.
64  */
65 #ifdef HAVE_BREAKPOINT
66 #if defined(__aarch64__)
67 #define	SKIP_BREAK(reg)	((reg)->elr += 4)
68 #elif defined(__amd64__) || defined(__i386__)
69 #define	SKIP_BREAK(reg)
70 #elif defined(__arm__)
71 #define	SKIP_BREAK(reg)	((reg)->r_pc += 4)
72 #elif defined(__riscv)
73 #define	SKIP_BREAK(reg)	((reg)->sepc += 4)
74 #endif
75 #endif
76 
77 /*
78  * A variant of ATF_REQUIRE that is suitable for use in child
79  * processes.  This only works if the parent process is tripped up by
80  * the early exit and fails some requirement itself.
81  */
82 #define	CHILD_REQUIRE(exp) do {				\
83 	if (!(exp))					\
84 		child_fail_require(__FILE__, __LINE__,	\
85 		    #exp " not met\n");			\
86 } while (0)
87 
88 #define	CHILD_REQUIRE_EQ(actual, expected) do {			\
89 	__typeof__(expected) _e = expected;			\
90 	__typeof__(actual) _a = actual;				\
91 	if (_e != _a)						\
92 		child_fail_require(__FILE__, __LINE__, #actual	\
93 		    " (%jd) == " #expected " (%jd) not met\n",	\
94 		    (intmax_t)_a, (intmax_t)_e);		\
95 } while (0)
96 
97 static __dead2 void
98 child_fail_require(const char *file, int line, const char *fmt, ...)
99 {
100 	va_list ap;
101 	char buf[1024];
102 
103 	/* Use write() not fprintf() to avoid possible duplicate output. */
104 	snprintf(buf, sizeof(buf), "%s:%d: ", file, line);
105 	write(STDERR_FILENO, buf, strlen(buf));
106 	va_start(ap, fmt);
107 	vsnprintf(buf, sizeof(buf), fmt, ap);
108 	write(STDERR_FILENO, buf, strlen(buf));
109 	va_end(ap);
110 
111 	_exit(32);
112 }
113 
114 #define	REQUIRE_EQ(actual, expected) do {				\
115 	__typeof__(expected) _e = expected;				\
116 	__typeof__(actual) _a = actual;					\
117 	ATF_REQUIRE_MSG(_e == _a, #actual " (%jd) == "			\
118 	    #expected " (%jd) not met", (intmax_t)_a, (intmax_t)_e);	\
119 } while (0)
120 
121 static void
122 trace_me(void)
123 {
124 
125 	/* Attach the parent process as a tracer of this process. */
126 	CHILD_REQUIRE(ptrace(PT_TRACE_ME, 0, NULL, 0) != -1);
127 
128 	/* Trigger a stop. */
129 	raise(SIGSTOP);
130 }
131 
132 static void
133 attach_child(pid_t pid)
134 {
135 	pid_t wpid;
136 	int status;
137 
138 	REQUIRE_EQ(ptrace(PT_ATTACH, pid, NULL, 0), 0);
139 
140 	wpid = waitpid(pid, &status, 0);
141 	REQUIRE_EQ(wpid, pid);
142 	ATF_REQUIRE(WIFSTOPPED(status));
143 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
144 }
145 
146 static void
147 wait_for_zombie(pid_t pid)
148 {
149 
150 	/*
151 	 * Wait for a process to exit.  This is kind of gross, but
152 	 * there is not a better way.
153 	 *
154 	 * Prior to r325719, the kern.proc.pid.<pid> sysctl failed
155 	 * with ESRCH.  After that change, a valid struct kinfo_proc
156 	 * is returned for zombies with ki_stat set to SZOMB.
157 	 */
158 	for (;;) {
159 		struct kinfo_proc kp;
160 		size_t len;
161 		int mib[4];
162 
163 		mib[0] = CTL_KERN;
164 		mib[1] = KERN_PROC;
165 		mib[2] = KERN_PROC_PID;
166 		mib[3] = pid;
167 		len = sizeof(kp);
168 		if (sysctl(mib, nitems(mib), &kp, &len, NULL, 0) == -1) {
169 			REQUIRE_EQ(errno, ESRCH);
170 			break;
171 		}
172 		if (kp.ki_stat == SZOMB)
173 			break;
174 		usleep(5000);
175 	}
176 }
177 
178 /*
179  * Verify that a parent debugger process "sees" the exit of a debugged
180  * process exactly once when attached via PT_TRACE_ME.
181  */
182 ATF_TC_WITHOUT_HEAD(ptrace__parent_wait_after_trace_me);
183 ATF_TC_BODY(ptrace__parent_wait_after_trace_me, tc)
184 {
185 	pid_t child, wpid;
186 	int status;
187 
188 	ATF_REQUIRE((child = fork()) != -1);
189 	if (child == 0) {
190 		/* Child process. */
191 		trace_me();
192 
193 		_exit(1);
194 	}
195 
196 	/* Parent process. */
197 
198 	/* The first wait() should report the stop from SIGSTOP. */
199 	wpid = waitpid(child, &status, 0);
200 	REQUIRE_EQ(wpid, child);
201 	ATF_REQUIRE(WIFSTOPPED(status));
202 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
203 
204 	/* Continue the child ignoring the SIGSTOP. */
205 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
206 
207 	/* The second wait() should report the exit status. */
208 	wpid = waitpid(child, &status, 0);
209 	REQUIRE_EQ(wpid, child);
210 	ATF_REQUIRE(WIFEXITED(status));
211 	REQUIRE_EQ(WEXITSTATUS(status), 1);
212 
213 	/* The child should no longer exist. */
214 	wpid = waitpid(child, &status, 0);
215 	REQUIRE_EQ(wpid, -1);
216 	REQUIRE_EQ(errno, ECHILD);
217 }
218 
219 /*
220  * Verify that a parent debugger process "sees" the exit of a debugged
221  * process exactly once when attached via PT_ATTACH.
222  */
223 ATF_TC_WITHOUT_HEAD(ptrace__parent_wait_after_attach);
224 ATF_TC_BODY(ptrace__parent_wait_after_attach, tc)
225 {
226 	pid_t child, wpid;
227 	int cpipe[2], status;
228 	char c;
229 
230 	REQUIRE_EQ(pipe(cpipe), 0);
231 	ATF_REQUIRE((child = fork()) != -1);
232 	if (child == 0) {
233 		/* Child process. */
234 		close(cpipe[0]);
235 
236 		/* Wait for the parent to attach. */
237 		CHILD_REQUIRE_EQ(0, read(cpipe[1], &c, sizeof(c)));
238 
239 		_exit(1);
240 	}
241 	close(cpipe[1]);
242 
243 	/* Parent process. */
244 
245 	/* Attach to the child process. */
246 	attach_child(child);
247 
248 	/* Continue the child ignoring the SIGSTOP. */
249 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
250 
251 	/* Signal the child to exit. */
252 	close(cpipe[0]);
253 
254 	/* The second wait() should report the exit status. */
255 	wpid = waitpid(child, &status, 0);
256 	REQUIRE_EQ(wpid, child);
257 	ATF_REQUIRE(WIFEXITED(status));
258 	REQUIRE_EQ(WEXITSTATUS(status), 1);
259 
260 	/* The child should no longer exist. */
261 	wpid = waitpid(child, &status, 0);
262 	REQUIRE_EQ(wpid, -1);
263 	REQUIRE_EQ(errno, ECHILD);
264 }
265 
266 /*
267  * Verify that a parent process "sees" the exit of a debugged process only
268  * after the debugger has seen it.
269  */
270 ATF_TC_WITHOUT_HEAD(ptrace__parent_sees_exit_after_child_debugger);
271 ATF_TC_BODY(ptrace__parent_sees_exit_after_child_debugger, tc)
272 {
273 	pid_t child, debugger, wpid;
274 	int cpipe[2], dpipe[2], status;
275 	char c;
276 
277 	REQUIRE_EQ(pipe(cpipe), 0);
278 	ATF_REQUIRE((child = fork()) != -1);
279 
280 	if (child == 0) {
281 		/* Child process. */
282 		close(cpipe[0]);
283 
284 		/* Wait for parent to be ready. */
285 		CHILD_REQUIRE_EQ(read(cpipe[1], &c, sizeof(c)),
286 		    (ssize_t)sizeof(c));
287 
288 		_exit(1);
289 	}
290 	close(cpipe[1]);
291 
292 	REQUIRE_EQ(pipe(dpipe), 0);
293 	ATF_REQUIRE((debugger = fork()) != -1);
294 
295 	if (debugger == 0) {
296 		/* Debugger process. */
297 		close(dpipe[0]);
298 
299 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
300 
301 		wpid = waitpid(child, &status, 0);
302 		CHILD_REQUIRE_EQ(wpid, child);
303 		CHILD_REQUIRE(WIFSTOPPED(status));
304 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
305 
306 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
307 
308 		/* Signal parent that debugger is attached. */
309 		CHILD_REQUIRE_EQ(write(dpipe[1], &c, sizeof(c)),
310 		    (ssize_t)sizeof(c));
311 
312 		/* Wait for parent's failed wait. */
313 		CHILD_REQUIRE_EQ(read(dpipe[1], &c, sizeof(c)), 0);
314 
315 		wpid = waitpid(child, &status, 0);
316 		CHILD_REQUIRE_EQ(wpid, child);
317 		CHILD_REQUIRE(WIFEXITED(status));
318 		CHILD_REQUIRE_EQ(WEXITSTATUS(status), 1);
319 
320 		_exit(0);
321 	}
322 	close(dpipe[1]);
323 
324 	/* Parent process. */
325 
326 	/* Wait for the debugger to attach to the child. */
327 	REQUIRE_EQ(read(dpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
328 
329 	/* Release the child. */
330 	REQUIRE_EQ(write(cpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
331 	REQUIRE_EQ(read(cpipe[0], &c, sizeof(c)), 0);
332 	close(cpipe[0]);
333 
334 	wait_for_zombie(child);
335 
336 	/*
337 	 * This wait should return a pid of 0 to indicate no status to
338 	 * report.  The parent should see the child as non-exited
339 	 * until the debugger sees the exit.
340 	 */
341 	wpid = waitpid(child, &status, WNOHANG);
342 	REQUIRE_EQ(wpid, 0);
343 
344 	/* Signal the debugger to wait for the child. */
345 	close(dpipe[0]);
346 
347 	/* Wait for the debugger. */
348 	wpid = waitpid(debugger, &status, 0);
349 	REQUIRE_EQ(wpid, debugger);
350 	ATF_REQUIRE(WIFEXITED(status));
351 	REQUIRE_EQ(WEXITSTATUS(status), 0);
352 
353 	/* The child process should now be ready. */
354 	wpid = waitpid(child, &status, WNOHANG);
355 	REQUIRE_EQ(wpid, child);
356 	ATF_REQUIRE(WIFEXITED(status));
357 	REQUIRE_EQ(WEXITSTATUS(status), 1);
358 }
359 
360 /*
361  * Verify that a parent process "sees" the exit of a debugged process
362  * only after a non-direct-child debugger has seen it.  In particular,
363  * various wait() calls in the parent must avoid failing with ESRCH by
364  * checking the parent's orphan list for the debugee.
365  */
366 ATF_TC_WITHOUT_HEAD(ptrace__parent_sees_exit_after_unrelated_debugger);
367 ATF_TC_BODY(ptrace__parent_sees_exit_after_unrelated_debugger, tc)
368 {
369 	pid_t child, debugger, fpid, wpid;
370 	int cpipe[2], dpipe[2], status;
371 	char c;
372 
373 	REQUIRE_EQ(pipe(cpipe), 0);
374 	ATF_REQUIRE((child = fork()) != -1);
375 
376 	if (child == 0) {
377 		/* Child process. */
378 		close(cpipe[0]);
379 
380 		/* Wait for parent to be ready. */
381 		CHILD_REQUIRE_EQ(read(cpipe[1], &c, sizeof(c)),
382 		    (ssize_t)sizeof(c));
383 
384 		_exit(1);
385 	}
386 	close(cpipe[1]);
387 
388 	REQUIRE_EQ(pipe(dpipe), 0);
389 	ATF_REQUIRE((debugger = fork()) != -1);
390 
391 	if (debugger == 0) {
392 		/* Debugger parent. */
393 
394 		/*
395 		 * Fork again and drop the debugger parent so that the
396 		 * debugger is not a child of the main parent.
397 		 */
398 		CHILD_REQUIRE((fpid = fork()) != -1);
399 		if (fpid != 0)
400 			_exit(2);
401 
402 		/* Debugger process. */
403 		close(dpipe[0]);
404 
405 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
406 
407 		wpid = waitpid(child, &status, 0);
408 		CHILD_REQUIRE_EQ(wpid, child);
409 		CHILD_REQUIRE(WIFSTOPPED(status));
410 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
411 
412 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
413 
414 		/* Signal parent that debugger is attached. */
415 		CHILD_REQUIRE_EQ(write(dpipe[1], &c, sizeof(c)),
416 		    (ssize_t)sizeof(c));
417 
418 		/* Wait for parent's failed wait. */
419 		CHILD_REQUIRE_EQ(read(dpipe[1], &c, sizeof(c)),
420 		    (ssize_t)sizeof(c));
421 
422 		wpid = waitpid(child, &status, 0);
423 		CHILD_REQUIRE_EQ(wpid, child);
424 		CHILD_REQUIRE(WIFEXITED(status));
425 		CHILD_REQUIRE_EQ(WEXITSTATUS(status), 1);
426 
427 		_exit(0);
428 	}
429 	close(dpipe[1]);
430 
431 	/* Parent process. */
432 
433 	/* Wait for the debugger parent process to exit. */
434 	wpid = waitpid(debugger, &status, 0);
435 	REQUIRE_EQ(wpid, debugger);
436 	ATF_REQUIRE(WIFEXITED(status));
437 	REQUIRE_EQ(WEXITSTATUS(status), 2);
438 
439 	/* A WNOHANG wait here should see the non-exited child. */
440 	wpid = waitpid(child, &status, WNOHANG);
441 	REQUIRE_EQ(wpid, 0);
442 
443 	/* Wait for the debugger to attach to the child. */
444 	REQUIRE_EQ(read(dpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
445 
446 	/* Release the child. */
447 	REQUIRE_EQ(write(cpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
448 	REQUIRE_EQ(read(cpipe[0], &c, sizeof(c)), 0);
449 	close(cpipe[0]);
450 
451 	wait_for_zombie(child);
452 
453 	/*
454 	 * This wait should return a pid of 0 to indicate no status to
455 	 * report.  The parent should see the child as non-exited
456 	 * until the debugger sees the exit.
457 	 */
458 	wpid = waitpid(child, &status, WNOHANG);
459 	REQUIRE_EQ(wpid, 0);
460 
461 	/* Signal the debugger to wait for the child. */
462 	REQUIRE_EQ(write(dpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
463 
464 	/* Wait for the debugger. */
465 	REQUIRE_EQ(read(dpipe[0], &c, sizeof(c)), 0);
466 	close(dpipe[0]);
467 
468 	/* The child process should now be ready. */
469 	wpid = waitpid(child, &status, WNOHANG);
470 	REQUIRE_EQ(wpid, child);
471 	ATF_REQUIRE(WIFEXITED(status));
472 	REQUIRE_EQ(WEXITSTATUS(status), 1);
473 }
474 
475 /*
476  * Make sure that we can collect the exit status of an orphaned process.
477  */
478 ATF_TC_WITHOUT_HEAD(ptrace__parent_exits_before_child);
479 ATF_TC_BODY(ptrace__parent_exits_before_child, tc)
480 {
481 	ssize_t n;
482 	int cpipe1[2], cpipe2[2], gcpipe[2], status;
483 	pid_t child, gchild;
484 
485 	REQUIRE_EQ(pipe(cpipe1), 0);
486 	REQUIRE_EQ(pipe(cpipe2), 0);
487 	REQUIRE_EQ(pipe(gcpipe), 0);
488 
489 	REQUIRE_EQ(procctl(P_PID, getpid(), PROC_REAP_ACQUIRE, NULL), 0);
490 
491 	ATF_REQUIRE((child = fork()) != -1);
492 	if (child == 0) {
493 		CHILD_REQUIRE((gchild = fork()) != -1);
494 		if (gchild == 0) {
495 			status = 1;
496 			do {
497 				n = read(gcpipe[0], &status, sizeof(status));
498 			} while (n == -1 && errno == EINTR);
499 			_exit(status);
500 		}
501 
502 		CHILD_REQUIRE_EQ(write(cpipe1[1], &gchild, sizeof(gchild)),
503 		    (ssize_t)sizeof(gchild));
504 		CHILD_REQUIRE_EQ(read(cpipe2[0], &status, sizeof(status)),
505 		    (ssize_t)sizeof(status));
506 		_exit(status);
507 	}
508 
509 	REQUIRE_EQ(read(cpipe1[0], &gchild, sizeof(gchild)),
510 	    (ssize_t)sizeof(gchild));
511 
512 	REQUIRE_EQ(ptrace(PT_ATTACH, gchild, NULL, 0), 0);
513 
514 	status = 0;
515 	REQUIRE_EQ(write(cpipe2[1], &status, sizeof(status)),
516 	    (ssize_t)sizeof(status));
517 	REQUIRE_EQ(waitpid(child, &status, 0), child);
518 	ATF_REQUIRE(WIFEXITED(status));
519 	REQUIRE_EQ(WEXITSTATUS(status), 0);
520 
521 	status = 0;
522 	REQUIRE_EQ(write(gcpipe[1], &status, sizeof(status)),
523 	    (ssize_t)sizeof(status));
524 	REQUIRE_EQ(waitpid(gchild, &status, 0), gchild);
525 	ATF_REQUIRE(WIFSTOPPED(status));
526 	REQUIRE_EQ(ptrace(PT_DETACH, gchild, (caddr_t)1, 0), 0);
527 	REQUIRE_EQ(waitpid(gchild, &status, 0), gchild);
528 	ATF_REQUIRE(WIFEXITED(status));
529 	REQUIRE_EQ(WEXITSTATUS(status), 0);
530 
531 	REQUIRE_EQ(close(cpipe1[0]), 0);
532 	REQUIRE_EQ(close(cpipe1[1]), 0);
533 	REQUIRE_EQ(close(cpipe2[0]), 0);
534 	REQUIRE_EQ(close(cpipe2[1]), 0);
535 	REQUIRE_EQ(close(gcpipe[0]), 0);
536 	REQUIRE_EQ(close(gcpipe[1]), 0);
537 }
538 
539 /*
540  * The parent process should always act the same regardless of how the
541  * debugger is attached to it.
542  */
543 static __dead2 void
544 follow_fork_parent(bool use_vfork)
545 {
546 	pid_t fpid, wpid;
547 	int status;
548 
549 	if (use_vfork)
550 		CHILD_REQUIRE((fpid = vfork()) != -1);
551 	else
552 		CHILD_REQUIRE((fpid = fork()) != -1);
553 
554 	if (fpid == 0)
555 		/* Child */
556 		_exit(2);
557 
558 	wpid = waitpid(fpid, &status, 0);
559 	CHILD_REQUIRE_EQ(wpid, fpid);
560 	CHILD_REQUIRE(WIFEXITED(status));
561 	CHILD_REQUIRE_EQ(WEXITSTATUS(status), 2);
562 
563 	_exit(1);
564 }
565 
566 /*
567  * Helper routine for follow fork tests.  This waits for two stops
568  * that report both "sides" of a fork.  It returns the pid of the new
569  * child process.
570  */
571 static pid_t
572 handle_fork_events(pid_t parent, struct ptrace_lwpinfo *ppl)
573 {
574 	struct ptrace_lwpinfo pl;
575 	bool fork_reported[2];
576 	pid_t child, wpid;
577 	int i, status;
578 
579 	fork_reported[0] = false;
580 	fork_reported[1] = false;
581 	child = -1;
582 
583 	/*
584 	 * Each process should report a fork event.  The parent should
585 	 * report a PL_FLAG_FORKED event, and the child should report
586 	 * a PL_FLAG_CHILD event.
587 	 */
588 	for (i = 0; i < 2; i++) {
589 		wpid = wait(&status);
590 		ATF_REQUIRE(wpid > 0);
591 		ATF_REQUIRE(WIFSTOPPED(status));
592 
593 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
594 		    sizeof(pl)) != -1);
595 		ATF_REQUIRE((pl.pl_flags & (PL_FLAG_FORKED | PL_FLAG_CHILD)) !=
596 		    0);
597 		ATF_REQUIRE((pl.pl_flags & (PL_FLAG_FORKED | PL_FLAG_CHILD)) !=
598 		    (PL_FLAG_FORKED | PL_FLAG_CHILD));
599 		if (pl.pl_flags & PL_FLAG_CHILD) {
600 			ATF_REQUIRE(wpid != parent);
601 			REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
602 			ATF_REQUIRE(!fork_reported[1]);
603 			if (child == -1)
604 				child = wpid;
605 			else
606 				REQUIRE_EQ(child, wpid);
607 			if (ppl != NULL)
608 				ppl[1] = pl;
609 			fork_reported[1] = true;
610 		} else {
611 			REQUIRE_EQ(wpid, parent);
612 			REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
613 			ATF_REQUIRE(!fork_reported[0]);
614 			if (child == -1)
615 				child = pl.pl_child_pid;
616 			else
617 				REQUIRE_EQ(child, pl.pl_child_pid);
618 			if (ppl != NULL)
619 				ppl[0] = pl;
620 			fork_reported[0] = true;
621 		}
622 	}
623 
624 	return (child);
625 }
626 
627 /*
628  * Verify that a new child process is stopped after a followed fork and
629  * that the traced parent sees the exit of the child after the debugger
630  * when both processes remain attached to the debugger.
631  */
632 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_both_attached);
633 ATF_TC_BODY(ptrace__follow_fork_both_attached, tc)
634 {
635 	pid_t children[2], fpid, wpid;
636 	int status;
637 
638 	ATF_REQUIRE((fpid = fork()) != -1);
639 	if (fpid == 0) {
640 		trace_me();
641 		follow_fork_parent(false);
642 	}
643 
644 	/* Parent process. */
645 	children[0] = fpid;
646 
647 	/* The first wait() should report the stop from SIGSTOP. */
648 	wpid = waitpid(children[0], &status, 0);
649 	REQUIRE_EQ(wpid, children[0]);
650 	ATF_REQUIRE(WIFSTOPPED(status));
651 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
652 
653 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
654 
655 	/* Continue the child ignoring the SIGSTOP. */
656 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
657 
658 	children[1] = handle_fork_events(children[0], NULL);
659 	ATF_REQUIRE(children[1] > 0);
660 
661 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
662 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
663 
664 	/*
665 	 * The child can't exit until the grandchild reports status, so the
666 	 * grandchild should report its exit first to the debugger.
667 	 */
668 	wpid = wait(&status);
669 	REQUIRE_EQ(wpid, children[1]);
670 	ATF_REQUIRE(WIFEXITED(status));
671 	REQUIRE_EQ(WEXITSTATUS(status), 2);
672 
673 	wpid = wait(&status);
674 	REQUIRE_EQ(wpid, children[0]);
675 	ATF_REQUIRE(WIFEXITED(status));
676 	REQUIRE_EQ(WEXITSTATUS(status), 1);
677 
678 	wpid = wait(&status);
679 	REQUIRE_EQ(wpid, -1);
680 	REQUIRE_EQ(errno, ECHILD);
681 }
682 
683 /*
684  * Verify that a new child process is stopped after a followed fork
685  * and that the traced parent sees the exit of the child when the new
686  * child process is detached after it reports its fork.
687  */
688 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_child_detached);
689 ATF_TC_BODY(ptrace__follow_fork_child_detached, tc)
690 {
691 	pid_t children[2], fpid, wpid;
692 	int status;
693 
694 	ATF_REQUIRE((fpid = fork()) != -1);
695 	if (fpid == 0) {
696 		trace_me();
697 		follow_fork_parent(false);
698 	}
699 
700 	/* Parent process. */
701 	children[0] = fpid;
702 
703 	/* The first wait() should report the stop from SIGSTOP. */
704 	wpid = waitpid(children[0], &status, 0);
705 	REQUIRE_EQ(wpid, children[0]);
706 	ATF_REQUIRE(WIFSTOPPED(status));
707 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
708 
709 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
710 
711 	/* Continue the child ignoring the SIGSTOP. */
712 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
713 
714 	children[1] = handle_fork_events(children[0], NULL);
715 	ATF_REQUIRE(children[1] > 0);
716 
717 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
718 	ATF_REQUIRE(ptrace(PT_DETACH, children[1], (caddr_t)1, 0) != -1);
719 
720 	/*
721 	 * Should not see any status from the grandchild now, only the
722 	 * child.
723 	 */
724 	wpid = wait(&status);
725 	REQUIRE_EQ(wpid, children[0]);
726 	ATF_REQUIRE(WIFEXITED(status));
727 	REQUIRE_EQ(WEXITSTATUS(status), 1);
728 
729 	wpid = wait(&status);
730 	REQUIRE_EQ(wpid, -1);
731 	REQUIRE_EQ(errno, ECHILD);
732 }
733 
734 /*
735  * Verify that a new child process is stopped after a followed fork
736  * and that the traced parent sees the exit of the child when the
737  * traced parent is detached after the fork.
738  */
739 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_parent_detached);
740 ATF_TC_BODY(ptrace__follow_fork_parent_detached, tc)
741 {
742 	pid_t children[2], fpid, wpid;
743 	int status;
744 
745 	ATF_REQUIRE((fpid = fork()) != -1);
746 	if (fpid == 0) {
747 		trace_me();
748 		follow_fork_parent(false);
749 	}
750 
751 	/* Parent process. */
752 	children[0] = fpid;
753 
754 	/* The first wait() should report the stop from SIGSTOP. */
755 	wpid = waitpid(children[0], &status, 0);
756 	REQUIRE_EQ(wpid, children[0]);
757 	ATF_REQUIRE(WIFSTOPPED(status));
758 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
759 
760 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
761 
762 	/* Continue the child ignoring the SIGSTOP. */
763 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
764 
765 	children[1] = handle_fork_events(children[0], NULL);
766 	ATF_REQUIRE(children[1] > 0);
767 
768 	ATF_REQUIRE(ptrace(PT_DETACH, children[0], (caddr_t)1, 0) != -1);
769 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
770 
771 	/*
772 	 * The child can't exit until the grandchild reports status, so the
773 	 * grandchild should report its exit first to the debugger.
774 	 *
775 	 * Even though the child process is detached, it is still a
776 	 * child of the debugger, so it will still report it's exit
777 	 * after the grandchild.
778 	 */
779 	wpid = wait(&status);
780 	REQUIRE_EQ(wpid, children[1]);
781 	ATF_REQUIRE(WIFEXITED(status));
782 	REQUIRE_EQ(WEXITSTATUS(status), 2);
783 
784 	wpid = wait(&status);
785 	REQUIRE_EQ(wpid, children[0]);
786 	ATF_REQUIRE(WIFEXITED(status));
787 	REQUIRE_EQ(WEXITSTATUS(status), 1);
788 
789 	wpid = wait(&status);
790 	REQUIRE_EQ(wpid, -1);
791 	REQUIRE_EQ(errno, ECHILD);
792 }
793 
794 static void
795 attach_fork_parent(int cpipe[2])
796 {
797 	pid_t fpid;
798 
799 	close(cpipe[0]);
800 
801 	/* Double-fork to disassociate from the debugger. */
802 	CHILD_REQUIRE((fpid = fork()) != -1);
803 	if (fpid != 0)
804 		_exit(3);
805 
806 	/* Send the pid of the disassociated child to the debugger. */
807 	fpid = getpid();
808 	CHILD_REQUIRE_EQ(write(cpipe[1], &fpid, sizeof(fpid)),
809 	    (ssize_t)sizeof(fpid));
810 
811 	/* Wait for the debugger to attach. */
812 	CHILD_REQUIRE_EQ(read(cpipe[1], &fpid, sizeof(fpid)), 0);
813 }
814 
815 /*
816  * Verify that a new child process is stopped after a followed fork and
817  * that the traced parent sees the exit of the child after the debugger
818  * when both processes remain attached to the debugger.  In this test
819  * the parent that forks is not a direct child of the debugger.
820  */
821 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_both_attached_unrelated_debugger);
822 ATF_TC_BODY(ptrace__follow_fork_both_attached_unrelated_debugger, tc)
823 {
824 	pid_t children[2], fpid, wpid;
825 	int cpipe[2], status;
826 
827 	REQUIRE_EQ(pipe(cpipe), 0);
828 	ATF_REQUIRE((fpid = fork()) != -1);
829 	if (fpid == 0) {
830 		attach_fork_parent(cpipe);
831 		follow_fork_parent(false);
832 	}
833 
834 	/* Parent process. */
835 	close(cpipe[1]);
836 
837 	/* Wait for the direct child to exit. */
838 	wpid = waitpid(fpid, &status, 0);
839 	REQUIRE_EQ(wpid, fpid);
840 	ATF_REQUIRE(WIFEXITED(status));
841 	REQUIRE_EQ(WEXITSTATUS(status), 3);
842 
843 	/* Read the pid of the fork parent. */
844 	REQUIRE_EQ(read(cpipe[0], &children[0], sizeof(children[0])),
845 	    (ssize_t)sizeof(children[0]));
846 
847 	/* Attach to the fork parent. */
848 	attach_child(children[0]);
849 
850 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
851 
852 	/* Continue the fork parent ignoring the SIGSTOP. */
853 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
854 
855 	/* Signal the fork parent to continue. */
856 	close(cpipe[0]);
857 
858 	children[1] = handle_fork_events(children[0], NULL);
859 	ATF_REQUIRE(children[1] > 0);
860 
861 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
862 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
863 
864 	/*
865 	 * The fork parent can't exit until the child reports status,
866 	 * so the child should report its exit first to the debugger.
867 	 */
868 	wpid = wait(&status);
869 	REQUIRE_EQ(wpid, children[1]);
870 	ATF_REQUIRE(WIFEXITED(status));
871 	REQUIRE_EQ(WEXITSTATUS(status), 2);
872 
873 	wpid = wait(&status);
874 	REQUIRE_EQ(wpid, children[0]);
875 	ATF_REQUIRE(WIFEXITED(status));
876 	REQUIRE_EQ(WEXITSTATUS(status), 1);
877 
878 	wpid = wait(&status);
879 	REQUIRE_EQ(wpid, -1);
880 	REQUIRE_EQ(errno, ECHILD);
881 }
882 
883 /*
884  * Verify that a new child process is stopped after a followed fork
885  * and that the traced parent sees the exit of the child when the new
886  * child process is detached after it reports its fork.  In this test
887  * the parent that forks is not a direct child of the debugger.
888  */
889 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_child_detached_unrelated_debugger);
890 ATF_TC_BODY(ptrace__follow_fork_child_detached_unrelated_debugger, tc)
891 {
892 	pid_t children[2], fpid, wpid;
893 	int cpipe[2], status;
894 
895 	REQUIRE_EQ(pipe(cpipe), 0);
896 	ATF_REQUIRE((fpid = fork()) != -1);
897 	if (fpid == 0) {
898 		attach_fork_parent(cpipe);
899 		follow_fork_parent(false);
900 	}
901 
902 	/* Parent process. */
903 	close(cpipe[1]);
904 
905 	/* Wait for the direct child to exit. */
906 	wpid = waitpid(fpid, &status, 0);
907 	REQUIRE_EQ(wpid, fpid);
908 	ATF_REQUIRE(WIFEXITED(status));
909 	REQUIRE_EQ(WEXITSTATUS(status), 3);
910 
911 	/* Read the pid of the fork parent. */
912 	REQUIRE_EQ(read(cpipe[0], &children[0], sizeof(children[0])),
913 	    (ssize_t)sizeof(children[0]));
914 
915 	/* Attach to the fork parent. */
916 	attach_child(children[0]);
917 
918 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
919 
920 	/* Continue the fork parent ignoring the SIGSTOP. */
921 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
922 
923 	/* Signal the fork parent to continue. */
924 	close(cpipe[0]);
925 
926 	children[1] = handle_fork_events(children[0], NULL);
927 	ATF_REQUIRE(children[1] > 0);
928 
929 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
930 	ATF_REQUIRE(ptrace(PT_DETACH, children[1], (caddr_t)1, 0) != -1);
931 
932 	/*
933 	 * Should not see any status from the child now, only the fork
934 	 * parent.
935 	 */
936 	wpid = wait(&status);
937 	REQUIRE_EQ(wpid, children[0]);
938 	ATF_REQUIRE(WIFEXITED(status));
939 	REQUIRE_EQ(WEXITSTATUS(status), 1);
940 
941 	wpid = wait(&status);
942 	REQUIRE_EQ(wpid, -1);
943 	REQUIRE_EQ(errno, ECHILD);
944 }
945 
946 /*
947  * Verify that a new child process is stopped after a followed fork
948  * and that the traced parent sees the exit of the child when the
949  * traced parent is detached after the fork.  In this test the parent
950  * that forks is not a direct child of the debugger.
951  */
952 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_parent_detached_unrelated_debugger);
953 ATF_TC_BODY(ptrace__follow_fork_parent_detached_unrelated_debugger, tc)
954 {
955 	pid_t children[2], fpid, wpid;
956 	int cpipe[2], status;
957 
958 	REQUIRE_EQ(pipe(cpipe), 0);
959 	ATF_REQUIRE((fpid = fork()) != -1);
960 	if (fpid == 0) {
961 		attach_fork_parent(cpipe);
962 		follow_fork_parent(false);
963 	}
964 
965 	/* Parent process. */
966 	close(cpipe[1]);
967 
968 	/* Wait for the direct child to exit. */
969 	wpid = waitpid(fpid, &status, 0);
970 	REQUIRE_EQ(wpid, fpid);
971 	ATF_REQUIRE(WIFEXITED(status));
972 	REQUIRE_EQ(WEXITSTATUS(status), 3);
973 
974 	/* Read the pid of the fork parent. */
975 	REQUIRE_EQ(read(cpipe[0], &children[0], sizeof(children[0])),
976 	    (ssize_t)sizeof(children[0]));
977 
978 	/* Attach to the fork parent. */
979 	attach_child(children[0]);
980 
981 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
982 
983 	/* Continue the fork parent ignoring the SIGSTOP. */
984 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
985 
986 	/* Signal the fork parent to continue. */
987 	close(cpipe[0]);
988 
989 	children[1] = handle_fork_events(children[0], NULL);
990 	ATF_REQUIRE(children[1] > 0);
991 
992 	ATF_REQUIRE(ptrace(PT_DETACH, children[0], (caddr_t)1, 0) != -1);
993 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
994 
995 	/*
996 	 * Should not see any status from the fork parent now, only
997 	 * the child.
998 	 */
999 	wpid = wait(&status);
1000 	REQUIRE_EQ(wpid, children[1]);
1001 	ATF_REQUIRE(WIFEXITED(status));
1002 	REQUIRE_EQ(WEXITSTATUS(status), 2);
1003 
1004 	wpid = wait(&status);
1005 	REQUIRE_EQ(wpid, -1);
1006 	REQUIRE_EQ(errno, ECHILD);
1007 }
1008 
1009 /*
1010  * Verify that a child process does not see an unrelated debugger as its
1011  * parent but sees its original parent process.
1012  */
1013 ATF_TC_WITHOUT_HEAD(ptrace__getppid);
1014 ATF_TC_BODY(ptrace__getppid, tc)
1015 {
1016 	pid_t child, debugger, ppid, wpid;
1017 	int cpipe[2], dpipe[2], status;
1018 	char c;
1019 
1020 	REQUIRE_EQ(pipe(cpipe), 0);
1021 	ATF_REQUIRE((child = fork()) != -1);
1022 
1023 	if (child == 0) {
1024 		/* Child process. */
1025 		close(cpipe[0]);
1026 
1027 		/* Wait for parent to be ready. */
1028 		CHILD_REQUIRE_EQ(read(cpipe[1], &c, sizeof(c)),
1029 		    (ssize_t)sizeof(c));
1030 
1031 		/* Report the parent PID to the parent. */
1032 		ppid = getppid();
1033 		CHILD_REQUIRE_EQ(write(cpipe[1], &ppid, sizeof(ppid)),
1034 		    (ssize_t)sizeof(ppid));
1035 
1036 		_exit(1);
1037 	}
1038 	close(cpipe[1]);
1039 
1040 	REQUIRE_EQ(pipe(dpipe), 0);
1041 	ATF_REQUIRE((debugger = fork()) != -1);
1042 
1043 	if (debugger == 0) {
1044 		/* Debugger process. */
1045 		close(dpipe[0]);
1046 
1047 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
1048 
1049 		wpid = waitpid(child, &status, 0);
1050 		CHILD_REQUIRE_EQ(wpid, child);
1051 		CHILD_REQUIRE(WIFSTOPPED(status));
1052 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1053 
1054 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
1055 
1056 		/* Signal parent that debugger is attached. */
1057 		CHILD_REQUIRE_EQ(write(dpipe[1], &c, sizeof(c)),
1058 		    (ssize_t)sizeof(c));
1059 
1060 		/* Wait for traced child to exit. */
1061 		wpid = waitpid(child, &status, 0);
1062 		CHILD_REQUIRE_EQ(wpid, child);
1063 		CHILD_REQUIRE(WIFEXITED(status));
1064 		CHILD_REQUIRE_EQ(WEXITSTATUS(status), 1);
1065 
1066 		_exit(0);
1067 	}
1068 	close(dpipe[1]);
1069 
1070 	/* Parent process. */
1071 
1072 	/* Wait for the debugger to attach to the child. */
1073 	REQUIRE_EQ(read(dpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
1074 
1075 	/* Release the child. */
1076 	REQUIRE_EQ(write(cpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
1077 
1078 	/* Read the parent PID from the child. */
1079 	REQUIRE_EQ(read(cpipe[0], &ppid, sizeof(ppid)), (ssize_t)sizeof(ppid));
1080 	close(cpipe[0]);
1081 
1082 	REQUIRE_EQ(ppid, getpid());
1083 
1084 	/* Wait for the debugger. */
1085 	wpid = waitpid(debugger, &status, 0);
1086 	REQUIRE_EQ(wpid, debugger);
1087 	ATF_REQUIRE(WIFEXITED(status));
1088 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1089 
1090 	/* The child process should now be ready. */
1091 	wpid = waitpid(child, &status, WNOHANG);
1092 	REQUIRE_EQ(wpid, child);
1093 	ATF_REQUIRE(WIFEXITED(status));
1094 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1095 }
1096 
1097 /*
1098  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1099  * child process created via fork() reports the correct value.
1100  */
1101 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_fork);
1102 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_fork, tc)
1103 {
1104 	struct ptrace_lwpinfo pl[2];
1105 	pid_t children[2], fpid, wpid;
1106 	int status;
1107 
1108 	ATF_REQUIRE((fpid = fork()) != -1);
1109 	if (fpid == 0) {
1110 		trace_me();
1111 		follow_fork_parent(false);
1112 	}
1113 
1114 	/* Parent process. */
1115 	children[0] = fpid;
1116 
1117 	/* The first wait() should report the stop from SIGSTOP. */
1118 	wpid = waitpid(children[0], &status, 0);
1119 	REQUIRE_EQ(wpid, children[0]);
1120 	ATF_REQUIRE(WIFSTOPPED(status));
1121 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1122 
1123 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
1124 
1125 	/* Continue the child ignoring the SIGSTOP. */
1126 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1127 
1128 	/* Wait for both halves of the fork event to get reported. */
1129 	children[1] = handle_fork_events(children[0], pl);
1130 	ATF_REQUIRE(children[1] > 0);
1131 
1132 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_SCX) != 0);
1133 	ATF_REQUIRE((pl[1].pl_flags & PL_FLAG_SCX) != 0);
1134 	REQUIRE_EQ(pl[0].pl_syscall_code, (unsigned)SYS_fork);
1135 	REQUIRE_EQ(pl[0].pl_syscall_code, pl[1].pl_syscall_code);
1136 	REQUIRE_EQ(pl[0].pl_syscall_narg, pl[1].pl_syscall_narg);
1137 
1138 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1139 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1140 
1141 	/*
1142 	 * The child can't exit until the grandchild reports status, so the
1143 	 * grandchild should report its exit first to the debugger.
1144 	 */
1145 	wpid = wait(&status);
1146 	REQUIRE_EQ(wpid, children[1]);
1147 	ATF_REQUIRE(WIFEXITED(status));
1148 	REQUIRE_EQ(WEXITSTATUS(status), 2);
1149 
1150 	wpid = wait(&status);
1151 	REQUIRE_EQ(wpid, children[0]);
1152 	ATF_REQUIRE(WIFEXITED(status));
1153 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1154 
1155 	wpid = wait(&status);
1156 	REQUIRE_EQ(wpid, -1);
1157 	REQUIRE_EQ(errno, ECHILD);
1158 }
1159 
1160 /*
1161  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1162  * child process created via vfork() reports the correct value.
1163  */
1164 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_vfork);
1165 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_vfork, tc)
1166 {
1167 	struct ptrace_lwpinfo pl[2];
1168 	pid_t children[2], fpid, wpid;
1169 	int status;
1170 
1171 	ATF_REQUIRE((fpid = fork()) != -1);
1172 	if (fpid == 0) {
1173 		trace_me();
1174 		follow_fork_parent(true);
1175 	}
1176 
1177 	/* Parent process. */
1178 	children[0] = fpid;
1179 
1180 	/* The first wait() should report the stop from SIGSTOP. */
1181 	wpid = waitpid(children[0], &status, 0);
1182 	REQUIRE_EQ(wpid, children[0]);
1183 	ATF_REQUIRE(WIFSTOPPED(status));
1184 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1185 
1186 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
1187 
1188 	/* Continue the child ignoring the SIGSTOP. */
1189 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1190 
1191 	/* Wait for both halves of the fork event to get reported. */
1192 	children[1] = handle_fork_events(children[0], pl);
1193 	ATF_REQUIRE(children[1] > 0);
1194 
1195 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_SCX) != 0);
1196 	ATF_REQUIRE((pl[1].pl_flags & PL_FLAG_SCX) != 0);
1197 	REQUIRE_EQ(pl[0].pl_syscall_code, (unsigned)SYS_vfork);
1198 	REQUIRE_EQ(pl[0].pl_syscall_code, pl[1].pl_syscall_code);
1199 	REQUIRE_EQ(pl[0].pl_syscall_narg, pl[1].pl_syscall_narg);
1200 
1201 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1202 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1203 
1204 	/*
1205 	 * The child can't exit until the grandchild reports status, so the
1206 	 * grandchild should report its exit first to the debugger.
1207 	 */
1208 	wpid = wait(&status);
1209 	REQUIRE_EQ(wpid, children[1]);
1210 	ATF_REQUIRE(WIFEXITED(status));
1211 	REQUIRE_EQ(WEXITSTATUS(status), 2);
1212 
1213 	wpid = wait(&status);
1214 	REQUIRE_EQ(wpid, children[0]);
1215 	ATF_REQUIRE(WIFEXITED(status));
1216 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1217 
1218 	wpid = wait(&status);
1219 	REQUIRE_EQ(wpid, -1);
1220 	REQUIRE_EQ(errno, ECHILD);
1221 }
1222 
1223 static void *
1224 simple_thread(void *arg __unused)
1225 {
1226 
1227 	pthread_exit(NULL);
1228 }
1229 
1230 static __dead2 void
1231 simple_thread_main(void)
1232 {
1233 	pthread_t thread;
1234 
1235 	CHILD_REQUIRE_EQ(pthread_create(&thread, NULL, simple_thread, NULL), 0);
1236 	CHILD_REQUIRE_EQ(pthread_join(thread, NULL), 0);
1237 	exit(1);
1238 }
1239 
1240 /*
1241  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1242  * thread reports the correct value.
1243  */
1244 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_thread);
1245 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_thread, tc)
1246 {
1247 	struct ptrace_lwpinfo pl;
1248 	pid_t fpid, wpid;
1249 	lwpid_t mainlwp;
1250 	int status;
1251 
1252 	ATF_REQUIRE((fpid = fork()) != -1);
1253 	if (fpid == 0) {
1254 		trace_me();
1255 		simple_thread_main();
1256 	}
1257 
1258 	/* The first wait() should report the stop from SIGSTOP. */
1259 	wpid = waitpid(fpid, &status, 0);
1260 	REQUIRE_EQ(wpid, fpid);
1261 	ATF_REQUIRE(WIFSTOPPED(status));
1262 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1263 
1264 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1265 	    sizeof(pl)) != -1);
1266 	mainlwp = pl.pl_lwpid;
1267 
1268 	/*
1269 	 * Continue the child ignoring the SIGSTOP and tracing all
1270 	 * system call exits.
1271 	 */
1272 	ATF_REQUIRE(ptrace(PT_TO_SCX, fpid, (caddr_t)1, 0) != -1);
1273 
1274 	/*
1275 	 * Wait for the new thread to arrive.  pthread_create() might
1276 	 * invoke any number of system calls.  For now we just wait
1277 	 * for the new thread to arrive and make sure it reports a
1278 	 * valid system call code.  If ptrace grows thread event
1279 	 * reporting then this test can be made more precise.
1280 	 */
1281 	for (;;) {
1282 		wpid = waitpid(fpid, &status, 0);
1283 		REQUIRE_EQ(wpid, fpid);
1284 		ATF_REQUIRE(WIFSTOPPED(status));
1285 		REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1286 
1287 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1288 		    sizeof(pl)) != -1);
1289 		ATF_REQUIRE((pl.pl_flags & PL_FLAG_SCX) != 0);
1290 		ATF_REQUIRE(pl.pl_syscall_code != 0);
1291 		if (pl.pl_lwpid != mainlwp)
1292 			/* New thread seen. */
1293 			break;
1294 
1295 		REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1296 	}
1297 
1298 	/* Wait for the child to exit. */
1299 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1300 	for (;;) {
1301 		wpid = waitpid(fpid, &status, 0);
1302 		REQUIRE_EQ(wpid, fpid);
1303 		if (WIFEXITED(status))
1304 			break;
1305 
1306 		ATF_REQUIRE(WIFSTOPPED(status));
1307 		REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1308 		REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1309 	}
1310 
1311 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1312 
1313 	wpid = wait(&status);
1314 	REQUIRE_EQ(wpid, -1);
1315 	REQUIRE_EQ(errno, ECHILD);
1316 }
1317 
1318 /*
1319  * Verify that the expected LWP events are reported for a child thread.
1320  */
1321 ATF_TC_WITHOUT_HEAD(ptrace__lwp_events);
1322 ATF_TC_BODY(ptrace__lwp_events, tc)
1323 {
1324 	struct ptrace_lwpinfo pl;
1325 	pid_t fpid, wpid;
1326 	lwpid_t lwps[2];
1327 	int status;
1328 
1329 	ATF_REQUIRE((fpid = fork()) != -1);
1330 	if (fpid == 0) {
1331 		trace_me();
1332 		simple_thread_main();
1333 	}
1334 
1335 	/* The first wait() should report the stop from SIGSTOP. */
1336 	wpid = waitpid(fpid, &status, 0);
1337 	REQUIRE_EQ(wpid, fpid);
1338 	ATF_REQUIRE(WIFSTOPPED(status));
1339 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1340 
1341 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1342 	    sizeof(pl)) != -1);
1343 	lwps[0] = pl.pl_lwpid;
1344 
1345 	REQUIRE_EQ(ptrace(PT_LWP_EVENTS, wpid, NULL, 1), 0);
1346 
1347 	/* Continue the child ignoring the SIGSTOP. */
1348 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1349 
1350 	/* The first event should be for the child thread's birth. */
1351 	wpid = waitpid(fpid, &status, 0);
1352 	REQUIRE_EQ(wpid, fpid);
1353 	ATF_REQUIRE(WIFSTOPPED(status));
1354 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1355 
1356 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1357 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
1358 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1359 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
1360 	lwps[1] = pl.pl_lwpid;
1361 
1362 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1363 
1364 	/* The next event should be for the child thread's death. */
1365 	wpid = waitpid(fpid, &status, 0);
1366 	REQUIRE_EQ(wpid, fpid);
1367 	ATF_REQUIRE(WIFSTOPPED(status));
1368 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1369 
1370 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1371 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_EXITED | PL_FLAG_SCE)),
1372 	    (PL_FLAG_EXITED | PL_FLAG_SCE));
1373 	REQUIRE_EQ(pl.pl_lwpid, lwps[1]);
1374 
1375 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1376 
1377 	/* The last event should be for the child process's exit. */
1378 	wpid = waitpid(fpid, &status, 0);
1379 	ATF_REQUIRE(WIFEXITED(status));
1380 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1381 
1382 	wpid = wait(&status);
1383 	REQUIRE_EQ(wpid, -1);
1384 	REQUIRE_EQ(errno, ECHILD);
1385 }
1386 
1387 static void *
1388 exec_thread(void *arg __unused)
1389 {
1390 
1391 	execl("/usr/bin/true", "true", NULL);
1392 	exit(127);
1393 }
1394 
1395 static __dead2 void
1396 exec_thread_main(void)
1397 {
1398 	pthread_t thread;
1399 
1400 	CHILD_REQUIRE_EQ(pthread_create(&thread, NULL, exec_thread, NULL), 0);
1401 	for (;;)
1402 		sleep(60);
1403 	exit(1);
1404 }
1405 
1406 /*
1407  * Verify that the expected LWP events are reported for a multithreaded
1408  * process that calls execve(2).
1409  */
1410 ATF_TC_WITHOUT_HEAD(ptrace__lwp_events_exec);
1411 ATF_TC_BODY(ptrace__lwp_events_exec, tc)
1412 {
1413 	struct ptrace_lwpinfo pl;
1414 	pid_t fpid, wpid;
1415 	lwpid_t lwps[2];
1416 	int status;
1417 
1418 	ATF_REQUIRE((fpid = fork()) != -1);
1419 	if (fpid == 0) {
1420 		trace_me();
1421 		exec_thread_main();
1422 	}
1423 
1424 	/* The first wait() should report the stop from SIGSTOP. */
1425 	wpid = waitpid(fpid, &status, 0);
1426 	REQUIRE_EQ(wpid, fpid);
1427 	ATF_REQUIRE(WIFSTOPPED(status));
1428 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1429 
1430 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1431 	    sizeof(pl)) != -1);
1432 	lwps[0] = pl.pl_lwpid;
1433 
1434 	REQUIRE_EQ(ptrace(PT_LWP_EVENTS, wpid, NULL, 1), 0);
1435 
1436 	/* Continue the child ignoring the SIGSTOP. */
1437 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1438 
1439 	/* The first event should be for the child thread's birth. */
1440 	wpid = waitpid(fpid, &status, 0);
1441 	REQUIRE_EQ(wpid, fpid);
1442 	ATF_REQUIRE(WIFSTOPPED(status));
1443 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1444 
1445 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1446 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
1447 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1448 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
1449 	lwps[1] = pl.pl_lwpid;
1450 
1451 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1452 
1453 	/*
1454 	 * The next event should be for the main thread's death due to
1455 	 * single threading from execve().
1456 	 */
1457 	wpid = waitpid(fpid, &status, 0);
1458 	REQUIRE_EQ(wpid, fpid);
1459 	ATF_REQUIRE(WIFSTOPPED(status));
1460 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1461 
1462 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1463 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_EXITED | PL_FLAG_SCE)),
1464 	    (PL_FLAG_EXITED));
1465 	REQUIRE_EQ(pl.pl_lwpid, lwps[0]);
1466 
1467 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1468 
1469 	/* The next event should be for the child process's exec. */
1470 	wpid = waitpid(fpid, &status, 0);
1471 	ATF_REQUIRE(WIFSTOPPED(status));
1472 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1473 
1474 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1475 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_EXEC | PL_FLAG_SCX)),
1476 	    (PL_FLAG_EXEC | PL_FLAG_SCX));
1477 	REQUIRE_EQ(pl.pl_lwpid, lwps[1]);
1478 
1479 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1480 
1481 	/* The last event should be for the child process's exit. */
1482 	wpid = waitpid(fpid, &status, 0);
1483 	ATF_REQUIRE(WIFEXITED(status));
1484 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1485 
1486 	wpid = wait(&status);
1487 	REQUIRE_EQ(wpid, -1);
1488 	REQUIRE_EQ(errno, ECHILD);
1489 }
1490 
1491 static void
1492 handler(int sig __unused)
1493 {
1494 }
1495 
1496 static void
1497 signal_main(void)
1498 {
1499 
1500 	signal(SIGINFO, handler);
1501 	raise(SIGINFO);
1502 	exit(0);
1503 }
1504 
1505 /*
1506  * Verify that the expected ptrace event is reported for a signal.
1507  */
1508 ATF_TC_WITHOUT_HEAD(ptrace__siginfo);
1509 ATF_TC_BODY(ptrace__siginfo, tc)
1510 {
1511 	struct ptrace_lwpinfo pl;
1512 	pid_t fpid, wpid;
1513 	int status;
1514 
1515 	ATF_REQUIRE((fpid = fork()) != -1);
1516 	if (fpid == 0) {
1517 		trace_me();
1518 		signal_main();
1519 	}
1520 
1521 	/* The first wait() should report the stop from SIGSTOP. */
1522 	wpid = waitpid(fpid, &status, 0);
1523 	REQUIRE_EQ(wpid, fpid);
1524 	ATF_REQUIRE(WIFSTOPPED(status));
1525 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1526 
1527 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1528 
1529 	/* The next event should be for the SIGINFO. */
1530 	wpid = waitpid(fpid, &status, 0);
1531 	ATF_REQUIRE(WIFSTOPPED(status));
1532 	REQUIRE_EQ(WSTOPSIG(status), SIGINFO);
1533 
1534 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1535 	REQUIRE_EQ(pl.pl_event, PL_EVENT_SIGNAL);
1536 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
1537 	REQUIRE_EQ(pl.pl_siginfo.si_code, SI_LWP);
1538 	REQUIRE_EQ(pl.pl_siginfo.si_pid, wpid);
1539 
1540 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1541 
1542 	/* The last event should be for the child process's exit. */
1543 	wpid = waitpid(fpid, &status, 0);
1544 	ATF_REQUIRE(WIFEXITED(status));
1545 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1546 
1547 	wpid = wait(&status);
1548 	REQUIRE_EQ(wpid, -1);
1549 	REQUIRE_EQ(errno, ECHILD);
1550 }
1551 
1552 /*
1553  * Verify that the expected ptrace events are reported for PTRACE_EXEC.
1554  */
1555 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_exec_disable);
1556 ATF_TC_BODY(ptrace__ptrace_exec_disable, tc)
1557 {
1558 	pid_t fpid, wpid;
1559 	int events, status;
1560 
1561 	ATF_REQUIRE((fpid = fork()) != -1);
1562 	if (fpid == 0) {
1563 		trace_me();
1564 		exec_thread(NULL);
1565 	}
1566 
1567 	/* The first wait() should report the stop from SIGSTOP. */
1568 	wpid = waitpid(fpid, &status, 0);
1569 	REQUIRE_EQ(wpid, fpid);
1570 	ATF_REQUIRE(WIFSTOPPED(status));
1571 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1572 
1573 	events = 0;
1574 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
1575 	    sizeof(events)) == 0);
1576 
1577 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1578 
1579 	/* Should get one event at exit. */
1580 	wpid = waitpid(fpid, &status, 0);
1581 	ATF_REQUIRE(WIFEXITED(status));
1582 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1583 
1584 	wpid = wait(&status);
1585 	REQUIRE_EQ(wpid, -1);
1586 	REQUIRE_EQ(errno, ECHILD);
1587 }
1588 
1589 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_exec_enable);
1590 ATF_TC_BODY(ptrace__ptrace_exec_enable, tc)
1591 {
1592 	struct ptrace_lwpinfo pl;
1593 	pid_t fpid, wpid;
1594 	int events, status;
1595 
1596 	ATF_REQUIRE((fpid = fork()) != -1);
1597 	if (fpid == 0) {
1598 		trace_me();
1599 		exec_thread(NULL);
1600 	}
1601 
1602 	/* The first wait() should report the stop from SIGSTOP. */
1603 	wpid = waitpid(fpid, &status, 0);
1604 	REQUIRE_EQ(wpid, fpid);
1605 	ATF_REQUIRE(WIFSTOPPED(status));
1606 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1607 
1608 	events = PTRACE_EXEC;
1609 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
1610 	    sizeof(events)) == 0);
1611 
1612 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1613 
1614 	/* The next event should be for the child process's exec. */
1615 	wpid = waitpid(fpid, &status, 0);
1616 	ATF_REQUIRE(WIFSTOPPED(status));
1617 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1618 
1619 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1620 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_EXEC | PL_FLAG_SCX)),
1621 	    (PL_FLAG_EXEC | PL_FLAG_SCX));
1622 
1623 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1624 
1625 	/* The last event should be for the child process's exit. */
1626 	wpid = waitpid(fpid, &status, 0);
1627 	ATF_REQUIRE(WIFEXITED(status));
1628 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1629 
1630 	wpid = wait(&status);
1631 	REQUIRE_EQ(wpid, -1);
1632 	REQUIRE_EQ(errno, ECHILD);
1633 }
1634 
1635 ATF_TC_WITHOUT_HEAD(ptrace__event_mask);
1636 ATF_TC_BODY(ptrace__event_mask, tc)
1637 {
1638 	pid_t fpid, wpid;
1639 	int events, status;
1640 
1641 	ATF_REQUIRE((fpid = fork()) != -1);
1642 	if (fpid == 0) {
1643 		trace_me();
1644 		exit(0);
1645 	}
1646 
1647 	/* The first wait() should report the stop from SIGSTOP. */
1648 	wpid = waitpid(fpid, &status, 0);
1649 	REQUIRE_EQ(wpid, fpid);
1650 	ATF_REQUIRE(WIFSTOPPED(status));
1651 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1652 
1653 	/* PT_FOLLOW_FORK should toggle the state of PTRACE_FORK. */
1654 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, fpid, NULL, 1) != -1);
1655 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1656 	    sizeof(events)) == 0);
1657 	ATF_REQUIRE(events & PTRACE_FORK);
1658 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, fpid, NULL, 0) != -1);
1659 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1660 	    sizeof(events)) == 0);
1661 	ATF_REQUIRE(!(events & PTRACE_FORK));
1662 
1663 	/* PT_LWP_EVENTS should toggle the state of PTRACE_LWP. */
1664 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, fpid, NULL, 1) != -1);
1665 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1666 	    sizeof(events)) == 0);
1667 	ATF_REQUIRE(events & PTRACE_LWP);
1668 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, fpid, NULL, 0) != -1);
1669 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1670 	    sizeof(events)) == 0);
1671 	ATF_REQUIRE(!(events & PTRACE_LWP));
1672 
1673 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1674 
1675 	/* Should get one event at exit. */
1676 	wpid = waitpid(fpid, &status, 0);
1677 	ATF_REQUIRE(WIFEXITED(status));
1678 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1679 
1680 	wpid = wait(&status);
1681 	REQUIRE_EQ(wpid, -1);
1682 	REQUIRE_EQ(errno, ECHILD);
1683 }
1684 
1685 /*
1686  * Verify that the expected ptrace events are reported for PTRACE_VFORK.
1687  */
1688 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_vfork);
1689 ATF_TC_BODY(ptrace__ptrace_vfork, tc)
1690 {
1691 	struct ptrace_lwpinfo pl;
1692 	pid_t fpid, wpid;
1693 	int events, status;
1694 
1695 	ATF_REQUIRE((fpid = fork()) != -1);
1696 	if (fpid == 0) {
1697 		trace_me();
1698 		follow_fork_parent(true);
1699 	}
1700 
1701 	/* The first wait() should report the stop from SIGSTOP. */
1702 	wpid = waitpid(fpid, &status, 0);
1703 	REQUIRE_EQ(wpid, fpid);
1704 	ATF_REQUIRE(WIFSTOPPED(status));
1705 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1706 
1707 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1708 	    sizeof(events)) == 0);
1709 	events |= PTRACE_VFORK;
1710 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
1711 	    sizeof(events)) == 0);
1712 
1713 	/* Continue the child ignoring the SIGSTOP. */
1714 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) != -1);
1715 
1716 	/* The next event should report the end of the vfork. */
1717 	wpid = wait(&status);
1718 	REQUIRE_EQ(wpid, fpid);
1719 	ATF_REQUIRE(WIFSTOPPED(status));
1720 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1721 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1722 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_VFORK_DONE) != 0);
1723 
1724 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) != -1);
1725 
1726 	wpid = wait(&status);
1727 	REQUIRE_EQ(wpid, fpid);
1728 	ATF_REQUIRE(WIFEXITED(status));
1729 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1730 
1731 	wpid = wait(&status);
1732 	REQUIRE_EQ(wpid, -1);
1733 	REQUIRE_EQ(errno, ECHILD);
1734 }
1735 
1736 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_vfork_follow);
1737 ATF_TC_BODY(ptrace__ptrace_vfork_follow, tc)
1738 {
1739 	struct ptrace_lwpinfo pl[2];
1740 	pid_t children[2], fpid, wpid;
1741 	int events, status;
1742 
1743 	ATF_REQUIRE((fpid = fork()) != -1);
1744 	if (fpid == 0) {
1745 		trace_me();
1746 		follow_fork_parent(true);
1747 	}
1748 
1749 	/* Parent process. */
1750 	children[0] = fpid;
1751 
1752 	/* The first wait() should report the stop from SIGSTOP. */
1753 	wpid = waitpid(children[0], &status, 0);
1754 	REQUIRE_EQ(wpid, children[0]);
1755 	ATF_REQUIRE(WIFSTOPPED(status));
1756 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1757 
1758 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, children[0], (caddr_t)&events,
1759 	    sizeof(events)) == 0);
1760 	events |= PTRACE_FORK | PTRACE_VFORK;
1761 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, children[0], (caddr_t)&events,
1762 	    sizeof(events)) == 0);
1763 
1764 	/* Continue the child ignoring the SIGSTOP. */
1765 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1766 
1767 	/* Wait for both halves of the fork event to get reported. */
1768 	children[1] = handle_fork_events(children[0], pl);
1769 	ATF_REQUIRE(children[1] > 0);
1770 
1771 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_VFORKED) != 0);
1772 
1773 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1774 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1775 
1776 	/*
1777 	 * The child can't exit until the grandchild reports status, so the
1778 	 * grandchild should report its exit first to the debugger.
1779 	 */
1780 	wpid = waitpid(children[1], &status, 0);
1781 	REQUIRE_EQ(wpid, children[1]);
1782 	ATF_REQUIRE(WIFEXITED(status));
1783 	REQUIRE_EQ(WEXITSTATUS(status), 2);
1784 
1785 	/*
1786 	 * The child should report it's vfork() completion before it
1787 	 * exits.
1788 	 */
1789 	wpid = wait(&status);
1790 	REQUIRE_EQ(wpid, children[0]);
1791 	ATF_REQUIRE(WIFSTOPPED(status));
1792 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1793 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl[0], sizeof(pl[0])) !=
1794 	    -1);
1795 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_VFORK_DONE) != 0);
1796 
1797 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1798 
1799 	wpid = wait(&status);
1800 	REQUIRE_EQ(wpid, children[0]);
1801 	ATF_REQUIRE(WIFEXITED(status));
1802 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1803 
1804 	wpid = wait(&status);
1805 	REQUIRE_EQ(wpid, -1);
1806 	REQUIRE_EQ(errno, ECHILD);
1807 }
1808 
1809 #ifdef HAVE_BREAKPOINT
1810 /*
1811  * Verify that no more events are reported after PT_KILL except for the
1812  * process exit when stopped due to a breakpoint trap.
1813  */
1814 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_breakpoint);
1815 ATF_TC_BODY(ptrace__PT_KILL_breakpoint, tc)
1816 {
1817 	pid_t fpid, wpid;
1818 	int status;
1819 
1820 	ATF_REQUIRE((fpid = fork()) != -1);
1821 	if (fpid == 0) {
1822 		trace_me();
1823 		breakpoint();
1824 		exit(1);
1825 	}
1826 
1827 	/* The first wait() should report the stop from SIGSTOP. */
1828 	wpid = waitpid(fpid, &status, 0);
1829 	REQUIRE_EQ(wpid, fpid);
1830 	ATF_REQUIRE(WIFSTOPPED(status));
1831 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1832 
1833 	/* Continue the child ignoring the SIGSTOP. */
1834 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1835 
1836 	/* The second wait() should report hitting the breakpoint. */
1837 	wpid = waitpid(fpid, &status, 0);
1838 	REQUIRE_EQ(wpid, fpid);
1839 	ATF_REQUIRE(WIFSTOPPED(status));
1840 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1841 
1842 	/* Kill the child process. */
1843 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
1844 
1845 	/* The last wait() should report the SIGKILL. */
1846 	wpid = waitpid(fpid, &status, 0);
1847 	REQUIRE_EQ(wpid, fpid);
1848 	ATF_REQUIRE(WIFSIGNALED(status));
1849 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
1850 
1851 	wpid = wait(&status);
1852 	REQUIRE_EQ(wpid, -1);
1853 	REQUIRE_EQ(errno, ECHILD);
1854 }
1855 #endif /* HAVE_BREAKPOINT */
1856 
1857 /*
1858  * Verify that no more events are reported after PT_KILL except for the
1859  * process exit when stopped inside of a system call.
1860  */
1861 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_system_call);
1862 ATF_TC_BODY(ptrace__PT_KILL_system_call, tc)
1863 {
1864 	struct ptrace_lwpinfo pl;
1865 	pid_t fpid, wpid;
1866 	int status;
1867 
1868 	ATF_REQUIRE((fpid = fork()) != -1);
1869 	if (fpid == 0) {
1870 		trace_me();
1871 		getpid();
1872 		exit(1);
1873 	}
1874 
1875 	/* The first wait() should report the stop from SIGSTOP. */
1876 	wpid = waitpid(fpid, &status, 0);
1877 	REQUIRE_EQ(wpid, fpid);
1878 	ATF_REQUIRE(WIFSTOPPED(status));
1879 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1880 
1881 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
1882 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
1883 
1884 	/* The second wait() should report a system call entry for getpid(). */
1885 	wpid = waitpid(fpid, &status, 0);
1886 	REQUIRE_EQ(wpid, fpid);
1887 	ATF_REQUIRE(WIFSTOPPED(status));
1888 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1889 
1890 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1891 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
1892 
1893 	/* Kill the child process. */
1894 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
1895 
1896 	/* The last wait() should report the SIGKILL. */
1897 	wpid = waitpid(fpid, &status, 0);
1898 	REQUIRE_EQ(wpid, fpid);
1899 	ATF_REQUIRE(WIFSIGNALED(status));
1900 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
1901 
1902 	wpid = wait(&status);
1903 	REQUIRE_EQ(wpid, -1);
1904 	REQUIRE_EQ(errno, ECHILD);
1905 }
1906 
1907 /*
1908  * Verify that no more events are reported after PT_KILL except for the
1909  * process exit when killing a multithreaded process.
1910  */
1911 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_threads);
1912 ATF_TC_BODY(ptrace__PT_KILL_threads, tc)
1913 {
1914 	struct ptrace_lwpinfo pl;
1915 	pid_t fpid, wpid;
1916 	lwpid_t main_lwp;
1917 	int status;
1918 
1919 	ATF_REQUIRE((fpid = fork()) != -1);
1920 	if (fpid == 0) {
1921 		trace_me();
1922 		simple_thread_main();
1923 	}
1924 
1925 	/* The first wait() should report the stop from SIGSTOP. */
1926 	wpid = waitpid(fpid, &status, 0);
1927 	REQUIRE_EQ(wpid, fpid);
1928 	ATF_REQUIRE(WIFSTOPPED(status));
1929 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1930 
1931 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1932 	    sizeof(pl)) != -1);
1933 	main_lwp = pl.pl_lwpid;
1934 
1935 	REQUIRE_EQ(ptrace(PT_LWP_EVENTS, wpid, NULL, 1), 0);
1936 
1937 	/* Continue the child ignoring the SIGSTOP. */
1938 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1939 
1940 	/* The first event should be for the child thread's birth. */
1941 	wpid = waitpid(fpid, &status, 0);
1942 	REQUIRE_EQ(wpid, fpid);
1943 	ATF_REQUIRE(WIFSTOPPED(status));
1944 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1945 
1946 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1947 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
1948 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1949 	ATF_REQUIRE(pl.pl_lwpid != main_lwp);
1950 
1951 	/* Kill the child process. */
1952 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
1953 
1954 	/* The last wait() should report the SIGKILL. */
1955 	wpid = waitpid(fpid, &status, 0);
1956 	REQUIRE_EQ(wpid, fpid);
1957 	ATF_REQUIRE(WIFSIGNALED(status));
1958 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
1959 
1960 	wpid = wait(&status);
1961 	REQUIRE_EQ(wpid, -1);
1962 	REQUIRE_EQ(errno, ECHILD);
1963 }
1964 
1965 static void *
1966 mask_usr1_thread(void *arg)
1967 {
1968 	pthread_barrier_t *pbarrier;
1969 	sigset_t sigmask;
1970 
1971 	pbarrier = (pthread_barrier_t*)arg;
1972 
1973 	sigemptyset(&sigmask);
1974 	sigaddset(&sigmask, SIGUSR1);
1975 	CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
1976 
1977 	/* Sync up with other thread after sigmask updated. */
1978 	pthread_barrier_wait(pbarrier);
1979 
1980 	for (;;)
1981 		sleep(60);
1982 
1983 	return (NULL);
1984 }
1985 
1986 /*
1987  * Verify that the SIGKILL from PT_KILL takes priority over other signals
1988  * and prevents spurious stops due to those other signals.
1989  */
1990 ATF_TC(ptrace__PT_KILL_competing_signal);
1991 ATF_TC_HEAD(ptrace__PT_KILL_competing_signal, tc)
1992 {
1993 
1994 	atf_tc_set_md_var(tc, "require.user", "root");
1995 }
1996 ATF_TC_BODY(ptrace__PT_KILL_competing_signal, tc)
1997 {
1998 	pid_t fpid, wpid;
1999 	int status;
2000 	cpuset_t setmask;
2001 	pthread_t t;
2002 	pthread_barrier_t barrier;
2003 	struct sched_param sched_param;
2004 
2005 	ATF_REQUIRE((fpid = fork()) != -1);
2006 	if (fpid == 0) {
2007 		/* Bind to one CPU so only one thread at a time will run. */
2008 		CPU_ZERO(&setmask);
2009 		CPU_SET(0, &setmask);
2010 		cpusetid_t setid;
2011 		CHILD_REQUIRE_EQ(cpuset(&setid), 0);
2012 		CHILD_REQUIRE(cpuset_setaffinity(CPU_LEVEL_CPUSET,
2013 		    CPU_WHICH_CPUSET, setid, sizeof(setmask), &setmask) == 0);
2014 
2015 		CHILD_REQUIRE_EQ(pthread_barrier_init(&barrier, NULL, 2), 0);
2016 
2017 		CHILD_REQUIRE(pthread_create(&t, NULL, mask_usr1_thread,
2018 		    (void*)&barrier) == 0);
2019 
2020 		/*
2021 		 * Give the main thread higher priority. The test always
2022 		 * assumes that, if both threads are able to run, the main
2023 		 * thread runs first.
2024 		 */
2025 		sched_param.sched_priority =
2026 		    (sched_get_priority_max(SCHED_FIFO) +
2027 		    sched_get_priority_min(SCHED_FIFO)) / 2;
2028 		CHILD_REQUIRE(pthread_setschedparam(pthread_self(),
2029 		    SCHED_FIFO, &sched_param) == 0);
2030 		sched_param.sched_priority -= RQ_PPQ;
2031 		CHILD_REQUIRE(pthread_setschedparam(t, SCHED_FIFO,
2032 		    &sched_param) == 0);
2033 
2034 		sigset_t sigmask;
2035 		sigemptyset(&sigmask);
2036 		sigaddset(&sigmask, SIGUSR2);
2037 		CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
2038 
2039 		/* Sync up with other thread after sigmask updated. */
2040 		pthread_barrier_wait(&barrier);
2041 
2042 		trace_me();
2043 
2044 		for (;;)
2045 			sleep(60);
2046 
2047 		exit(1);
2048 	}
2049 
2050 	/* The first wait() should report the stop from SIGSTOP. */
2051 	wpid = waitpid(fpid, &status, 0);
2052 	REQUIRE_EQ(wpid, fpid);
2053 	ATF_REQUIRE(WIFSTOPPED(status));
2054 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2055 
2056 	/* Continue the child ignoring the SIGSTOP. */
2057 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2058 
2059 	/* Send a signal that only the second thread can handle. */
2060 	REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
2061 
2062 	/* The second wait() should report the SIGUSR2. */
2063 	wpid = waitpid(fpid, &status, 0);
2064 	REQUIRE_EQ(wpid, fpid);
2065 	ATF_REQUIRE(WIFSTOPPED(status));
2066 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
2067 
2068 	/* Send a signal that only the first thread can handle. */
2069 	REQUIRE_EQ(kill(fpid, SIGUSR1), 0);
2070 
2071 	/* Replace the SIGUSR2 with a kill. */
2072 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
2073 
2074 	/* The last wait() should report the SIGKILL (not the SIGUSR signal). */
2075 	wpid = waitpid(fpid, &status, 0);
2076 	REQUIRE_EQ(wpid, fpid);
2077 	ATF_REQUIRE(WIFSIGNALED(status));
2078 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
2079 
2080 	wpid = wait(&status);
2081 	REQUIRE_EQ(wpid, -1);
2082 	REQUIRE_EQ(errno, ECHILD);
2083 }
2084 
2085 /*
2086  * Verify that the SIGKILL from PT_KILL takes priority over other stop events
2087  * and prevents spurious stops caused by those events.
2088  */
2089 ATF_TC(ptrace__PT_KILL_competing_stop);
2090 ATF_TC_HEAD(ptrace__PT_KILL_competing_stop, tc)
2091 {
2092 
2093 	atf_tc_set_md_var(tc, "require.user", "root");
2094 }
2095 ATF_TC_BODY(ptrace__PT_KILL_competing_stop, tc)
2096 {
2097 	pid_t fpid, wpid;
2098 	int status;
2099 	cpuset_t setmask;
2100 	pthread_t t;
2101 	pthread_barrier_t barrier;
2102 	lwpid_t main_lwp;
2103 	struct ptrace_lwpinfo pl;
2104 	struct sched_param sched_param;
2105 
2106 	ATF_REQUIRE((fpid = fork()) != -1);
2107 	if (fpid == 0) {
2108 		trace_me();
2109 
2110 		/* Bind to one CPU so only one thread at a time will run. */
2111 		CPU_ZERO(&setmask);
2112 		CPU_SET(0, &setmask);
2113 		cpusetid_t setid;
2114 		CHILD_REQUIRE_EQ(cpuset(&setid), 0);
2115 		CHILD_REQUIRE(cpuset_setaffinity(CPU_LEVEL_CPUSET,
2116 		    CPU_WHICH_CPUSET, setid, sizeof(setmask), &setmask) == 0);
2117 
2118 		CHILD_REQUIRE_EQ(pthread_barrier_init(&barrier, NULL, 2), 0);
2119 
2120 		CHILD_REQUIRE(pthread_create(&t, NULL, mask_usr1_thread,
2121 		    (void*)&barrier) == 0);
2122 
2123 		/*
2124 		 * Give the main thread higher priority. The test always
2125 		 * assumes that, if both threads are able to run, the main
2126 		 * thread runs first.
2127 		 */
2128 		sched_param.sched_priority =
2129 		    (sched_get_priority_max(SCHED_FIFO) +
2130 		    sched_get_priority_min(SCHED_FIFO)) / 2;
2131 		CHILD_REQUIRE(pthread_setschedparam(pthread_self(),
2132 		    SCHED_FIFO, &sched_param) == 0);
2133 		sched_param.sched_priority -= RQ_PPQ;
2134 		CHILD_REQUIRE(pthread_setschedparam(t, SCHED_FIFO,
2135 		    &sched_param) == 0);
2136 
2137 		sigset_t sigmask;
2138 		sigemptyset(&sigmask);
2139 		sigaddset(&sigmask, SIGUSR2);
2140 		CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
2141 
2142 		/* Sync up with other thread after sigmask updated. */
2143 		pthread_barrier_wait(&barrier);
2144 
2145 		/* Sync up with the test before doing the getpid(). */
2146 		raise(SIGSTOP);
2147 
2148 		getpid();
2149 		exit(1);
2150 	}
2151 
2152 	/* The first wait() should report the stop from SIGSTOP. */
2153 	wpid = waitpid(fpid, &status, 0);
2154 	REQUIRE_EQ(wpid, fpid);
2155 	ATF_REQUIRE(WIFSTOPPED(status));
2156 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2157 
2158 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2159 	main_lwp = pl.pl_lwpid;
2160 
2161 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2162 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2163 
2164 	/*
2165 	 * Continue until child is done with setup, which is indicated with
2166 	 * SIGSTOP. Ignore system calls in the meantime.
2167 	 */
2168 	for (;;) {
2169 		wpid = waitpid(fpid, &status, 0);
2170 		REQUIRE_EQ(wpid, fpid);
2171 		ATF_REQUIRE(WIFSTOPPED(status));
2172 		if (WSTOPSIG(status) == SIGTRAP) {
2173 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
2174 			    sizeof(pl)) != -1);
2175 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2176 		} else {
2177 			REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2178 			break;
2179 		}
2180 		REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2181 	}
2182 
2183 	/* Proceed, allowing main thread to hit syscall entry for getpid(). */
2184 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2185 
2186 	wpid = waitpid(fpid, &status, 0);
2187 	REQUIRE_EQ(wpid, fpid);
2188 	ATF_REQUIRE(WIFSTOPPED(status));
2189 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2190 
2191 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
2192 	    sizeof(pl)) != -1);
2193 	REQUIRE_EQ(pl.pl_lwpid, main_lwp);
2194 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2195 	/* Prevent the main thread from hitting its syscall exit for now. */
2196 	REQUIRE_EQ(ptrace(PT_SUSPEND, main_lwp, 0, 0), 0);
2197 
2198 	/*
2199 	 * Proceed, allowing second thread to hit syscall exit for
2200 	 * pthread_barrier_wait().
2201 	 */
2202 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2203 
2204 	wpid = waitpid(fpid, &status, 0);
2205 	REQUIRE_EQ(wpid, fpid);
2206 	ATF_REQUIRE(WIFSTOPPED(status));
2207 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2208 
2209 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
2210 	    sizeof(pl)) != -1);
2211 	ATF_REQUIRE(pl.pl_lwpid != main_lwp);
2212 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
2213 
2214 	/* Send a signal that only the second thread can handle. */
2215 	REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
2216 
2217 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2218 
2219 	/* The next wait() should report the SIGUSR2. */
2220 	wpid = waitpid(fpid, &status, 0);
2221 	REQUIRE_EQ(wpid, fpid);
2222 	ATF_REQUIRE(WIFSTOPPED(status));
2223 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
2224 
2225 	/* Allow the main thread to try to finish its system call. */
2226 	REQUIRE_EQ(ptrace(PT_RESUME, main_lwp, 0, 0), 0);
2227 
2228 	/*
2229 	 * At this point, the main thread is in the middle of a system call and
2230 	 * has been resumed. The second thread has taken a SIGUSR2 which will
2231 	 * be replaced with a SIGKILL below. The main thread will get to run
2232 	 * first. It should notice the kill request (even though the signal
2233 	 * replacement occurred in the other thread) and exit accordingly.  It
2234 	 * should not stop for the system call exit event.
2235 	 */
2236 
2237 	/* Replace the SIGUSR2 with a kill. */
2238 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
2239 
2240 	/* The last wait() should report the SIGKILL (not a syscall exit). */
2241 	wpid = waitpid(fpid, &status, 0);
2242 	REQUIRE_EQ(wpid, fpid);
2243 	ATF_REQUIRE(WIFSIGNALED(status));
2244 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
2245 
2246 	wpid = wait(&status);
2247 	REQUIRE_EQ(wpid, -1);
2248 	REQUIRE_EQ(errno, ECHILD);
2249 }
2250 
2251 static void
2252 sigusr1_handler(int sig)
2253 {
2254 
2255 	CHILD_REQUIRE_EQ(sig, SIGUSR1);
2256 	_exit(2);
2257 }
2258 
2259 /*
2260  * Verify that even if the signal queue is full for a child process,
2261  * a PT_KILL will kill the process.
2262  */
2263 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_with_signal_full_sigqueue);
2264 ATF_TC_BODY(ptrace__PT_KILL_with_signal_full_sigqueue, tc)
2265 {
2266 	pid_t fpid, wpid;
2267 	int status;
2268 	int max_pending_per_proc;
2269 	size_t len;
2270 	int i;
2271 
2272 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_handler) != SIG_ERR);
2273 
2274 	ATF_REQUIRE((fpid = fork()) != -1);
2275 	if (fpid == 0) {
2276 		trace_me();
2277 		exit(1);
2278 	}
2279 
2280 	/* The first wait() should report the stop from SIGSTOP. */
2281 	wpid = waitpid(fpid, &status, 0);
2282 	REQUIRE_EQ(wpid, fpid);
2283 	ATF_REQUIRE(WIFSTOPPED(status));
2284 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2285 
2286 	len = sizeof(max_pending_per_proc);
2287 	ATF_REQUIRE(sysctlbyname("kern.sigqueue.max_pending_per_proc",
2288 	    &max_pending_per_proc, &len, NULL, 0) == 0);
2289 
2290 	/* Fill the signal queue. */
2291 	for (i = 0; i < max_pending_per_proc; ++i)
2292 		REQUIRE_EQ(kill(fpid, SIGUSR1), 0);
2293 
2294 	/* Kill the child process. */
2295 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
2296 
2297 	/* The last wait() should report the SIGKILL. */
2298 	wpid = waitpid(fpid, &status, 0);
2299 	REQUIRE_EQ(wpid, fpid);
2300 	ATF_REQUIRE(WIFSIGNALED(status));
2301 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
2302 
2303 	wpid = wait(&status);
2304 	REQUIRE_EQ(wpid, -1);
2305 	REQUIRE_EQ(errno, ECHILD);
2306 }
2307 
2308 /*
2309  * Verify that when stopped at a system call entry, a signal can be
2310  * requested with PT_CONTINUE which will be delivered once the system
2311  * call is complete.
2312  */
2313 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_system_call_entry);
2314 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_system_call_entry, tc)
2315 {
2316 	struct ptrace_lwpinfo pl;
2317 	pid_t fpid, wpid;
2318 	int status;
2319 
2320 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_handler) != SIG_ERR);
2321 
2322 	ATF_REQUIRE((fpid = fork()) != -1);
2323 	if (fpid == 0) {
2324 		trace_me();
2325 		getpid();
2326 		exit(1);
2327 	}
2328 
2329 	/* The first wait() should report the stop from SIGSTOP. */
2330 	wpid = waitpid(fpid, &status, 0);
2331 	REQUIRE_EQ(wpid, fpid);
2332 	ATF_REQUIRE(WIFSTOPPED(status));
2333 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2334 
2335 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2336 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2337 
2338 	/* The second wait() should report a system call entry for getpid(). */
2339 	wpid = waitpid(fpid, &status, 0);
2340 	REQUIRE_EQ(wpid, fpid);
2341 	ATF_REQUIRE(WIFSTOPPED(status));
2342 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2343 
2344 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2345 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2346 
2347 	/* Continue the child process with a signal. */
2348 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2349 
2350 	for (;;) {
2351 		/*
2352 		 * The last wait() should report exit 2, i.e., a normal _exit
2353 		 * from the signal handler. In the meantime, catch and proceed
2354 		 * past any syscall stops.
2355 		 */
2356 		wpid = waitpid(fpid, &status, 0);
2357 		REQUIRE_EQ(wpid, fpid);
2358 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2359 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2360 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2361 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2362 		} else {
2363 			ATF_REQUIRE(WIFEXITED(status));
2364 			REQUIRE_EQ(WEXITSTATUS(status), 2);
2365 			break;
2366 		}
2367 	}
2368 
2369 	wpid = wait(&status);
2370 	REQUIRE_EQ(wpid, -1);
2371 	REQUIRE_EQ(errno, ECHILD);
2372 }
2373 
2374 static void
2375 sigusr1_counting_handler(int sig)
2376 {
2377 	static int counter = 0;
2378 
2379 	CHILD_REQUIRE_EQ(sig, SIGUSR1);
2380 	counter++;
2381 	if (counter == 2)
2382 		_exit(2);
2383 }
2384 
2385 /*
2386  * Verify that, when continuing from a stop at system call entry and exit,
2387  * a signal can be requested from both stops, and both will be delivered when
2388  * the system call is complete.
2389  */
2390 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_system_call_entry_and_exit);
2391 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_system_call_entry_and_exit, tc)
2392 {
2393 	struct ptrace_lwpinfo pl;
2394 	pid_t fpid, wpid;
2395 	int status;
2396 
2397 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_counting_handler) != SIG_ERR);
2398 
2399 	ATF_REQUIRE((fpid = fork()) != -1);
2400 	if (fpid == 0) {
2401 		trace_me();
2402 		getpid();
2403 		exit(1);
2404 	}
2405 
2406 	/* The first wait() should report the stop from SIGSTOP. */
2407 	wpid = waitpid(fpid, &status, 0);
2408 	REQUIRE_EQ(wpid, fpid);
2409 	ATF_REQUIRE(WIFSTOPPED(status));
2410 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2411 
2412 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2413 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2414 
2415 	/* The second wait() should report a system call entry for getpid(). */
2416 	wpid = waitpid(fpid, &status, 0);
2417 	REQUIRE_EQ(wpid, fpid);
2418 	ATF_REQUIRE(WIFSTOPPED(status));
2419 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2420 
2421 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2422 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2423 
2424 	/* Continue the child process with a signal. */
2425 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2426 
2427 	/* The third wait() should report a system call exit for getpid(). */
2428 	wpid = waitpid(fpid, &status, 0);
2429 	REQUIRE_EQ(wpid, fpid);
2430 	ATF_REQUIRE(WIFSTOPPED(status));
2431 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2432 
2433 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2434 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
2435 
2436 	/* Continue the child process with a signal. */
2437 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2438 
2439 	for (;;) {
2440 		/*
2441 		 * The last wait() should report exit 2, i.e., a normal _exit
2442 		 * from the signal handler. In the meantime, catch and proceed
2443 		 * past any syscall stops.
2444 		 */
2445 		wpid = waitpid(fpid, &status, 0);
2446 		REQUIRE_EQ(wpid, fpid);
2447 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2448 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2449 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2450 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2451 		} else {
2452 			ATF_REQUIRE(WIFEXITED(status));
2453 			REQUIRE_EQ(WEXITSTATUS(status), 2);
2454 			break;
2455 		}
2456 	}
2457 
2458 	wpid = wait(&status);
2459 	REQUIRE_EQ(wpid, -1);
2460 	REQUIRE_EQ(errno, ECHILD);
2461 }
2462 
2463 /*
2464  * Verify that even if the signal queue is full for a child process,
2465  * a PT_CONTINUE with a signal will not result in loss of that signal.
2466  */
2467 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_full_sigqueue);
2468 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_full_sigqueue, tc)
2469 {
2470 	pid_t fpid, wpid;
2471 	int status;
2472 	int max_pending_per_proc;
2473 	size_t len;
2474 	int i;
2475 
2476 	ATF_REQUIRE(signal(SIGUSR2, handler) != SIG_ERR);
2477 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_handler) != SIG_ERR);
2478 
2479 	ATF_REQUIRE((fpid = fork()) != -1);
2480 	if (fpid == 0) {
2481 		trace_me();
2482 		exit(1);
2483 	}
2484 
2485 	/* The first wait() should report the stop from SIGSTOP. */
2486 	wpid = waitpid(fpid, &status, 0);
2487 	REQUIRE_EQ(wpid, fpid);
2488 	ATF_REQUIRE(WIFSTOPPED(status));
2489 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2490 
2491 	len = sizeof(max_pending_per_proc);
2492 	ATF_REQUIRE(sysctlbyname("kern.sigqueue.max_pending_per_proc",
2493 	    &max_pending_per_proc, &len, NULL, 0) == 0);
2494 
2495 	/* Fill the signal queue. */
2496 	for (i = 0; i < max_pending_per_proc; ++i)
2497 		REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
2498 
2499 	/* Continue with signal. */
2500 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2501 
2502 	for (;;) {
2503 		wpid = waitpid(fpid, &status, 0);
2504 		REQUIRE_EQ(wpid, fpid);
2505 		if (WIFSTOPPED(status)) {
2506 			REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
2507 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2508 		} else {
2509 			/*
2510 			 * The last wait() should report normal _exit from the
2511 			 * SIGUSR1 handler.
2512 			 */
2513 			ATF_REQUIRE(WIFEXITED(status));
2514 			REQUIRE_EQ(WEXITSTATUS(status), 2);
2515 			break;
2516 		}
2517 	}
2518 
2519 	wpid = wait(&status);
2520 	REQUIRE_EQ(wpid, -1);
2521 	REQUIRE_EQ(errno, ECHILD);
2522 }
2523 
2524 static sem_t sigusr1_sem;
2525 static int got_usr1;
2526 
2527 static void
2528 sigusr1_sempost_handler(int sig __unused)
2529 {
2530 
2531 	got_usr1++;
2532 	CHILD_REQUIRE_EQ(sem_post(&sigusr1_sem), 0);
2533 }
2534 
2535 /*
2536  * Verify that even if the signal queue is full for a child process,
2537  * and the signal is masked, a PT_CONTINUE with a signal will not
2538  * result in loss of that signal.
2539  */
2540 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_masked_full_sigqueue);
2541 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_masked_full_sigqueue, tc)
2542 {
2543 	struct ptrace_lwpinfo pl;
2544 	pid_t fpid, wpid;
2545 	int status, err;
2546 	int max_pending_per_proc;
2547 	size_t len;
2548 	int i;
2549 	sigset_t sigmask;
2550 
2551 	ATF_REQUIRE(signal(SIGUSR2, handler) != SIG_ERR);
2552 	REQUIRE_EQ(sem_init(&sigusr1_sem, 0, 0), 0);
2553 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
2554 
2555 	got_usr1 = 0;
2556 	ATF_REQUIRE((fpid = fork()) != -1);
2557 	if (fpid == 0) {
2558 		CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
2559 		CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
2560 		CHILD_REQUIRE_EQ(sigprocmask(SIG_BLOCK, &sigmask, NULL), 0);
2561 
2562 		trace_me();
2563 		CHILD_REQUIRE_EQ(got_usr1, 0);
2564 
2565 		/* Allow the pending SIGUSR1 in now. */
2566 		CHILD_REQUIRE_EQ(sigprocmask(SIG_UNBLOCK, &sigmask, NULL), 0);
2567 		/* Wait to receive the SIGUSR1. */
2568 		do {
2569 			err = sem_wait(&sigusr1_sem);
2570 			CHILD_REQUIRE(err == 0 || errno == EINTR);
2571 		} while (err != 0 && errno == EINTR);
2572 		CHILD_REQUIRE_EQ(got_usr1, 1);
2573 		exit(1);
2574 	}
2575 
2576 	/* The first wait() should report the stop from SIGSTOP. */
2577 	wpid = waitpid(fpid, &status, 0);
2578 	REQUIRE_EQ(wpid, fpid);
2579 	ATF_REQUIRE(WIFSTOPPED(status));
2580 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2581 
2582 	len = sizeof(max_pending_per_proc);
2583 	ATF_REQUIRE(sysctlbyname("kern.sigqueue.max_pending_per_proc",
2584 	    &max_pending_per_proc, &len, NULL, 0) == 0);
2585 
2586 	/* Fill the signal queue. */
2587 	for (i = 0; i < max_pending_per_proc; ++i)
2588 		REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
2589 
2590 	/* Continue with signal. */
2591 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2592 
2593 	/* Collect and ignore all of the SIGUSR2. */
2594 	for (i = 0; i < max_pending_per_proc; ++i) {
2595 		wpid = waitpid(fpid, &status, 0);
2596 		REQUIRE_EQ(wpid, fpid);
2597 		ATF_REQUIRE(WIFSTOPPED(status));
2598 		REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
2599 		REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2600 	}
2601 
2602 	/* Now our PT_CONTINUE'd SIGUSR1 should cause a stop after unmask. */
2603 	wpid = waitpid(fpid, &status, 0);
2604 	REQUIRE_EQ(wpid, fpid);
2605 	ATF_REQUIRE(WIFSTOPPED(status));
2606 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR1);
2607 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
2608 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGUSR1);
2609 
2610 	/* Continue the child, ignoring the SIGUSR1. */
2611 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2612 
2613 	/* The last wait() should report exit after receiving SIGUSR1. */
2614 	wpid = waitpid(fpid, &status, 0);
2615 	REQUIRE_EQ(wpid, fpid);
2616 	ATF_REQUIRE(WIFEXITED(status));
2617 	REQUIRE_EQ(WEXITSTATUS(status), 1);
2618 
2619 	wpid = wait(&status);
2620 	REQUIRE_EQ(wpid, -1);
2621 	REQUIRE_EQ(errno, ECHILD);
2622 }
2623 
2624 /*
2625  * Verify that, after stopping due to a signal, that signal can be
2626  * replaced with another signal.
2627  */
2628 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_change_sig);
2629 ATF_TC_BODY(ptrace__PT_CONTINUE_change_sig, tc)
2630 {
2631 	struct ptrace_lwpinfo pl;
2632 	pid_t fpid, wpid;
2633 	int status;
2634 
2635 	ATF_REQUIRE((fpid = fork()) != -1);
2636 	if (fpid == 0) {
2637 		trace_me();
2638 		sleep(20);
2639 		exit(1);
2640 	}
2641 
2642 	/* The first wait() should report the stop from SIGSTOP. */
2643 	wpid = waitpid(fpid, &status, 0);
2644 	REQUIRE_EQ(wpid, fpid);
2645 	ATF_REQUIRE(WIFSTOPPED(status));
2646 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2647 
2648 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2649 
2650 	/* Send a signal without ptrace. */
2651 	REQUIRE_EQ(kill(fpid, SIGINT), 0);
2652 
2653 	/* The second wait() should report a SIGINT was received. */
2654 	wpid = waitpid(fpid, &status, 0);
2655 	REQUIRE_EQ(wpid, fpid);
2656 	ATF_REQUIRE(WIFSTOPPED(status));
2657 	REQUIRE_EQ(WSTOPSIG(status), SIGINT);
2658 
2659 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2660 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
2661 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGINT);
2662 
2663 	/* Continue the child process with a different signal. */
2664 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGTERM), 0);
2665 
2666 	/*
2667 	 * The last wait() should report having died due to the new
2668 	 * signal, SIGTERM.
2669 	 */
2670 	wpid = waitpid(fpid, &status, 0);
2671 	REQUIRE_EQ(wpid, fpid);
2672 	ATF_REQUIRE(WIFSIGNALED(status));
2673 	REQUIRE_EQ(WTERMSIG(status), SIGTERM);
2674 
2675 	wpid = wait(&status);
2676 	REQUIRE_EQ(wpid, -1);
2677 	REQUIRE_EQ(errno, ECHILD);
2678 }
2679 
2680 /*
2681  * Verify that a signal can be passed through to the child even when there
2682  * was no true signal originally. Such cases arise when a SIGTRAP is
2683  * invented for e.g, system call stops.
2684  */
2685 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_sigtrap_system_call_entry);
2686 ATF_TC_BODY(ptrace__PT_CONTINUE_with_sigtrap_system_call_entry, tc)
2687 {
2688 	struct ptrace_lwpinfo pl;
2689 	struct rlimit rl;
2690 	pid_t fpid, wpid;
2691 	int status;
2692 
2693 	ATF_REQUIRE((fpid = fork()) != -1);
2694 	if (fpid == 0) {
2695 		trace_me();
2696 		/* SIGTRAP expected to cause exit on syscall entry. */
2697 		rl.rlim_cur = rl.rlim_max = 0;
2698 		REQUIRE_EQ(setrlimit(RLIMIT_CORE, &rl), 0);
2699 		getpid();
2700 		exit(1);
2701 	}
2702 
2703 	/* The first wait() should report the stop from SIGSTOP. */
2704 	wpid = waitpid(fpid, &status, 0);
2705 	REQUIRE_EQ(wpid, fpid);
2706 	ATF_REQUIRE(WIFSTOPPED(status));
2707 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2708 
2709 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2710 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2711 
2712 	/* The second wait() should report a system call entry for getpid(). */
2713 	wpid = waitpid(fpid, &status, 0);
2714 	REQUIRE_EQ(wpid, fpid);
2715 	ATF_REQUIRE(WIFSTOPPED(status));
2716 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2717 
2718 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2719 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2720 
2721 	/* Continue the child process with a SIGTRAP. */
2722 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGTRAP), 0);
2723 
2724 	for (;;) {
2725 		/*
2726 		 * The last wait() should report exit due to SIGTRAP.  In the
2727 		 * meantime, catch and proceed past any syscall stops.
2728 		 */
2729 		wpid = waitpid(fpid, &status, 0);
2730 		REQUIRE_EQ(wpid, fpid);
2731 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2732 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2733 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2734 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2735 		} else {
2736 			ATF_REQUIRE(WIFSIGNALED(status));
2737 			REQUIRE_EQ(WTERMSIG(status), SIGTRAP);
2738 			break;
2739 		}
2740 	}
2741 
2742 	wpid = wait(&status);
2743 	REQUIRE_EQ(wpid, -1);
2744 	REQUIRE_EQ(errno, ECHILD);
2745 }
2746 
2747 /*
2748  * A mixed bag PT_CONTINUE with signal test.
2749  */
2750 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_mix);
2751 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_mix, tc)
2752 {
2753 	struct ptrace_lwpinfo pl;
2754 	pid_t fpid, wpid;
2755 	int status;
2756 
2757 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_counting_handler) != SIG_ERR);
2758 
2759 	ATF_REQUIRE((fpid = fork()) != -1);
2760 	if (fpid == 0) {
2761 		trace_me();
2762 		getpid();
2763 		exit(1);
2764 	}
2765 
2766 	/* The first wait() should report the stop from SIGSTOP. */
2767 	wpid = waitpid(fpid, &status, 0);
2768 	REQUIRE_EQ(wpid, fpid);
2769 	ATF_REQUIRE(WIFSTOPPED(status));
2770 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2771 
2772 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2773 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2774 
2775 	/* The second wait() should report a system call entry for getpid(). */
2776 	wpid = waitpid(fpid, &status, 0);
2777 	REQUIRE_EQ(wpid, fpid);
2778 	ATF_REQUIRE(WIFSTOPPED(status));
2779 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2780 
2781 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2782 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2783 
2784 	/* Continue with the first SIGUSR1. */
2785 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2786 
2787 	/* The next wait() should report a system call exit for getpid(). */
2788 	wpid = waitpid(fpid, &status, 0);
2789 	REQUIRE_EQ(wpid, fpid);
2790 	ATF_REQUIRE(WIFSTOPPED(status));
2791 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2792 
2793 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2794 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
2795 
2796 	/* Send an ABRT without ptrace. */
2797 	REQUIRE_EQ(kill(fpid, SIGABRT), 0);
2798 
2799 	/* Continue normally. */
2800 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2801 
2802 	/* The next wait() should report the SIGABRT. */
2803 	wpid = waitpid(fpid, &status, 0);
2804 	REQUIRE_EQ(wpid, fpid);
2805 	ATF_REQUIRE(WIFSTOPPED(status));
2806 	REQUIRE_EQ(WSTOPSIG(status), SIGABRT);
2807 
2808 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2809 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
2810 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGABRT);
2811 
2812 	/* Continue, replacing the SIGABRT with another SIGUSR1. */
2813 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2814 
2815 	for (;;) {
2816 		/*
2817 		 * The last wait() should report exit 2, i.e., a normal _exit
2818 		 * from the signal handler. In the meantime, catch and proceed
2819 		 * past any syscall stops.
2820 		 */
2821 		wpid = waitpid(fpid, &status, 0);
2822 		REQUIRE_EQ(wpid, fpid);
2823 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2824 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2825 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2826 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2827 		} else {
2828 			ATF_REQUIRE(WIFEXITED(status));
2829 			REQUIRE_EQ(WEXITSTATUS(status), 2);
2830 			break;
2831 		}
2832 	}
2833 
2834 	wpid = wait(&status);
2835 	REQUIRE_EQ(wpid, -1);
2836 	REQUIRE_EQ(errno, ECHILD);
2837 }
2838 
2839 /*
2840  * Verify a signal delivered by ptrace is noticed by kevent(2).
2841  */
2842 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_kqueue);
2843 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_kqueue, tc)
2844 {
2845 	pid_t fpid, wpid;
2846 	int status, kq, nevents;
2847 	struct kevent kev;
2848 
2849 	ATF_REQUIRE(signal(SIGUSR1, SIG_IGN) != SIG_ERR);
2850 
2851 	ATF_REQUIRE((fpid = fork()) != -1);
2852 	if (fpid == 0) {
2853 		CHILD_REQUIRE((kq = kqueue()) > 0);
2854 		EV_SET(&kev, SIGUSR1, EVFILT_SIGNAL, EV_ADD, 0, 0, 0);
2855 		CHILD_REQUIRE_EQ(kevent(kq, &kev, 1, NULL, 0, NULL), 0);
2856 
2857 		trace_me();
2858 
2859 		for (;;) {
2860 			nevents = kevent(kq, NULL, 0, &kev, 1, NULL);
2861 			if (nevents == -1 && errno == EINTR)
2862 				continue;
2863 			CHILD_REQUIRE(nevents > 0);
2864 			CHILD_REQUIRE_EQ(kev.filter, EVFILT_SIGNAL);
2865 			CHILD_REQUIRE_EQ(kev.ident, (uintptr_t)SIGUSR1);
2866 			break;
2867 		}
2868 
2869 		exit(1);
2870 	}
2871 
2872 	/* The first wait() should report the stop from SIGSTOP. */
2873 	wpid = waitpid(fpid, &status, 0);
2874 	REQUIRE_EQ(wpid, fpid);
2875 	ATF_REQUIRE(WIFSTOPPED(status));
2876 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2877 
2878 	/* Continue with the SIGUSR1. */
2879 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2880 
2881 	/*
2882 	 * The last wait() should report normal exit with code 1.
2883 	 */
2884 	wpid = waitpid(fpid, &status, 0);
2885 	REQUIRE_EQ(wpid, fpid);
2886 	ATF_REQUIRE(WIFEXITED(status));
2887 	REQUIRE_EQ(WEXITSTATUS(status), 1);
2888 
2889 	wpid = wait(&status);
2890 	REQUIRE_EQ(wpid, -1);
2891 	REQUIRE_EQ(errno, ECHILD);
2892 }
2893 
2894 static void *
2895 signal_thread(void *arg)
2896 {
2897 	int err;
2898 	sigset_t sigmask;
2899 
2900 	pthread_barrier_t *pbarrier = (pthread_barrier_t*)arg;
2901 
2902 	/* Wait for this thread to receive a SIGUSR1. */
2903 	do {
2904 		err = sem_wait(&sigusr1_sem);
2905 		CHILD_REQUIRE(err == 0 || errno == EINTR);
2906 	} while (err != 0 && errno == EINTR);
2907 
2908 	/* Free our companion thread from the barrier. */
2909 	pthread_barrier_wait(pbarrier);
2910 
2911 	/*
2912 	 * Swap ignore duties; the next SIGUSR1 should go to the
2913 	 * other thread.
2914 	 */
2915 	CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
2916 	CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
2917 	CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
2918 
2919 	/* Sync up threads after swapping signal masks. */
2920 	pthread_barrier_wait(pbarrier);
2921 
2922 	/* Wait until our companion has received its SIGUSR1. */
2923 	pthread_barrier_wait(pbarrier);
2924 
2925 	return (NULL);
2926 }
2927 
2928 /*
2929  * Verify that a traced process with blocked signal received the
2930  * signal from kill() once unmasked.
2931  */
2932 ATF_TC_WITHOUT_HEAD(ptrace__killed_with_sigmask);
2933 ATF_TC_BODY(ptrace__killed_with_sigmask, tc)
2934 {
2935 	struct ptrace_lwpinfo pl;
2936 	pid_t fpid, wpid;
2937 	int status, err;
2938 	sigset_t sigmask;
2939 
2940 	REQUIRE_EQ(sem_init(&sigusr1_sem, 0, 0), 0);
2941 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
2942 	got_usr1 = 0;
2943 
2944 	ATF_REQUIRE((fpid = fork()) != -1);
2945 	if (fpid == 0) {
2946 		CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
2947 		CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
2948 		CHILD_REQUIRE_EQ(sigprocmask(SIG_BLOCK, &sigmask, NULL), 0);
2949 
2950 		trace_me();
2951 		CHILD_REQUIRE_EQ(got_usr1, 0);
2952 
2953 		/* Allow the pending SIGUSR1 in now. */
2954 		CHILD_REQUIRE_EQ(sigprocmask(SIG_UNBLOCK, &sigmask, NULL), 0);
2955 		/* Wait to receive a SIGUSR1. */
2956 		do {
2957 			err = sem_wait(&sigusr1_sem);
2958 			CHILD_REQUIRE(err == 0 || errno == EINTR);
2959 		} while (err != 0 && errno == EINTR);
2960 		CHILD_REQUIRE_EQ(got_usr1, 1);
2961 		exit(1);
2962 	}
2963 
2964 	/* The first wait() should report the stop from SIGSTOP. */
2965 	wpid = waitpid(fpid, &status, 0);
2966 	REQUIRE_EQ(wpid, fpid);
2967 	ATF_REQUIRE(WIFSTOPPED(status));
2968 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2969 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
2970 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGSTOP);
2971 
2972 	/* Send blocked SIGUSR1 which should cause a stop. */
2973 	REQUIRE_EQ(kill(fpid, SIGUSR1), 0);
2974 
2975 	/* Continue the child ignoring the SIGSTOP. */
2976 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2977 
2978 	/* The next wait() should report the kill(SIGUSR1) was received. */
2979 	wpid = waitpid(fpid, &status, 0);
2980 	REQUIRE_EQ(wpid, fpid);
2981 	ATF_REQUIRE(WIFSTOPPED(status));
2982 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR1);
2983 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
2984 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGUSR1);
2985 
2986 	/* Continue the child, allowing in the SIGUSR1. */
2987 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2988 
2989 	/* The last wait() should report normal exit with code 1. */
2990 	wpid = waitpid(fpid, &status, 0);
2991 	REQUIRE_EQ(wpid, fpid);
2992 	ATF_REQUIRE(WIFEXITED(status));
2993 	REQUIRE_EQ(WEXITSTATUS(status), 1);
2994 
2995 	wpid = wait(&status);
2996 	REQUIRE_EQ(wpid, -1);
2997 	REQUIRE_EQ(errno, ECHILD);
2998 }
2999 
3000 /*
3001  * Verify that a traced process with blocked signal received the
3002  * signal from PT_CONTINUE once unmasked.
3003  */
3004 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_sigmask);
3005 ATF_TC_BODY(ptrace__PT_CONTINUE_with_sigmask, tc)
3006 {
3007 	struct ptrace_lwpinfo pl;
3008 	pid_t fpid, wpid;
3009 	int status, err;
3010 	sigset_t sigmask;
3011 
3012 	REQUIRE_EQ(sem_init(&sigusr1_sem, 0, 0), 0);
3013 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
3014 	got_usr1 = 0;
3015 
3016 	ATF_REQUIRE((fpid = fork()) != -1);
3017 	if (fpid == 0) {
3018 		CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
3019 		CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
3020 		CHILD_REQUIRE_EQ(sigprocmask(SIG_BLOCK, &sigmask, NULL), 0);
3021 
3022 		trace_me();
3023 		CHILD_REQUIRE_EQ(got_usr1, 0);
3024 
3025 		/* Allow the pending SIGUSR1 in now. */
3026 		CHILD_REQUIRE_EQ(sigprocmask(SIG_UNBLOCK, &sigmask, NULL), 0);
3027 		/* Wait to receive a SIGUSR1. */
3028 		do {
3029 			err = sem_wait(&sigusr1_sem);
3030 			CHILD_REQUIRE(err == 0 || errno == EINTR);
3031 		} while (err != 0 && errno == EINTR);
3032 
3033 		CHILD_REQUIRE_EQ(got_usr1, 1);
3034 		exit(1);
3035 	}
3036 
3037 	/* The first wait() should report the stop from SIGSTOP. */
3038 	wpid = waitpid(fpid, &status, 0);
3039 	REQUIRE_EQ(wpid, fpid);
3040 	ATF_REQUIRE(WIFSTOPPED(status));
3041 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3042 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
3043 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGSTOP);
3044 
3045 	/* Continue the child replacing SIGSTOP with SIGUSR1. */
3046 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
3047 
3048 	/* The next wait() should report the SIGUSR1 was received. */
3049 	wpid = waitpid(fpid, &status, 0);
3050 	REQUIRE_EQ(wpid, fpid);
3051 	ATF_REQUIRE(WIFSTOPPED(status));
3052 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR1);
3053 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
3054 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGUSR1);
3055 
3056 	/* Continue the child, ignoring the SIGUSR1. */
3057 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3058 
3059 	/* The last wait() should report normal exit with code 1. */
3060 	wpid = waitpid(fpid, &status, 0);
3061 	REQUIRE_EQ(wpid, fpid);
3062 	ATF_REQUIRE(WIFEXITED(status));
3063 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3064 
3065 	wpid = wait(&status);
3066 	REQUIRE_EQ(wpid, -1);
3067 	REQUIRE_EQ(errno, ECHILD);
3068 }
3069 
3070 /*
3071  * Verify that if ptrace stops due to a signal but continues with
3072  * a different signal that the new signal is routed to a thread
3073  * that can accept it, and that the thread is awakened by the signal
3074  * in a timely manner.
3075  */
3076 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_thread_sigmask);
3077 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_thread_sigmask, tc)
3078 {
3079 	pid_t fpid, wpid;
3080 	int status, err;
3081 	pthread_t t;
3082 	sigset_t sigmask;
3083 	pthread_barrier_t barrier;
3084 
3085 	REQUIRE_EQ(pthread_barrier_init(&barrier, NULL, 2), 0);
3086 	REQUIRE_EQ(sem_init(&sigusr1_sem, 0, 0), 0);
3087 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
3088 
3089 	ATF_REQUIRE((fpid = fork()) != -1);
3090 	if (fpid == 0) {
3091 		CHILD_REQUIRE_EQ(pthread_create(&t, NULL, signal_thread,
3092 		    (void *)&barrier), 0);
3093 
3094 		/* The other thread should receive the first SIGUSR1. */
3095 		CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
3096 		CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
3097 		CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
3098 
3099 		trace_me();
3100 
3101 		/* Wait until other thread has received its SIGUSR1. */
3102 		pthread_barrier_wait(&barrier);
3103 
3104 		/*
3105 		 * Swap ignore duties; the next SIGUSR1 should go to this
3106 		 * thread.
3107 		 */
3108 		CHILD_REQUIRE_EQ(pthread_sigmask(SIG_UNBLOCK, &sigmask, NULL),
3109 		    0);
3110 
3111 		/* Sync up threads after swapping signal masks. */
3112 		pthread_barrier_wait(&barrier);
3113 
3114 		/*
3115 		 * Sync up with test code; we're ready for the next SIGUSR1
3116 		 * now.
3117 		 */
3118 		raise(SIGSTOP);
3119 
3120 		/* Wait for this thread to receive a SIGUSR1. */
3121 		do {
3122 			err = sem_wait(&sigusr1_sem);
3123 			CHILD_REQUIRE(err == 0 || errno == EINTR);
3124 		} while (err != 0 && errno == EINTR);
3125 
3126 		/* Free the other thread from the barrier. */
3127 		pthread_barrier_wait(&barrier);
3128 
3129 		CHILD_REQUIRE_EQ(pthread_join(t, NULL), 0);
3130 
3131 		exit(1);
3132 	}
3133 
3134 	/* The first wait() should report the stop from SIGSTOP. */
3135 	wpid = waitpid(fpid, &status, 0);
3136 	REQUIRE_EQ(wpid, fpid);
3137 	ATF_REQUIRE(WIFSTOPPED(status));
3138 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3139 
3140 	/* Continue the child ignoring the SIGSTOP. */
3141 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3142 
3143 	/*
3144 	 * Send a signal without ptrace that either thread will accept (USR2,
3145 	 * in this case).
3146 	 */
3147 	REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
3148 
3149 	/* The second wait() should report a SIGUSR2 was received. */
3150 	wpid = waitpid(fpid, &status, 0);
3151 	REQUIRE_EQ(wpid, fpid);
3152 	ATF_REQUIRE(WIFSTOPPED(status));
3153 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
3154 
3155 	/* Continue the child, changing the signal to USR1. */
3156 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
3157 
3158 	/* The next wait() should report the stop from SIGSTOP. */
3159 	wpid = waitpid(fpid, &status, 0);
3160 	REQUIRE_EQ(wpid, fpid);
3161 	ATF_REQUIRE(WIFSTOPPED(status));
3162 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3163 
3164 	/* Continue the child ignoring the SIGSTOP. */
3165 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3166 
3167 	REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
3168 
3169 	/* The next wait() should report a SIGUSR2 was received. */
3170 	wpid = waitpid(fpid, &status, 0);
3171 	REQUIRE_EQ(wpid, fpid);
3172 	ATF_REQUIRE(WIFSTOPPED(status));
3173 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
3174 
3175 	/* Continue the child, changing the signal to USR1. */
3176 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
3177 
3178 	/* The last wait() should report normal exit with code 1. */
3179 	wpid = waitpid(fpid, &status, 0);
3180 	REQUIRE_EQ(wpid, fpid);
3181 	ATF_REQUIRE(WIFEXITED(status));
3182 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3183 
3184 	wpid = wait(&status);
3185 	REQUIRE_EQ(wpid, -1);
3186 	REQUIRE_EQ(errno, ECHILD);
3187 }
3188 
3189 /*
3190  * Verify that PT_GETREGSET returns registers and PT_SETREGSET updates them.
3191  */
3192 ATF_TC_WITHOUT_HEAD(ptrace__PT_REGSET);
3193 ATF_TC_BODY(ptrace__PT_REGSET, tc)
3194 {
3195 #if defined(__aarch64__)
3196 	struct arm64_addr_mask addr_mask;
3197 #endif
3198 	struct prstatus prstatus;
3199 	struct iovec vec;
3200 	pid_t child, wpid;
3201 	int status;
3202 
3203 	ATF_REQUIRE((child = fork()) != -1);
3204 	if (child == 0) {
3205 		trace_me();
3206 		exit(1);
3207 	}
3208 
3209 	/* The first wait() should report the stop from SIGSTOP. */
3210 	wpid = waitpid(child, &status, 0);
3211 	REQUIRE_EQ(wpid, child);
3212 	ATF_REQUIRE(WIFSTOPPED(status));
3213 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3214 
3215 	/* Check the size is returned when vec.iov_base is NULL */
3216 	vec.iov_base = NULL;
3217 	vec.iov_len = 0;
3218 	ATF_REQUIRE(ptrace(PT_GETREGSET, wpid, (caddr_t)&vec, NT_PRSTATUS) !=
3219 	    -1);
3220 	ATF_REQUIRE(vec.iov_len == sizeof(prstatus));
3221 	ATF_REQUIRE(vec.iov_base == NULL);
3222 
3223 	/* Read the registers. */
3224 	memset(&prstatus, 0, sizeof(prstatus));
3225 	vec.iov_base = &prstatus;
3226 	ATF_REQUIRE(ptrace(PT_GETREGSET, wpid, (caddr_t)&vec, NT_PRSTATUS) !=
3227 	    -1);
3228 	ATF_REQUIRE(vec.iov_len == sizeof(prstatus));
3229 	ATF_REQUIRE(vec.iov_base == &prstatus);
3230 	ATF_REQUIRE(prstatus.pr_statussz == sizeof(prstatus));
3231 
3232 	/* Write the registers back. */
3233 	ATF_REQUIRE(ptrace(PT_SETREGSET, wpid, (caddr_t)&vec, NT_PRSTATUS) !=
3234 	    -1);
3235 
3236 #if defined(__aarch64__)
3237 	vec.iov_base = &addr_mask;
3238 	vec.iov_len = sizeof(addr_mask);
3239 	ATF_REQUIRE(ptrace(PT_GETREGSET, wpid, (caddr_t)&vec,
3240 	    NT_ARM_ADDR_MASK) != -1);
3241 	REQUIRE_EQ(addr_mask.code, addr_mask.data);
3242 	ATF_REQUIRE(addr_mask.code == 0 ||
3243 	    addr_mask.code == 0xff7f000000000000UL);
3244 #endif
3245 
3246 	REQUIRE_EQ(ptrace(PT_CONTINUE, child, (caddr_t)1, 0), 0);
3247 
3248 	/* The second wait() should report the exit status. */
3249 	wpid = waitpid(child, &status, 0);
3250 	REQUIRE_EQ(wpid, child);
3251 	ATF_REQUIRE(WIFEXITED(status));
3252 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3253 
3254 	/* The child should no longer exist. */
3255 	wpid = waitpid(child, &status, 0);
3256 	REQUIRE_EQ(wpid, -1);
3257 	REQUIRE_EQ(errno, ECHILD);
3258 }
3259 
3260 static void *
3261 raise_sigstop_thread(void *arg __unused)
3262 {
3263 
3264 	raise(SIGSTOP);
3265 	return NULL;
3266 }
3267 
3268 static void *
3269 sleep_thread(void *arg __unused)
3270 {
3271 
3272 	sleep(60);
3273 	return NULL;
3274 }
3275 
3276 static void
3277 terminate_with_pending_sigstop(bool sigstop_from_main_thread)
3278 {
3279 	pid_t fpid, wpid;
3280 	int status, i;
3281 	cpuset_t setmask;
3282 	cpusetid_t setid;
3283 	pthread_t t;
3284 
3285 	/*
3286 	 * Become the reaper for this process tree. We need to be able to check
3287 	 * that both child and grandchild have died.
3288 	 */
3289 	REQUIRE_EQ(procctl(P_PID, getpid(), PROC_REAP_ACQUIRE, NULL), 0);
3290 
3291 	fpid = fork();
3292 	ATF_REQUIRE(fpid >= 0);
3293 	if (fpid == 0) {
3294 		fpid = fork();
3295 		CHILD_REQUIRE(fpid >= 0);
3296 		if (fpid == 0) {
3297 			trace_me();
3298 
3299 			/* Pin to CPU 0 to serialize thread execution. */
3300 			CPU_ZERO(&setmask);
3301 			CPU_SET(0, &setmask);
3302 			CHILD_REQUIRE_EQ(cpuset(&setid), 0);
3303 			CHILD_REQUIRE(cpuset_setaffinity(CPU_LEVEL_CPUSET,
3304 			    CPU_WHICH_CPUSET, setid,
3305 			    sizeof(setmask), &setmask) == 0);
3306 
3307 			if (sigstop_from_main_thread) {
3308 				/*
3309 				 * We expect the SIGKILL sent when our parent
3310 				 * dies to be delivered to the new thread.
3311 				 * Raise the SIGSTOP in this thread so the
3312 				 * threads compete.
3313 				 */
3314 				CHILD_REQUIRE(pthread_create(&t, NULL,
3315 				    sleep_thread, NULL) == 0);
3316 				raise(SIGSTOP);
3317 			} else {
3318 				/*
3319 				 * We expect the SIGKILL to be delivered to
3320 				 * this thread. After creating the new thread,
3321 				 * just get off the CPU so the other thread can
3322 				 * raise the SIGSTOP.
3323 				 */
3324 				CHILD_REQUIRE(pthread_create(&t, NULL,
3325 				    raise_sigstop_thread, NULL) == 0);
3326 				sleep(60);
3327 			}
3328 
3329 			exit(0);
3330 		}
3331 		/* First stop is trace_me() immediately after fork. */
3332 		wpid = waitpid(fpid, &status, 0);
3333 		CHILD_REQUIRE_EQ(wpid, fpid);
3334 		CHILD_REQUIRE(WIFSTOPPED(status));
3335 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3336 
3337 		CHILD_REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3338 
3339 		/* Second stop is from the raise(SIGSTOP). */
3340 		wpid = waitpid(fpid, &status, 0);
3341 		CHILD_REQUIRE_EQ(wpid, fpid);
3342 		CHILD_REQUIRE(WIFSTOPPED(status));
3343 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3344 
3345 		/*
3346 		 * Terminate tracing process without detaching. Our child
3347 		 * should be killed.
3348 		 */
3349 		exit(0);
3350 	}
3351 
3352 	/*
3353 	 * We should get a normal exit from our immediate child and a SIGKILL
3354 	 * exit from our grandchild. The latter case is the interesting one.
3355 	 * Our grandchild should not have stopped due to the SIGSTOP that was
3356 	 * left dangling when its parent died.
3357 	 */
3358 	for (i = 0; i < 2; ++i) {
3359 		wpid = wait(&status);
3360 		if (wpid == fpid) {
3361 			ATF_REQUIRE(WIFEXITED(status));
3362 			REQUIRE_EQ(WEXITSTATUS(status), 0);
3363 		} else {
3364 			ATF_REQUIRE(WIFSIGNALED(status));
3365 			REQUIRE_EQ(WTERMSIG(status), SIGKILL);
3366 		}
3367 	}
3368 }
3369 
3370 /*
3371  * These two tests ensure that if the tracing process exits without detaching
3372  * just after the child received a SIGSTOP, the child is cleanly killed and
3373  * doesn't go to sleep due to the SIGSTOP. The parent's death will send a
3374  * SIGKILL to the child. If the SIGKILL and the SIGSTOP are handled by
3375  * different threads, the SIGKILL must win.  There are two variants of this
3376  * test, designed to catch the case where the SIGKILL is delivered to the
3377  * younger thread (the first test) and the case where the SIGKILL is delivered
3378  * to the older thread (the second test). This behavior has changed in the
3379  * past, so make no assumption.
3380  */
3381 ATF_TC(ptrace__parent_terminate_with_pending_sigstop1);
3382 ATF_TC_HEAD(ptrace__parent_terminate_with_pending_sigstop1, tc)
3383 {
3384 
3385 	atf_tc_set_md_var(tc, "require.user", "root");
3386 }
3387 ATF_TC_BODY(ptrace__parent_terminate_with_pending_sigstop1, tc)
3388 {
3389 
3390 	terminate_with_pending_sigstop(true);
3391 }
3392 
3393 ATF_TC(ptrace__parent_terminate_with_pending_sigstop2);
3394 ATF_TC_HEAD(ptrace__parent_terminate_with_pending_sigstop2, tc)
3395 {
3396 
3397 	atf_tc_set_md_var(tc, "require.user", "root");
3398 }
3399 ATF_TC_BODY(ptrace__parent_terminate_with_pending_sigstop2, tc)
3400 {
3401 
3402 	terminate_with_pending_sigstop(false);
3403 }
3404 
3405 /*
3406  * Verify that after ptrace() discards a SIGKILL signal, the event mask
3407  * is not modified.
3408  */
3409 ATF_TC_WITHOUT_HEAD(ptrace__event_mask_sigkill_discard);
3410 ATF_TC_BODY(ptrace__event_mask_sigkill_discard, tc)
3411 {
3412 	struct ptrace_lwpinfo pl;
3413 	pid_t fpid, wpid;
3414 	int status, event_mask, new_event_mask;
3415 
3416 	ATF_REQUIRE((fpid = fork()) != -1);
3417 	if (fpid == 0) {
3418 		trace_me();
3419 		raise(SIGSTOP);
3420 		exit(0);
3421 	}
3422 
3423 	/* The first wait() should report the stop from trace_me(). */
3424 	wpid = waitpid(fpid, &status, 0);
3425 	REQUIRE_EQ(wpid, fpid);
3426 	ATF_REQUIRE(WIFSTOPPED(status));
3427 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3428 
3429 	/* Set several unobtrusive event bits. */
3430 	event_mask = PTRACE_EXEC | PTRACE_FORK | PTRACE_LWP;
3431 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, wpid, (caddr_t)&event_mask,
3432 	    sizeof(event_mask)) == 0);
3433 
3434 	/* Send a SIGKILL without using ptrace. */
3435 	REQUIRE_EQ(kill(fpid, SIGKILL), 0);
3436 
3437 	/* Continue the child ignoring the SIGSTOP. */
3438 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3439 
3440 	/* The next stop should be due to the SIGKILL. */
3441 	wpid = waitpid(fpid, &status, 0);
3442 	REQUIRE_EQ(wpid, fpid);
3443 	ATF_REQUIRE(WIFSTOPPED(status));
3444 	REQUIRE_EQ(WSTOPSIG(status), SIGKILL);
3445 
3446 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3447 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3448 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGKILL);
3449 
3450 	/* Continue the child ignoring the SIGKILL. */
3451 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3452 
3453 	/* The next wait() should report the stop from SIGSTOP. */
3454 	wpid = waitpid(fpid, &status, 0);
3455 	REQUIRE_EQ(wpid, fpid);
3456 	ATF_REQUIRE(WIFSTOPPED(status));
3457 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3458 
3459 	/* Check the current event mask. It should not have changed. */
3460 	new_event_mask = 0;
3461 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, wpid, (caddr_t)&new_event_mask,
3462 	    sizeof(new_event_mask)) == 0);
3463 	REQUIRE_EQ(event_mask, new_event_mask);
3464 
3465 	/* Continue the child to let it exit. */
3466 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3467 
3468 	/* The last event should be for the child process's exit. */
3469 	wpid = waitpid(fpid, &status, 0);
3470 	ATF_REQUIRE(WIFEXITED(status));
3471 	REQUIRE_EQ(WEXITSTATUS(status), 0);
3472 
3473 	wpid = wait(&status);
3474 	REQUIRE_EQ(wpid, -1);
3475 	REQUIRE_EQ(errno, ECHILD);
3476 }
3477 
3478 static void *
3479 flock_thread(void *arg)
3480 {
3481 	int fd;
3482 
3483 	fd = *(int *)arg;
3484 	(void)flock(fd, LOCK_EX);
3485 	(void)flock(fd, LOCK_UN);
3486 	return (NULL);
3487 }
3488 
3489 /*
3490  * Verify that PT_ATTACH will suspend threads sleeping in an SBDRY section.
3491  * We rely on the fact that the lockf implementation sets SBDRY before blocking
3492  * on a lock. This is a regression test for r318191.
3493  */
3494 ATF_TC_WITHOUT_HEAD(ptrace__PT_ATTACH_with_SBDRY_thread);
3495 ATF_TC_BODY(ptrace__PT_ATTACH_with_SBDRY_thread, tc)
3496 {
3497 	pthread_barrier_t barrier;
3498 	pthread_barrierattr_t battr;
3499 	char tmpfile[64];
3500 	pid_t child, wpid;
3501 	int error, fd, i, status;
3502 
3503 	REQUIRE_EQ(pthread_barrierattr_init(&battr), 0);
3504 	ATF_REQUIRE(pthread_barrierattr_setpshared(&battr,
3505 	    PTHREAD_PROCESS_SHARED) == 0);
3506 	REQUIRE_EQ(pthread_barrier_init(&barrier, &battr, 2), 0);
3507 
3508 	(void)snprintf(tmpfile, sizeof(tmpfile), "./ptrace.XXXXXX");
3509 	fd = mkstemp(tmpfile);
3510 	ATF_REQUIRE(fd >= 0);
3511 
3512 	ATF_REQUIRE((child = fork()) != -1);
3513 	if (child == 0) {
3514 		pthread_t t[2];
3515 		int cfd;
3516 
3517 		error = pthread_barrier_wait(&barrier);
3518 		if (error != 0 && error != PTHREAD_BARRIER_SERIAL_THREAD)
3519 			_exit(1);
3520 
3521 		cfd = open(tmpfile, O_RDONLY);
3522 		if (cfd < 0)
3523 			_exit(1);
3524 
3525 		/*
3526 		 * We want at least two threads blocked on the file lock since
3527 		 * the SIGSTOP from PT_ATTACH may kick one of them out of
3528 		 * sleep.
3529 		 */
3530 		if (pthread_create(&t[0], NULL, flock_thread, &cfd) != 0)
3531 			_exit(1);
3532 		if (pthread_create(&t[1], NULL, flock_thread, &cfd) != 0)
3533 			_exit(1);
3534 		if (pthread_join(t[0], NULL) != 0)
3535 			_exit(1);
3536 		if (pthread_join(t[1], NULL) != 0)
3537 			_exit(1);
3538 		_exit(0);
3539 	}
3540 
3541 	REQUIRE_EQ(flock(fd, LOCK_EX), 0);
3542 
3543 	error = pthread_barrier_wait(&barrier);
3544 	ATF_REQUIRE(error == 0 || error == PTHREAD_BARRIER_SERIAL_THREAD);
3545 
3546 	/*
3547 	 * Give the child some time to block. Is there a better way to do this?
3548 	 */
3549 	sleep(1);
3550 
3551 	/*
3552 	 * Attach and give the child 3 seconds to stop.
3553 	 */
3554 	REQUIRE_EQ(ptrace(PT_ATTACH, child, NULL, 0), 0);
3555 	for (i = 0; i < 3; i++) {
3556 		wpid = waitpid(child, &status, WNOHANG);
3557 		if (wpid == child && WIFSTOPPED(status) &&
3558 		    WSTOPSIG(status) == SIGSTOP)
3559 			break;
3560 		sleep(1);
3561 	}
3562 	ATF_REQUIRE_MSG(i < 3, "failed to stop child process after PT_ATTACH");
3563 
3564 	REQUIRE_EQ(ptrace(PT_DETACH, child, NULL, 0), 0);
3565 
3566 	REQUIRE_EQ(flock(fd, LOCK_UN), 0);
3567 	REQUIRE_EQ(unlink(tmpfile), 0);
3568 	REQUIRE_EQ(close(fd), 0);
3569 }
3570 
3571 static void
3572 sigusr1_step_handler(int sig)
3573 {
3574 
3575 	CHILD_REQUIRE_EQ(sig, SIGUSR1);
3576 	raise(SIGABRT);
3577 }
3578 
3579 /*
3580  * Verify that PT_STEP with a signal invokes the signal before
3581  * stepping the next instruction (and that the next instruction is
3582  * stepped correctly).
3583  */
3584 ATF_TC_WITHOUT_HEAD(ptrace__PT_STEP_with_signal);
3585 ATF_TC_BODY(ptrace__PT_STEP_with_signal, tc)
3586 {
3587 	struct ptrace_lwpinfo pl;
3588 	pid_t fpid, wpid;
3589 	int status;
3590 
3591 	ATF_REQUIRE((fpid = fork()) != -1);
3592 	if (fpid == 0) {
3593 		trace_me();
3594 		signal(SIGUSR1, sigusr1_step_handler);
3595 		raise(SIGABRT);
3596 		exit(1);
3597 	}
3598 
3599 	/* The first wait() should report the stop from SIGSTOP. */
3600 	wpid = waitpid(fpid, &status, 0);
3601 	REQUIRE_EQ(wpid, fpid);
3602 	ATF_REQUIRE(WIFSTOPPED(status));
3603 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3604 
3605 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3606 
3607 	/* The next stop should report the SIGABRT in the child body. */
3608 	wpid = waitpid(fpid, &status, 0);
3609 	REQUIRE_EQ(wpid, fpid);
3610 	ATF_REQUIRE(WIFSTOPPED(status));
3611 	REQUIRE_EQ(WSTOPSIG(status), SIGABRT);
3612 
3613 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3614 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3615 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGABRT);
3616 
3617 	/* Step the child process inserting SIGUSR1. */
3618 	REQUIRE_EQ(ptrace(PT_STEP, fpid, (caddr_t)1, SIGUSR1), 0);
3619 
3620 	/* The next stop should report the SIGABRT in the signal handler. */
3621 	wpid = waitpid(fpid, &status, 0);
3622 	REQUIRE_EQ(wpid, fpid);
3623 	ATF_REQUIRE(WIFSTOPPED(status));
3624 	REQUIRE_EQ(WSTOPSIG(status), SIGABRT);
3625 
3626 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3627 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3628 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGABRT);
3629 
3630 	/* Continue the child process discarding the signal. */
3631 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3632 
3633 	/* The next stop should report a trace trap from PT_STEP. */
3634 	wpid = waitpid(fpid, &status, 0);
3635 	REQUIRE_EQ(wpid, fpid);
3636 	ATF_REQUIRE(WIFSTOPPED(status));
3637 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3638 
3639 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3640 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3641 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3642 	REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_TRACE);
3643 
3644 	/* Continue the child to let it exit. */
3645 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3646 
3647 	/* The last event should be for the child process's exit. */
3648 	wpid = waitpid(fpid, &status, 0);
3649 	ATF_REQUIRE(WIFEXITED(status));
3650 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3651 
3652 	wpid = wait(&status);
3653 	REQUIRE_EQ(wpid, -1);
3654 	REQUIRE_EQ(errno, ECHILD);
3655 }
3656 
3657 #ifdef HAVE_BREAKPOINT
3658 /*
3659  * Verify that a SIGTRAP event with the TRAP_BRKPT code is reported
3660  * for a breakpoint trap.
3661  */
3662 ATF_TC_WITHOUT_HEAD(ptrace__breakpoint_siginfo);
3663 ATF_TC_BODY(ptrace__breakpoint_siginfo, tc)
3664 {
3665 	struct ptrace_lwpinfo pl;
3666 	pid_t fpid, wpid;
3667 	int status;
3668 
3669 	ATF_REQUIRE((fpid = fork()) != -1);
3670 	if (fpid == 0) {
3671 		trace_me();
3672 		breakpoint();
3673 		exit(1);
3674 	}
3675 
3676 	/* The first wait() should report the stop from SIGSTOP. */
3677 	wpid = waitpid(fpid, &status, 0);
3678 	REQUIRE_EQ(wpid, fpid);
3679 	ATF_REQUIRE(WIFSTOPPED(status));
3680 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3681 
3682 	/* Continue the child ignoring the SIGSTOP. */
3683 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3684 
3685 	/* The second wait() should report hitting the breakpoint. */
3686 	wpid = waitpid(fpid, &status, 0);
3687 	REQUIRE_EQ(wpid, fpid);
3688 	ATF_REQUIRE(WIFSTOPPED(status));
3689 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3690 
3691 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3692 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3693 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3694 	REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_BRKPT);
3695 
3696 	/* Kill the child process. */
3697 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
3698 
3699 	/* The last wait() should report the SIGKILL. */
3700 	wpid = waitpid(fpid, &status, 0);
3701 	REQUIRE_EQ(wpid, fpid);
3702 	ATF_REQUIRE(WIFSIGNALED(status));
3703 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
3704 
3705 	wpid = wait(&status);
3706 	REQUIRE_EQ(wpid, -1);
3707 	REQUIRE_EQ(errno, ECHILD);
3708 }
3709 #endif /* HAVE_BREAKPOINT */
3710 
3711 /*
3712  * Verify that a SIGTRAP event with the TRAP_TRACE code is reported
3713  * for a single-step trap from PT_STEP.
3714  */
3715 ATF_TC_WITHOUT_HEAD(ptrace__step_siginfo);
3716 ATF_TC_BODY(ptrace__step_siginfo, tc)
3717 {
3718 	struct ptrace_lwpinfo pl;
3719 	pid_t fpid, wpid;
3720 	int status;
3721 
3722 	ATF_REQUIRE((fpid = fork()) != -1);
3723 	if (fpid == 0) {
3724 		trace_me();
3725 		exit(1);
3726 	}
3727 
3728 	/* The first wait() should report the stop from SIGSTOP. */
3729 	wpid = waitpid(fpid, &status, 0);
3730 	REQUIRE_EQ(wpid, fpid);
3731 	ATF_REQUIRE(WIFSTOPPED(status));
3732 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3733 
3734 	/* Step the child ignoring the SIGSTOP. */
3735 	REQUIRE_EQ(ptrace(PT_STEP, fpid, (caddr_t)1, 0), 0);
3736 
3737 	/* The second wait() should report a single-step trap. */
3738 	wpid = waitpid(fpid, &status, 0);
3739 	REQUIRE_EQ(wpid, fpid);
3740 	ATF_REQUIRE(WIFSTOPPED(status));
3741 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3742 
3743 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3744 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3745 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3746 	REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_TRACE);
3747 
3748 	/* Continue the child process. */
3749 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3750 
3751 	/* The last event should be for the child process's exit. */
3752 	wpid = waitpid(fpid, &status, 0);
3753 	ATF_REQUIRE(WIFEXITED(status));
3754 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3755 
3756 	wpid = wait(&status);
3757 	REQUIRE_EQ(wpid, -1);
3758 	REQUIRE_EQ(errno, ECHILD);
3759 }
3760 
3761 #if defined(HAVE_BREAKPOINT) && defined(SKIP_BREAK)
3762 static void *
3763 continue_thread(void *arg __unused)
3764 {
3765 	breakpoint();
3766 	return (NULL);
3767 }
3768 
3769 static __dead2 void
3770 continue_thread_main(void)
3771 {
3772 	pthread_t threads[2];
3773 
3774 	CHILD_REQUIRE(pthread_create(&threads[0], NULL, continue_thread,
3775 	    NULL) == 0);
3776 	CHILD_REQUIRE(pthread_create(&threads[1], NULL, continue_thread,
3777 	    NULL) == 0);
3778 	CHILD_REQUIRE_EQ(pthread_join(threads[0], NULL), 0);
3779 	CHILD_REQUIRE_EQ(pthread_join(threads[1], NULL), 0);
3780 	exit(1);
3781 }
3782 
3783 /*
3784  * Ensure that PT_CONTINUE clears the status of the thread that
3785  * triggered the stop even if a different thread's LWP was passed to
3786  * PT_CONTINUE.
3787  */
3788 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_different_thread);
3789 ATF_TC_BODY(ptrace__PT_CONTINUE_different_thread, tc)
3790 {
3791 	struct ptrace_lwpinfo pl;
3792 	pid_t fpid, wpid;
3793 	lwpid_t lwps[2];
3794 	bool hit_break[2];
3795 	struct reg reg;
3796 	int i, j, status;
3797 
3798 	ATF_REQUIRE((fpid = fork()) != -1);
3799 	if (fpid == 0) {
3800 		trace_me();
3801 		continue_thread_main();
3802 	}
3803 
3804 	/* The first wait() should report the stop from SIGSTOP. */
3805 	wpid = waitpid(fpid, &status, 0);
3806 	REQUIRE_EQ(wpid, fpid);
3807 	ATF_REQUIRE(WIFSTOPPED(status));
3808 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3809 
3810 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
3811 	    sizeof(pl)) != -1);
3812 
3813 	REQUIRE_EQ(ptrace(PT_LWP_EVENTS, wpid, NULL, 1), 0);
3814 
3815 	/* Continue the child ignoring the SIGSTOP. */
3816 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3817 
3818 	/* One of the new threads should report it's birth. */
3819 	wpid = waitpid(fpid, &status, 0);
3820 	REQUIRE_EQ(wpid, fpid);
3821 	ATF_REQUIRE(WIFSTOPPED(status));
3822 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3823 
3824 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3825 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
3826 	    (PL_FLAG_BORN | PL_FLAG_SCX));
3827 	lwps[0] = pl.pl_lwpid;
3828 
3829 	/*
3830 	 * Suspend this thread to ensure both threads are alive before
3831 	 * hitting the breakpoint.
3832 	 */
3833 	ATF_REQUIRE(ptrace(PT_SUSPEND, lwps[0], NULL, 0) != -1);
3834 
3835 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3836 
3837 	/* Second thread should report it's birth. */
3838 	wpid = waitpid(fpid, &status, 0);
3839 	REQUIRE_EQ(wpid, fpid);
3840 	ATF_REQUIRE(WIFSTOPPED(status));
3841 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3842 
3843 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3844 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
3845 	    (PL_FLAG_BORN | PL_FLAG_SCX));
3846 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
3847 	lwps[1] = pl.pl_lwpid;
3848 
3849 	/* Resume both threads waiting for breakpoint events. */
3850 	hit_break[0] = hit_break[1] = false;
3851 	ATF_REQUIRE(ptrace(PT_RESUME, lwps[0], NULL, 0) != -1);
3852 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3853 
3854 	/* One thread should report a breakpoint. */
3855 	wpid = waitpid(fpid, &status, 0);
3856 	REQUIRE_EQ(wpid, fpid);
3857 	ATF_REQUIRE(WIFSTOPPED(status));
3858 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3859 
3860 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3861 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3862 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3863 	REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_BRKPT);
3864 	if (pl.pl_lwpid == lwps[0])
3865 		i = 0;
3866 	else
3867 		i = 1;
3868 	hit_break[i] = true;
3869 	ATF_REQUIRE(ptrace(PT_GETREGS, pl.pl_lwpid, (caddr_t)&reg, 0) != -1);
3870 	SKIP_BREAK(&reg);
3871 	ATF_REQUIRE(ptrace(PT_SETREGS, pl.pl_lwpid, (caddr_t)&reg, 0) != -1);
3872 
3873 	/*
3874 	 * Resume both threads but pass the other thread's LWPID to
3875 	 * PT_CONTINUE.
3876 	 */
3877 	REQUIRE_EQ(ptrace(PT_CONTINUE, lwps[i ^ 1], (caddr_t)1, 0), 0);
3878 
3879 	/*
3880 	 * Will now get two thread exit events and one more breakpoint
3881 	 * event.
3882 	 */
3883 	for (j = 0; j < 3; j++) {
3884 		wpid = waitpid(fpid, &status, 0);
3885 		REQUIRE_EQ(wpid, fpid);
3886 		ATF_REQUIRE(WIFSTOPPED(status));
3887 		REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3888 
3889 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
3890 		    sizeof(pl)) != -1);
3891 
3892 		if (pl.pl_lwpid == lwps[0])
3893 			i = 0;
3894 		else
3895 			i = 1;
3896 
3897 		ATF_REQUIRE_MSG(lwps[i] != 0, "event for exited thread");
3898 		if (pl.pl_flags & PL_FLAG_EXITED) {
3899 			ATF_REQUIRE_MSG(hit_break[i],
3900 			    "exited thread did not report breakpoint");
3901 			lwps[i] = 0;
3902 		} else {
3903 			ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3904 			REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3905 			REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_BRKPT);
3906 			ATF_REQUIRE_MSG(!hit_break[i],
3907 			    "double breakpoint event");
3908 			hit_break[i] = true;
3909 			ATF_REQUIRE(ptrace(PT_GETREGS, pl.pl_lwpid, (caddr_t)&reg,
3910 			    0) != -1);
3911 			SKIP_BREAK(&reg);
3912 			ATF_REQUIRE(ptrace(PT_SETREGS, pl.pl_lwpid, (caddr_t)&reg,
3913 			    0) != -1);
3914 		}
3915 
3916 		REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3917 	}
3918 
3919 	/* Both threads should have exited. */
3920 	REQUIRE_EQ(lwps[0], 0);
3921 	REQUIRE_EQ(lwps[1], 0);
3922 
3923 	/* The last event should be for the child process's exit. */
3924 	wpid = waitpid(fpid, &status, 0);
3925 	ATF_REQUIRE(WIFEXITED(status));
3926 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3927 
3928 	wpid = wait(&status);
3929 	REQUIRE_EQ(wpid, -1);
3930 	REQUIRE_EQ(errno, ECHILD);
3931 }
3932 #endif
3933 
3934 /*
3935  * Verify that PT_LWPINFO doesn't return stale siginfo.
3936  */
3937 ATF_TC_WITHOUT_HEAD(ptrace__PT_LWPINFO_stale_siginfo);
3938 ATF_TC_BODY(ptrace__PT_LWPINFO_stale_siginfo, tc)
3939 {
3940 	struct ptrace_lwpinfo pl;
3941 	pid_t fpid, wpid;
3942 	int events, status;
3943 
3944 	ATF_REQUIRE((fpid = fork()) != -1);
3945 	if (fpid == 0) {
3946 		trace_me();
3947 		raise(SIGABRT);
3948 		exit(1);
3949 	}
3950 
3951 	/* The first wait() should report the stop from SIGSTOP. */
3952 	wpid = waitpid(fpid, &status, 0);
3953 	REQUIRE_EQ(wpid, fpid);
3954 	ATF_REQUIRE(WIFSTOPPED(status));
3955 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3956 
3957 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3958 
3959 	/* The next stop should report the SIGABRT in the child body. */
3960 	wpid = waitpid(fpid, &status, 0);
3961 	REQUIRE_EQ(wpid, fpid);
3962 	ATF_REQUIRE(WIFSTOPPED(status));
3963 	REQUIRE_EQ(WSTOPSIG(status), SIGABRT);
3964 
3965 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3966 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3967 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGABRT);
3968 
3969 	/*
3970 	 * Continue the process ignoring the signal, but enabling
3971 	 * syscall traps.
3972 	 */
3973 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
3974 
3975 	/*
3976 	 * The next stop should report a system call entry from
3977 	 * exit().  PL_FLAGS_SI should not be set.
3978 	 */
3979 	wpid = waitpid(fpid, &status, 0);
3980 	REQUIRE_EQ(wpid, fpid);
3981 	ATF_REQUIRE(WIFSTOPPED(status));
3982 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3983 
3984 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3985 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
3986 	REQUIRE_EQ((pl.pl_flags & PL_FLAG_SI), 0);
3987 
3988 	/* Disable syscall tracing and continue the child to let it exit. */
3989 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
3990 	    sizeof(events)) == 0);
3991 	events &= ~PTRACE_SYSCALL;
3992 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
3993 	    sizeof(events)) == 0);
3994 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3995 
3996 	/* The last event should be for the child process's exit. */
3997 	wpid = waitpid(fpid, &status, 0);
3998 	ATF_REQUIRE(WIFEXITED(status));
3999 	REQUIRE_EQ(WEXITSTATUS(status), 1);
4000 
4001 	wpid = wait(&status);
4002 	REQUIRE_EQ(wpid, -1);
4003 	REQUIRE_EQ(errno, ECHILD);
4004 }
4005 
4006 /*
4007  * A simple test of PT_GET_SC_ARGS and PT_GET_SC_RET.
4008  */
4009 ATF_TC_WITHOUT_HEAD(ptrace__syscall_args);
4010 ATF_TC_BODY(ptrace__syscall_args, tc)
4011 {
4012 	struct ptrace_lwpinfo pl;
4013 	struct ptrace_sc_ret psr;
4014 	pid_t fpid, wpid;
4015 	register_t args[2];
4016 	int events, status;
4017 
4018 	ATF_REQUIRE((fpid = fork()) != -1);
4019 	if (fpid == 0) {
4020 		trace_me();
4021 		kill(getpid(), 0);
4022 		/* Close a fd that should not exist. */
4023 		close(12345);
4024 		exit(1);
4025 	}
4026 
4027 	/* The first wait() should report the stop from SIGSTOP. */
4028 	wpid = waitpid(fpid, &status, 0);
4029 	REQUIRE_EQ(wpid, fpid);
4030 	ATF_REQUIRE(WIFSTOPPED(status));
4031 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4032 
4033 	/*
4034 	 * Continue the process ignoring the signal, but enabling
4035 	 * syscall traps.
4036 	 */
4037 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
4038 
4039 	/*
4040 	 * The next stop should be the syscall entry from getpid().
4041 	 */
4042 	wpid = waitpid(fpid, &status, 0);
4043 	REQUIRE_EQ(wpid, fpid);
4044 	ATF_REQUIRE(WIFSTOPPED(status));
4045 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4046 
4047 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4048 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
4049 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_getpid);
4050 
4051 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4052 
4053 	/*
4054 	 * The next stop should be the syscall exit from getpid().
4055 	 */
4056 	wpid = waitpid(fpid, &status, 0);
4057 	REQUIRE_EQ(wpid, fpid);
4058 	ATF_REQUIRE(WIFSTOPPED(status));
4059 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4060 
4061 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4062 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
4063 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_getpid);
4064 
4065 	ATF_REQUIRE(ptrace(PT_GET_SC_RET, wpid, (caddr_t)&psr,
4066 	    sizeof(psr)) != -1);
4067 	REQUIRE_EQ(psr.sr_error, 0);
4068 	REQUIRE_EQ(psr.sr_retval[0], wpid);
4069 
4070 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4071 
4072 	/*
4073 	 * The next stop should be the syscall entry from kill().
4074 	 */
4075 	wpid = waitpid(fpid, &status, 0);
4076 	REQUIRE_EQ(wpid, fpid);
4077 	ATF_REQUIRE(WIFSTOPPED(status));
4078 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4079 
4080 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4081 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
4082 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_kill);
4083 	REQUIRE_EQ(pl.pl_syscall_narg, 2u);
4084 
4085 	ATF_REQUIRE(ptrace(PT_GET_SC_ARGS, wpid, (caddr_t)args,
4086 	    sizeof(args)) != -1);
4087 	REQUIRE_EQ(args[0], wpid);
4088 	REQUIRE_EQ(args[1], 0);
4089 
4090 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4091 
4092 	/*
4093 	 * The next stop should be the syscall exit from kill().
4094 	 */
4095 	wpid = waitpid(fpid, &status, 0);
4096 	REQUIRE_EQ(wpid, fpid);
4097 	ATF_REQUIRE(WIFSTOPPED(status));
4098 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4099 
4100 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4101 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
4102 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_kill);
4103 
4104 	ATF_REQUIRE(ptrace(PT_GET_SC_RET, wpid, (caddr_t)&psr,
4105 	    sizeof(psr)) != -1);
4106 	REQUIRE_EQ(psr.sr_error, 0);
4107 
4108 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4109 
4110 	/*
4111 	 * The next stop should be the syscall entry from close().
4112 	 */
4113 	wpid = waitpid(fpid, &status, 0);
4114 	REQUIRE_EQ(wpid, fpid);
4115 	ATF_REQUIRE(WIFSTOPPED(status));
4116 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4117 
4118 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4119 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
4120 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_close);
4121 	REQUIRE_EQ(pl.pl_syscall_narg, 1u);
4122 
4123 	ATF_REQUIRE(ptrace(PT_GET_SC_ARGS, wpid, (caddr_t)args,
4124 	    sizeof(args)) != -1);
4125 	REQUIRE_EQ(args[0], 12345);
4126 
4127 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4128 
4129 	/*
4130 	 * The next stop should be the syscall exit from close().
4131 	 */
4132 	wpid = waitpid(fpid, &status, 0);
4133 	REQUIRE_EQ(wpid, fpid);
4134 	ATF_REQUIRE(WIFSTOPPED(status));
4135 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4136 
4137 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4138 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
4139 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_close);
4140 
4141 	ATF_REQUIRE(ptrace(PT_GET_SC_RET, wpid, (caddr_t)&psr,
4142 	    sizeof(psr)) != -1);
4143 	REQUIRE_EQ(psr.sr_error, EBADF);
4144 
4145 	/* Disable syscall tracing and continue the child to let it exit. */
4146 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
4147 	    sizeof(events)) == 0);
4148 	events &= ~PTRACE_SYSCALL;
4149 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
4150 	    sizeof(events)) == 0);
4151 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4152 
4153 	/* The last event should be for the child process's exit. */
4154 	wpid = waitpid(fpid, &status, 0);
4155 	ATF_REQUIRE(WIFEXITED(status));
4156 	REQUIRE_EQ(WEXITSTATUS(status), 1);
4157 
4158 	wpid = wait(&status);
4159 	REQUIRE_EQ(wpid, -1);
4160 	REQUIRE_EQ(errno, ECHILD);
4161 }
4162 
4163 /*
4164  * Verify that when the process is traced that it isn't reparent
4165  * to the init process when we close all process descriptors.
4166  */
4167 ATF_TC(ptrace__proc_reparent);
4168 ATF_TC_HEAD(ptrace__proc_reparent, tc)
4169 {
4170 
4171 	atf_tc_set_md_var(tc, "timeout", "2");
4172 }
4173 ATF_TC_BODY(ptrace__proc_reparent, tc)
4174 {
4175 	pid_t traced, debuger, wpid;
4176 	int pd, status;
4177 
4178 	traced = pdfork(&pd, 0);
4179 	ATF_REQUIRE(traced >= 0);
4180 	if (traced == 0) {
4181 		raise(SIGSTOP);
4182 		exit(0);
4183 	}
4184 	ATF_REQUIRE(pd >= 0);
4185 
4186 	debuger = fork();
4187 	ATF_REQUIRE(debuger >= 0);
4188 	if (debuger == 0) {
4189 		/* The traced process is reparented to debuger. */
4190 		REQUIRE_EQ(ptrace(PT_ATTACH, traced, 0, 0), 0);
4191 		wpid = waitpid(traced, &status, 0);
4192 		REQUIRE_EQ(wpid, traced);
4193 		ATF_REQUIRE(WIFSTOPPED(status));
4194 		REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4195 		REQUIRE_EQ(close(pd), 0);
4196 		REQUIRE_EQ(ptrace(PT_DETACH, traced, (caddr_t)1, 0), 0);
4197 
4198 		/* We closed pd so we should not have any child. */
4199 		wpid = wait(&status);
4200 		REQUIRE_EQ(wpid, -1);
4201 		REQUIRE_EQ(errno, ECHILD);
4202 
4203 		exit(0);
4204 	}
4205 
4206 	REQUIRE_EQ(close(pd), 0);
4207 	wpid = waitpid(debuger, &status, 0);
4208 	REQUIRE_EQ(wpid, debuger);
4209 	REQUIRE_EQ(WEXITSTATUS(status), 0);
4210 
4211 	/* Check if we still have any child. */
4212 	wpid = wait(&status);
4213 	REQUIRE_EQ(wpid, -1);
4214 	REQUIRE_EQ(errno, ECHILD);
4215 }
4216 
4217 /*
4218  * Ensure that traced processes created with pdfork(2) are visible to
4219  * waitid(P_ALL).
4220  */
4221 ATF_TC_WITHOUT_HEAD(ptrace__procdesc_wait_child);
4222 ATF_TC_BODY(ptrace__procdesc_wait_child, tc)
4223 {
4224 	pid_t child, wpid;
4225 	int pd, status;
4226 
4227 	child = pdfork(&pd, 0);
4228 	ATF_REQUIRE(child >= 0);
4229 
4230 	if (child == 0) {
4231 		trace_me();
4232 		(void)raise(SIGSTOP);
4233 		exit(0);
4234 	}
4235 
4236 	wpid = waitpid(child, &status, 0);
4237 	REQUIRE_EQ(wpid, child);
4238 	ATF_REQUIRE(WIFSTOPPED(status));
4239 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4240 
4241 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
4242 
4243 	wpid = wait(&status);
4244 	REQUIRE_EQ(wpid, child);
4245 	ATF_REQUIRE(WIFSTOPPED(status));
4246 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4247 
4248 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
4249 
4250 	/*
4251 	 * If process was created by pdfork, the return code have to
4252 	 * be collected through process descriptor.
4253 	 */
4254 	wpid = wait(&status);
4255 	REQUIRE_EQ(wpid, -1);
4256 	REQUIRE_EQ(errno, ECHILD);
4257 
4258 	ATF_REQUIRE(close(pd) != -1);
4259 }
4260 
4261 /*
4262  * Ensure that traced processes created with pdfork(2) are not visible
4263  * after returning to parent - waitid(P_ALL).
4264  */
4265 ATF_TC_WITHOUT_HEAD(ptrace__procdesc_reparent_wait_child);
4266 ATF_TC_BODY(ptrace__procdesc_reparent_wait_child, tc)
4267 {
4268 	pid_t traced, debuger, wpid;
4269 	int pd, status;
4270 
4271 	traced = pdfork(&pd, 0);
4272 	ATF_REQUIRE(traced >= 0);
4273 	if (traced == 0) {
4274 		raise(SIGSTOP);
4275 		exit(0);
4276 	}
4277 	ATF_REQUIRE(pd >= 0);
4278 
4279 	/* Wait until the child process has stopped before fork()ing again. */
4280 	REQUIRE_EQ(traced, waitpid(traced, &status, WSTOPPED));
4281 	debuger = fork();
4282 	ATF_REQUIRE(debuger >= 0);
4283 	if (debuger == 0) {
4284 		/* The traced process is reparented to debuger. */
4285 		REQUIRE_EQ(ptrace(PT_ATTACH, traced, 0, 0), 0);
4286 		wpid = waitpid(traced, &status, 0);
4287 		REQUIRE_EQ(wpid, traced);
4288 		ATF_REQUIRE(WIFSTOPPED(status));
4289 		REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4290 
4291 		/* Allow process to die. */
4292 		REQUIRE_EQ(ptrace(PT_CONTINUE, traced, (caddr_t)1, 0), 0);
4293 		wpid = waitpid(traced, &status, 0);
4294 		REQUIRE_EQ(wpid, traced);
4295 		ATF_REQUIRE(WIFEXITED(status));
4296 		REQUIRE_EQ(WEXITSTATUS(status), 0);
4297 
4298 		/* Reparent back to the orginal process. */
4299 		REQUIRE_EQ(close(pd), 0);
4300 		exit(0);
4301 	}
4302 
4303 	wpid = waitpid(debuger, &status, 0);
4304 	REQUIRE_EQ(wpid, debuger);
4305 	REQUIRE_EQ(WEXITSTATUS(status), 0);
4306 
4307 	/*
4308 	 * We have a child but it has a process descriptori
4309 	 * so we should not be able to collect it process.
4310 	 */
4311 	wpid = wait(&status);
4312 	REQUIRE_EQ(wpid, -1);
4313 	REQUIRE_EQ(errno, ECHILD);
4314 
4315 	REQUIRE_EQ(close(pd), 0);
4316 }
4317 
4318 /*
4319  * Try using PT_SC_REMOTE to get the PID of a traced child process.
4320  */
4321 ATF_TC_WITHOUT_HEAD(ptrace__PT_SC_REMOTE_getpid);
4322 ATF_TC_BODY(ptrace__PT_SC_REMOTE_getpid, tc)
4323 {
4324 	struct ptrace_sc_remote pscr;
4325 	pid_t fpid, wpid;
4326 	int status;
4327 
4328 	ATF_REQUIRE((fpid = fork()) != -1);
4329 	if (fpid == 0) {
4330 		trace_me();
4331 		exit(0);
4332 	}
4333 
4334 	attach_child(fpid);
4335 
4336 	pscr.pscr_syscall = SYS_getpid;
4337 	pscr.pscr_nargs = 0;
4338 	pscr.pscr_args = NULL;
4339 	ATF_REQUIRE(ptrace(PT_SC_REMOTE, fpid, (caddr_t)&pscr, sizeof(pscr)) !=
4340 	    -1);
4341 	ATF_REQUIRE_MSG(pscr.pscr_ret.sr_error == 0,
4342 	    "remote getpid failed with error %d", pscr.pscr_ret.sr_error);
4343 	ATF_REQUIRE_MSG(pscr.pscr_ret.sr_retval[0] == fpid,
4344 	    "unexpected return value %jd instead of %d",
4345 	    (intmax_t)pscr.pscr_ret.sr_retval[0], fpid);
4346 
4347 	wpid = waitpid(fpid, &status, 0);
4348 	REQUIRE_EQ(wpid, fpid);
4349 	ATF_REQUIRE(WIFSTOPPED(status));
4350 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4351 
4352 	pscr.pscr_syscall = SYS_getppid;
4353 	pscr.pscr_nargs = 0;
4354 	pscr.pscr_args = NULL;
4355 	ATF_REQUIRE(ptrace(PT_SC_REMOTE, fpid, (caddr_t)&pscr, sizeof(pscr)) !=
4356 	    -1);
4357 	ATF_REQUIRE_MSG(pscr.pscr_ret.sr_error == 0,
4358 	    "remote getppid failed with error %d", pscr.pscr_ret.sr_error);
4359 	ATF_REQUIRE_MSG(pscr.pscr_ret.sr_retval[0] == getpid(),
4360 	    "unexpected return value %jd instead of %d",
4361 	    (intmax_t)pscr.pscr_ret.sr_retval[0], fpid);
4362 
4363 	wpid = waitpid(fpid, &status, 0);
4364 	REQUIRE_EQ(wpid, fpid);
4365 	ATF_REQUIRE(WIFSTOPPED(status));
4366 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4367 
4368 	ATF_REQUIRE(ptrace(PT_DETACH, fpid, (caddr_t)1, 0) != -1);
4369 }
4370 
4371 /*
4372  * Ensure that procctl(PROC_REAP_KILL) won't block forever waiting for a target
4373  * process that stopped to report its status to a debugger.
4374  */
4375 ATF_TC_WITHOUT_HEAD(ptrace__reap_kill_stopped);
4376 ATF_TC_BODY(ptrace__reap_kill_stopped, tc)
4377 {
4378 	struct procctl_reaper_kill prk;
4379 	pid_t debuggee, wpid;
4380 	int error, status;
4381 
4382 	REQUIRE_EQ(procctl(P_PID, getpid(), PROC_REAP_ACQUIRE, NULL), 0);
4383 
4384 	debuggee = fork();
4385 	ATF_REQUIRE(debuggee >= 0);
4386 	if (debuggee == 0) {
4387 		trace_me();
4388 		for (;;)
4389 			sleep(10);
4390 		_exit(0);
4391 	}
4392 	wpid = waitpid(debuggee, &status, 0);
4393 	REQUIRE_EQ(wpid, debuggee);
4394 	ATF_REQUIRE(WIFSTOPPED(status));
4395 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4396 
4397 	/* Resume the child and ask it to stop during syscall exits. */
4398 	ATF_REQUIRE(ptrace(PT_TO_SCX, debuggee, (caddr_t)1, 0) != -1);
4399 
4400 	/* Give the debuggee some time to go to sleep. */
4401 	usleep(100000);
4402 
4403 	/*
4404 	 * Kill the child process.  procctl() may attempt to stop the target
4405 	 * process to prevent it from adding new children to the reaper subtree,
4406 	 * and this should not conflict with the child stopping itself for the
4407 	 * debugger.
4408 	 */
4409 	memset(&prk, 0, sizeof(prk));
4410 	prk.rk_sig = SIGTERM;
4411 	error = procctl(P_PID, getpid(), PROC_REAP_KILL, &prk);
4412 	REQUIRE_EQ(error, 0);
4413 	REQUIRE_EQ(1u, prk.rk_killed);
4414 	REQUIRE_EQ(-1, prk.rk_fpid);
4415 }
4416 
4417 ATF_TP_ADD_TCS(tp)
4418 {
4419 	ATF_TP_ADD_TC(tp, ptrace__parent_wait_after_trace_me);
4420 	ATF_TP_ADD_TC(tp, ptrace__parent_wait_after_attach);
4421 	ATF_TP_ADD_TC(tp, ptrace__parent_sees_exit_after_child_debugger);
4422 	ATF_TP_ADD_TC(tp, ptrace__parent_sees_exit_after_unrelated_debugger);
4423 	ATF_TP_ADD_TC(tp, ptrace__parent_exits_before_child);
4424 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_both_attached);
4425 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_child_detached);
4426 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_parent_detached);
4427 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_both_attached_unrelated_debugger);
4428 	ATF_TP_ADD_TC(tp,
4429 	    ptrace__follow_fork_child_detached_unrelated_debugger);
4430 	ATF_TP_ADD_TC(tp,
4431 	    ptrace__follow_fork_parent_detached_unrelated_debugger);
4432 	ATF_TP_ADD_TC(tp, ptrace__getppid);
4433 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_fork);
4434 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_vfork);
4435 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_thread);
4436 	ATF_TP_ADD_TC(tp, ptrace__lwp_events);
4437 	ATF_TP_ADD_TC(tp, ptrace__lwp_events_exec);
4438 	ATF_TP_ADD_TC(tp, ptrace__siginfo);
4439 	ATF_TP_ADD_TC(tp, ptrace__ptrace_exec_disable);
4440 	ATF_TP_ADD_TC(tp, ptrace__ptrace_exec_enable);
4441 	ATF_TP_ADD_TC(tp, ptrace__event_mask);
4442 	ATF_TP_ADD_TC(tp, ptrace__ptrace_vfork);
4443 	ATF_TP_ADD_TC(tp, ptrace__ptrace_vfork_follow);
4444 #ifdef HAVE_BREAKPOINT
4445 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_breakpoint);
4446 #endif
4447 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_system_call);
4448 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_threads);
4449 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_competing_signal);
4450 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_competing_stop);
4451 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_with_signal_full_sigqueue);
4452 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_system_call_entry);
4453 	ATF_TP_ADD_TC(tp,
4454 	    ptrace__PT_CONTINUE_with_signal_system_call_entry_and_exit);
4455 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_full_sigqueue);
4456 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_masked_full_sigqueue);
4457 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_change_sig);
4458 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_sigtrap_system_call_entry);
4459 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_mix);
4460 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_kqueue);
4461 	ATF_TP_ADD_TC(tp, ptrace__killed_with_sigmask);
4462 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_sigmask);
4463 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_thread_sigmask);
4464 	ATF_TP_ADD_TC(tp, ptrace__PT_REGSET);
4465 	ATF_TP_ADD_TC(tp, ptrace__parent_terminate_with_pending_sigstop1);
4466 	ATF_TP_ADD_TC(tp, ptrace__parent_terminate_with_pending_sigstop2);
4467 	ATF_TP_ADD_TC(tp, ptrace__event_mask_sigkill_discard);
4468 	ATF_TP_ADD_TC(tp, ptrace__PT_ATTACH_with_SBDRY_thread);
4469 	ATF_TP_ADD_TC(tp, ptrace__PT_STEP_with_signal);
4470 #ifdef HAVE_BREAKPOINT
4471 	ATF_TP_ADD_TC(tp, ptrace__breakpoint_siginfo);
4472 #endif
4473 	ATF_TP_ADD_TC(tp, ptrace__step_siginfo);
4474 #if defined(HAVE_BREAKPOINT) && defined(SKIP_BREAK)
4475 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_different_thread);
4476 #endif
4477 	ATF_TP_ADD_TC(tp, ptrace__PT_LWPINFO_stale_siginfo);
4478 	ATF_TP_ADD_TC(tp, ptrace__syscall_args);
4479 	ATF_TP_ADD_TC(tp, ptrace__proc_reparent);
4480 	ATF_TP_ADD_TC(tp, ptrace__procdesc_wait_child);
4481 	ATF_TP_ADD_TC(tp, ptrace__procdesc_reparent_wait_child);
4482 	ATF_TP_ADD_TC(tp, ptrace__PT_SC_REMOTE_getpid);
4483 	ATF_TP_ADD_TC(tp, ptrace__reap_kill_stopped);
4484 
4485 	return (atf_no_error());
4486 }
4487