xref: /freebsd/tests/sys/kern/ptrace_test.c (revision 2f513db72b034fd5ef7f080b11be5c711c15186a)
1 /*-
2  * Copyright (c) 2015 John Baldwin <jhb@FreeBSD.org>
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23  * SUCH DAMAGE.
24  */
25 
26 #include <sys/cdefs.h>
27 __FBSDID("$FreeBSD$");
28 
29 #include <sys/types.h>
30 #include <sys/cpuset.h>
31 #include <sys/event.h>
32 #include <sys/file.h>
33 #include <sys/time.h>
34 #include <sys/procctl.h>
35 #include <sys/procdesc.h>
36 #define	_WANT_MIPS_REGNUM
37 #include <sys/ptrace.h>
38 #include <sys/queue.h>
39 #include <sys/runq.h>
40 #include <sys/syscall.h>
41 #include <sys/sysctl.h>
42 #include <sys/user.h>
43 #include <sys/wait.h>
44 #include <errno.h>
45 #include <machine/cpufunc.h>
46 #include <pthread.h>
47 #include <sched.h>
48 #include <semaphore.h>
49 #include <signal.h>
50 #include <stdio.h>
51 #include <stdlib.h>
52 #include <unistd.h>
53 #include <atf-c.h>
54 
55 /*
56  * Architectures with a user-visible breakpoint().
57  */
58 #if defined(__aarch64__) || defined(__amd64__) || defined(__arm__) ||	\
59     defined(__i386__) || defined(__mips__) || defined(__riscv) ||	\
60     defined(__sparc64__)
61 #define	HAVE_BREAKPOINT
62 #endif
63 
64 /*
65  * Adjust PC to skip over a breakpoint when stopped for a breakpoint trap.
66  */
67 #ifdef HAVE_BREAKPOINT
68 #if defined(__aarch64__)
69 #define	SKIP_BREAK(reg)	((reg)->elr += 4)
70 #elif defined(__amd64__) || defined(__i386__)
71 #define	SKIP_BREAK(reg)
72 #elif defined(__arm__)
73 #define	SKIP_BREAK(reg)	((reg)->r_pc += 4)
74 #elif defined(__mips__)
75 #define	SKIP_BREAK(reg)	((reg)->r_regs[PC] += 4)
76 #elif defined(__riscv)
77 #define	SKIP_BREAK(reg)	((reg)->sepc += 4)
78 #elif defined(__sparc64__)
79 #define	SKIP_BREAK(reg)	do {						\
80 	(reg)->r_tpc = (reg)->r_tnpc + 4;				\
81 	(reg)->r_tnpc += 8;						\
82 } while (0)
83 #endif
84 #endif
85 
86 /*
87  * A variant of ATF_REQUIRE that is suitable for use in child
88  * processes.  This only works if the parent process is tripped up by
89  * the early exit and fails some requirement itself.
90  */
91 #define	CHILD_REQUIRE(exp) do {						\
92 		if (!(exp))						\
93 			child_fail_require(__FILE__, __LINE__,		\
94 			    #exp " not met");				\
95 	} while (0)
96 
97 static __dead2 void
98 child_fail_require(const char *file, int line, const char *str)
99 {
100 	char buf[128];
101 
102 	snprintf(buf, sizeof(buf), "%s:%d: %s\n", file, line, str);
103 	write(2, buf, strlen(buf));
104 	_exit(32);
105 }
106 
107 static void
108 trace_me(void)
109 {
110 
111 	/* Attach the parent process as a tracer of this process. */
112 	CHILD_REQUIRE(ptrace(PT_TRACE_ME, 0, NULL, 0) != -1);
113 
114 	/* Trigger a stop. */
115 	raise(SIGSTOP);
116 }
117 
118 static void
119 attach_child(pid_t pid)
120 {
121 	pid_t wpid;
122 	int status;
123 
124 	ATF_REQUIRE(ptrace(PT_ATTACH, pid, NULL, 0) == 0);
125 
126 	wpid = waitpid(pid, &status, 0);
127 	ATF_REQUIRE(wpid == pid);
128 	ATF_REQUIRE(WIFSTOPPED(status));
129 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
130 }
131 
132 static void
133 wait_for_zombie(pid_t pid)
134 {
135 
136 	/*
137 	 * Wait for a process to exit.  This is kind of gross, but
138 	 * there is not a better way.
139 	 *
140 	 * Prior to r325719, the kern.proc.pid.<pid> sysctl failed
141 	 * with ESRCH.  After that change, a valid struct kinfo_proc
142 	 * is returned for zombies with ki_stat set to SZOMB.
143 	 */
144 	for (;;) {
145 		struct kinfo_proc kp;
146 		size_t len;
147 		int mib[4];
148 
149 		mib[0] = CTL_KERN;
150 		mib[1] = KERN_PROC;
151 		mib[2] = KERN_PROC_PID;
152 		mib[3] = pid;
153 		len = sizeof(kp);
154 		if (sysctl(mib, nitems(mib), &kp, &len, NULL, 0) == -1) {
155 			ATF_REQUIRE(errno == ESRCH);
156 			break;
157 		}
158 		if (kp.ki_stat == SZOMB)
159 			break;
160 		usleep(5000);
161 	}
162 }
163 
164 /*
165  * Verify that a parent debugger process "sees" the exit of a debugged
166  * process exactly once when attached via PT_TRACE_ME.
167  */
168 ATF_TC_WITHOUT_HEAD(ptrace__parent_wait_after_trace_me);
169 ATF_TC_BODY(ptrace__parent_wait_after_trace_me, tc)
170 {
171 	pid_t child, wpid;
172 	int status;
173 
174 	ATF_REQUIRE((child = fork()) != -1);
175 	if (child == 0) {
176 		/* Child process. */
177 		trace_me();
178 
179 		_exit(1);
180 	}
181 
182 	/* Parent process. */
183 
184 	/* The first wait() should report the stop from SIGSTOP. */
185 	wpid = waitpid(child, &status, 0);
186 	ATF_REQUIRE(wpid == child);
187 	ATF_REQUIRE(WIFSTOPPED(status));
188 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
189 
190 	/* Continue the child ignoring the SIGSTOP. */
191 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
192 
193 	/* The second wait() should report the exit status. */
194 	wpid = waitpid(child, &status, 0);
195 	ATF_REQUIRE(wpid == child);
196 	ATF_REQUIRE(WIFEXITED(status));
197 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
198 
199 	/* The child should no longer exist. */
200 	wpid = waitpid(child, &status, 0);
201 	ATF_REQUIRE(wpid == -1);
202 	ATF_REQUIRE(errno == ECHILD);
203 }
204 
205 /*
206  * Verify that a parent debugger process "sees" the exit of a debugged
207  * process exactly once when attached via PT_ATTACH.
208  */
209 ATF_TC_WITHOUT_HEAD(ptrace__parent_wait_after_attach);
210 ATF_TC_BODY(ptrace__parent_wait_after_attach, tc)
211 {
212 	pid_t child, wpid;
213 	int cpipe[2], status;
214 	char c;
215 
216 	if (atf_tc_get_config_var_as_bool_wd(tc, "ci", false))
217 		atf_tc_skip("https://bugs.freebsd.org/244055");
218 
219 	ATF_REQUIRE(pipe(cpipe) == 0);
220 	ATF_REQUIRE((child = fork()) != -1);
221 	if (child == 0) {
222 		/* Child process. */
223 		close(cpipe[0]);
224 
225 		/* Wait for the parent to attach. */
226 		CHILD_REQUIRE(read(cpipe[1], &c, sizeof(c)) == 0);
227 
228 		_exit(1);
229 	}
230 	close(cpipe[1]);
231 
232 	/* Parent process. */
233 
234 	/* Attach to the child process. */
235 	attach_child(child);
236 
237 	/* Continue the child ignoring the SIGSTOP. */
238 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
239 
240 	/* Signal the child to exit. */
241 	close(cpipe[0]);
242 
243 	/* The second wait() should report the exit status. */
244 	wpid = waitpid(child, &status, 0);
245 	ATF_REQUIRE(wpid == child);
246 	ATF_REQUIRE(WIFEXITED(status));
247 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
248 
249 	/* The child should no longer exist. */
250 	wpid = waitpid(child, &status, 0);
251 	ATF_REQUIRE(wpid == -1);
252 	ATF_REQUIRE(errno == ECHILD);
253 }
254 
255 /*
256  * Verify that a parent process "sees" the exit of a debugged process only
257  * after the debugger has seen it.
258  */
259 ATF_TC_WITHOUT_HEAD(ptrace__parent_sees_exit_after_child_debugger);
260 ATF_TC_BODY(ptrace__parent_sees_exit_after_child_debugger, tc)
261 {
262 	pid_t child, debugger, wpid;
263 	int cpipe[2], dpipe[2], status;
264 	char c;
265 
266 	if (atf_tc_get_config_var_as_bool_wd(tc, "ci", false))
267 		atf_tc_skip("https://bugs.freebsd.org/239399");
268 
269 	ATF_REQUIRE(pipe(cpipe) == 0);
270 	ATF_REQUIRE((child = fork()) != -1);
271 
272 	if (child == 0) {
273 		/* Child process. */
274 		close(cpipe[0]);
275 
276 		/* Wait for parent to be ready. */
277 		CHILD_REQUIRE(read(cpipe[1], &c, sizeof(c)) == sizeof(c));
278 
279 		_exit(1);
280 	}
281 	close(cpipe[1]);
282 
283 	ATF_REQUIRE(pipe(dpipe) == 0);
284 	ATF_REQUIRE((debugger = fork()) != -1);
285 
286 	if (debugger == 0) {
287 		/* Debugger process. */
288 		close(dpipe[0]);
289 
290 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
291 
292 		wpid = waitpid(child, &status, 0);
293 		CHILD_REQUIRE(wpid == child);
294 		CHILD_REQUIRE(WIFSTOPPED(status));
295 		CHILD_REQUIRE(WSTOPSIG(status) == SIGSTOP);
296 
297 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
298 
299 		/* Signal parent that debugger is attached. */
300 		CHILD_REQUIRE(write(dpipe[1], &c, sizeof(c)) == sizeof(c));
301 
302 		/* Wait for parent's failed wait. */
303 		CHILD_REQUIRE(read(dpipe[1], &c, sizeof(c)) == 0);
304 
305 		wpid = waitpid(child, &status, 0);
306 		CHILD_REQUIRE(wpid == child);
307 		CHILD_REQUIRE(WIFEXITED(status));
308 		CHILD_REQUIRE(WEXITSTATUS(status) == 1);
309 
310 		_exit(0);
311 	}
312 	close(dpipe[1]);
313 
314 	/* Parent process. */
315 
316 	/* Wait for the debugger to attach to the child. */
317 	ATF_REQUIRE(read(dpipe[0], &c, sizeof(c)) == sizeof(c));
318 
319 	/* Release the child. */
320 	ATF_REQUIRE(write(cpipe[0], &c, sizeof(c)) == sizeof(c));
321 	ATF_REQUIRE(read(cpipe[0], &c, sizeof(c)) == 0);
322 	close(cpipe[0]);
323 
324 	wait_for_zombie(child);
325 
326 	/*
327 	 * This wait should return a pid of 0 to indicate no status to
328 	 * report.  The parent should see the child as non-exited
329 	 * until the debugger sees the exit.
330 	 */
331 	wpid = waitpid(child, &status, WNOHANG);
332 	ATF_REQUIRE(wpid == 0);
333 
334 	/* Signal the debugger to wait for the child. */
335 	close(dpipe[0]);
336 
337 	/* Wait for the debugger. */
338 	wpid = waitpid(debugger, &status, 0);
339 	ATF_REQUIRE(wpid == debugger);
340 	ATF_REQUIRE(WIFEXITED(status));
341 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
342 
343 	/* The child process should now be ready. */
344 	wpid = waitpid(child, &status, WNOHANG);
345 	ATF_REQUIRE(wpid == child);
346 	ATF_REQUIRE(WIFEXITED(status));
347 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
348 }
349 
350 /*
351  * Verify that a parent process "sees" the exit of a debugged process
352  * only after a non-direct-child debugger has seen it.  In particular,
353  * various wait() calls in the parent must avoid failing with ESRCH by
354  * checking the parent's orphan list for the debugee.
355  */
356 ATF_TC_WITHOUT_HEAD(ptrace__parent_sees_exit_after_unrelated_debugger);
357 ATF_TC_BODY(ptrace__parent_sees_exit_after_unrelated_debugger, tc)
358 {
359 	pid_t child, debugger, fpid, wpid;
360 	int cpipe[2], dpipe[2], status;
361 	char c;
362 
363 	ATF_REQUIRE(pipe(cpipe) == 0);
364 	ATF_REQUIRE((child = fork()) != -1);
365 
366 	if (child == 0) {
367 		/* Child process. */
368 		close(cpipe[0]);
369 
370 		/* Wait for parent to be ready. */
371 		CHILD_REQUIRE(read(cpipe[1], &c, sizeof(c)) == sizeof(c));
372 
373 		_exit(1);
374 	}
375 	close(cpipe[1]);
376 
377 	ATF_REQUIRE(pipe(dpipe) == 0);
378 	ATF_REQUIRE((debugger = fork()) != -1);
379 
380 	if (debugger == 0) {
381 		/* Debugger parent. */
382 
383 		/*
384 		 * Fork again and drop the debugger parent so that the
385 		 * debugger is not a child of the main parent.
386 		 */
387 		CHILD_REQUIRE((fpid = fork()) != -1);
388 		if (fpid != 0)
389 			_exit(2);
390 
391 		/* Debugger process. */
392 		close(dpipe[0]);
393 
394 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
395 
396 		wpid = waitpid(child, &status, 0);
397 		CHILD_REQUIRE(wpid == child);
398 		CHILD_REQUIRE(WIFSTOPPED(status));
399 		CHILD_REQUIRE(WSTOPSIG(status) == SIGSTOP);
400 
401 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
402 
403 		/* Signal parent that debugger is attached. */
404 		CHILD_REQUIRE(write(dpipe[1], &c, sizeof(c)) == sizeof(c));
405 
406 		/* Wait for parent's failed wait. */
407 		CHILD_REQUIRE(read(dpipe[1], &c, sizeof(c)) == sizeof(c));
408 
409 		wpid = waitpid(child, &status, 0);
410 		CHILD_REQUIRE(wpid == child);
411 		CHILD_REQUIRE(WIFEXITED(status));
412 		CHILD_REQUIRE(WEXITSTATUS(status) == 1);
413 
414 		_exit(0);
415 	}
416 	close(dpipe[1]);
417 
418 	/* Parent process. */
419 
420 	/* Wait for the debugger parent process to exit. */
421 	wpid = waitpid(debugger, &status, 0);
422 	ATF_REQUIRE(wpid == debugger);
423 	ATF_REQUIRE(WIFEXITED(status));
424 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
425 
426 	/* A WNOHANG wait here should see the non-exited child. */
427 	wpid = waitpid(child, &status, WNOHANG);
428 	ATF_REQUIRE(wpid == 0);
429 
430 	/* Wait for the debugger to attach to the child. */
431 	ATF_REQUIRE(read(dpipe[0], &c, sizeof(c)) == sizeof(c));
432 
433 	/* Release the child. */
434 	ATF_REQUIRE(write(cpipe[0], &c, sizeof(c)) == sizeof(c));
435 	ATF_REQUIRE(read(cpipe[0], &c, sizeof(c)) == 0);
436 	close(cpipe[0]);
437 
438 	wait_for_zombie(child);
439 
440 	/*
441 	 * This wait should return a pid of 0 to indicate no status to
442 	 * report.  The parent should see the child as non-exited
443 	 * until the debugger sees the exit.
444 	 */
445 	wpid = waitpid(child, &status, WNOHANG);
446 	ATF_REQUIRE(wpid == 0);
447 
448 	/* Signal the debugger to wait for the child. */
449 	ATF_REQUIRE(write(dpipe[0], &c, sizeof(c)) == sizeof(c));
450 
451 	/* Wait for the debugger. */
452 	ATF_REQUIRE(read(dpipe[0], &c, sizeof(c)) == 0);
453 	close(dpipe[0]);
454 
455 	/* The child process should now be ready. */
456 	wpid = waitpid(child, &status, WNOHANG);
457 	ATF_REQUIRE(wpid == child);
458 	ATF_REQUIRE(WIFEXITED(status));
459 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
460 }
461 
462 /*
463  * Make sure that we can collect the exit status of an orphaned process.
464  */
465 ATF_TC_WITHOUT_HEAD(ptrace__parent_exits_before_child);
466 ATF_TC_BODY(ptrace__parent_exits_before_child, tc)
467 {
468 	ssize_t n;
469 	int cpipe1[2], cpipe2[2], gcpipe[2], status;
470 	pid_t child, gchild;
471 
472 	if (atf_tc_get_config_var_as_bool_wd(tc, "ci", false))
473 		atf_tc_skip("https://bugs.freebsd.org/244056");
474 
475 	ATF_REQUIRE(pipe(cpipe1) == 0);
476 	ATF_REQUIRE(pipe(cpipe2) == 0);
477 	ATF_REQUIRE(pipe(gcpipe) == 0);
478 
479 	ATF_REQUIRE(procctl(P_PID, getpid(), PROC_REAP_ACQUIRE, NULL) == 0);
480 
481 	ATF_REQUIRE((child = fork()) != -1);
482 	if (child == 0) {
483 		CHILD_REQUIRE((gchild = fork()) != -1);
484 		if (gchild == 0) {
485 			status = 1;
486 			do {
487 				n = read(gcpipe[0], &status, sizeof(status));
488 			} while (n == -1 && errno == EINTR);
489 			_exit(status);
490 		}
491 
492 		CHILD_REQUIRE(write(cpipe1[1], &gchild, sizeof(gchild)) ==
493 		    sizeof(gchild));
494 		CHILD_REQUIRE(read(cpipe2[0], &status, sizeof(status)) ==
495 		    sizeof(status));
496 		_exit(status);
497 	}
498 
499 	ATF_REQUIRE(read(cpipe1[0], &gchild, sizeof(gchild)) == sizeof(gchild));
500 
501 	ATF_REQUIRE(ptrace(PT_ATTACH, gchild, NULL, 0) == 0);
502 
503 	status = 0;
504 	ATF_REQUIRE(write(cpipe2[1], &status, sizeof(status)) ==
505 	    sizeof(status));
506 	ATF_REQUIRE(waitpid(child, &status, 0) == child);
507 	ATF_REQUIRE(WIFEXITED(status) && WEXITSTATUS(status) == 0);
508 
509 	status = 0;
510 	ATF_REQUIRE(write(gcpipe[1], &status, sizeof(status)) ==
511 	    sizeof(status));
512 	ATF_REQUIRE(waitpid(gchild, &status, 0) == gchild);
513 	ATF_REQUIRE(WIFSTOPPED(status));
514 	ATF_REQUIRE(ptrace(PT_DETACH, gchild, (caddr_t)1, 0) == 0);
515 	ATF_REQUIRE(waitpid(gchild, &status, 0) == gchild);
516 	ATF_REQUIRE(WIFEXITED(status) && WEXITSTATUS(status) == 0);
517 
518 	ATF_REQUIRE(close(cpipe1[0]) == 0);
519 	ATF_REQUIRE(close(cpipe1[1]) == 0);
520 	ATF_REQUIRE(close(cpipe2[0]) == 0);
521 	ATF_REQUIRE(close(cpipe2[1]) == 0);
522 	ATF_REQUIRE(close(gcpipe[0]) == 0);
523 	ATF_REQUIRE(close(gcpipe[1]) == 0);
524 }
525 
526 /*
527  * The parent process should always act the same regardless of how the
528  * debugger is attached to it.
529  */
530 static __dead2 void
531 follow_fork_parent(bool use_vfork)
532 {
533 	pid_t fpid, wpid;
534 	int status;
535 
536 	if (use_vfork)
537 		CHILD_REQUIRE((fpid = vfork()) != -1);
538 	else
539 		CHILD_REQUIRE((fpid = fork()) != -1);
540 
541 	if (fpid == 0)
542 		/* Child */
543 		_exit(2);
544 
545 	wpid = waitpid(fpid, &status, 0);
546 	CHILD_REQUIRE(wpid == fpid);
547 	CHILD_REQUIRE(WIFEXITED(status));
548 	CHILD_REQUIRE(WEXITSTATUS(status) == 2);
549 
550 	_exit(1);
551 }
552 
553 /*
554  * Helper routine for follow fork tests.  This waits for two stops
555  * that report both "sides" of a fork.  It returns the pid of the new
556  * child process.
557  */
558 static pid_t
559 handle_fork_events(pid_t parent, struct ptrace_lwpinfo *ppl)
560 {
561 	struct ptrace_lwpinfo pl;
562 	bool fork_reported[2];
563 	pid_t child, wpid;
564 	int i, status;
565 
566 	fork_reported[0] = false;
567 	fork_reported[1] = false;
568 	child = -1;
569 
570 	/*
571 	 * Each process should report a fork event.  The parent should
572 	 * report a PL_FLAG_FORKED event, and the child should report
573 	 * a PL_FLAG_CHILD event.
574 	 */
575 	for (i = 0; i < 2; i++) {
576 		wpid = wait(&status);
577 		ATF_REQUIRE(wpid > 0);
578 		ATF_REQUIRE(WIFSTOPPED(status));
579 
580 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
581 		    sizeof(pl)) != -1);
582 		ATF_REQUIRE((pl.pl_flags & (PL_FLAG_FORKED | PL_FLAG_CHILD)) !=
583 		    0);
584 		ATF_REQUIRE((pl.pl_flags & (PL_FLAG_FORKED | PL_FLAG_CHILD)) !=
585 		    (PL_FLAG_FORKED | PL_FLAG_CHILD));
586 		if (pl.pl_flags & PL_FLAG_CHILD) {
587 			ATF_REQUIRE(wpid != parent);
588 			ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
589 			ATF_REQUIRE(!fork_reported[1]);
590 			if (child == -1)
591 				child = wpid;
592 			else
593 				ATF_REQUIRE(child == wpid);
594 			if (ppl != NULL)
595 				ppl[1] = pl;
596 			fork_reported[1] = true;
597 		} else {
598 			ATF_REQUIRE(wpid == parent);
599 			ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
600 			ATF_REQUIRE(!fork_reported[0]);
601 			if (child == -1)
602 				child = pl.pl_child_pid;
603 			else
604 				ATF_REQUIRE(child == pl.pl_child_pid);
605 			if (ppl != NULL)
606 				ppl[0] = pl;
607 			fork_reported[0] = true;
608 		}
609 	}
610 
611 	return (child);
612 }
613 
614 /*
615  * Verify that a new child process is stopped after a followed fork and
616  * that the traced parent sees the exit of the child after the debugger
617  * when both processes remain attached to the debugger.
618  */
619 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_both_attached);
620 ATF_TC_BODY(ptrace__follow_fork_both_attached, tc)
621 {
622 	pid_t children[2], fpid, wpid;
623 	int status;
624 
625 	ATF_REQUIRE((fpid = fork()) != -1);
626 	if (fpid == 0) {
627 		trace_me();
628 		follow_fork_parent(false);
629 	}
630 
631 	/* Parent process. */
632 	children[0] = fpid;
633 
634 	/* The first wait() should report the stop from SIGSTOP. */
635 	wpid = waitpid(children[0], &status, 0);
636 	ATF_REQUIRE(wpid == children[0]);
637 	ATF_REQUIRE(WIFSTOPPED(status));
638 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
639 
640 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
641 
642 	/* Continue the child ignoring the SIGSTOP. */
643 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
644 
645 	children[1] = handle_fork_events(children[0], NULL);
646 	ATF_REQUIRE(children[1] > 0);
647 
648 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
649 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
650 
651 	/*
652 	 * The child can't exit until the grandchild reports status, so the
653 	 * grandchild should report its exit first to the debugger.
654 	 */
655 	wpid = wait(&status);
656 	ATF_REQUIRE(wpid == children[1]);
657 	ATF_REQUIRE(WIFEXITED(status));
658 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
659 
660 	wpid = wait(&status);
661 	ATF_REQUIRE(wpid == children[0]);
662 	ATF_REQUIRE(WIFEXITED(status));
663 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
664 
665 	wpid = wait(&status);
666 	ATF_REQUIRE(wpid == -1);
667 	ATF_REQUIRE(errno == ECHILD);
668 }
669 
670 /*
671  * Verify that a new child process is stopped after a followed fork
672  * and that the traced parent sees the exit of the child when the new
673  * child process is detached after it reports its fork.
674  */
675 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_child_detached);
676 ATF_TC_BODY(ptrace__follow_fork_child_detached, tc)
677 {
678 	pid_t children[2], fpid, wpid;
679 	int status;
680 
681 	ATF_REQUIRE((fpid = fork()) != -1);
682 	if (fpid == 0) {
683 		trace_me();
684 		follow_fork_parent(false);
685 	}
686 
687 	/* Parent process. */
688 	children[0] = fpid;
689 
690 	/* The first wait() should report the stop from SIGSTOP. */
691 	wpid = waitpid(children[0], &status, 0);
692 	ATF_REQUIRE(wpid == children[0]);
693 	ATF_REQUIRE(WIFSTOPPED(status));
694 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
695 
696 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
697 
698 	/* Continue the child ignoring the SIGSTOP. */
699 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
700 
701 	children[1] = handle_fork_events(children[0], NULL);
702 	ATF_REQUIRE(children[1] > 0);
703 
704 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
705 	ATF_REQUIRE(ptrace(PT_DETACH, children[1], (caddr_t)1, 0) != -1);
706 
707 	/*
708 	 * Should not see any status from the grandchild now, only the
709 	 * child.
710 	 */
711 	wpid = wait(&status);
712 	ATF_REQUIRE(wpid == children[0]);
713 	ATF_REQUIRE(WIFEXITED(status));
714 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
715 
716 	wpid = wait(&status);
717 	ATF_REQUIRE(wpid == -1);
718 	ATF_REQUIRE(errno == ECHILD);
719 }
720 
721 /*
722  * Verify that a new child process is stopped after a followed fork
723  * and that the traced parent sees the exit of the child when the
724  * traced parent is detached after the fork.
725  */
726 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_parent_detached);
727 ATF_TC_BODY(ptrace__follow_fork_parent_detached, tc)
728 {
729 	pid_t children[2], fpid, wpid;
730 	int status;
731 
732 	ATF_REQUIRE((fpid = fork()) != -1);
733 	if (fpid == 0) {
734 		trace_me();
735 		follow_fork_parent(false);
736 	}
737 
738 	/* Parent process. */
739 	children[0] = fpid;
740 
741 	/* The first wait() should report the stop from SIGSTOP. */
742 	wpid = waitpid(children[0], &status, 0);
743 	ATF_REQUIRE(wpid == children[0]);
744 	ATF_REQUIRE(WIFSTOPPED(status));
745 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
746 
747 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
748 
749 	/* Continue the child ignoring the SIGSTOP. */
750 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
751 
752 	children[1] = handle_fork_events(children[0], NULL);
753 	ATF_REQUIRE(children[1] > 0);
754 
755 	ATF_REQUIRE(ptrace(PT_DETACH, children[0], (caddr_t)1, 0) != -1);
756 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
757 
758 	/*
759 	 * The child can't exit until the grandchild reports status, so the
760 	 * grandchild should report its exit first to the debugger.
761 	 *
762 	 * Even though the child process is detached, it is still a
763 	 * child of the debugger, so it will still report it's exit
764 	 * after the grandchild.
765 	 */
766 	wpid = wait(&status);
767 	ATF_REQUIRE(wpid == children[1]);
768 	ATF_REQUIRE(WIFEXITED(status));
769 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
770 
771 	wpid = wait(&status);
772 	ATF_REQUIRE(wpid == children[0]);
773 	ATF_REQUIRE(WIFEXITED(status));
774 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
775 
776 	wpid = wait(&status);
777 	ATF_REQUIRE(wpid == -1);
778 	ATF_REQUIRE(errno == ECHILD);
779 }
780 
781 static void
782 attach_fork_parent(int cpipe[2])
783 {
784 	pid_t fpid;
785 
786 	close(cpipe[0]);
787 
788 	/* Double-fork to disassociate from the debugger. */
789 	CHILD_REQUIRE((fpid = fork()) != -1);
790 	if (fpid != 0)
791 		_exit(3);
792 
793 	/* Send the pid of the disassociated child to the debugger. */
794 	fpid = getpid();
795 	CHILD_REQUIRE(write(cpipe[1], &fpid, sizeof(fpid)) == sizeof(fpid));
796 
797 	/* Wait for the debugger to attach. */
798 	CHILD_REQUIRE(read(cpipe[1], &fpid, sizeof(fpid)) == 0);
799 }
800 
801 /*
802  * Verify that a new child process is stopped after a followed fork and
803  * that the traced parent sees the exit of the child after the debugger
804  * when both processes remain attached to the debugger.  In this test
805  * the parent that forks is not a direct child of the debugger.
806  */
807 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_both_attached_unrelated_debugger);
808 ATF_TC_BODY(ptrace__follow_fork_both_attached_unrelated_debugger, tc)
809 {
810 	pid_t children[2], fpid, wpid;
811 	int cpipe[2], status;
812 
813 	if (atf_tc_get_config_var_as_bool_wd(tc, "ci", false))
814 		atf_tc_skip("https://bugs.freebsd.org/239397");
815 
816 	ATF_REQUIRE(pipe(cpipe) == 0);
817 	ATF_REQUIRE((fpid = fork()) != -1);
818 	if (fpid == 0) {
819 		attach_fork_parent(cpipe);
820 		follow_fork_parent(false);
821 	}
822 
823 	/* Parent process. */
824 	close(cpipe[1]);
825 
826 	/* Wait for the direct child to exit. */
827 	wpid = waitpid(fpid, &status, 0);
828 	ATF_REQUIRE(wpid == fpid);
829 	ATF_REQUIRE(WIFEXITED(status));
830 	ATF_REQUIRE(WEXITSTATUS(status) == 3);
831 
832 	/* Read the pid of the fork parent. */
833 	ATF_REQUIRE(read(cpipe[0], &children[0], sizeof(children[0])) ==
834 	    sizeof(children[0]));
835 
836 	/* Attach to the fork parent. */
837 	attach_child(children[0]);
838 
839 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
840 
841 	/* Continue the fork parent ignoring the SIGSTOP. */
842 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
843 
844 	/* Signal the fork parent to continue. */
845 	close(cpipe[0]);
846 
847 	children[1] = handle_fork_events(children[0], NULL);
848 	ATF_REQUIRE(children[1] > 0);
849 
850 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
851 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
852 
853 	/*
854 	 * The fork parent can't exit until the child reports status,
855 	 * so the child should report its exit first to the debugger.
856 	 */
857 	wpid = wait(&status);
858 	ATF_REQUIRE(wpid == children[1]);
859 	ATF_REQUIRE(WIFEXITED(status));
860 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
861 
862 	wpid = wait(&status);
863 	ATF_REQUIRE(wpid == children[0]);
864 	ATF_REQUIRE(WIFEXITED(status));
865 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
866 
867 	wpid = wait(&status);
868 	ATF_REQUIRE(wpid == -1);
869 	ATF_REQUIRE(errno == ECHILD);
870 }
871 
872 /*
873  * Verify that a new child process is stopped after a followed fork
874  * and that the traced parent sees the exit of the child when the new
875  * child process is detached after it reports its fork.  In this test
876  * the parent that forks is not a direct child of the debugger.
877  */
878 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_child_detached_unrelated_debugger);
879 ATF_TC_BODY(ptrace__follow_fork_child_detached_unrelated_debugger, tc)
880 {
881 	pid_t children[2], fpid, wpid;
882 	int cpipe[2], status;
883 
884 	if (atf_tc_get_config_var_as_bool_wd(tc, "ci", false))
885 		atf_tc_skip("https://bugs.freebsd.org/239292");
886 
887 	ATF_REQUIRE(pipe(cpipe) == 0);
888 	ATF_REQUIRE((fpid = fork()) != -1);
889 	if (fpid == 0) {
890 		attach_fork_parent(cpipe);
891 		follow_fork_parent(false);
892 	}
893 
894 	/* Parent process. */
895 	close(cpipe[1]);
896 
897 	/* Wait for the direct child to exit. */
898 	wpid = waitpid(fpid, &status, 0);
899 	ATF_REQUIRE(wpid == fpid);
900 	ATF_REQUIRE(WIFEXITED(status));
901 	ATF_REQUIRE(WEXITSTATUS(status) == 3);
902 
903 	/* Read the pid of the fork parent. */
904 	ATF_REQUIRE(read(cpipe[0], &children[0], sizeof(children[0])) ==
905 	    sizeof(children[0]));
906 
907 	/* Attach to the fork parent. */
908 	attach_child(children[0]);
909 
910 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
911 
912 	/* Continue the fork parent ignoring the SIGSTOP. */
913 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
914 
915 	/* Signal the fork parent to continue. */
916 	close(cpipe[0]);
917 
918 	children[1] = handle_fork_events(children[0], NULL);
919 	ATF_REQUIRE(children[1] > 0);
920 
921 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
922 	ATF_REQUIRE(ptrace(PT_DETACH, children[1], (caddr_t)1, 0) != -1);
923 
924 	/*
925 	 * Should not see any status from the child now, only the fork
926 	 * parent.
927 	 */
928 	wpid = wait(&status);
929 	ATF_REQUIRE(wpid == children[0]);
930 	ATF_REQUIRE(WIFEXITED(status));
931 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
932 
933 	wpid = wait(&status);
934 	ATF_REQUIRE(wpid == -1);
935 	ATF_REQUIRE(errno == ECHILD);
936 }
937 
938 /*
939  * Verify that a new child process is stopped after a followed fork
940  * and that the traced parent sees the exit of the child when the
941  * traced parent is detached after the fork.  In this test the parent
942  * that forks is not a direct child of the debugger.
943  */
944 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_parent_detached_unrelated_debugger);
945 ATF_TC_BODY(ptrace__follow_fork_parent_detached_unrelated_debugger, tc)
946 {
947 	pid_t children[2], fpid, wpid;
948 	int cpipe[2], status;
949 
950 	if (atf_tc_get_config_var_as_bool_wd(tc, "ci", false))
951 		atf_tc_skip("https://bugs.freebsd.org/239425");
952 
953 	ATF_REQUIRE(pipe(cpipe) == 0);
954 	ATF_REQUIRE((fpid = fork()) != -1);
955 	if (fpid == 0) {
956 		attach_fork_parent(cpipe);
957 		follow_fork_parent(false);
958 	}
959 
960 	/* Parent process. */
961 	close(cpipe[1]);
962 
963 	/* Wait for the direct child to exit. */
964 	wpid = waitpid(fpid, &status, 0);
965 	ATF_REQUIRE(wpid == fpid);
966 	ATF_REQUIRE(WIFEXITED(status));
967 	ATF_REQUIRE(WEXITSTATUS(status) == 3);
968 
969 	/* Read the pid of the fork parent. */
970 	ATF_REQUIRE(read(cpipe[0], &children[0], sizeof(children[0])) ==
971 	    sizeof(children[0]));
972 
973 	/* Attach to the fork parent. */
974 	attach_child(children[0]);
975 
976 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
977 
978 	/* Continue the fork parent ignoring the SIGSTOP. */
979 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
980 
981 	/* Signal the fork parent to continue. */
982 	close(cpipe[0]);
983 
984 	children[1] = handle_fork_events(children[0], NULL);
985 	ATF_REQUIRE(children[1] > 0);
986 
987 	ATF_REQUIRE(ptrace(PT_DETACH, children[0], (caddr_t)1, 0) != -1);
988 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
989 
990 	/*
991 	 * Should not see any status from the fork parent now, only
992 	 * the child.
993 	 */
994 	wpid = wait(&status);
995 	ATF_REQUIRE(wpid == children[1]);
996 	ATF_REQUIRE(WIFEXITED(status));
997 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
998 
999 	wpid = wait(&status);
1000 	ATF_REQUIRE(wpid == -1);
1001 	ATF_REQUIRE(errno == ECHILD);
1002 }
1003 
1004 /*
1005  * Verify that a child process does not see an unrelated debugger as its
1006  * parent but sees its original parent process.
1007  */
1008 ATF_TC_WITHOUT_HEAD(ptrace__getppid);
1009 ATF_TC_BODY(ptrace__getppid, tc)
1010 {
1011 	pid_t child, debugger, ppid, wpid;
1012 	int cpipe[2], dpipe[2], status;
1013 	char c;
1014 
1015 	if (atf_tc_get_config_var_as_bool_wd(tc, "ci", false))
1016 		atf_tc_skip("https://bugs.freebsd.org/240510");
1017 
1018 
1019 	ATF_REQUIRE(pipe(cpipe) == 0);
1020 	ATF_REQUIRE((child = fork()) != -1);
1021 
1022 	if (child == 0) {
1023 		/* Child process. */
1024 		close(cpipe[0]);
1025 
1026 		/* Wait for parent to be ready. */
1027 		CHILD_REQUIRE(read(cpipe[1], &c, sizeof(c)) == sizeof(c));
1028 
1029 		/* Report the parent PID to the parent. */
1030 		ppid = getppid();
1031 		CHILD_REQUIRE(write(cpipe[1], &ppid, sizeof(ppid)) ==
1032 		    sizeof(ppid));
1033 
1034 		_exit(1);
1035 	}
1036 	close(cpipe[1]);
1037 
1038 	ATF_REQUIRE(pipe(dpipe) == 0);
1039 	ATF_REQUIRE((debugger = fork()) != -1);
1040 
1041 	if (debugger == 0) {
1042 		/* Debugger process. */
1043 		close(dpipe[0]);
1044 
1045 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
1046 
1047 		wpid = waitpid(child, &status, 0);
1048 		CHILD_REQUIRE(wpid == child);
1049 		CHILD_REQUIRE(WIFSTOPPED(status));
1050 		CHILD_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1051 
1052 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
1053 
1054 		/* Signal parent that debugger is attached. */
1055 		CHILD_REQUIRE(write(dpipe[1], &c, sizeof(c)) == sizeof(c));
1056 
1057 		/* Wait for traced child to exit. */
1058 		wpid = waitpid(child, &status, 0);
1059 		CHILD_REQUIRE(wpid == child);
1060 		CHILD_REQUIRE(WIFEXITED(status));
1061 		CHILD_REQUIRE(WEXITSTATUS(status) == 1);
1062 
1063 		_exit(0);
1064 	}
1065 	close(dpipe[1]);
1066 
1067 	/* Parent process. */
1068 
1069 	/* Wait for the debugger to attach to the child. */
1070 	ATF_REQUIRE(read(dpipe[0], &c, sizeof(c)) == sizeof(c));
1071 
1072 	/* Release the child. */
1073 	ATF_REQUIRE(write(cpipe[0], &c, sizeof(c)) == sizeof(c));
1074 
1075 	/* Read the parent PID from the child. */
1076 	ATF_REQUIRE(read(cpipe[0], &ppid, sizeof(ppid)) == sizeof(ppid));
1077 	close(cpipe[0]);
1078 
1079 	ATF_REQUIRE(ppid == getpid());
1080 
1081 	/* Wait for the debugger. */
1082 	wpid = waitpid(debugger, &status, 0);
1083 	ATF_REQUIRE(wpid == debugger);
1084 	ATF_REQUIRE(WIFEXITED(status));
1085 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
1086 
1087 	/* The child process should now be ready. */
1088 	wpid = waitpid(child, &status, WNOHANG);
1089 	ATF_REQUIRE(wpid == child);
1090 	ATF_REQUIRE(WIFEXITED(status));
1091 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
1092 }
1093 
1094 /*
1095  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1096  * child process created via fork() reports the correct value.
1097  */
1098 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_fork);
1099 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_fork, tc)
1100 {
1101 	struct ptrace_lwpinfo pl[2];
1102 	pid_t children[2], fpid, wpid;
1103 	int status;
1104 
1105 	ATF_REQUIRE((fpid = fork()) != -1);
1106 	if (fpid == 0) {
1107 		trace_me();
1108 		follow_fork_parent(false);
1109 	}
1110 
1111 	/* Parent process. */
1112 	children[0] = fpid;
1113 
1114 	/* The first wait() should report the stop from SIGSTOP. */
1115 	wpid = waitpid(children[0], &status, 0);
1116 	ATF_REQUIRE(wpid == children[0]);
1117 	ATF_REQUIRE(WIFSTOPPED(status));
1118 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1119 
1120 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
1121 
1122 	/* Continue the child ignoring the SIGSTOP. */
1123 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1124 
1125 	/* Wait for both halves of the fork event to get reported. */
1126 	children[1] = handle_fork_events(children[0], pl);
1127 	ATF_REQUIRE(children[1] > 0);
1128 
1129 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_SCX) != 0);
1130 	ATF_REQUIRE((pl[1].pl_flags & PL_FLAG_SCX) != 0);
1131 	ATF_REQUIRE(pl[0].pl_syscall_code == SYS_fork);
1132 	ATF_REQUIRE(pl[0].pl_syscall_code == pl[1].pl_syscall_code);
1133 	ATF_REQUIRE(pl[0].pl_syscall_narg == pl[1].pl_syscall_narg);
1134 
1135 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1136 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1137 
1138 	/*
1139 	 * The child can't exit until the grandchild reports status, so the
1140 	 * grandchild should report its exit first to the debugger.
1141 	 */
1142 	wpid = wait(&status);
1143 	ATF_REQUIRE(wpid == children[1]);
1144 	ATF_REQUIRE(WIFEXITED(status));
1145 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
1146 
1147 	wpid = wait(&status);
1148 	ATF_REQUIRE(wpid == children[0]);
1149 	ATF_REQUIRE(WIFEXITED(status));
1150 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
1151 
1152 	wpid = wait(&status);
1153 	ATF_REQUIRE(wpid == -1);
1154 	ATF_REQUIRE(errno == ECHILD);
1155 }
1156 
1157 /*
1158  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1159  * child process created via vfork() reports the correct value.
1160  */
1161 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_vfork);
1162 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_vfork, tc)
1163 {
1164 	struct ptrace_lwpinfo pl[2];
1165 	pid_t children[2], fpid, wpid;
1166 	int status;
1167 
1168 	ATF_REQUIRE((fpid = fork()) != -1);
1169 	if (fpid == 0) {
1170 		trace_me();
1171 		follow_fork_parent(true);
1172 	}
1173 
1174 	/* Parent process. */
1175 	children[0] = fpid;
1176 
1177 	/* The first wait() should report the stop from SIGSTOP. */
1178 	wpid = waitpid(children[0], &status, 0);
1179 	ATF_REQUIRE(wpid == children[0]);
1180 	ATF_REQUIRE(WIFSTOPPED(status));
1181 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1182 
1183 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
1184 
1185 	/* Continue the child ignoring the SIGSTOP. */
1186 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1187 
1188 	/* Wait for both halves of the fork event to get reported. */
1189 	children[1] = handle_fork_events(children[0], pl);
1190 	ATF_REQUIRE(children[1] > 0);
1191 
1192 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_SCX) != 0);
1193 	ATF_REQUIRE((pl[1].pl_flags & PL_FLAG_SCX) != 0);
1194 	ATF_REQUIRE(pl[0].pl_syscall_code == SYS_vfork);
1195 	ATF_REQUIRE(pl[0].pl_syscall_code == pl[1].pl_syscall_code);
1196 	ATF_REQUIRE(pl[0].pl_syscall_narg == pl[1].pl_syscall_narg);
1197 
1198 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1199 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1200 
1201 	/*
1202 	 * The child can't exit until the grandchild reports status, so the
1203 	 * grandchild should report its exit first to the debugger.
1204 	 */
1205 	wpid = wait(&status);
1206 	ATF_REQUIRE(wpid == children[1]);
1207 	ATF_REQUIRE(WIFEXITED(status));
1208 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
1209 
1210 	wpid = wait(&status);
1211 	ATF_REQUIRE(wpid == children[0]);
1212 	ATF_REQUIRE(WIFEXITED(status));
1213 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
1214 
1215 	wpid = wait(&status);
1216 	ATF_REQUIRE(wpid == -1);
1217 	ATF_REQUIRE(errno == ECHILD);
1218 }
1219 
1220 static void *
1221 simple_thread(void *arg __unused)
1222 {
1223 
1224 	pthread_exit(NULL);
1225 }
1226 
1227 static __dead2 void
1228 simple_thread_main(void)
1229 {
1230 	pthread_t thread;
1231 
1232 	CHILD_REQUIRE(pthread_create(&thread, NULL, simple_thread, NULL) == 0);
1233 	CHILD_REQUIRE(pthread_join(thread, NULL) == 0);
1234 	exit(1);
1235 }
1236 
1237 /*
1238  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1239  * thread reports the correct value.
1240  */
1241 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_thread);
1242 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_thread, tc)
1243 {
1244 	struct ptrace_lwpinfo pl;
1245 	pid_t fpid, wpid;
1246 	lwpid_t mainlwp;
1247 	int status;
1248 
1249 	ATF_REQUIRE((fpid = fork()) != -1);
1250 	if (fpid == 0) {
1251 		trace_me();
1252 		simple_thread_main();
1253 	}
1254 
1255 	/* The first wait() should report the stop from SIGSTOP. */
1256 	wpid = waitpid(fpid, &status, 0);
1257 	ATF_REQUIRE(wpid == fpid);
1258 	ATF_REQUIRE(WIFSTOPPED(status));
1259 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1260 
1261 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1262 	    sizeof(pl)) != -1);
1263 	mainlwp = pl.pl_lwpid;
1264 
1265 	/*
1266 	 * Continue the child ignoring the SIGSTOP and tracing all
1267 	 * system call exits.
1268 	 */
1269 	ATF_REQUIRE(ptrace(PT_TO_SCX, fpid, (caddr_t)1, 0) != -1);
1270 
1271 	/*
1272 	 * Wait for the new thread to arrive.  pthread_create() might
1273 	 * invoke any number of system calls.  For now we just wait
1274 	 * for the new thread to arrive and make sure it reports a
1275 	 * valid system call code.  If ptrace grows thread event
1276 	 * reporting then this test can be made more precise.
1277 	 */
1278 	for (;;) {
1279 		wpid = waitpid(fpid, &status, 0);
1280 		ATF_REQUIRE(wpid == fpid);
1281 		ATF_REQUIRE(WIFSTOPPED(status));
1282 		ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1283 
1284 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1285 		    sizeof(pl)) != -1);
1286 		ATF_REQUIRE((pl.pl_flags & PL_FLAG_SCX) != 0);
1287 		ATF_REQUIRE(pl.pl_syscall_code != 0);
1288 		if (pl.pl_lwpid != mainlwp)
1289 			/* New thread seen. */
1290 			break;
1291 
1292 		ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1293 	}
1294 
1295 	/* Wait for the child to exit. */
1296 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1297 	for (;;) {
1298 		wpid = waitpid(fpid, &status, 0);
1299 		ATF_REQUIRE(wpid == fpid);
1300 		if (WIFEXITED(status))
1301 			break;
1302 
1303 		ATF_REQUIRE(WIFSTOPPED(status));
1304 		ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1305 		ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1306 	}
1307 
1308 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
1309 
1310 	wpid = wait(&status);
1311 	ATF_REQUIRE(wpid == -1);
1312 	ATF_REQUIRE(errno == ECHILD);
1313 }
1314 
1315 /*
1316  * Verify that the expected LWP events are reported for a child thread.
1317  */
1318 ATF_TC_WITHOUT_HEAD(ptrace__lwp_events);
1319 ATF_TC_BODY(ptrace__lwp_events, tc)
1320 {
1321 	struct ptrace_lwpinfo pl;
1322 	pid_t fpid, wpid;
1323 	lwpid_t lwps[2];
1324 	int status;
1325 
1326 	ATF_REQUIRE((fpid = fork()) != -1);
1327 	if (fpid == 0) {
1328 		trace_me();
1329 		simple_thread_main();
1330 	}
1331 
1332 	/* The first wait() should report the stop from SIGSTOP. */
1333 	wpid = waitpid(fpid, &status, 0);
1334 	ATF_REQUIRE(wpid == fpid);
1335 	ATF_REQUIRE(WIFSTOPPED(status));
1336 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1337 
1338 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1339 	    sizeof(pl)) != -1);
1340 	lwps[0] = pl.pl_lwpid;
1341 
1342 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, wpid, NULL, 1) == 0);
1343 
1344 	/* Continue the child ignoring the SIGSTOP. */
1345 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1346 
1347 	/* The first event should be for the child thread's birth. */
1348 	wpid = waitpid(fpid, &status, 0);
1349 	ATF_REQUIRE(wpid == fpid);
1350 	ATF_REQUIRE(WIFSTOPPED(status));
1351 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1352 
1353 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1354 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)) ==
1355 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1356 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
1357 	lwps[1] = pl.pl_lwpid;
1358 
1359 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1360 
1361 	/* The next event should be for the child thread's death. */
1362 	wpid = waitpid(fpid, &status, 0);
1363 	ATF_REQUIRE(wpid == fpid);
1364 	ATF_REQUIRE(WIFSTOPPED(status));
1365 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1366 
1367 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1368 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_EXITED | PL_FLAG_SCE)) ==
1369 	    (PL_FLAG_EXITED | PL_FLAG_SCE));
1370 	ATF_REQUIRE(pl.pl_lwpid == lwps[1]);
1371 
1372 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1373 
1374 	/* The last event should be for the child process's exit. */
1375 	wpid = waitpid(fpid, &status, 0);
1376 	ATF_REQUIRE(WIFEXITED(status));
1377 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
1378 
1379 	wpid = wait(&status);
1380 	ATF_REQUIRE(wpid == -1);
1381 	ATF_REQUIRE(errno == ECHILD);
1382 }
1383 
1384 static void *
1385 exec_thread(void *arg __unused)
1386 {
1387 
1388 	execl("/usr/bin/true", "true", NULL);
1389 	exit(127);
1390 }
1391 
1392 static __dead2 void
1393 exec_thread_main(void)
1394 {
1395 	pthread_t thread;
1396 
1397 	CHILD_REQUIRE(pthread_create(&thread, NULL, exec_thread, NULL) == 0);
1398 	for (;;)
1399 		sleep(60);
1400 	exit(1);
1401 }
1402 
1403 /*
1404  * Verify that the expected LWP events are reported for a multithreaded
1405  * process that calls execve(2).
1406  */
1407 ATF_TC_WITHOUT_HEAD(ptrace__lwp_events_exec);
1408 ATF_TC_BODY(ptrace__lwp_events_exec, tc)
1409 {
1410 	struct ptrace_lwpinfo pl;
1411 	pid_t fpid, wpid;
1412 	lwpid_t lwps[2];
1413 	int status;
1414 
1415 	ATF_REQUIRE((fpid = fork()) != -1);
1416 	if (fpid == 0) {
1417 		trace_me();
1418 		exec_thread_main();
1419 	}
1420 
1421 	/* The first wait() should report the stop from SIGSTOP. */
1422 	wpid = waitpid(fpid, &status, 0);
1423 	ATF_REQUIRE(wpid == fpid);
1424 	ATF_REQUIRE(WIFSTOPPED(status));
1425 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1426 
1427 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1428 	    sizeof(pl)) != -1);
1429 	lwps[0] = pl.pl_lwpid;
1430 
1431 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, wpid, NULL, 1) == 0);
1432 
1433 	/* Continue the child ignoring the SIGSTOP. */
1434 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1435 
1436 	/* The first event should be for the child thread's birth. */
1437 	wpid = waitpid(fpid, &status, 0);
1438 	ATF_REQUIRE(wpid == fpid);
1439 	ATF_REQUIRE(WIFSTOPPED(status));
1440 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1441 
1442 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1443 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)) ==
1444 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1445 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
1446 	lwps[1] = pl.pl_lwpid;
1447 
1448 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1449 
1450 	/*
1451 	 * The next event should be for the main thread's death due to
1452 	 * single threading from execve().
1453 	 */
1454 	wpid = waitpid(fpid, &status, 0);
1455 	ATF_REQUIRE(wpid == fpid);
1456 	ATF_REQUIRE(WIFSTOPPED(status));
1457 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1458 
1459 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1460 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_EXITED | PL_FLAG_SCE)) ==
1461 	    (PL_FLAG_EXITED));
1462 	ATF_REQUIRE(pl.pl_lwpid == lwps[0]);
1463 
1464 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1465 
1466 	/* The next event should be for the child process's exec. */
1467 	wpid = waitpid(fpid, &status, 0);
1468 	ATF_REQUIRE(WIFSTOPPED(status));
1469 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1470 
1471 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1472 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_EXEC | PL_FLAG_SCX)) ==
1473 	    (PL_FLAG_EXEC | PL_FLAG_SCX));
1474 	ATF_REQUIRE(pl.pl_lwpid == lwps[1]);
1475 
1476 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1477 
1478 	/* The last event should be for the child process's exit. */
1479 	wpid = waitpid(fpid, &status, 0);
1480 	ATF_REQUIRE(WIFEXITED(status));
1481 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
1482 
1483 	wpid = wait(&status);
1484 	ATF_REQUIRE(wpid == -1);
1485 	ATF_REQUIRE(errno == ECHILD);
1486 }
1487 
1488 static void
1489 handler(int sig __unused)
1490 {
1491 }
1492 
1493 static void
1494 signal_main(void)
1495 {
1496 
1497 	signal(SIGINFO, handler);
1498 	raise(SIGINFO);
1499 	exit(0);
1500 }
1501 
1502 /*
1503  * Verify that the expected ptrace event is reported for a signal.
1504  */
1505 ATF_TC_WITHOUT_HEAD(ptrace__siginfo);
1506 ATF_TC_BODY(ptrace__siginfo, tc)
1507 {
1508 	struct ptrace_lwpinfo pl;
1509 	pid_t fpid, wpid;
1510 	int status;
1511 
1512 	ATF_REQUIRE((fpid = fork()) != -1);
1513 	if (fpid == 0) {
1514 		trace_me();
1515 		signal_main();
1516 	}
1517 
1518 	/* The first wait() should report the stop from SIGSTOP. */
1519 	wpid = waitpid(fpid, &status, 0);
1520 	ATF_REQUIRE(wpid == fpid);
1521 	ATF_REQUIRE(WIFSTOPPED(status));
1522 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1523 
1524 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1525 
1526 	/* The next event should be for the SIGINFO. */
1527 	wpid = waitpid(fpid, &status, 0);
1528 	ATF_REQUIRE(WIFSTOPPED(status));
1529 	ATF_REQUIRE(WSTOPSIG(status) == SIGINFO);
1530 
1531 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1532 	ATF_REQUIRE(pl.pl_event == PL_EVENT_SIGNAL);
1533 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
1534 	ATF_REQUIRE(pl.pl_siginfo.si_code == SI_LWP);
1535 	ATF_REQUIRE(pl.pl_siginfo.si_pid == wpid);
1536 
1537 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1538 
1539 	/* The last event should be for the child process's exit. */
1540 	wpid = waitpid(fpid, &status, 0);
1541 	ATF_REQUIRE(WIFEXITED(status));
1542 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
1543 
1544 	wpid = wait(&status);
1545 	ATF_REQUIRE(wpid == -1);
1546 	ATF_REQUIRE(errno == ECHILD);
1547 }
1548 
1549 /*
1550  * Verify that the expected ptrace events are reported for PTRACE_EXEC.
1551  */
1552 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_exec_disable);
1553 ATF_TC_BODY(ptrace__ptrace_exec_disable, tc)
1554 {
1555 	pid_t fpid, wpid;
1556 	int events, status;
1557 
1558 	ATF_REQUIRE((fpid = fork()) != -1);
1559 	if (fpid == 0) {
1560 		trace_me();
1561 		exec_thread(NULL);
1562 	}
1563 
1564 	/* The first wait() should report the stop from SIGSTOP. */
1565 	wpid = waitpid(fpid, &status, 0);
1566 	ATF_REQUIRE(wpid == fpid);
1567 	ATF_REQUIRE(WIFSTOPPED(status));
1568 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1569 
1570 	events = 0;
1571 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
1572 	    sizeof(events)) == 0);
1573 
1574 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1575 
1576 	/* Should get one event at exit. */
1577 	wpid = waitpid(fpid, &status, 0);
1578 	ATF_REQUIRE(WIFEXITED(status));
1579 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
1580 
1581 	wpid = wait(&status);
1582 	ATF_REQUIRE(wpid == -1);
1583 	ATF_REQUIRE(errno == ECHILD);
1584 }
1585 
1586 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_exec_enable);
1587 ATF_TC_BODY(ptrace__ptrace_exec_enable, tc)
1588 {
1589 	struct ptrace_lwpinfo pl;
1590 	pid_t fpid, wpid;
1591 	int events, status;
1592 
1593 	ATF_REQUIRE((fpid = fork()) != -1);
1594 	if (fpid == 0) {
1595 		trace_me();
1596 		exec_thread(NULL);
1597 	}
1598 
1599 	/* The first wait() should report the stop from SIGSTOP. */
1600 	wpid = waitpid(fpid, &status, 0);
1601 	ATF_REQUIRE(wpid == fpid);
1602 	ATF_REQUIRE(WIFSTOPPED(status));
1603 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1604 
1605 	events = PTRACE_EXEC;
1606 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
1607 	    sizeof(events)) == 0);
1608 
1609 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1610 
1611 	/* The next event should be for the child process's exec. */
1612 	wpid = waitpid(fpid, &status, 0);
1613 	ATF_REQUIRE(WIFSTOPPED(status));
1614 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1615 
1616 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1617 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_EXEC | PL_FLAG_SCX)) ==
1618 	    (PL_FLAG_EXEC | PL_FLAG_SCX));
1619 
1620 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1621 
1622 	/* The last event should be for the child process's exit. */
1623 	wpid = waitpid(fpid, &status, 0);
1624 	ATF_REQUIRE(WIFEXITED(status));
1625 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
1626 
1627 	wpid = wait(&status);
1628 	ATF_REQUIRE(wpid == -1);
1629 	ATF_REQUIRE(errno == ECHILD);
1630 }
1631 
1632 ATF_TC_WITHOUT_HEAD(ptrace__event_mask);
1633 ATF_TC_BODY(ptrace__event_mask, tc)
1634 {
1635 	pid_t fpid, wpid;
1636 	int events, status;
1637 
1638 	ATF_REQUIRE((fpid = fork()) != -1);
1639 	if (fpid == 0) {
1640 		trace_me();
1641 		exit(0);
1642 	}
1643 
1644 	/* The first wait() should report the stop from SIGSTOP. */
1645 	wpid = waitpid(fpid, &status, 0);
1646 	ATF_REQUIRE(wpid == fpid);
1647 	ATF_REQUIRE(WIFSTOPPED(status));
1648 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1649 
1650 	/* PT_FOLLOW_FORK should toggle the state of PTRACE_FORK. */
1651 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, fpid, NULL, 1) != -1);
1652 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1653 	    sizeof(events)) == 0);
1654 	ATF_REQUIRE(events & PTRACE_FORK);
1655 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, fpid, NULL, 0) != -1);
1656 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1657 	    sizeof(events)) == 0);
1658 	ATF_REQUIRE(!(events & PTRACE_FORK));
1659 
1660 	/* PT_LWP_EVENTS should toggle the state of PTRACE_LWP. */
1661 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, fpid, NULL, 1) != -1);
1662 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1663 	    sizeof(events)) == 0);
1664 	ATF_REQUIRE(events & PTRACE_LWP);
1665 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, fpid, NULL, 0) != -1);
1666 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1667 	    sizeof(events)) == 0);
1668 	ATF_REQUIRE(!(events & PTRACE_LWP));
1669 
1670 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1671 
1672 	/* Should get one event at exit. */
1673 	wpid = waitpid(fpid, &status, 0);
1674 	ATF_REQUIRE(WIFEXITED(status));
1675 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
1676 
1677 	wpid = wait(&status);
1678 	ATF_REQUIRE(wpid == -1);
1679 	ATF_REQUIRE(errno == ECHILD);
1680 }
1681 
1682 /*
1683  * Verify that the expected ptrace events are reported for PTRACE_VFORK.
1684  */
1685 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_vfork);
1686 ATF_TC_BODY(ptrace__ptrace_vfork, tc)
1687 {
1688 	struct ptrace_lwpinfo pl;
1689 	pid_t fpid, wpid;
1690 	int events, status;
1691 
1692 	ATF_REQUIRE((fpid = fork()) != -1);
1693 	if (fpid == 0) {
1694 		trace_me();
1695 		follow_fork_parent(true);
1696 	}
1697 
1698 	/* The first wait() should report the stop from SIGSTOP. */
1699 	wpid = waitpid(fpid, &status, 0);
1700 	ATF_REQUIRE(wpid == fpid);
1701 	ATF_REQUIRE(WIFSTOPPED(status));
1702 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1703 
1704 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1705 	    sizeof(events)) == 0);
1706 	events |= PTRACE_VFORK;
1707 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
1708 	    sizeof(events)) == 0);
1709 
1710 	/* Continue the child ignoring the SIGSTOP. */
1711 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) != -1);
1712 
1713 	/* The next event should report the end of the vfork. */
1714 	wpid = wait(&status);
1715 	ATF_REQUIRE(wpid == fpid);
1716 	ATF_REQUIRE(WIFSTOPPED(status));
1717 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1718 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1719 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_VFORK_DONE) != 0);
1720 
1721 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) != -1);
1722 
1723 	wpid = wait(&status);
1724 	ATF_REQUIRE(wpid == fpid);
1725 	ATF_REQUIRE(WIFEXITED(status));
1726 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
1727 
1728 	wpid = wait(&status);
1729 	ATF_REQUIRE(wpid == -1);
1730 	ATF_REQUIRE(errno == ECHILD);
1731 }
1732 
1733 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_vfork_follow);
1734 ATF_TC_BODY(ptrace__ptrace_vfork_follow, tc)
1735 {
1736 	struct ptrace_lwpinfo pl[2];
1737 	pid_t children[2], fpid, wpid;
1738 	int events, status;
1739 
1740 	ATF_REQUIRE((fpid = fork()) != -1);
1741 	if (fpid == 0) {
1742 		trace_me();
1743 		follow_fork_parent(true);
1744 	}
1745 
1746 	/* Parent process. */
1747 	children[0] = fpid;
1748 
1749 	/* The first wait() should report the stop from SIGSTOP. */
1750 	wpid = waitpid(children[0], &status, 0);
1751 	ATF_REQUIRE(wpid == children[0]);
1752 	ATF_REQUIRE(WIFSTOPPED(status));
1753 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1754 
1755 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, children[0], (caddr_t)&events,
1756 	    sizeof(events)) == 0);
1757 	events |= PTRACE_FORK | PTRACE_VFORK;
1758 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, children[0], (caddr_t)&events,
1759 	    sizeof(events)) == 0);
1760 
1761 	/* Continue the child ignoring the SIGSTOP. */
1762 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1763 
1764 	/* Wait for both halves of the fork event to get reported. */
1765 	children[1] = handle_fork_events(children[0], pl);
1766 	ATF_REQUIRE(children[1] > 0);
1767 
1768 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_VFORKED) != 0);
1769 
1770 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1771 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1772 
1773 	/*
1774 	 * The child can't exit until the grandchild reports status, so the
1775 	 * grandchild should report its exit first to the debugger.
1776 	 */
1777 	wpid = waitpid(children[1], &status, 0);
1778 	ATF_REQUIRE(wpid == children[1]);
1779 	ATF_REQUIRE(WIFEXITED(status));
1780 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
1781 
1782 	/*
1783 	 * The child should report it's vfork() completion before it
1784 	 * exits.
1785 	 */
1786 	wpid = wait(&status);
1787 	ATF_REQUIRE(wpid == children[0]);
1788 	ATF_REQUIRE(WIFSTOPPED(status));
1789 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1790 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl[0], sizeof(pl[0])) !=
1791 	    -1);
1792 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_VFORK_DONE) != 0);
1793 
1794 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1795 
1796 	wpid = wait(&status);
1797 	ATF_REQUIRE(wpid == children[0]);
1798 	ATF_REQUIRE(WIFEXITED(status));
1799 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
1800 
1801 	wpid = wait(&status);
1802 	ATF_REQUIRE(wpid == -1);
1803 	ATF_REQUIRE(errno == ECHILD);
1804 }
1805 
1806 #ifdef HAVE_BREAKPOINT
1807 /*
1808  * Verify that no more events are reported after PT_KILL except for the
1809  * process exit when stopped due to a breakpoint trap.
1810  */
1811 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_breakpoint);
1812 ATF_TC_BODY(ptrace__PT_KILL_breakpoint, tc)
1813 {
1814 	pid_t fpid, wpid;
1815 	int status;
1816 
1817 	ATF_REQUIRE((fpid = fork()) != -1);
1818 	if (fpid == 0) {
1819 		trace_me();
1820 		breakpoint();
1821 		exit(1);
1822 	}
1823 
1824 	/* The first wait() should report the stop from SIGSTOP. */
1825 	wpid = waitpid(fpid, &status, 0);
1826 	ATF_REQUIRE(wpid == fpid);
1827 	ATF_REQUIRE(WIFSTOPPED(status));
1828 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1829 
1830 	/* Continue the child ignoring the SIGSTOP. */
1831 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1832 
1833 	/* The second wait() should report hitting the breakpoint. */
1834 	wpid = waitpid(fpid, &status, 0);
1835 	ATF_REQUIRE(wpid == fpid);
1836 	ATF_REQUIRE(WIFSTOPPED(status));
1837 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1838 
1839 	/* Kill the child process. */
1840 	ATF_REQUIRE(ptrace(PT_KILL, fpid, 0, 0) == 0);
1841 
1842 	/* The last wait() should report the SIGKILL. */
1843 	wpid = waitpid(fpid, &status, 0);
1844 	ATF_REQUIRE(wpid == fpid);
1845 	ATF_REQUIRE(WIFSIGNALED(status));
1846 	ATF_REQUIRE(WTERMSIG(status) == SIGKILL);
1847 
1848 	wpid = wait(&status);
1849 	ATF_REQUIRE(wpid == -1);
1850 	ATF_REQUIRE(errno == ECHILD);
1851 }
1852 #endif /* HAVE_BREAKPOINT */
1853 
1854 /*
1855  * Verify that no more events are reported after PT_KILL except for the
1856  * process exit when stopped inside of a system call.
1857  */
1858 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_system_call);
1859 ATF_TC_BODY(ptrace__PT_KILL_system_call, tc)
1860 {
1861 	struct ptrace_lwpinfo pl;
1862 	pid_t fpid, wpid;
1863 	int status;
1864 
1865 	ATF_REQUIRE((fpid = fork()) != -1);
1866 	if (fpid == 0) {
1867 		trace_me();
1868 		getpid();
1869 		exit(1);
1870 	}
1871 
1872 	/* The first wait() should report the stop from SIGSTOP. */
1873 	wpid = waitpid(fpid, &status, 0);
1874 	ATF_REQUIRE(wpid == fpid);
1875 	ATF_REQUIRE(WIFSTOPPED(status));
1876 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1877 
1878 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
1879 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
1880 
1881 	/* The second wait() should report a system call entry for getpid(). */
1882 	wpid = waitpid(fpid, &status, 0);
1883 	ATF_REQUIRE(wpid == fpid);
1884 	ATF_REQUIRE(WIFSTOPPED(status));
1885 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1886 
1887 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1888 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
1889 
1890 	/* Kill the child process. */
1891 	ATF_REQUIRE(ptrace(PT_KILL, fpid, 0, 0) == 0);
1892 
1893 	/* The last wait() should report the SIGKILL. */
1894 	wpid = waitpid(fpid, &status, 0);
1895 	ATF_REQUIRE(wpid == fpid);
1896 	ATF_REQUIRE(WIFSIGNALED(status));
1897 	ATF_REQUIRE(WTERMSIG(status) == SIGKILL);
1898 
1899 	wpid = wait(&status);
1900 	ATF_REQUIRE(wpid == -1);
1901 	ATF_REQUIRE(errno == ECHILD);
1902 }
1903 
1904 /*
1905  * Verify that no more events are reported after PT_KILL except for the
1906  * process exit when killing a multithreaded process.
1907  */
1908 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_threads);
1909 ATF_TC_BODY(ptrace__PT_KILL_threads, tc)
1910 {
1911 	struct ptrace_lwpinfo pl;
1912 	pid_t fpid, wpid;
1913 	lwpid_t main_lwp;
1914 	int status;
1915 
1916 	ATF_REQUIRE((fpid = fork()) != -1);
1917 	if (fpid == 0) {
1918 		trace_me();
1919 		simple_thread_main();
1920 	}
1921 
1922 	/* The first wait() should report the stop from SIGSTOP. */
1923 	wpid = waitpid(fpid, &status, 0);
1924 	ATF_REQUIRE(wpid == fpid);
1925 	ATF_REQUIRE(WIFSTOPPED(status));
1926 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1927 
1928 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1929 	    sizeof(pl)) != -1);
1930 	main_lwp = pl.pl_lwpid;
1931 
1932 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, wpid, NULL, 1) == 0);
1933 
1934 	/* Continue the child ignoring the SIGSTOP. */
1935 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1936 
1937 	/* The first event should be for the child thread's birth. */
1938 	wpid = waitpid(fpid, &status, 0);
1939 	ATF_REQUIRE(wpid == fpid);
1940 	ATF_REQUIRE(WIFSTOPPED(status));
1941 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1942 
1943 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1944 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)) ==
1945 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1946 	ATF_REQUIRE(pl.pl_lwpid != main_lwp);
1947 
1948 	/* Kill the child process. */
1949 	ATF_REQUIRE(ptrace(PT_KILL, fpid, 0, 0) == 0);
1950 
1951 	/* The last wait() should report the SIGKILL. */
1952 	wpid = waitpid(fpid, &status, 0);
1953 	ATF_REQUIRE(wpid == fpid);
1954 	ATF_REQUIRE(WIFSIGNALED(status));
1955 	ATF_REQUIRE(WTERMSIG(status) == SIGKILL);
1956 
1957 	wpid = wait(&status);
1958 	ATF_REQUIRE(wpid == -1);
1959 	ATF_REQUIRE(errno == ECHILD);
1960 }
1961 
1962 static void *
1963 mask_usr1_thread(void *arg)
1964 {
1965 	pthread_barrier_t *pbarrier;
1966 	sigset_t sigmask;
1967 
1968 	pbarrier = (pthread_barrier_t*)arg;
1969 
1970 	sigemptyset(&sigmask);
1971 	sigaddset(&sigmask, SIGUSR1);
1972 	CHILD_REQUIRE(pthread_sigmask(SIG_BLOCK, &sigmask, NULL) == 0);
1973 
1974 	/* Sync up with other thread after sigmask updated. */
1975 	pthread_barrier_wait(pbarrier);
1976 
1977 	for (;;)
1978 		sleep(60);
1979 
1980 	return (NULL);
1981 }
1982 
1983 /*
1984  * Verify that the SIGKILL from PT_KILL takes priority over other signals
1985  * and prevents spurious stops due to those other signals.
1986  */
1987 ATF_TC(ptrace__PT_KILL_competing_signal);
1988 ATF_TC_HEAD(ptrace__PT_KILL_competing_signal, tc)
1989 {
1990 
1991 	atf_tc_set_md_var(tc, "require.user", "root");
1992 }
1993 ATF_TC_BODY(ptrace__PT_KILL_competing_signal, tc)
1994 {
1995 	pid_t fpid, wpid;
1996 	int status;
1997 	cpuset_t setmask;
1998 	pthread_t t;
1999 	pthread_barrier_t barrier;
2000 	struct sched_param sched_param;
2001 
2002 	ATF_REQUIRE((fpid = fork()) != -1);
2003 	if (fpid == 0) {
2004 		/* Bind to one CPU so only one thread at a time will run. */
2005 		CPU_ZERO(&setmask);
2006 		CPU_SET(0, &setmask);
2007 		cpusetid_t setid;
2008 		CHILD_REQUIRE(cpuset(&setid) == 0);
2009 		CHILD_REQUIRE(cpuset_setaffinity(CPU_LEVEL_CPUSET,
2010 		    CPU_WHICH_CPUSET, setid, sizeof(setmask), &setmask) == 0);
2011 
2012 		CHILD_REQUIRE(pthread_barrier_init(&barrier, NULL, 2) == 0);
2013 
2014 		CHILD_REQUIRE(pthread_create(&t, NULL, mask_usr1_thread,
2015 		    (void*)&barrier) == 0);
2016 
2017 		/*
2018 		 * Give the main thread higher priority. The test always
2019 		 * assumes that, if both threads are able to run, the main
2020 		 * thread runs first.
2021 		 */
2022 		sched_param.sched_priority =
2023 		    (sched_get_priority_max(SCHED_FIFO) +
2024 		    sched_get_priority_min(SCHED_FIFO)) / 2;
2025 		CHILD_REQUIRE(pthread_setschedparam(pthread_self(),
2026 		    SCHED_FIFO, &sched_param) == 0);
2027 		sched_param.sched_priority -= RQ_PPQ;
2028 		CHILD_REQUIRE(pthread_setschedparam(t, SCHED_FIFO,
2029 		    &sched_param) == 0);
2030 
2031 		sigset_t sigmask;
2032 		sigemptyset(&sigmask);
2033 		sigaddset(&sigmask, SIGUSR2);
2034 		CHILD_REQUIRE(pthread_sigmask(SIG_BLOCK, &sigmask, NULL) == 0);
2035 
2036 		/* Sync up with other thread after sigmask updated. */
2037 		pthread_barrier_wait(&barrier);
2038 
2039 		trace_me();
2040 
2041 		for (;;)
2042 			sleep(60);
2043 
2044 		exit(1);
2045 	}
2046 
2047 	/* The first wait() should report the stop from SIGSTOP. */
2048 	wpid = waitpid(fpid, &status, 0);
2049 	ATF_REQUIRE(wpid == fpid);
2050 	ATF_REQUIRE(WIFSTOPPED(status));
2051 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2052 
2053 	/* Continue the child ignoring the SIGSTOP. */
2054 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2055 
2056 	/* Send a signal that only the second thread can handle. */
2057 	ATF_REQUIRE(kill(fpid, SIGUSR2) == 0);
2058 
2059 	/* The second wait() should report the SIGUSR2. */
2060 	wpid = waitpid(fpid, &status, 0);
2061 	ATF_REQUIRE(wpid == fpid);
2062 	ATF_REQUIRE(WIFSTOPPED(status));
2063 	ATF_REQUIRE(WSTOPSIG(status) == SIGUSR2);
2064 
2065 	/* Send a signal that only the first thread can handle. */
2066 	ATF_REQUIRE(kill(fpid, SIGUSR1) == 0);
2067 
2068 	/* Replace the SIGUSR2 with a kill. */
2069 	ATF_REQUIRE(ptrace(PT_KILL, fpid, 0, 0) == 0);
2070 
2071 	/* The last wait() should report the SIGKILL (not the SIGUSR signal). */
2072 	wpid = waitpid(fpid, &status, 0);
2073 	ATF_REQUIRE(wpid == fpid);
2074 	ATF_REQUIRE(WIFSIGNALED(status));
2075 	ATF_REQUIRE(WTERMSIG(status) == SIGKILL);
2076 
2077 	wpid = wait(&status);
2078 	ATF_REQUIRE(wpid == -1);
2079 	ATF_REQUIRE(errno == ECHILD);
2080 }
2081 
2082 /*
2083  * Verify that the SIGKILL from PT_KILL takes priority over other stop events
2084  * and prevents spurious stops caused by those events.
2085  */
2086 ATF_TC(ptrace__PT_KILL_competing_stop);
2087 ATF_TC_HEAD(ptrace__PT_KILL_competing_stop, tc)
2088 {
2089 
2090 	atf_tc_set_md_var(tc, "require.user", "root");
2091 }
2092 ATF_TC_BODY(ptrace__PT_KILL_competing_stop, tc)
2093 {
2094 	pid_t fpid, wpid;
2095 	int status;
2096 	cpuset_t setmask;
2097 	pthread_t t;
2098 	pthread_barrier_t barrier;
2099 	lwpid_t main_lwp;
2100 	struct ptrace_lwpinfo pl;
2101 	struct sched_param sched_param;
2102 
2103 	if (atf_tc_get_config_var_as_bool_wd(tc, "ci", false))
2104 		atf_tc_skip("https://bugs.freebsd.org/220841");
2105 
2106 	ATF_REQUIRE((fpid = fork()) != -1);
2107 	if (fpid == 0) {
2108 		trace_me();
2109 
2110 		/* Bind to one CPU so only one thread at a time will run. */
2111 		CPU_ZERO(&setmask);
2112 		CPU_SET(0, &setmask);
2113 		cpusetid_t setid;
2114 		CHILD_REQUIRE(cpuset(&setid) == 0);
2115 		CHILD_REQUIRE(cpuset_setaffinity(CPU_LEVEL_CPUSET,
2116 		    CPU_WHICH_CPUSET, setid, sizeof(setmask), &setmask) == 0);
2117 
2118 		CHILD_REQUIRE(pthread_barrier_init(&barrier, NULL, 2) == 0);
2119 
2120 		CHILD_REQUIRE(pthread_create(&t, NULL, mask_usr1_thread,
2121 		    (void*)&barrier) == 0);
2122 
2123 		/*
2124 		 * Give the main thread higher priority. The test always
2125 		 * assumes that, if both threads are able to run, the main
2126 		 * thread runs first.
2127 		 */
2128 		sched_param.sched_priority =
2129 		    (sched_get_priority_max(SCHED_FIFO) +
2130 		    sched_get_priority_min(SCHED_FIFO)) / 2;
2131 		CHILD_REQUIRE(pthread_setschedparam(pthread_self(),
2132 		    SCHED_FIFO, &sched_param) == 0);
2133 		sched_param.sched_priority -= RQ_PPQ;
2134 		CHILD_REQUIRE(pthread_setschedparam(t, SCHED_FIFO,
2135 		    &sched_param) == 0);
2136 
2137 		sigset_t sigmask;
2138 		sigemptyset(&sigmask);
2139 		sigaddset(&sigmask, SIGUSR2);
2140 		CHILD_REQUIRE(pthread_sigmask(SIG_BLOCK, &sigmask, NULL) == 0);
2141 
2142 		/* Sync up with other thread after sigmask updated. */
2143 		pthread_barrier_wait(&barrier);
2144 
2145 		/* Sync up with the test before doing the getpid(). */
2146 		raise(SIGSTOP);
2147 
2148 		getpid();
2149 		exit(1);
2150 	}
2151 
2152 	/* The first wait() should report the stop from SIGSTOP. */
2153 	wpid = waitpid(fpid, &status, 0);
2154 	ATF_REQUIRE(wpid == fpid);
2155 	ATF_REQUIRE(WIFSTOPPED(status));
2156 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2157 
2158 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2159 	main_lwp = pl.pl_lwpid;
2160 
2161 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2162 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
2163 
2164 	/*
2165 	 * Continue until child is done with setup, which is indicated with
2166 	 * SIGSTOP. Ignore system calls in the meantime.
2167 	 */
2168 	for (;;) {
2169 		wpid = waitpid(fpid, &status, 0);
2170 		ATF_REQUIRE(wpid == fpid);
2171 		ATF_REQUIRE(WIFSTOPPED(status));
2172 		if (WSTOPSIG(status) == SIGTRAP) {
2173 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
2174 			    sizeof(pl)) != -1);
2175 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2176 		} else {
2177 			ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2178 			break;
2179 		}
2180 		ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
2181 	}
2182 
2183 	/* Proceed, allowing main thread to hit syscall entry for getpid(). */
2184 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
2185 
2186 	wpid = waitpid(fpid, &status, 0);
2187 	ATF_REQUIRE(wpid == fpid);
2188 	ATF_REQUIRE(WIFSTOPPED(status));
2189 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
2190 
2191 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
2192 	    sizeof(pl)) != -1);
2193 	ATF_REQUIRE(pl.pl_lwpid == main_lwp);
2194 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2195 	/* Prevent the main thread from hitting its syscall exit for now. */
2196 	ATF_REQUIRE(ptrace(PT_SUSPEND, main_lwp, 0, 0) == 0);
2197 
2198 	/*
2199 	 * Proceed, allowing second thread to hit syscall exit for
2200 	 * pthread_barrier_wait().
2201 	 */
2202 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
2203 
2204 	wpid = waitpid(fpid, &status, 0);
2205 	ATF_REQUIRE(wpid == fpid);
2206 	ATF_REQUIRE(WIFSTOPPED(status));
2207 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
2208 
2209 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
2210 	    sizeof(pl)) != -1);
2211 	ATF_REQUIRE(pl.pl_lwpid != main_lwp);
2212 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
2213 
2214 	/* Send a signal that only the second thread can handle. */
2215 	ATF_REQUIRE(kill(fpid, SIGUSR2) == 0);
2216 
2217 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
2218 
2219 	/* The next wait() should report the SIGUSR2. */
2220 	wpid = waitpid(fpid, &status, 0);
2221 	ATF_REQUIRE(wpid == fpid);
2222 	ATF_REQUIRE(WIFSTOPPED(status));
2223 	ATF_REQUIRE(WSTOPSIG(status) == SIGUSR2);
2224 
2225 	/* Allow the main thread to try to finish its system call. */
2226 	ATF_REQUIRE(ptrace(PT_RESUME, main_lwp, 0, 0) == 0);
2227 
2228 	/*
2229 	 * At this point, the main thread is in the middle of a system call and
2230 	 * has been resumed. The second thread has taken a SIGUSR2 which will
2231 	 * be replaced with a SIGKILL below. The main thread will get to run
2232 	 * first. It should notice the kill request (even though the signal
2233 	 * replacement occurred in the other thread) and exit accordingly.  It
2234 	 * should not stop for the system call exit event.
2235 	 */
2236 
2237 	/* Replace the SIGUSR2 with a kill. */
2238 	ATF_REQUIRE(ptrace(PT_KILL, fpid, 0, 0) == 0);
2239 
2240 	/* The last wait() should report the SIGKILL (not a syscall exit). */
2241 	wpid = waitpid(fpid, &status, 0);
2242 	ATF_REQUIRE(wpid == fpid);
2243 	ATF_REQUIRE(WIFSIGNALED(status));
2244 	ATF_REQUIRE(WTERMSIG(status) == SIGKILL);
2245 
2246 	wpid = wait(&status);
2247 	ATF_REQUIRE(wpid == -1);
2248 	ATF_REQUIRE(errno == ECHILD);
2249 }
2250 
2251 static void
2252 sigusr1_handler(int sig)
2253 {
2254 
2255 	CHILD_REQUIRE(sig == SIGUSR1);
2256 	_exit(2);
2257 }
2258 
2259 /*
2260  * Verify that even if the signal queue is full for a child process,
2261  * a PT_KILL will kill the process.
2262  */
2263 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_with_signal_full_sigqueue);
2264 ATF_TC_BODY(ptrace__PT_KILL_with_signal_full_sigqueue, tc)
2265 {
2266 	pid_t fpid, wpid;
2267 	int status;
2268 	int max_pending_per_proc;
2269 	size_t len;
2270 	int i;
2271 
2272 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_handler) != SIG_ERR);
2273 
2274 	ATF_REQUIRE((fpid = fork()) != -1);
2275 	if (fpid == 0) {
2276 		trace_me();
2277 		exit(1);
2278 	}
2279 
2280 	/* The first wait() should report the stop from SIGSTOP. */
2281 	wpid = waitpid(fpid, &status, 0);
2282 	ATF_REQUIRE(wpid == fpid);
2283 	ATF_REQUIRE(WIFSTOPPED(status));
2284 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2285 
2286 	len = sizeof(max_pending_per_proc);
2287 	ATF_REQUIRE(sysctlbyname("kern.sigqueue.max_pending_per_proc",
2288 	    &max_pending_per_proc, &len, NULL, 0) == 0);
2289 
2290 	/* Fill the signal queue. */
2291 	for (i = 0; i < max_pending_per_proc; ++i)
2292 		ATF_REQUIRE(kill(fpid, SIGUSR1) == 0);
2293 
2294 	/* Kill the child process. */
2295 	ATF_REQUIRE(ptrace(PT_KILL, fpid, 0, 0) == 0);
2296 
2297 	/* The last wait() should report the SIGKILL. */
2298 	wpid = waitpid(fpid, &status, 0);
2299 	ATF_REQUIRE(wpid == fpid);
2300 	ATF_REQUIRE(WIFSIGNALED(status));
2301 	ATF_REQUIRE(WTERMSIG(status) == SIGKILL);
2302 
2303 	wpid = wait(&status);
2304 	ATF_REQUIRE(wpid == -1);
2305 	ATF_REQUIRE(errno == ECHILD);
2306 }
2307 
2308 /*
2309  * Verify that when stopped at a system call entry, a signal can be
2310  * requested with PT_CONTINUE which will be delivered once the system
2311  * call is complete.
2312  */
2313 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_system_call_entry);
2314 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_system_call_entry, tc)
2315 {
2316 	struct ptrace_lwpinfo pl;
2317 	pid_t fpid, wpid;
2318 	int status;
2319 
2320 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_handler) != SIG_ERR);
2321 
2322 	ATF_REQUIRE((fpid = fork()) != -1);
2323 	if (fpid == 0) {
2324 		trace_me();
2325 		getpid();
2326 		exit(1);
2327 	}
2328 
2329 	/* The first wait() should report the stop from SIGSTOP. */
2330 	wpid = waitpid(fpid, &status, 0);
2331 	ATF_REQUIRE(wpid == fpid);
2332 	ATF_REQUIRE(WIFSTOPPED(status));
2333 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2334 
2335 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2336 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
2337 
2338 	/* The second wait() should report a system call entry for getpid(). */
2339 	wpid = waitpid(fpid, &status, 0);
2340 	ATF_REQUIRE(wpid == fpid);
2341 	ATF_REQUIRE(WIFSTOPPED(status));
2342 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
2343 
2344 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2345 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2346 
2347 	/* Continue the child process with a signal. */
2348 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
2349 
2350 	for (;;) {
2351 		/*
2352 		 * The last wait() should report exit 2, i.e., a normal _exit
2353 		 * from the signal handler. In the meantime, catch and proceed
2354 		 * past any syscall stops.
2355 		 */
2356 		wpid = waitpid(fpid, &status, 0);
2357 		ATF_REQUIRE(wpid == fpid);
2358 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2359 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2360 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2361 			ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2362 		} else {
2363 			ATF_REQUIRE(WIFEXITED(status));
2364 			ATF_REQUIRE(WEXITSTATUS(status) == 2);
2365 			break;
2366 		}
2367 	}
2368 
2369 	wpid = wait(&status);
2370 	ATF_REQUIRE(wpid == -1);
2371 	ATF_REQUIRE(errno == ECHILD);
2372 }
2373 
2374 static void
2375 sigusr1_counting_handler(int sig)
2376 {
2377 	static int counter = 0;
2378 
2379 	CHILD_REQUIRE(sig == SIGUSR1);
2380 	counter++;
2381 	if (counter == 2)
2382 		_exit(2);
2383 }
2384 
2385 /*
2386  * Verify that, when continuing from a stop at system call entry and exit,
2387  * a signal can be requested from both stops, and both will be delivered when
2388  * the system call is complete.
2389  */
2390 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_system_call_entry_and_exit);
2391 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_system_call_entry_and_exit, tc)
2392 {
2393 	struct ptrace_lwpinfo pl;
2394 	pid_t fpid, wpid;
2395 	int status;
2396 
2397 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_counting_handler) != SIG_ERR);
2398 
2399 	ATF_REQUIRE((fpid = fork()) != -1);
2400 	if (fpid == 0) {
2401 		trace_me();
2402 		getpid();
2403 		exit(1);
2404 	}
2405 
2406 	/* The first wait() should report the stop from SIGSTOP. */
2407 	wpid = waitpid(fpid, &status, 0);
2408 	ATF_REQUIRE(wpid == fpid);
2409 	ATF_REQUIRE(WIFSTOPPED(status));
2410 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2411 
2412 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2413 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
2414 
2415 	/* The second wait() should report a system call entry for getpid(). */
2416 	wpid = waitpid(fpid, &status, 0);
2417 	ATF_REQUIRE(wpid == fpid);
2418 	ATF_REQUIRE(WIFSTOPPED(status));
2419 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
2420 
2421 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2422 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2423 
2424 	/* Continue the child process with a signal. */
2425 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
2426 
2427 	/* The third wait() should report a system call exit for getpid(). */
2428 	wpid = waitpid(fpid, &status, 0);
2429 	ATF_REQUIRE(wpid == fpid);
2430 	ATF_REQUIRE(WIFSTOPPED(status));
2431 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
2432 
2433 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2434 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
2435 
2436 	/* Continue the child process with a signal. */
2437 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
2438 
2439 	for (;;) {
2440 		/*
2441 		 * The last wait() should report exit 2, i.e., a normal _exit
2442 		 * from the signal handler. In the meantime, catch and proceed
2443 		 * past any syscall stops.
2444 		 */
2445 		wpid = waitpid(fpid, &status, 0);
2446 		ATF_REQUIRE(wpid == fpid);
2447 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2448 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2449 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2450 			ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2451 		} else {
2452 			ATF_REQUIRE(WIFEXITED(status));
2453 			ATF_REQUIRE(WEXITSTATUS(status) == 2);
2454 			break;
2455 		}
2456 	}
2457 
2458 	wpid = wait(&status);
2459 	ATF_REQUIRE(wpid == -1);
2460 	ATF_REQUIRE(errno == ECHILD);
2461 }
2462 
2463 /*
2464  * Verify that even if the signal queue is full for a child process,
2465  * a PT_CONTINUE with a signal will not result in loss of that signal.
2466  */
2467 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_full_sigqueue);
2468 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_full_sigqueue, tc)
2469 {
2470 	pid_t fpid, wpid;
2471 	int status;
2472 	int max_pending_per_proc;
2473 	size_t len;
2474 	int i;
2475 
2476 	ATF_REQUIRE(signal(SIGUSR2, handler) != SIG_ERR);
2477 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_handler) != SIG_ERR);
2478 
2479 	ATF_REQUIRE((fpid = fork()) != -1);
2480 	if (fpid == 0) {
2481 		trace_me();
2482 		exit(1);
2483 	}
2484 
2485 	/* The first wait() should report the stop from SIGSTOP. */
2486 	wpid = waitpid(fpid, &status, 0);
2487 	ATF_REQUIRE(wpid == fpid);
2488 	ATF_REQUIRE(WIFSTOPPED(status));
2489 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2490 
2491 	len = sizeof(max_pending_per_proc);
2492 	ATF_REQUIRE(sysctlbyname("kern.sigqueue.max_pending_per_proc",
2493 	    &max_pending_per_proc, &len, NULL, 0) == 0);
2494 
2495 	/* Fill the signal queue. */
2496 	for (i = 0; i < max_pending_per_proc; ++i)
2497 		ATF_REQUIRE(kill(fpid, SIGUSR2) == 0);
2498 
2499 	/* Continue with signal. */
2500 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
2501 
2502 	for (;;) {
2503 		wpid = waitpid(fpid, &status, 0);
2504 		ATF_REQUIRE(wpid == fpid);
2505 		if (WIFSTOPPED(status)) {
2506 			ATF_REQUIRE(WSTOPSIG(status) == SIGUSR2);
2507 			ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2508 		} else {
2509 			/*
2510 			 * The last wait() should report normal _exit from the
2511 			 * SIGUSR1 handler.
2512 			 */
2513 			ATF_REQUIRE(WIFEXITED(status));
2514 			ATF_REQUIRE(WEXITSTATUS(status) == 2);
2515 			break;
2516 		}
2517 	}
2518 
2519 	wpid = wait(&status);
2520 	ATF_REQUIRE(wpid == -1);
2521 	ATF_REQUIRE(errno == ECHILD);
2522 }
2523 
2524 static sem_t sigusr1_sem;
2525 static int got_usr1;
2526 
2527 static void
2528 sigusr1_sempost_handler(int sig __unused)
2529 {
2530 
2531 	got_usr1++;
2532 	CHILD_REQUIRE(sem_post(&sigusr1_sem) == 0);
2533 }
2534 
2535 /*
2536  * Verify that even if the signal queue is full for a child process,
2537  * and the signal is masked, a PT_CONTINUE with a signal will not
2538  * result in loss of that signal.
2539  */
2540 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_masked_full_sigqueue);
2541 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_masked_full_sigqueue, tc)
2542 {
2543 	struct ptrace_lwpinfo pl;
2544 	pid_t fpid, wpid;
2545 	int status, err;
2546 	int max_pending_per_proc;
2547 	size_t len;
2548 	int i;
2549 	sigset_t sigmask;
2550 
2551 	ATF_REQUIRE(signal(SIGUSR2, handler) != SIG_ERR);
2552 	ATF_REQUIRE(sem_init(&sigusr1_sem, 0, 0) == 0);
2553 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
2554 
2555 	got_usr1 = 0;
2556 	ATF_REQUIRE((fpid = fork()) != -1);
2557 	if (fpid == 0) {
2558 		CHILD_REQUIRE(sigemptyset(&sigmask) == 0);
2559 		CHILD_REQUIRE(sigaddset(&sigmask, SIGUSR1) == 0);
2560 		CHILD_REQUIRE(sigprocmask(SIG_BLOCK, &sigmask, NULL) == 0);
2561 
2562 		trace_me();
2563 		CHILD_REQUIRE(got_usr1 == 0);
2564 
2565 		/* Allow the pending SIGUSR1 in now. */
2566 		CHILD_REQUIRE(sigprocmask(SIG_UNBLOCK, &sigmask, NULL) == 0);
2567 		/* Wait to receive the SIGUSR1. */
2568 		do {
2569 			err = sem_wait(&sigusr1_sem);
2570 			CHILD_REQUIRE(err == 0 || errno == EINTR);
2571 		} while (err != 0 && errno == EINTR);
2572 		CHILD_REQUIRE(got_usr1 == 1);
2573 		exit(1);
2574 	}
2575 
2576 	/* The first wait() should report the stop from SIGSTOP. */
2577 	wpid = waitpid(fpid, &status, 0);
2578 	ATF_REQUIRE(wpid == fpid);
2579 	ATF_REQUIRE(WIFSTOPPED(status));
2580 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2581 
2582 	len = sizeof(max_pending_per_proc);
2583 	ATF_REQUIRE(sysctlbyname("kern.sigqueue.max_pending_per_proc",
2584 	    &max_pending_per_proc, &len, NULL, 0) == 0);
2585 
2586 	/* Fill the signal queue. */
2587 	for (i = 0; i < max_pending_per_proc; ++i)
2588 		ATF_REQUIRE(kill(fpid, SIGUSR2) == 0);
2589 
2590 	/* Continue with signal. */
2591 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
2592 
2593 	/* Collect and ignore all of the SIGUSR2. */
2594 	for (i = 0; i < max_pending_per_proc; ++i) {
2595 		wpid = waitpid(fpid, &status, 0);
2596 		ATF_REQUIRE(wpid == fpid);
2597 		ATF_REQUIRE(WIFSTOPPED(status));
2598 		ATF_REQUIRE(WSTOPSIG(status) == SIGUSR2);
2599 		ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2600 	}
2601 
2602 	/* Now our PT_CONTINUE'd SIGUSR1 should cause a stop after unmask. */
2603 	wpid = waitpid(fpid, &status, 0);
2604 	ATF_REQUIRE(wpid == fpid);
2605 	ATF_REQUIRE(WIFSTOPPED(status));
2606 	ATF_REQUIRE(WSTOPSIG(status) == SIGUSR1);
2607 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
2608 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGUSR1);
2609 
2610 	/* Continue the child, ignoring the SIGUSR1. */
2611 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2612 
2613 	/* The last wait() should report exit after receiving SIGUSR1. */
2614 	wpid = waitpid(fpid, &status, 0);
2615 	ATF_REQUIRE(wpid == fpid);
2616 	ATF_REQUIRE(WIFEXITED(status));
2617 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
2618 
2619 	wpid = wait(&status);
2620 	ATF_REQUIRE(wpid == -1);
2621 	ATF_REQUIRE(errno == ECHILD);
2622 }
2623 
2624 /*
2625  * Verify that, after stopping due to a signal, that signal can be
2626  * replaced with another signal.
2627  */
2628 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_change_sig);
2629 ATF_TC_BODY(ptrace__PT_CONTINUE_change_sig, tc)
2630 {
2631 	struct ptrace_lwpinfo pl;
2632 	pid_t fpid, wpid;
2633 	int status;
2634 
2635 	ATF_REQUIRE((fpid = fork()) != -1);
2636 	if (fpid == 0) {
2637 		trace_me();
2638 		sleep(20);
2639 		exit(1);
2640 	}
2641 
2642 	/* The first wait() should report the stop from SIGSTOP. */
2643 	wpid = waitpid(fpid, &status, 0);
2644 	ATF_REQUIRE(wpid == fpid);
2645 	ATF_REQUIRE(WIFSTOPPED(status));
2646 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2647 
2648 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2649 
2650 	/* Send a signal without ptrace. */
2651 	ATF_REQUIRE(kill(fpid, SIGINT) == 0);
2652 
2653 	/* The second wait() should report a SIGINT was received. */
2654 	wpid = waitpid(fpid, &status, 0);
2655 	ATF_REQUIRE(wpid == fpid);
2656 	ATF_REQUIRE(WIFSTOPPED(status));
2657 	ATF_REQUIRE(WSTOPSIG(status) == SIGINT);
2658 
2659 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2660 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
2661 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGINT);
2662 
2663 	/* Continue the child process with a different signal. */
2664 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGTERM) == 0);
2665 
2666 	/*
2667 	 * The last wait() should report having died due to the new
2668 	 * signal, SIGTERM.
2669 	 */
2670 	wpid = waitpid(fpid, &status, 0);
2671 	ATF_REQUIRE(wpid == fpid);
2672 	ATF_REQUIRE(WIFSIGNALED(status));
2673 	ATF_REQUIRE(WTERMSIG(status) == SIGTERM);
2674 
2675 	wpid = wait(&status);
2676 	ATF_REQUIRE(wpid == -1);
2677 	ATF_REQUIRE(errno == ECHILD);
2678 }
2679 
2680 /*
2681  * Verify that a signal can be passed through to the child even when there
2682  * was no true signal originally. Such cases arise when a SIGTRAP is
2683  * invented for e.g, system call stops.
2684  */
2685 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_sigtrap_system_call_entry);
2686 ATF_TC_BODY(ptrace__PT_CONTINUE_with_sigtrap_system_call_entry, tc)
2687 {
2688 	struct ptrace_lwpinfo pl;
2689 	struct rlimit rl;
2690 	pid_t fpid, wpid;
2691 	int status;
2692 
2693 	ATF_REQUIRE((fpid = fork()) != -1);
2694 	if (fpid == 0) {
2695 		trace_me();
2696 		/* SIGTRAP expected to cause exit on syscall entry. */
2697 		rl.rlim_cur = rl.rlim_max = 0;
2698 		ATF_REQUIRE(setrlimit(RLIMIT_CORE, &rl) == 0);
2699 		getpid();
2700 		exit(1);
2701 	}
2702 
2703 	/* The first wait() should report the stop from SIGSTOP. */
2704 	wpid = waitpid(fpid, &status, 0);
2705 	ATF_REQUIRE(wpid == fpid);
2706 	ATF_REQUIRE(WIFSTOPPED(status));
2707 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2708 
2709 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2710 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
2711 
2712 	/* The second wait() should report a system call entry for getpid(). */
2713 	wpid = waitpid(fpid, &status, 0);
2714 	ATF_REQUIRE(wpid == fpid);
2715 	ATF_REQUIRE(WIFSTOPPED(status));
2716 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
2717 
2718 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2719 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2720 
2721 	/* Continue the child process with a SIGTRAP. */
2722 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGTRAP) == 0);
2723 
2724 	for (;;) {
2725 		/*
2726 		 * The last wait() should report exit due to SIGTRAP.  In the
2727 		 * meantime, catch and proceed past any syscall stops.
2728 		 */
2729 		wpid = waitpid(fpid, &status, 0);
2730 		ATF_REQUIRE(wpid == fpid);
2731 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2732 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2733 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2734 			ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2735 		} else {
2736 			ATF_REQUIRE(WIFSIGNALED(status));
2737 			ATF_REQUIRE(WTERMSIG(status) == SIGTRAP);
2738 			break;
2739 		}
2740 	}
2741 
2742 	wpid = wait(&status);
2743 	ATF_REQUIRE(wpid == -1);
2744 	ATF_REQUIRE(errno == ECHILD);
2745 
2746 }
2747 
2748 /*
2749  * A mixed bag PT_CONTINUE with signal test.
2750  */
2751 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_mix);
2752 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_mix, tc)
2753 {
2754 	struct ptrace_lwpinfo pl;
2755 	pid_t fpid, wpid;
2756 	int status;
2757 
2758 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_counting_handler) != SIG_ERR);
2759 
2760 	ATF_REQUIRE((fpid = fork()) != -1);
2761 	if (fpid == 0) {
2762 		trace_me();
2763 		getpid();
2764 		exit(1);
2765 	}
2766 
2767 	/* The first wait() should report the stop from SIGSTOP. */
2768 	wpid = waitpid(fpid, &status, 0);
2769 	ATF_REQUIRE(wpid == fpid);
2770 	ATF_REQUIRE(WIFSTOPPED(status));
2771 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2772 
2773 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2774 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
2775 
2776 	/* The second wait() should report a system call entry for getpid(). */
2777 	wpid = waitpid(fpid, &status, 0);
2778 	ATF_REQUIRE(wpid == fpid);
2779 	ATF_REQUIRE(WIFSTOPPED(status));
2780 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
2781 
2782 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2783 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2784 
2785 	/* Continue with the first SIGUSR1. */
2786 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
2787 
2788 	/* The next wait() should report a system call exit for getpid(). */
2789 	wpid = waitpid(fpid, &status, 0);
2790 	ATF_REQUIRE(wpid == fpid);
2791 	ATF_REQUIRE(WIFSTOPPED(status));
2792 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
2793 
2794 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2795 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
2796 
2797 	/* Send an ABRT without ptrace. */
2798 	ATF_REQUIRE(kill(fpid, SIGABRT) == 0);
2799 
2800 	/* Continue normally. */
2801 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2802 
2803 	/* The next wait() should report the SIGABRT. */
2804 	wpid = waitpid(fpid, &status, 0);
2805 	ATF_REQUIRE(wpid == fpid);
2806 	ATF_REQUIRE(WIFSTOPPED(status));
2807 	ATF_REQUIRE(WSTOPSIG(status) == SIGABRT);
2808 
2809 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2810 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
2811 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGABRT);
2812 
2813 	/* Continue, replacing the SIGABRT with another SIGUSR1. */
2814 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
2815 
2816 	for (;;) {
2817 		/*
2818 		 * The last wait() should report exit 2, i.e., a normal _exit
2819 		 * from the signal handler. In the meantime, catch and proceed
2820 		 * past any syscall stops.
2821 		 */
2822 		wpid = waitpid(fpid, &status, 0);
2823 		ATF_REQUIRE(wpid == fpid);
2824 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2825 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2826 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2827 			ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2828 		} else {
2829 			ATF_REQUIRE(WIFEXITED(status));
2830 			ATF_REQUIRE(WEXITSTATUS(status) == 2);
2831 			break;
2832 		}
2833 	}
2834 
2835 	wpid = wait(&status);
2836 	ATF_REQUIRE(wpid == -1);
2837 	ATF_REQUIRE(errno == ECHILD);
2838 
2839 }
2840 
2841 /*
2842  * Verify a signal delivered by ptrace is noticed by kevent(2).
2843  */
2844 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_kqueue);
2845 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_kqueue, tc)
2846 {
2847 	pid_t fpid, wpid;
2848 	int status, kq, nevents;
2849 	struct kevent kev;
2850 
2851 	ATF_REQUIRE(signal(SIGUSR1, SIG_IGN) != SIG_ERR);
2852 
2853 	ATF_REQUIRE((fpid = fork()) != -1);
2854 	if (fpid == 0) {
2855 		CHILD_REQUIRE((kq = kqueue()) > 0);
2856 		EV_SET(&kev, SIGUSR1, EVFILT_SIGNAL, EV_ADD, 0, 0, 0);
2857 		CHILD_REQUIRE(kevent(kq, &kev, 1, NULL, 0, NULL) == 0);
2858 
2859 		trace_me();
2860 
2861 		for (;;) {
2862 			nevents = kevent(kq, NULL, 0, &kev, 1, NULL);
2863 			if (nevents == -1 && errno == EINTR)
2864 				continue;
2865 			CHILD_REQUIRE(nevents > 0);
2866 			CHILD_REQUIRE(kev.filter == EVFILT_SIGNAL);
2867 			CHILD_REQUIRE(kev.ident == SIGUSR1);
2868 			break;
2869 		}
2870 
2871 		exit(1);
2872 	}
2873 
2874 	/* The first wait() should report the stop from SIGSTOP. */
2875 	wpid = waitpid(fpid, &status, 0);
2876 	ATF_REQUIRE(wpid == fpid);
2877 	ATF_REQUIRE(WIFSTOPPED(status));
2878 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2879 
2880 	/* Continue with the SIGUSR1. */
2881 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
2882 
2883 	/*
2884 	 * The last wait() should report normal exit with code 1.
2885 	 */
2886 	wpid = waitpid(fpid, &status, 0);
2887 	ATF_REQUIRE(wpid == fpid);
2888 	ATF_REQUIRE(WIFEXITED(status));
2889 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
2890 
2891 	wpid = wait(&status);
2892 	ATF_REQUIRE(wpid == -1);
2893 	ATF_REQUIRE(errno == ECHILD);
2894 }
2895 
2896 static void *
2897 signal_thread(void *arg)
2898 {
2899 	int err;
2900 	sigset_t sigmask;
2901 
2902 	pthread_barrier_t *pbarrier = (pthread_barrier_t*)arg;
2903 
2904 	/* Wait for this thread to receive a SIGUSR1. */
2905 	do {
2906 		err = sem_wait(&sigusr1_sem);
2907 		CHILD_REQUIRE(err == 0 || errno == EINTR);
2908 	} while (err != 0 && errno == EINTR);
2909 
2910 	/* Free our companion thread from the barrier. */
2911 	pthread_barrier_wait(pbarrier);
2912 
2913 	/*
2914 	 * Swap ignore duties; the next SIGUSR1 should go to the
2915 	 * other thread.
2916 	 */
2917 	CHILD_REQUIRE(sigemptyset(&sigmask) == 0);
2918 	CHILD_REQUIRE(sigaddset(&sigmask, SIGUSR1) == 0);
2919 	CHILD_REQUIRE(pthread_sigmask(SIG_BLOCK, &sigmask, NULL) == 0);
2920 
2921 	/* Sync up threads after swapping signal masks. */
2922 	pthread_barrier_wait(pbarrier);
2923 
2924 	/* Wait until our companion has received its SIGUSR1. */
2925 	pthread_barrier_wait(pbarrier);
2926 
2927 	return (NULL);
2928 }
2929 
2930 /*
2931  * Verify that a traced process with blocked signal received the
2932  * signal from kill() once unmasked.
2933  */
2934 ATF_TC_WITHOUT_HEAD(ptrace__killed_with_sigmask);
2935 ATF_TC_BODY(ptrace__killed_with_sigmask, tc)
2936 {
2937 	struct ptrace_lwpinfo pl;
2938 	pid_t fpid, wpid;
2939 	int status, err;
2940 	sigset_t sigmask;
2941 
2942 	ATF_REQUIRE(sem_init(&sigusr1_sem, 0, 0) == 0);
2943 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
2944 	got_usr1 = 0;
2945 
2946 	ATF_REQUIRE((fpid = fork()) != -1);
2947 	if (fpid == 0) {
2948 		CHILD_REQUIRE(sigemptyset(&sigmask) == 0);
2949 		CHILD_REQUIRE(sigaddset(&sigmask, SIGUSR1) == 0);
2950 		CHILD_REQUIRE(sigprocmask(SIG_BLOCK, &sigmask, NULL) == 0);
2951 
2952 		trace_me();
2953 		CHILD_REQUIRE(got_usr1 == 0);
2954 
2955 		/* Allow the pending SIGUSR1 in now. */
2956 		CHILD_REQUIRE(sigprocmask(SIG_UNBLOCK, &sigmask, NULL) == 0);
2957 		/* Wait to receive a SIGUSR1. */
2958 		do {
2959 			err = sem_wait(&sigusr1_sem);
2960 			CHILD_REQUIRE(err == 0 || errno == EINTR);
2961 		} while (err != 0 && errno == EINTR);
2962 		CHILD_REQUIRE(got_usr1 == 1);
2963 		exit(1);
2964 	}
2965 
2966 	/* The first wait() should report the stop from SIGSTOP. */
2967 	wpid = waitpid(fpid, &status, 0);
2968 	ATF_REQUIRE(wpid == fpid);
2969 	ATF_REQUIRE(WIFSTOPPED(status));
2970 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2971 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
2972 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGSTOP);
2973 
2974 	/* Send blocked SIGUSR1 which should cause a stop. */
2975 	ATF_REQUIRE(kill(fpid, SIGUSR1) == 0);
2976 
2977 	/* Continue the child ignoring the SIGSTOP. */
2978 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2979 
2980 	/* The next wait() should report the kill(SIGUSR1) was received. */
2981 	wpid = waitpid(fpid, &status, 0);
2982 	ATF_REQUIRE(wpid == fpid);
2983 	ATF_REQUIRE(WIFSTOPPED(status));
2984 	ATF_REQUIRE(WSTOPSIG(status) == SIGUSR1);
2985 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
2986 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGUSR1);
2987 
2988 	/* Continue the child, allowing in the SIGUSR1. */
2989 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
2990 
2991 	/* The last wait() should report normal exit with code 1. */
2992 	wpid = waitpid(fpid, &status, 0);
2993 	ATF_REQUIRE(wpid == fpid);
2994 	ATF_REQUIRE(WIFEXITED(status));
2995 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
2996 
2997 	wpid = wait(&status);
2998 	ATF_REQUIRE(wpid == -1);
2999 	ATF_REQUIRE(errno == ECHILD);
3000 }
3001 
3002 /*
3003  * Verify that a traced process with blocked signal received the
3004  * signal from PT_CONTINUE once unmasked.
3005  */
3006 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_sigmask);
3007 ATF_TC_BODY(ptrace__PT_CONTINUE_with_sigmask, tc)
3008 {
3009 	struct ptrace_lwpinfo pl;
3010 	pid_t fpid, wpid;
3011 	int status, err;
3012 	sigset_t sigmask;
3013 
3014 	ATF_REQUIRE(sem_init(&sigusr1_sem, 0, 0) == 0);
3015 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
3016 	got_usr1 = 0;
3017 
3018 	ATF_REQUIRE((fpid = fork()) != -1);
3019 	if (fpid == 0) {
3020 		CHILD_REQUIRE(sigemptyset(&sigmask) == 0);
3021 		CHILD_REQUIRE(sigaddset(&sigmask, SIGUSR1) == 0);
3022 		CHILD_REQUIRE(sigprocmask(SIG_BLOCK, &sigmask, NULL) == 0);
3023 
3024 		trace_me();
3025 		CHILD_REQUIRE(got_usr1 == 0);
3026 
3027 		/* Allow the pending SIGUSR1 in now. */
3028 		CHILD_REQUIRE(sigprocmask(SIG_UNBLOCK, &sigmask, NULL) == 0);
3029 		/* Wait to receive a SIGUSR1. */
3030 		do {
3031 			err = sem_wait(&sigusr1_sem);
3032 			CHILD_REQUIRE(err == 0 || errno == EINTR);
3033 		} while (err != 0 && errno == EINTR);
3034 
3035 		CHILD_REQUIRE(got_usr1 == 1);
3036 		exit(1);
3037 	}
3038 
3039 	/* The first wait() should report the stop from SIGSTOP. */
3040 	wpid = waitpid(fpid, &status, 0);
3041 	ATF_REQUIRE(wpid == fpid);
3042 	ATF_REQUIRE(WIFSTOPPED(status));
3043 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3044 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
3045 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGSTOP);
3046 
3047 	/* Continue the child replacing SIGSTOP with SIGUSR1. */
3048 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
3049 
3050 	/* The next wait() should report the SIGUSR1 was received. */
3051 	wpid = waitpid(fpid, &status, 0);
3052 	ATF_REQUIRE(wpid == fpid);
3053 	ATF_REQUIRE(WIFSTOPPED(status));
3054 	ATF_REQUIRE(WSTOPSIG(status) == SIGUSR1);
3055 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
3056 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGUSR1);
3057 
3058 	/* Continue the child, ignoring the SIGUSR1. */
3059 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3060 
3061 	/* The last wait() should report normal exit with code 1. */
3062 	wpid = waitpid(fpid, &status, 0);
3063 	ATF_REQUIRE(wpid == fpid);
3064 	ATF_REQUIRE(WIFEXITED(status));
3065 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
3066 
3067 	wpid = wait(&status);
3068 	ATF_REQUIRE(wpid == -1);
3069 	ATF_REQUIRE(errno == ECHILD);
3070 }
3071 
3072 /*
3073  * Verify that if ptrace stops due to a signal but continues with
3074  * a different signal that the new signal is routed to a thread
3075  * that can accept it, and that the thread is awakened by the signal
3076  * in a timely manner.
3077  */
3078 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_thread_sigmask);
3079 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_thread_sigmask, tc)
3080 {
3081 	pid_t fpid, wpid;
3082 	int status, err;
3083 	pthread_t t;
3084 	sigset_t sigmask;
3085 	pthread_barrier_t barrier;
3086 
3087 	ATF_REQUIRE(pthread_barrier_init(&barrier, NULL, 2) == 0);
3088 	ATF_REQUIRE(sem_init(&sigusr1_sem, 0, 0) == 0);
3089 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
3090 
3091 	ATF_REQUIRE((fpid = fork()) != -1);
3092 	if (fpid == 0) {
3093 		CHILD_REQUIRE(pthread_create(&t, NULL, signal_thread, (void*)&barrier) == 0);
3094 
3095 		/* The other thread should receive the first SIGUSR1. */
3096 		CHILD_REQUIRE(sigemptyset(&sigmask) == 0);
3097 		CHILD_REQUIRE(sigaddset(&sigmask, SIGUSR1) == 0);
3098 		CHILD_REQUIRE(pthread_sigmask(SIG_BLOCK, &sigmask, NULL) == 0);
3099 
3100 		trace_me();
3101 
3102 		/* Wait until other thread has received its SIGUSR1. */
3103 		pthread_barrier_wait(&barrier);
3104 
3105 		/*
3106 		 * Swap ignore duties; the next SIGUSR1 should go to this
3107 		 * thread.
3108 		 */
3109 		CHILD_REQUIRE(pthread_sigmask(SIG_UNBLOCK, &sigmask, NULL) == 0);
3110 
3111 		/* Sync up threads after swapping signal masks. */
3112 		pthread_barrier_wait(&barrier);
3113 
3114 		/*
3115 		 * Sync up with test code; we're ready for the next SIGUSR1
3116 		 * now.
3117 		 */
3118 		raise(SIGSTOP);
3119 
3120 		/* Wait for this thread to receive a SIGUSR1. */
3121 		do {
3122 			err = sem_wait(&sigusr1_sem);
3123 			CHILD_REQUIRE(err == 0 || errno == EINTR);
3124 		} while (err != 0 && errno == EINTR);
3125 
3126 		/* Free the other thread from the barrier. */
3127 		pthread_barrier_wait(&barrier);
3128 
3129 		CHILD_REQUIRE(pthread_join(t, NULL) == 0);
3130 
3131 		exit(1);
3132 	}
3133 
3134 	/* The first wait() should report the stop from SIGSTOP. */
3135 	wpid = waitpid(fpid, &status, 0);
3136 	ATF_REQUIRE(wpid == fpid);
3137 	ATF_REQUIRE(WIFSTOPPED(status));
3138 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3139 
3140 	/* Continue the child ignoring the SIGSTOP. */
3141 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3142 
3143 	/*
3144 	 * Send a signal without ptrace that either thread will accept (USR2,
3145 	 * in this case).
3146 	 */
3147 	ATF_REQUIRE(kill(fpid, SIGUSR2) == 0);
3148 
3149 	/* The second wait() should report a SIGUSR2 was received. */
3150 	wpid = waitpid(fpid, &status, 0);
3151 	ATF_REQUIRE(wpid == fpid);
3152 	ATF_REQUIRE(WIFSTOPPED(status));
3153 	ATF_REQUIRE(WSTOPSIG(status) == SIGUSR2);
3154 
3155 	/* Continue the child, changing the signal to USR1. */
3156 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
3157 
3158 	/* The next wait() should report the stop from SIGSTOP. */
3159 	wpid = waitpid(fpid, &status, 0);
3160 	ATF_REQUIRE(wpid == fpid);
3161 	ATF_REQUIRE(WIFSTOPPED(status));
3162 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3163 
3164 	/* Continue the child ignoring the SIGSTOP. */
3165 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3166 
3167 	ATF_REQUIRE(kill(fpid, SIGUSR2) == 0);
3168 
3169 	/* The next wait() should report a SIGUSR2 was received. */
3170 	wpid = waitpid(fpid, &status, 0);
3171 	ATF_REQUIRE(wpid == fpid);
3172 	ATF_REQUIRE(WIFSTOPPED(status));
3173 	ATF_REQUIRE(WSTOPSIG(status) == SIGUSR2);
3174 
3175 	/* Continue the child, changing the signal to USR1. */
3176 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
3177 
3178 	/* The last wait() should report normal exit with code 1. */
3179 	wpid = waitpid(fpid, &status, 0);
3180 	ATF_REQUIRE(wpid == fpid);
3181 	ATF_REQUIRE(WIFEXITED(status));
3182 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
3183 
3184 	wpid = wait(&status);
3185 	ATF_REQUIRE(wpid == -1);
3186 	ATF_REQUIRE(errno == ECHILD);
3187 }
3188 
3189 static void *
3190 raise_sigstop_thread(void *arg __unused)
3191 {
3192 
3193 	raise(SIGSTOP);
3194 	return NULL;
3195 }
3196 
3197 static void *
3198 sleep_thread(void *arg __unused)
3199 {
3200 
3201 	sleep(60);
3202 	return NULL;
3203 }
3204 
3205 static void
3206 terminate_with_pending_sigstop(bool sigstop_from_main_thread)
3207 {
3208 	pid_t fpid, wpid;
3209 	int status, i;
3210 	cpuset_t setmask;
3211 	cpusetid_t setid;
3212 	pthread_t t;
3213 
3214 	/*
3215 	 * Become the reaper for this process tree. We need to be able to check
3216 	 * that both child and grandchild have died.
3217 	 */
3218 	ATF_REQUIRE(procctl(P_PID, getpid(), PROC_REAP_ACQUIRE, NULL) == 0);
3219 
3220 	fpid = fork();
3221 	ATF_REQUIRE(fpid >= 0);
3222 	if (fpid == 0) {
3223 		fpid = fork();
3224 		CHILD_REQUIRE(fpid >= 0);
3225 		if (fpid == 0) {
3226 			trace_me();
3227 
3228 			/* Pin to CPU 0 to serialize thread execution. */
3229 			CPU_ZERO(&setmask);
3230 			CPU_SET(0, &setmask);
3231 			CHILD_REQUIRE(cpuset(&setid) == 0);
3232 			CHILD_REQUIRE(cpuset_setaffinity(CPU_LEVEL_CPUSET,
3233 			    CPU_WHICH_CPUSET, setid,
3234 			    sizeof(setmask), &setmask) == 0);
3235 
3236 			if (sigstop_from_main_thread) {
3237 				/*
3238 				 * We expect the SIGKILL sent when our parent
3239 				 * dies to be delivered to the new thread.
3240 				 * Raise the SIGSTOP in this thread so the
3241 				 * threads compete.
3242 				 */
3243 				CHILD_REQUIRE(pthread_create(&t, NULL,
3244 				    sleep_thread, NULL) == 0);
3245 				raise(SIGSTOP);
3246 			} else {
3247 				/*
3248 				 * We expect the SIGKILL to be delivered to
3249 				 * this thread. After creating the new thread,
3250 				 * just get off the CPU so the other thread can
3251 				 * raise the SIGSTOP.
3252 				 */
3253 				CHILD_REQUIRE(pthread_create(&t, NULL,
3254 				    raise_sigstop_thread, NULL) == 0);
3255 				sleep(60);
3256 			}
3257 
3258 			exit(0);
3259 		}
3260 		/* First stop is trace_me() immediately after fork. */
3261 		wpid = waitpid(fpid, &status, 0);
3262 		CHILD_REQUIRE(wpid == fpid);
3263 		CHILD_REQUIRE(WIFSTOPPED(status));
3264 		CHILD_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3265 
3266 		CHILD_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3267 
3268 		/* Second stop is from the raise(SIGSTOP). */
3269 		wpid = waitpid(fpid, &status, 0);
3270 		CHILD_REQUIRE(wpid == fpid);
3271 		CHILD_REQUIRE(WIFSTOPPED(status));
3272 		CHILD_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3273 
3274 		/*
3275 		 * Terminate tracing process without detaching. Our child
3276 		 * should be killed.
3277 		 */
3278 		exit(0);
3279 	}
3280 
3281 	/*
3282 	 * We should get a normal exit from our immediate child and a SIGKILL
3283 	 * exit from our grandchild. The latter case is the interesting one.
3284 	 * Our grandchild should not have stopped due to the SIGSTOP that was
3285 	 * left dangling when its parent died.
3286 	 */
3287 	for (i = 0; i < 2; ++i) {
3288 		wpid = wait(&status);
3289 		if (wpid == fpid)
3290 			ATF_REQUIRE(WIFEXITED(status) &&
3291 			    WEXITSTATUS(status) == 0);
3292 		else
3293 			ATF_REQUIRE(WIFSIGNALED(status) &&
3294 			    WTERMSIG(status) == SIGKILL);
3295 	}
3296 }
3297 
3298 /*
3299  * These two tests ensure that if the tracing process exits without detaching
3300  * just after the child received a SIGSTOP, the child is cleanly killed and
3301  * doesn't go to sleep due to the SIGSTOP. The parent's death will send a
3302  * SIGKILL to the child. If the SIGKILL and the SIGSTOP are handled by
3303  * different threads, the SIGKILL must win.  There are two variants of this
3304  * test, designed to catch the case where the SIGKILL is delivered to the
3305  * younger thread (the first test) and the case where the SIGKILL is delivered
3306  * to the older thread (the second test). This behavior has changed in the
3307  * past, so make no assumption.
3308  */
3309 ATF_TC(ptrace__parent_terminate_with_pending_sigstop1);
3310 ATF_TC_HEAD(ptrace__parent_terminate_with_pending_sigstop1, tc)
3311 {
3312 
3313 	atf_tc_set_md_var(tc, "require.user", "root");
3314 }
3315 ATF_TC_BODY(ptrace__parent_terminate_with_pending_sigstop1, tc)
3316 {
3317 
3318 	terminate_with_pending_sigstop(true);
3319 }
3320 
3321 ATF_TC(ptrace__parent_terminate_with_pending_sigstop2);
3322 ATF_TC_HEAD(ptrace__parent_terminate_with_pending_sigstop2, tc)
3323 {
3324 
3325 	atf_tc_set_md_var(tc, "require.user", "root");
3326 }
3327 ATF_TC_BODY(ptrace__parent_terminate_with_pending_sigstop2, tc)
3328 {
3329 
3330 	terminate_with_pending_sigstop(false);
3331 }
3332 
3333 /*
3334  * Verify that after ptrace() discards a SIGKILL signal, the event mask
3335  * is not modified.
3336  */
3337 ATF_TC_WITHOUT_HEAD(ptrace__event_mask_sigkill_discard);
3338 ATF_TC_BODY(ptrace__event_mask_sigkill_discard, tc)
3339 {
3340 	struct ptrace_lwpinfo pl;
3341 	pid_t fpid, wpid;
3342 	int status, event_mask, new_event_mask;
3343 
3344 	ATF_REQUIRE((fpid = fork()) != -1);
3345 	if (fpid == 0) {
3346 		trace_me();
3347 		raise(SIGSTOP);
3348 		exit(0);
3349 	}
3350 
3351 	/* The first wait() should report the stop from trace_me(). */
3352 	wpid = waitpid(fpid, &status, 0);
3353 	ATF_REQUIRE(wpid == fpid);
3354 	ATF_REQUIRE(WIFSTOPPED(status));
3355 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3356 
3357 	/* Set several unobtrusive event bits. */
3358 	event_mask = PTRACE_EXEC | PTRACE_FORK | PTRACE_LWP;
3359 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, wpid, (caddr_t)&event_mask,
3360 	    sizeof(event_mask)) == 0);
3361 
3362 	/* Send a SIGKILL without using ptrace. */
3363 	ATF_REQUIRE(kill(fpid, SIGKILL) == 0);
3364 
3365 	/* Continue the child ignoring the SIGSTOP. */
3366 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3367 
3368 	/* The next stop should be due to the SIGKILL. */
3369 	wpid = waitpid(fpid, &status, 0);
3370 	ATF_REQUIRE(wpid == fpid);
3371 	ATF_REQUIRE(WIFSTOPPED(status));
3372 	ATF_REQUIRE(WSTOPSIG(status) == SIGKILL);
3373 
3374 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3375 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3376 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGKILL);
3377 
3378 	/* Continue the child ignoring the SIGKILL. */
3379 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3380 
3381 	/* The next wait() should report the stop from SIGSTOP. */
3382 	wpid = waitpid(fpid, &status, 0);
3383 	ATF_REQUIRE(wpid == fpid);
3384 	ATF_REQUIRE(WIFSTOPPED(status));
3385 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3386 
3387 	/* Check the current event mask. It should not have changed. */
3388 	new_event_mask = 0;
3389 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, wpid, (caddr_t)&new_event_mask,
3390 	    sizeof(new_event_mask)) == 0);
3391 	ATF_REQUIRE(event_mask == new_event_mask);
3392 
3393 	/* Continue the child to let it exit. */
3394 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3395 
3396 	/* The last event should be for the child process's exit. */
3397 	wpid = waitpid(fpid, &status, 0);
3398 	ATF_REQUIRE(WIFEXITED(status));
3399 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
3400 
3401 	wpid = wait(&status);
3402 	ATF_REQUIRE(wpid == -1);
3403 	ATF_REQUIRE(errno == ECHILD);
3404 }
3405 
3406 static void *
3407 flock_thread(void *arg)
3408 {
3409 	int fd;
3410 
3411 	fd = *(int *)arg;
3412 	(void)flock(fd, LOCK_EX);
3413 	(void)flock(fd, LOCK_UN);
3414 	return (NULL);
3415 }
3416 
3417 /*
3418  * Verify that PT_ATTACH will suspend threads sleeping in an SBDRY section.
3419  * We rely on the fact that the lockf implementation sets SBDRY before blocking
3420  * on a lock. This is a regression test for r318191.
3421  */
3422 ATF_TC_WITHOUT_HEAD(ptrace__PT_ATTACH_with_SBDRY_thread);
3423 ATF_TC_BODY(ptrace__PT_ATTACH_with_SBDRY_thread, tc)
3424 {
3425 	pthread_barrier_t barrier;
3426 	pthread_barrierattr_t battr;
3427 	char tmpfile[64];
3428 	pid_t child, wpid;
3429 	int error, fd, i, status;
3430 
3431 	ATF_REQUIRE(pthread_barrierattr_init(&battr) == 0);
3432 	ATF_REQUIRE(pthread_barrierattr_setpshared(&battr,
3433 	    PTHREAD_PROCESS_SHARED) == 0);
3434 	ATF_REQUIRE(pthread_barrier_init(&barrier, &battr, 2) == 0);
3435 
3436 	(void)snprintf(tmpfile, sizeof(tmpfile), "./ptrace.XXXXXX");
3437 	fd = mkstemp(tmpfile);
3438 	ATF_REQUIRE(fd >= 0);
3439 
3440 	ATF_REQUIRE((child = fork()) != -1);
3441 	if (child == 0) {
3442 		pthread_t t[2];
3443 		int cfd;
3444 
3445 		error = pthread_barrier_wait(&barrier);
3446 		if (error != 0 && error != PTHREAD_BARRIER_SERIAL_THREAD)
3447 			_exit(1);
3448 
3449 		cfd = open(tmpfile, O_RDONLY);
3450 		if (cfd < 0)
3451 			_exit(1);
3452 
3453 		/*
3454 		 * We want at least two threads blocked on the file lock since
3455 		 * the SIGSTOP from PT_ATTACH may kick one of them out of
3456 		 * sleep.
3457 		 */
3458 		if (pthread_create(&t[0], NULL, flock_thread, &cfd) != 0)
3459 			_exit(1);
3460 		if (pthread_create(&t[1], NULL, flock_thread, &cfd) != 0)
3461 			_exit(1);
3462 		if (pthread_join(t[0], NULL) != 0)
3463 			_exit(1);
3464 		if (pthread_join(t[1], NULL) != 0)
3465 			_exit(1);
3466 		_exit(0);
3467 	}
3468 
3469 	ATF_REQUIRE(flock(fd, LOCK_EX) == 0);
3470 
3471 	error = pthread_barrier_wait(&barrier);
3472 	ATF_REQUIRE(error == 0 || error == PTHREAD_BARRIER_SERIAL_THREAD);
3473 
3474 	/*
3475 	 * Give the child some time to block. Is there a better way to do this?
3476 	 */
3477 	sleep(1);
3478 
3479 	/*
3480 	 * Attach and give the child 3 seconds to stop.
3481 	 */
3482 	ATF_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) == 0);
3483 	for (i = 0; i < 3; i++) {
3484 		wpid = waitpid(child, &status, WNOHANG);
3485 		if (wpid == child && WIFSTOPPED(status) &&
3486 		    WSTOPSIG(status) == SIGSTOP)
3487 			break;
3488 		sleep(1);
3489 	}
3490 	ATF_REQUIRE_MSG(i < 3, "failed to stop child process after PT_ATTACH");
3491 
3492 	ATF_REQUIRE(ptrace(PT_DETACH, child, NULL, 0) == 0);
3493 
3494 	ATF_REQUIRE(flock(fd, LOCK_UN) == 0);
3495 	ATF_REQUIRE(unlink(tmpfile) == 0);
3496 	ATF_REQUIRE(close(fd) == 0);
3497 }
3498 
3499 static void
3500 sigusr1_step_handler(int sig)
3501 {
3502 
3503 	CHILD_REQUIRE(sig == SIGUSR1);
3504 	raise(SIGABRT);
3505 }
3506 
3507 /*
3508  * Verify that PT_STEP with a signal invokes the signal before
3509  * stepping the next instruction (and that the next instruction is
3510  * stepped correctly).
3511  */
3512 ATF_TC_WITHOUT_HEAD(ptrace__PT_STEP_with_signal);
3513 ATF_TC_BODY(ptrace__PT_STEP_with_signal, tc)
3514 {
3515 	struct ptrace_lwpinfo pl;
3516 	pid_t fpid, wpid;
3517 	int status;
3518 
3519 	ATF_REQUIRE((fpid = fork()) != -1);
3520 	if (fpid == 0) {
3521 		trace_me();
3522 		signal(SIGUSR1, sigusr1_step_handler);
3523 		raise(SIGABRT);
3524 		exit(1);
3525 	}
3526 
3527 	/* The first wait() should report the stop from SIGSTOP. */
3528 	wpid = waitpid(fpid, &status, 0);
3529 	ATF_REQUIRE(wpid == fpid);
3530 	ATF_REQUIRE(WIFSTOPPED(status));
3531 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3532 
3533 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3534 
3535 	/* The next stop should report the SIGABRT in the child body. */
3536 	wpid = waitpid(fpid, &status, 0);
3537 	ATF_REQUIRE(wpid == fpid);
3538 	ATF_REQUIRE(WIFSTOPPED(status));
3539 	ATF_REQUIRE(WSTOPSIG(status) == SIGABRT);
3540 
3541 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3542 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3543 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGABRT);
3544 
3545 	/* Step the child process inserting SIGUSR1. */
3546 	ATF_REQUIRE(ptrace(PT_STEP, fpid, (caddr_t)1, SIGUSR1) == 0);
3547 
3548 	/* The next stop should report the SIGABRT in the signal handler. */
3549 	wpid = waitpid(fpid, &status, 0);
3550 	ATF_REQUIRE(wpid == fpid);
3551 	ATF_REQUIRE(WIFSTOPPED(status));
3552 	ATF_REQUIRE(WSTOPSIG(status) == SIGABRT);
3553 
3554 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3555 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3556 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGABRT);
3557 
3558 	/* Continue the child process discarding the signal. */
3559 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3560 
3561 	/* The next stop should report a trace trap from PT_STEP. */
3562 	wpid = waitpid(fpid, &status, 0);
3563 	ATF_REQUIRE(wpid == fpid);
3564 	ATF_REQUIRE(WIFSTOPPED(status));
3565 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
3566 
3567 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3568 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3569 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGTRAP);
3570 	ATF_REQUIRE(pl.pl_siginfo.si_code == TRAP_TRACE);
3571 
3572 	/* Continue the child to let it exit. */
3573 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3574 
3575 	/* The last event should be for the child process's exit. */
3576 	wpid = waitpid(fpid, &status, 0);
3577 	ATF_REQUIRE(WIFEXITED(status));
3578 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
3579 
3580 	wpid = wait(&status);
3581 	ATF_REQUIRE(wpid == -1);
3582 	ATF_REQUIRE(errno == ECHILD);
3583 }
3584 
3585 #ifdef HAVE_BREAKPOINT
3586 /*
3587  * Verify that a SIGTRAP event with the TRAP_BRKPT code is reported
3588  * for a breakpoint trap.
3589  */
3590 ATF_TC_WITHOUT_HEAD(ptrace__breakpoint_siginfo);
3591 ATF_TC_BODY(ptrace__breakpoint_siginfo, tc)
3592 {
3593 	struct ptrace_lwpinfo pl;
3594 	pid_t fpid, wpid;
3595 	int status;
3596 
3597 	ATF_REQUIRE((fpid = fork()) != -1);
3598 	if (fpid == 0) {
3599 		trace_me();
3600 		breakpoint();
3601 		exit(1);
3602 	}
3603 
3604 	/* The first wait() should report the stop from SIGSTOP. */
3605 	wpid = waitpid(fpid, &status, 0);
3606 	ATF_REQUIRE(wpid == fpid);
3607 	ATF_REQUIRE(WIFSTOPPED(status));
3608 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3609 
3610 	/* Continue the child ignoring the SIGSTOP. */
3611 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3612 
3613 	/* The second wait() should report hitting the breakpoint. */
3614 	wpid = waitpid(fpid, &status, 0);
3615 	ATF_REQUIRE(wpid == fpid);
3616 	ATF_REQUIRE(WIFSTOPPED(status));
3617 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
3618 
3619 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3620 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3621 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGTRAP);
3622 	ATF_REQUIRE(pl.pl_siginfo.si_code == TRAP_BRKPT);
3623 
3624 	/* Kill the child process. */
3625 	ATF_REQUIRE(ptrace(PT_KILL, fpid, 0, 0) == 0);
3626 
3627 	/* The last wait() should report the SIGKILL. */
3628 	wpid = waitpid(fpid, &status, 0);
3629 	ATF_REQUIRE(wpid == fpid);
3630 	ATF_REQUIRE(WIFSIGNALED(status));
3631 	ATF_REQUIRE(WTERMSIG(status) == SIGKILL);
3632 
3633 	wpid = wait(&status);
3634 	ATF_REQUIRE(wpid == -1);
3635 	ATF_REQUIRE(errno == ECHILD);
3636 }
3637 #endif /* HAVE_BREAKPOINT */
3638 
3639 /*
3640  * Verify that a SIGTRAP event with the TRAP_TRACE code is reported
3641  * for a single-step trap from PT_STEP.
3642  */
3643 ATF_TC_WITHOUT_HEAD(ptrace__step_siginfo);
3644 ATF_TC_BODY(ptrace__step_siginfo, tc)
3645 {
3646 	struct ptrace_lwpinfo pl;
3647 	pid_t fpid, wpid;
3648 	int status;
3649 
3650 	ATF_REQUIRE((fpid = fork()) != -1);
3651 	if (fpid == 0) {
3652 		trace_me();
3653 		exit(1);
3654 	}
3655 
3656 	/* The first wait() should report the stop from SIGSTOP. */
3657 	wpid = waitpid(fpid, &status, 0);
3658 	ATF_REQUIRE(wpid == fpid);
3659 	ATF_REQUIRE(WIFSTOPPED(status));
3660 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3661 
3662 	/* Step the child ignoring the SIGSTOP. */
3663 	ATF_REQUIRE(ptrace(PT_STEP, fpid, (caddr_t)1, 0) == 0);
3664 
3665 	/* The second wait() should report a single-step trap. */
3666 	wpid = waitpid(fpid, &status, 0);
3667 	ATF_REQUIRE(wpid == fpid);
3668 	ATF_REQUIRE(WIFSTOPPED(status));
3669 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
3670 
3671 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3672 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3673 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGTRAP);
3674 	ATF_REQUIRE(pl.pl_siginfo.si_code == TRAP_TRACE);
3675 
3676 	/* Continue the child process. */
3677 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3678 
3679 	/* The last event should be for the child process's exit. */
3680 	wpid = waitpid(fpid, &status, 0);
3681 	ATF_REQUIRE(WIFEXITED(status));
3682 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
3683 
3684 	wpid = wait(&status);
3685 	ATF_REQUIRE(wpid == -1);
3686 	ATF_REQUIRE(errno == ECHILD);
3687 }
3688 
3689 #if defined(HAVE_BREAKPOINT) && defined(SKIP_BREAK)
3690 static void *
3691 continue_thread(void *arg __unused)
3692 {
3693 	breakpoint();
3694 	return (NULL);
3695 }
3696 
3697 static __dead2 void
3698 continue_thread_main(void)
3699 {
3700 	pthread_t threads[2];
3701 
3702 	CHILD_REQUIRE(pthread_create(&threads[0], NULL, continue_thread,
3703 	    NULL) == 0);
3704 	CHILD_REQUIRE(pthread_create(&threads[1], NULL, continue_thread,
3705 	    NULL) == 0);
3706 	CHILD_REQUIRE(pthread_join(threads[0], NULL) == 0);
3707 	CHILD_REQUIRE(pthread_join(threads[1], NULL) == 0);
3708 	exit(1);
3709 }
3710 
3711 /*
3712  * Ensure that PT_CONTINUE clears the status of the thread that
3713  * triggered the stop even if a different thread's LWP was passed to
3714  * PT_CONTINUE.
3715  */
3716 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_different_thread);
3717 ATF_TC_BODY(ptrace__PT_CONTINUE_different_thread, tc)
3718 {
3719 	struct ptrace_lwpinfo pl;
3720 	pid_t fpid, wpid;
3721 	lwpid_t lwps[2];
3722 	bool hit_break[2];
3723 	struct reg reg;
3724 	int i, j, status;
3725 
3726 	ATF_REQUIRE((fpid = fork()) != -1);
3727 	if (fpid == 0) {
3728 		trace_me();
3729 		continue_thread_main();
3730 	}
3731 
3732 	/* The first wait() should report the stop from SIGSTOP. */
3733 	wpid = waitpid(fpid, &status, 0);
3734 	ATF_REQUIRE(wpid == fpid);
3735 	ATF_REQUIRE(WIFSTOPPED(status));
3736 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3737 
3738 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
3739 	    sizeof(pl)) != -1);
3740 
3741 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, wpid, NULL, 1) == 0);
3742 
3743 	/* Continue the child ignoring the SIGSTOP. */
3744 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3745 
3746 	/* One of the new threads should report it's birth. */
3747 	wpid = waitpid(fpid, &status, 0);
3748 	ATF_REQUIRE(wpid == fpid);
3749 	ATF_REQUIRE(WIFSTOPPED(status));
3750 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
3751 
3752 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3753 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)) ==
3754 	    (PL_FLAG_BORN | PL_FLAG_SCX));
3755 	lwps[0] = pl.pl_lwpid;
3756 
3757 	/*
3758 	 * Suspend this thread to ensure both threads are alive before
3759 	 * hitting the breakpoint.
3760 	 */
3761 	ATF_REQUIRE(ptrace(PT_SUSPEND, lwps[0], NULL, 0) != -1);
3762 
3763 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3764 
3765 	/* Second thread should report it's birth. */
3766 	wpid = waitpid(fpid, &status, 0);
3767 	ATF_REQUIRE(wpid == fpid);
3768 	ATF_REQUIRE(WIFSTOPPED(status));
3769 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
3770 
3771 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3772 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)) ==
3773 	    (PL_FLAG_BORN | PL_FLAG_SCX));
3774 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
3775 	lwps[1] = pl.pl_lwpid;
3776 
3777 	/* Resume both threads waiting for breakpoint events. */
3778 	hit_break[0] = hit_break[1] = false;
3779 	ATF_REQUIRE(ptrace(PT_RESUME, lwps[0], NULL, 0) != -1);
3780 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3781 
3782 	/* One thread should report a breakpoint. */
3783 	wpid = waitpid(fpid, &status, 0);
3784 	ATF_REQUIRE(wpid == fpid);
3785 	ATF_REQUIRE(WIFSTOPPED(status));
3786 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
3787 
3788 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3789 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3790 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGTRAP &&
3791 	    pl.pl_siginfo.si_code == TRAP_BRKPT);
3792 	if (pl.pl_lwpid == lwps[0])
3793 		i = 0;
3794 	else
3795 		i = 1;
3796 	hit_break[i] = true;
3797 	ATF_REQUIRE(ptrace(PT_GETREGS, pl.pl_lwpid, (caddr_t)&reg, 0) != -1);
3798 	SKIP_BREAK(&reg);
3799 	ATF_REQUIRE(ptrace(PT_SETREGS, pl.pl_lwpid, (caddr_t)&reg, 0) != -1);
3800 
3801 	/*
3802 	 * Resume both threads but pass the other thread's LWPID to
3803 	 * PT_CONTINUE.
3804 	 */
3805 	ATF_REQUIRE(ptrace(PT_CONTINUE, lwps[i ^ 1], (caddr_t)1, 0) == 0);
3806 
3807 	/*
3808 	 * Will now get two thread exit events and one more breakpoint
3809 	 * event.
3810 	 */
3811 	for (j = 0; j < 3; j++) {
3812 		wpid = waitpid(fpid, &status, 0);
3813 		ATF_REQUIRE(wpid == fpid);
3814 		ATF_REQUIRE(WIFSTOPPED(status));
3815 		ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
3816 
3817 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
3818 		    sizeof(pl)) != -1);
3819 
3820 		if (pl.pl_lwpid == lwps[0])
3821 			i = 0;
3822 		else
3823 			i = 1;
3824 
3825 		ATF_REQUIRE_MSG(lwps[i] != 0, "event for exited thread");
3826 		if (pl.pl_flags & PL_FLAG_EXITED) {
3827 			ATF_REQUIRE_MSG(hit_break[i],
3828 			    "exited thread did not report breakpoint");
3829 			lwps[i] = 0;
3830 		} else {
3831 			ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3832 			ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGTRAP &&
3833 			    pl.pl_siginfo.si_code == TRAP_BRKPT);
3834 			ATF_REQUIRE_MSG(!hit_break[i],
3835 			    "double breakpoint event");
3836 			hit_break[i] = true;
3837 			ATF_REQUIRE(ptrace(PT_GETREGS, pl.pl_lwpid, (caddr_t)&reg,
3838 			    0) != -1);
3839 			SKIP_BREAK(&reg);
3840 			ATF_REQUIRE(ptrace(PT_SETREGS, pl.pl_lwpid, (caddr_t)&reg,
3841 			    0) != -1);
3842 		}
3843 
3844 		ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3845 	}
3846 
3847 	/* Both threads should have exited. */
3848 	ATF_REQUIRE(lwps[0] == 0);
3849 	ATF_REQUIRE(lwps[1] == 0);
3850 
3851 	/* The last event should be for the child process's exit. */
3852 	wpid = waitpid(fpid, &status, 0);
3853 	ATF_REQUIRE(WIFEXITED(status));
3854 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
3855 
3856 	wpid = wait(&status);
3857 	ATF_REQUIRE(wpid == -1);
3858 	ATF_REQUIRE(errno == ECHILD);
3859 }
3860 #endif
3861 
3862 /*
3863  * Verify that PT_LWPINFO doesn't return stale siginfo.
3864  */
3865 ATF_TC_WITHOUT_HEAD(ptrace__PT_LWPINFO_stale_siginfo);
3866 ATF_TC_BODY(ptrace__PT_LWPINFO_stale_siginfo, tc)
3867 {
3868 	struct ptrace_lwpinfo pl;
3869 	pid_t fpid, wpid;
3870 	int events, status;
3871 
3872 	ATF_REQUIRE((fpid = fork()) != -1);
3873 	if (fpid == 0) {
3874 		trace_me();
3875 		raise(SIGABRT);
3876 		exit(1);
3877 	}
3878 
3879 	/* The first wait() should report the stop from SIGSTOP. */
3880 	wpid = waitpid(fpid, &status, 0);
3881 	ATF_REQUIRE(wpid == fpid);
3882 	ATF_REQUIRE(WIFSTOPPED(status));
3883 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3884 
3885 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3886 
3887 	/* The next stop should report the SIGABRT in the child body. */
3888 	wpid = waitpid(fpid, &status, 0);
3889 	ATF_REQUIRE(wpid == fpid);
3890 	ATF_REQUIRE(WIFSTOPPED(status));
3891 	ATF_REQUIRE(WSTOPSIG(status) == SIGABRT);
3892 
3893 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3894 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3895 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGABRT);
3896 
3897 	/*
3898 	 * Continue the process ignoring the signal, but enabling
3899 	 * syscall traps.
3900 	 */
3901 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
3902 
3903 	/*
3904 	 * The next stop should report a system call entry from
3905 	 * exit().  PL_FLAGS_SI should not be set.
3906 	 */
3907 	wpid = waitpid(fpid, &status, 0);
3908 	ATF_REQUIRE(wpid == fpid);
3909 	ATF_REQUIRE(WIFSTOPPED(status));
3910 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
3911 
3912 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3913 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
3914 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) == 0);
3915 
3916 	/* Disable syscall tracing and continue the child to let it exit. */
3917 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
3918 	    sizeof(events)) == 0);
3919 	events &= ~PTRACE_SYSCALL;
3920 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
3921 	    sizeof(events)) == 0);
3922 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3923 
3924 	/* The last event should be for the child process's exit. */
3925 	wpid = waitpid(fpid, &status, 0);
3926 	ATF_REQUIRE(WIFEXITED(status));
3927 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
3928 
3929 	wpid = wait(&status);
3930 	ATF_REQUIRE(wpid == -1);
3931 	ATF_REQUIRE(errno == ECHILD);
3932 }
3933 
3934 /*
3935  * A simple test of PT_GET_SC_ARGS and PT_GET_SC_RET.
3936  */
3937 ATF_TC_WITHOUT_HEAD(ptrace__syscall_args);
3938 ATF_TC_BODY(ptrace__syscall_args, tc)
3939 {
3940 	struct ptrace_lwpinfo pl;
3941 	struct ptrace_sc_ret psr;
3942 	pid_t fpid, wpid;
3943 	register_t args[2];
3944 	int events, status;
3945 
3946 	ATF_REQUIRE((fpid = fork()) != -1);
3947 	if (fpid == 0) {
3948 		trace_me();
3949 		kill(getpid(), 0);
3950 		close(3);
3951 		exit(1);
3952 	}
3953 
3954 	/* The first wait() should report the stop from SIGSTOP. */
3955 	wpid = waitpid(fpid, &status, 0);
3956 	ATF_REQUIRE(wpid == fpid);
3957 	ATF_REQUIRE(WIFSTOPPED(status));
3958 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3959 
3960 	/*
3961 	 * Continue the process ignoring the signal, but enabling
3962 	 * syscall traps.
3963 	 */
3964 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
3965 
3966 	/*
3967 	 * The next stop should be the syscall entry from getpid().
3968 	 */
3969 	wpid = waitpid(fpid, &status, 0);
3970 	ATF_REQUIRE(wpid == fpid);
3971 	ATF_REQUIRE(WIFSTOPPED(status));
3972 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
3973 
3974 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3975 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
3976 	ATF_REQUIRE(pl.pl_syscall_code == SYS_getpid);
3977 
3978 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3979 
3980 	/*
3981 	 * The next stop should be the syscall exit from getpid().
3982 	 */
3983 	wpid = waitpid(fpid, &status, 0);
3984 	ATF_REQUIRE(wpid == fpid);
3985 	ATF_REQUIRE(WIFSTOPPED(status));
3986 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
3987 
3988 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3989 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
3990 	ATF_REQUIRE(pl.pl_syscall_code == SYS_getpid);
3991 
3992 	ATF_REQUIRE(ptrace(PT_GET_SC_RET, wpid, (caddr_t)&psr,
3993 	    sizeof(psr)) != -1);
3994 	ATF_REQUIRE(psr.sr_error == 0);
3995 	ATF_REQUIRE(psr.sr_retval[0] == wpid);
3996 
3997 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3998 
3999 	/*
4000 	 * The next stop should be the syscall entry from kill().
4001 	 */
4002 	wpid = waitpid(fpid, &status, 0);
4003 	ATF_REQUIRE(wpid == fpid);
4004 	ATF_REQUIRE(WIFSTOPPED(status));
4005 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
4006 
4007 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4008 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
4009 	ATF_REQUIRE(pl.pl_syscall_code == SYS_kill);
4010 	ATF_REQUIRE(pl.pl_syscall_narg == 2);
4011 
4012 	ATF_REQUIRE(ptrace(PT_GET_SC_ARGS, wpid, (caddr_t)args,
4013 	    sizeof(args)) != -1);
4014 	ATF_REQUIRE(args[0] == wpid);
4015 	ATF_REQUIRE(args[1] == 0);
4016 
4017 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
4018 
4019 	/*
4020 	 * The next stop should be the syscall exit from kill().
4021 	 */
4022 	wpid = waitpid(fpid, &status, 0);
4023 	ATF_REQUIRE(wpid == fpid);
4024 	ATF_REQUIRE(WIFSTOPPED(status));
4025 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
4026 
4027 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4028 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
4029 	ATF_REQUIRE(pl.pl_syscall_code == SYS_kill);
4030 
4031 	ATF_REQUIRE(ptrace(PT_GET_SC_RET, wpid, (caddr_t)&psr,
4032 	    sizeof(psr)) != -1);
4033 	ATF_REQUIRE(psr.sr_error == 0);
4034 
4035 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
4036 
4037 	/*
4038 	 * The next stop should be the syscall entry from close().
4039 	 */
4040 	wpid = waitpid(fpid, &status, 0);
4041 	ATF_REQUIRE(wpid == fpid);
4042 	ATF_REQUIRE(WIFSTOPPED(status));
4043 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
4044 
4045 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4046 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
4047 	ATF_REQUIRE(pl.pl_syscall_code == SYS_close);
4048 	ATF_REQUIRE(pl.pl_syscall_narg == 1);
4049 
4050 	ATF_REQUIRE(ptrace(PT_GET_SC_ARGS, wpid, (caddr_t)args,
4051 	    sizeof(args)) != -1);
4052 	ATF_REQUIRE(args[0] == 3);
4053 
4054 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
4055 
4056 	/*
4057 	 * The next stop should be the syscall exit from close().
4058 	 */
4059 	wpid = waitpid(fpid, &status, 0);
4060 	ATF_REQUIRE(wpid == fpid);
4061 	ATF_REQUIRE(WIFSTOPPED(status));
4062 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
4063 
4064 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4065 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
4066 	ATF_REQUIRE(pl.pl_syscall_code == SYS_close);
4067 
4068 	ATF_REQUIRE(ptrace(PT_GET_SC_RET, wpid, (caddr_t)&psr,
4069 	    sizeof(psr)) != -1);
4070 	ATF_REQUIRE(psr.sr_error == EBADF);
4071 
4072 	/* Disable syscall tracing and continue the child to let it exit. */
4073 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
4074 	    sizeof(events)) == 0);
4075 	events &= ~PTRACE_SYSCALL;
4076 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
4077 	    sizeof(events)) == 0);
4078 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
4079 
4080 	/* The last event should be for the child process's exit. */
4081 	wpid = waitpid(fpid, &status, 0);
4082 	ATF_REQUIRE(WIFEXITED(status));
4083 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
4084 
4085 	wpid = wait(&status);
4086 	ATF_REQUIRE(wpid == -1);
4087 	ATF_REQUIRE(errno == ECHILD);
4088 }
4089 
4090 /*
4091  * Verify that when the process is traced that it isn't reparent
4092  * to the init process when we close all process descriptors.
4093  */
4094 ATF_TC(ptrace__proc_reparent);
4095 ATF_TC_HEAD(ptrace__proc_reparent, tc)
4096 {
4097 
4098 	atf_tc_set_md_var(tc, "timeout", "2");
4099 }
4100 ATF_TC_BODY(ptrace__proc_reparent, tc)
4101 {
4102 	pid_t traced, debuger, wpid;
4103 	int pd, status;
4104 
4105 	traced = pdfork(&pd, 0);
4106 	ATF_REQUIRE(traced >= 0);
4107 	if (traced == 0) {
4108 		raise(SIGSTOP);
4109 		exit(0);
4110 	}
4111 	ATF_REQUIRE(pd >= 0);
4112 
4113 	debuger = fork();
4114 	ATF_REQUIRE(debuger >= 0);
4115 	if (debuger == 0) {
4116 		/* The traced process is reparented to debuger. */
4117 		ATF_REQUIRE(ptrace(PT_ATTACH, traced, 0, 0) == 0);
4118 		wpid = waitpid(traced, &status, 0);
4119 		ATF_REQUIRE(wpid == traced);
4120 		ATF_REQUIRE(WIFSTOPPED(status));
4121 		ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
4122 		ATF_REQUIRE(close(pd) == 0);
4123 		ATF_REQUIRE(ptrace(PT_DETACH, traced, (caddr_t)1, 0) == 0);
4124 
4125 		/* We closed pd so we should not have any child. */
4126 		wpid = wait(&status);
4127 		ATF_REQUIRE(wpid == -1);
4128 		ATF_REQUIRE(errno == ECHILD);
4129 
4130 		exit(0);
4131 	}
4132 
4133 	ATF_REQUIRE(close(pd) == 0);
4134 	wpid = waitpid(debuger, &status, 0);
4135 	ATF_REQUIRE(wpid == debuger);
4136 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
4137 
4138 	/* Check if we still have any child. */
4139 	wpid = wait(&status);
4140 	ATF_REQUIRE(wpid == -1);
4141 	ATF_REQUIRE(errno == ECHILD);
4142 }
4143 
4144 /*
4145  * Ensure that traced processes created with pdfork(2) are visible to
4146  * waitid(P_ALL).
4147  */
4148 ATF_TC_WITHOUT_HEAD(ptrace__procdesc_wait_child);
4149 ATF_TC_BODY(ptrace__procdesc_wait_child, tc)
4150 {
4151 	pid_t child, wpid;
4152 	int pd, status;
4153 
4154 	child = pdfork(&pd, 0);
4155 	ATF_REQUIRE(child >= 0);
4156 
4157 	if (child == 0) {
4158 		trace_me();
4159 		(void)raise(SIGSTOP);
4160 		exit(0);
4161 	}
4162 
4163 	wpid = waitpid(child, &status, 0);
4164 	ATF_REQUIRE(wpid == child);
4165 	ATF_REQUIRE(WIFSTOPPED(status));
4166 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
4167 
4168 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
4169 
4170 	wpid = wait(&status);
4171 	ATF_REQUIRE(wpid == child);
4172 	ATF_REQUIRE(WIFSTOPPED(status));
4173 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
4174 
4175 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
4176 
4177 	/*
4178 	 * If process was created by pdfork, the return code have to
4179 	 * be collected through process descriptor.
4180 	 */
4181 	wpid = wait(&status);
4182 	ATF_REQUIRE(wpid == -1);
4183 	ATF_REQUIRE(errno == ECHILD);
4184 
4185 	ATF_REQUIRE(close(pd) != -1);
4186 }
4187 
4188 /*
4189  * Ensure that traced processes created with pdfork(2) are not visible
4190  * after returning to parent - waitid(P_ALL).
4191  */
4192 ATF_TC_WITHOUT_HEAD(ptrace__procdesc_reparent_wait_child);
4193 ATF_TC_BODY(ptrace__procdesc_reparent_wait_child, tc)
4194 {
4195 	pid_t traced, debuger, wpid;
4196 	int pd, status;
4197 
4198 	if (atf_tc_get_config_var_as_bool_wd(tc, "ci", false))
4199 		atf_tc_skip("https://bugs.freebsd.org/243605");
4200 
4201 	traced = pdfork(&pd, 0);
4202 	ATF_REQUIRE(traced >= 0);
4203 	if (traced == 0) {
4204 		raise(SIGSTOP);
4205 		exit(0);
4206 	}
4207 	ATF_REQUIRE(pd >= 0);
4208 
4209 	debuger = fork();
4210 	ATF_REQUIRE(debuger >= 0);
4211 	if (debuger == 0) {
4212 		/* The traced process is reparented to debuger. */
4213 		ATF_REQUIRE(ptrace(PT_ATTACH, traced, 0, 0) == 0);
4214 		wpid = waitpid(traced, &status, 0);
4215 		ATF_REQUIRE(wpid == traced);
4216 		ATF_REQUIRE(WIFSTOPPED(status));
4217 		ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
4218 
4219 		/* Allow process to die. */
4220 		ATF_REQUIRE(ptrace(PT_CONTINUE, traced, (caddr_t)1, 0) == 0);
4221 		wpid = waitpid(traced, &status, 0);
4222 		ATF_REQUIRE(wpid == traced);
4223 		ATF_REQUIRE(WIFEXITED(status));
4224 		ATF_REQUIRE(WEXITSTATUS(status) == 0);
4225 
4226 		/* Reparent back to the orginal process. */
4227 		ATF_REQUIRE(close(pd) == 0);
4228 		exit(0);
4229 	}
4230 
4231 	wpid = waitpid(debuger, &status, 0);
4232 	ATF_REQUIRE(wpid == debuger);
4233 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
4234 
4235 	/*
4236 	 * We have a child but it has a process descriptori
4237 	 * so we should not be able to collect it process.
4238 	 */
4239 	wpid = wait(&status);
4240 	ATF_REQUIRE(wpid == -1);
4241 	ATF_REQUIRE(errno == ECHILD);
4242 
4243 	ATF_REQUIRE(close(pd) == 0);
4244 }
4245 
4246 ATF_TP_ADD_TCS(tp)
4247 {
4248 
4249 	ATF_TP_ADD_TC(tp, ptrace__parent_wait_after_trace_me);
4250 	ATF_TP_ADD_TC(tp, ptrace__parent_wait_after_attach);
4251 	ATF_TP_ADD_TC(tp, ptrace__parent_sees_exit_after_child_debugger);
4252 	ATF_TP_ADD_TC(tp, ptrace__parent_sees_exit_after_unrelated_debugger);
4253 	ATF_TP_ADD_TC(tp, ptrace__parent_exits_before_child);
4254 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_both_attached);
4255 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_child_detached);
4256 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_parent_detached);
4257 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_both_attached_unrelated_debugger);
4258 	ATF_TP_ADD_TC(tp,
4259 	    ptrace__follow_fork_child_detached_unrelated_debugger);
4260 	ATF_TP_ADD_TC(tp,
4261 	    ptrace__follow_fork_parent_detached_unrelated_debugger);
4262 	ATF_TP_ADD_TC(tp, ptrace__getppid);
4263 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_fork);
4264 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_vfork);
4265 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_thread);
4266 	ATF_TP_ADD_TC(tp, ptrace__lwp_events);
4267 	ATF_TP_ADD_TC(tp, ptrace__lwp_events_exec);
4268 	ATF_TP_ADD_TC(tp, ptrace__siginfo);
4269 	ATF_TP_ADD_TC(tp, ptrace__ptrace_exec_disable);
4270 	ATF_TP_ADD_TC(tp, ptrace__ptrace_exec_enable);
4271 	ATF_TP_ADD_TC(tp, ptrace__event_mask);
4272 	ATF_TP_ADD_TC(tp, ptrace__ptrace_vfork);
4273 	ATF_TP_ADD_TC(tp, ptrace__ptrace_vfork_follow);
4274 #ifdef HAVE_BREAKPOINT
4275 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_breakpoint);
4276 #endif
4277 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_system_call);
4278 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_threads);
4279 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_competing_signal);
4280 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_competing_stop);
4281 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_with_signal_full_sigqueue);
4282 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_system_call_entry);
4283 	ATF_TP_ADD_TC(tp,
4284 	    ptrace__PT_CONTINUE_with_signal_system_call_entry_and_exit);
4285 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_full_sigqueue);
4286 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_masked_full_sigqueue);
4287 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_change_sig);
4288 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_sigtrap_system_call_entry);
4289 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_mix);
4290 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_kqueue);
4291 	ATF_TP_ADD_TC(tp, ptrace__killed_with_sigmask);
4292 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_sigmask);
4293 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_thread_sigmask);
4294 	ATF_TP_ADD_TC(tp, ptrace__parent_terminate_with_pending_sigstop1);
4295 	ATF_TP_ADD_TC(tp, ptrace__parent_terminate_with_pending_sigstop2);
4296 	ATF_TP_ADD_TC(tp, ptrace__event_mask_sigkill_discard);
4297 	ATF_TP_ADD_TC(tp, ptrace__PT_ATTACH_with_SBDRY_thread);
4298 	ATF_TP_ADD_TC(tp, ptrace__PT_STEP_with_signal);
4299 #ifdef HAVE_BREAKPOINT
4300 	ATF_TP_ADD_TC(tp, ptrace__breakpoint_siginfo);
4301 #endif
4302 	ATF_TP_ADD_TC(tp, ptrace__step_siginfo);
4303 #if defined(HAVE_BREAKPOINT) && defined(SKIP_BREAK)
4304 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_different_thread);
4305 #endif
4306 	ATF_TP_ADD_TC(tp, ptrace__PT_LWPINFO_stale_siginfo);
4307 	ATF_TP_ADD_TC(tp, ptrace__syscall_args);
4308 	ATF_TP_ADD_TC(tp, ptrace__proc_reparent);
4309 	ATF_TP_ADD_TC(tp, ptrace__procdesc_wait_child);
4310 	ATF_TP_ADD_TC(tp, ptrace__procdesc_reparent_wait_child);
4311 
4312 	return (atf_no_error());
4313 }
4314