xref: /freebsd/tests/sys/kern/ptrace_test.c (revision 489ba2223676ec251ab1bfe2906d2a62959c8ce3)
1 /*-
2  * Copyright (c) 2015 John Baldwin <jhb@FreeBSD.org>
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23  * SUCH DAMAGE.
24  */
25 
26 #include <sys/cdefs.h>
27 __FBSDID("$FreeBSD$");
28 
29 #include <sys/types.h>
30 #include <sys/cpuset.h>
31 #include <sys/elf.h>
32 #include <sys/event.h>
33 #include <sys/file.h>
34 #include <sys/time.h>
35 #include <sys/procctl.h>
36 #include <sys/procdesc.h>
37 #define	_WANT_MIPS_REGNUM
38 #include <sys/ptrace.h>
39 #include <sys/procfs.h>
40 #include <sys/queue.h>
41 #include <sys/runq.h>
42 #include <sys/syscall.h>
43 #include <sys/sysctl.h>
44 #include <sys/user.h>
45 #include <sys/wait.h>
46 #include <errno.h>
47 #include <machine/cpufunc.h>
48 #include <pthread.h>
49 #include <sched.h>
50 #include <semaphore.h>
51 #include <signal.h>
52 #include <stdarg.h>
53 #include <stdio.h>
54 #include <stdlib.h>
55 #include <unistd.h>
56 #include <atf-c.h>
57 
58 /*
59  * Architectures with a user-visible breakpoint().
60  */
61 #if defined(__aarch64__) || defined(__amd64__) || defined(__arm__) ||	\
62     defined(__i386__) || defined(__mips__) || defined(__riscv) ||	\
63     defined(__sparc64__)
64 #define	HAVE_BREAKPOINT
65 #endif
66 
67 /*
68  * Adjust PC to skip over a breakpoint when stopped for a breakpoint trap.
69  */
70 #ifdef HAVE_BREAKPOINT
71 #if defined(__aarch64__)
72 #define	SKIP_BREAK(reg)	((reg)->elr += 4)
73 #elif defined(__amd64__) || defined(__i386__)
74 #define	SKIP_BREAK(reg)
75 #elif defined(__arm__)
76 #define	SKIP_BREAK(reg)	((reg)->r_pc += 4)
77 #elif defined(__mips__)
78 #define	SKIP_BREAK(reg)	((reg)->r_regs[PC] += 4)
79 #elif defined(__riscv)
80 #define	SKIP_BREAK(reg)	((reg)->sepc += 4)
81 #elif defined(__sparc64__)
82 #define	SKIP_BREAK(reg)	do {						\
83 	(reg)->r_tpc = (reg)->r_tnpc + 4;				\
84 	(reg)->r_tnpc += 8;						\
85 } while (0)
86 #endif
87 #endif
88 
89 /*
90  * A variant of ATF_REQUIRE that is suitable for use in child
91  * processes.  This only works if the parent process is tripped up by
92  * the early exit and fails some requirement itself.
93  */
94 #define	CHILD_REQUIRE(exp) do {				\
95 	if (!(exp))					\
96 		child_fail_require(__FILE__, __LINE__,	\
97 		    #exp " not met\n");			\
98 } while (0)
99 
100 #define	CHILD_REQUIRE_EQ(actual, expected) do {			\
101 	__typeof__(expected) _e = expected;			\
102 	__typeof__(actual) _a = actual;				\
103 	if (_e != _a)						\
104 		child_fail_require(__FILE__, __LINE__, #actual	\
105 		    " (%jd) == " #expected " (%jd) not met\n",	\
106 		    (intmax_t)_a, (intmax_t)_e);		\
107 } while (0)
108 
109 static __dead2 void
110 child_fail_require(const char *file, int line, const char *fmt, ...)
111 {
112 	va_list ap;
113 	char buf[1024];
114 
115 	/* Use write() not fprintf() to avoid possible duplicate output. */
116 	snprintf(buf, sizeof(buf), "%s:%d: ", file, line);
117 	write(STDERR_FILENO, buf, strlen(buf));
118 	va_start(ap, fmt);
119 	vsnprintf(buf, sizeof(buf), fmt, ap);
120 	write(STDERR_FILENO, buf, strlen(buf));
121 	va_end(ap);
122 
123 	_exit(32);
124 }
125 
126 #define	REQUIRE_EQ(actual, expected) do {				\
127 	__typeof__(expected) _e = expected;				\
128 	__typeof__(actual) _a = actual;					\
129 	ATF_REQUIRE_MSG(_e == _a, #actual " (%jd) == "			\
130 	    #expected " (%jd) not met", (intmax_t)_a, (intmax_t)_e);	\
131 } while (0)
132 
133 static void
134 trace_me(void)
135 {
136 
137 	/* Attach the parent process as a tracer of this process. */
138 	CHILD_REQUIRE(ptrace(PT_TRACE_ME, 0, NULL, 0) != -1);
139 
140 	/* Trigger a stop. */
141 	raise(SIGSTOP);
142 }
143 
144 static void
145 attach_child(pid_t pid)
146 {
147 	pid_t wpid;
148 	int status;
149 
150 	REQUIRE_EQ(ptrace(PT_ATTACH, pid, NULL, 0), 0);
151 
152 	wpid = waitpid(pid, &status, 0);
153 	REQUIRE_EQ(wpid, pid);
154 	ATF_REQUIRE(WIFSTOPPED(status));
155 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
156 }
157 
158 static void
159 wait_for_zombie(pid_t pid)
160 {
161 
162 	/*
163 	 * Wait for a process to exit.  This is kind of gross, but
164 	 * there is not a better way.
165 	 *
166 	 * Prior to r325719, the kern.proc.pid.<pid> sysctl failed
167 	 * with ESRCH.  After that change, a valid struct kinfo_proc
168 	 * is returned for zombies with ki_stat set to SZOMB.
169 	 */
170 	for (;;) {
171 		struct kinfo_proc kp;
172 		size_t len;
173 		int mib[4];
174 
175 		mib[0] = CTL_KERN;
176 		mib[1] = KERN_PROC;
177 		mib[2] = KERN_PROC_PID;
178 		mib[3] = pid;
179 		len = sizeof(kp);
180 		if (sysctl(mib, nitems(mib), &kp, &len, NULL, 0) == -1) {
181 			REQUIRE_EQ(errno, ESRCH);
182 			break;
183 		}
184 		if (kp.ki_stat == SZOMB)
185 			break;
186 		usleep(5000);
187 	}
188 }
189 
190 /*
191  * Verify that a parent debugger process "sees" the exit of a debugged
192  * process exactly once when attached via PT_TRACE_ME.
193  */
194 ATF_TC_WITHOUT_HEAD(ptrace__parent_wait_after_trace_me);
195 ATF_TC_BODY(ptrace__parent_wait_after_trace_me, tc)
196 {
197 	pid_t child, wpid;
198 	int status;
199 
200 	ATF_REQUIRE((child = fork()) != -1);
201 	if (child == 0) {
202 		/* Child process. */
203 		trace_me();
204 
205 		_exit(1);
206 	}
207 
208 	/* Parent process. */
209 
210 	/* The first wait() should report the stop from SIGSTOP. */
211 	wpid = waitpid(child, &status, 0);
212 	REQUIRE_EQ(wpid, child);
213 	ATF_REQUIRE(WIFSTOPPED(status));
214 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
215 
216 	/* Continue the child ignoring the SIGSTOP. */
217 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
218 
219 	/* The second wait() should report the exit status. */
220 	wpid = waitpid(child, &status, 0);
221 	REQUIRE_EQ(wpid, child);
222 	ATF_REQUIRE(WIFEXITED(status));
223 	REQUIRE_EQ(WEXITSTATUS(status), 1);
224 
225 	/* The child should no longer exist. */
226 	wpid = waitpid(child, &status, 0);
227 	REQUIRE_EQ(wpid, -1);
228 	REQUIRE_EQ(errno, ECHILD);
229 }
230 
231 /*
232  * Verify that a parent debugger process "sees" the exit of a debugged
233  * process exactly once when attached via PT_ATTACH.
234  */
235 ATF_TC_WITHOUT_HEAD(ptrace__parent_wait_after_attach);
236 ATF_TC_BODY(ptrace__parent_wait_after_attach, tc)
237 {
238 	pid_t child, wpid;
239 	int cpipe[2], status;
240 	char c;
241 
242 	REQUIRE_EQ(pipe(cpipe), 0);
243 	ATF_REQUIRE((child = fork()) != -1);
244 	if (child == 0) {
245 		/* Child process. */
246 		close(cpipe[0]);
247 
248 		/* Wait for the parent to attach. */
249 		CHILD_REQUIRE_EQ(0, read(cpipe[1], &c, sizeof(c)));
250 
251 		_exit(1);
252 	}
253 	close(cpipe[1]);
254 
255 	/* Parent process. */
256 
257 	/* Attach to the child process. */
258 	attach_child(child);
259 
260 	/* Continue the child ignoring the SIGSTOP. */
261 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
262 
263 	/* Signal the child to exit. */
264 	close(cpipe[0]);
265 
266 	/* The second wait() should report the exit status. */
267 	wpid = waitpid(child, &status, 0);
268 	REQUIRE_EQ(wpid, child);
269 	ATF_REQUIRE(WIFEXITED(status));
270 	REQUIRE_EQ(WEXITSTATUS(status), 1);
271 
272 	/* The child should no longer exist. */
273 	wpid = waitpid(child, &status, 0);
274 	REQUIRE_EQ(wpid, -1);
275 	REQUIRE_EQ(errno, ECHILD);
276 }
277 
278 /*
279  * Verify that a parent process "sees" the exit of a debugged process only
280  * after the debugger has seen it.
281  */
282 ATF_TC_WITHOUT_HEAD(ptrace__parent_sees_exit_after_child_debugger);
283 ATF_TC_BODY(ptrace__parent_sees_exit_after_child_debugger, tc)
284 {
285 	pid_t child, debugger, wpid;
286 	int cpipe[2], dpipe[2], status;
287 	char c;
288 
289 	REQUIRE_EQ(pipe(cpipe), 0);
290 	ATF_REQUIRE((child = fork()) != -1);
291 
292 	if (child == 0) {
293 		/* Child process. */
294 		close(cpipe[0]);
295 
296 		/* Wait for parent to be ready. */
297 		CHILD_REQUIRE_EQ(read(cpipe[1], &c, sizeof(c)),
298 		    (ssize_t)sizeof(c));
299 
300 		_exit(1);
301 	}
302 	close(cpipe[1]);
303 
304 	REQUIRE_EQ(pipe(dpipe), 0);
305 	ATF_REQUIRE((debugger = fork()) != -1);
306 
307 	if (debugger == 0) {
308 		/* Debugger process. */
309 		close(dpipe[0]);
310 
311 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
312 
313 		wpid = waitpid(child, &status, 0);
314 		CHILD_REQUIRE_EQ(wpid, child);
315 		CHILD_REQUIRE(WIFSTOPPED(status));
316 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
317 
318 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
319 
320 		/* Signal parent that debugger is attached. */
321 		CHILD_REQUIRE_EQ(write(dpipe[1], &c, sizeof(c)),
322 		    (ssize_t)sizeof(c));
323 
324 		/* Wait for parent's failed wait. */
325 		CHILD_REQUIRE_EQ(read(dpipe[1], &c, sizeof(c)), 0);
326 
327 		wpid = waitpid(child, &status, 0);
328 		CHILD_REQUIRE_EQ(wpid, child);
329 		CHILD_REQUIRE(WIFEXITED(status));
330 		CHILD_REQUIRE_EQ(WEXITSTATUS(status), 1);
331 
332 		_exit(0);
333 	}
334 	close(dpipe[1]);
335 
336 	/* Parent process. */
337 
338 	/* Wait for the debugger to attach to the child. */
339 	REQUIRE_EQ(read(dpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
340 
341 	/* Release the child. */
342 	REQUIRE_EQ(write(cpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
343 	REQUIRE_EQ(read(cpipe[0], &c, sizeof(c)), 0);
344 	close(cpipe[0]);
345 
346 	wait_for_zombie(child);
347 
348 	/*
349 	 * This wait should return a pid of 0 to indicate no status to
350 	 * report.  The parent should see the child as non-exited
351 	 * until the debugger sees the exit.
352 	 */
353 	wpid = waitpid(child, &status, WNOHANG);
354 	REQUIRE_EQ(wpid, 0);
355 
356 	/* Signal the debugger to wait for the child. */
357 	close(dpipe[0]);
358 
359 	/* Wait for the debugger. */
360 	wpid = waitpid(debugger, &status, 0);
361 	REQUIRE_EQ(wpid, debugger);
362 	ATF_REQUIRE(WIFEXITED(status));
363 	REQUIRE_EQ(WEXITSTATUS(status), 0);
364 
365 	/* The child process should now be ready. */
366 	wpid = waitpid(child, &status, WNOHANG);
367 	REQUIRE_EQ(wpid, child);
368 	ATF_REQUIRE(WIFEXITED(status));
369 	REQUIRE_EQ(WEXITSTATUS(status), 1);
370 }
371 
372 /*
373  * Verify that a parent process "sees" the exit of a debugged process
374  * only after a non-direct-child debugger has seen it.  In particular,
375  * various wait() calls in the parent must avoid failing with ESRCH by
376  * checking the parent's orphan list for the debugee.
377  */
378 ATF_TC_WITHOUT_HEAD(ptrace__parent_sees_exit_after_unrelated_debugger);
379 ATF_TC_BODY(ptrace__parent_sees_exit_after_unrelated_debugger, tc)
380 {
381 	pid_t child, debugger, fpid, wpid;
382 	int cpipe[2], dpipe[2], status;
383 	char c;
384 
385 	REQUIRE_EQ(pipe(cpipe), 0);
386 	ATF_REQUIRE((child = fork()) != -1);
387 
388 	if (child == 0) {
389 		/* Child process. */
390 		close(cpipe[0]);
391 
392 		/* Wait for parent to be ready. */
393 		CHILD_REQUIRE_EQ(read(cpipe[1], &c, sizeof(c)),
394 		    (ssize_t)sizeof(c));
395 
396 		_exit(1);
397 	}
398 	close(cpipe[1]);
399 
400 	REQUIRE_EQ(pipe(dpipe), 0);
401 	ATF_REQUIRE((debugger = fork()) != -1);
402 
403 	if (debugger == 0) {
404 		/* Debugger parent. */
405 
406 		/*
407 		 * Fork again and drop the debugger parent so that the
408 		 * debugger is not a child of the main parent.
409 		 */
410 		CHILD_REQUIRE((fpid = fork()) != -1);
411 		if (fpid != 0)
412 			_exit(2);
413 
414 		/* Debugger process. */
415 		close(dpipe[0]);
416 
417 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
418 
419 		wpid = waitpid(child, &status, 0);
420 		CHILD_REQUIRE_EQ(wpid, child);
421 		CHILD_REQUIRE(WIFSTOPPED(status));
422 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
423 
424 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
425 
426 		/* Signal parent that debugger is attached. */
427 		CHILD_REQUIRE_EQ(write(dpipe[1], &c, sizeof(c)),
428 		    (ssize_t)sizeof(c));
429 
430 		/* Wait for parent's failed wait. */
431 		CHILD_REQUIRE_EQ(read(dpipe[1], &c, sizeof(c)),
432 		    (ssize_t)sizeof(c));
433 
434 		wpid = waitpid(child, &status, 0);
435 		CHILD_REQUIRE_EQ(wpid, child);
436 		CHILD_REQUIRE(WIFEXITED(status));
437 		CHILD_REQUIRE_EQ(WEXITSTATUS(status), 1);
438 
439 		_exit(0);
440 	}
441 	close(dpipe[1]);
442 
443 	/* Parent process. */
444 
445 	/* Wait for the debugger parent process to exit. */
446 	wpid = waitpid(debugger, &status, 0);
447 	REQUIRE_EQ(wpid, debugger);
448 	ATF_REQUIRE(WIFEXITED(status));
449 	REQUIRE_EQ(WEXITSTATUS(status), 2);
450 
451 	/* A WNOHANG wait here should see the non-exited child. */
452 	wpid = waitpid(child, &status, WNOHANG);
453 	REQUIRE_EQ(wpid, 0);
454 
455 	/* Wait for the debugger to attach to the child. */
456 	REQUIRE_EQ(read(dpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
457 
458 	/* Release the child. */
459 	REQUIRE_EQ(write(cpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
460 	REQUIRE_EQ(read(cpipe[0], &c, sizeof(c)), 0);
461 	close(cpipe[0]);
462 
463 	wait_for_zombie(child);
464 
465 	/*
466 	 * This wait should return a pid of 0 to indicate no status to
467 	 * report.  The parent should see the child as non-exited
468 	 * until the debugger sees the exit.
469 	 */
470 	wpid = waitpid(child, &status, WNOHANG);
471 	REQUIRE_EQ(wpid, 0);
472 
473 	/* Signal the debugger to wait for the child. */
474 	REQUIRE_EQ(write(dpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
475 
476 	/* Wait for the debugger. */
477 	REQUIRE_EQ(read(dpipe[0], &c, sizeof(c)), 0);
478 	close(dpipe[0]);
479 
480 	/* The child process should now be ready. */
481 	wpid = waitpid(child, &status, WNOHANG);
482 	REQUIRE_EQ(wpid, child);
483 	ATF_REQUIRE(WIFEXITED(status));
484 	REQUIRE_EQ(WEXITSTATUS(status), 1);
485 }
486 
487 /*
488  * Make sure that we can collect the exit status of an orphaned process.
489  */
490 ATF_TC_WITHOUT_HEAD(ptrace__parent_exits_before_child);
491 ATF_TC_BODY(ptrace__parent_exits_before_child, tc)
492 {
493 	ssize_t n;
494 	int cpipe1[2], cpipe2[2], gcpipe[2], status;
495 	pid_t child, gchild;
496 
497 	REQUIRE_EQ(pipe(cpipe1), 0);
498 	REQUIRE_EQ(pipe(cpipe2), 0);
499 	REQUIRE_EQ(pipe(gcpipe), 0);
500 
501 	REQUIRE_EQ(procctl(P_PID, getpid(), PROC_REAP_ACQUIRE, NULL), 0);
502 
503 	ATF_REQUIRE((child = fork()) != -1);
504 	if (child == 0) {
505 		CHILD_REQUIRE((gchild = fork()) != -1);
506 		if (gchild == 0) {
507 			status = 1;
508 			do {
509 				n = read(gcpipe[0], &status, sizeof(status));
510 			} while (n == -1 && errno == EINTR);
511 			_exit(status);
512 		}
513 
514 		CHILD_REQUIRE_EQ(write(cpipe1[1], &gchild, sizeof(gchild)),
515 		    (ssize_t)sizeof(gchild));
516 		CHILD_REQUIRE_EQ(read(cpipe2[0], &status, sizeof(status)),
517 		    (ssize_t)sizeof(status));
518 		_exit(status);
519 	}
520 
521 	REQUIRE_EQ(read(cpipe1[0], &gchild, sizeof(gchild)),
522 	    (ssize_t)sizeof(gchild));
523 
524 	REQUIRE_EQ(ptrace(PT_ATTACH, gchild, NULL, 0), 0);
525 
526 	status = 0;
527 	REQUIRE_EQ(write(cpipe2[1], &status, sizeof(status)),
528 	    (ssize_t)sizeof(status));
529 	REQUIRE_EQ(waitpid(child, &status, 0), child);
530 	ATF_REQUIRE(WIFEXITED(status));
531 	REQUIRE_EQ(WEXITSTATUS(status), 0);
532 
533 	status = 0;
534 	REQUIRE_EQ(write(gcpipe[1], &status, sizeof(status)),
535 	    (ssize_t)sizeof(status));
536 	REQUIRE_EQ(waitpid(gchild, &status, 0), gchild);
537 	ATF_REQUIRE(WIFSTOPPED(status));
538 	REQUIRE_EQ(ptrace(PT_DETACH, gchild, (caddr_t)1, 0), 0);
539 	REQUIRE_EQ(waitpid(gchild, &status, 0), gchild);
540 	ATF_REQUIRE(WIFEXITED(status));
541 	REQUIRE_EQ(WEXITSTATUS(status), 0);
542 
543 	REQUIRE_EQ(close(cpipe1[0]), 0);
544 	REQUIRE_EQ(close(cpipe1[1]), 0);
545 	REQUIRE_EQ(close(cpipe2[0]), 0);
546 	REQUIRE_EQ(close(cpipe2[1]), 0);
547 	REQUIRE_EQ(close(gcpipe[0]), 0);
548 	REQUIRE_EQ(close(gcpipe[1]), 0);
549 }
550 
551 /*
552  * The parent process should always act the same regardless of how the
553  * debugger is attached to it.
554  */
555 static __dead2 void
556 follow_fork_parent(bool use_vfork)
557 {
558 	pid_t fpid, wpid;
559 	int status;
560 
561 	if (use_vfork)
562 		CHILD_REQUIRE((fpid = vfork()) != -1);
563 	else
564 		CHILD_REQUIRE((fpid = fork()) != -1);
565 
566 	if (fpid == 0)
567 		/* Child */
568 		_exit(2);
569 
570 	wpid = waitpid(fpid, &status, 0);
571 	CHILD_REQUIRE_EQ(wpid, fpid);
572 	CHILD_REQUIRE(WIFEXITED(status));
573 	CHILD_REQUIRE_EQ(WEXITSTATUS(status), 2);
574 
575 	_exit(1);
576 }
577 
578 /*
579  * Helper routine for follow fork tests.  This waits for two stops
580  * that report both "sides" of a fork.  It returns the pid of the new
581  * child process.
582  */
583 static pid_t
584 handle_fork_events(pid_t parent, struct ptrace_lwpinfo *ppl)
585 {
586 	struct ptrace_lwpinfo pl;
587 	bool fork_reported[2];
588 	pid_t child, wpid;
589 	int i, status;
590 
591 	fork_reported[0] = false;
592 	fork_reported[1] = false;
593 	child = -1;
594 
595 	/*
596 	 * Each process should report a fork event.  The parent should
597 	 * report a PL_FLAG_FORKED event, and the child should report
598 	 * a PL_FLAG_CHILD event.
599 	 */
600 	for (i = 0; i < 2; i++) {
601 		wpid = wait(&status);
602 		ATF_REQUIRE(wpid > 0);
603 		ATF_REQUIRE(WIFSTOPPED(status));
604 
605 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
606 		    sizeof(pl)) != -1);
607 		ATF_REQUIRE((pl.pl_flags & (PL_FLAG_FORKED | PL_FLAG_CHILD)) !=
608 		    0);
609 		ATF_REQUIRE((pl.pl_flags & (PL_FLAG_FORKED | PL_FLAG_CHILD)) !=
610 		    (PL_FLAG_FORKED | PL_FLAG_CHILD));
611 		if (pl.pl_flags & PL_FLAG_CHILD) {
612 			ATF_REQUIRE(wpid != parent);
613 			REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
614 			ATF_REQUIRE(!fork_reported[1]);
615 			if (child == -1)
616 				child = wpid;
617 			else
618 				REQUIRE_EQ(child, wpid);
619 			if (ppl != NULL)
620 				ppl[1] = pl;
621 			fork_reported[1] = true;
622 		} else {
623 			REQUIRE_EQ(wpid, parent);
624 			REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
625 			ATF_REQUIRE(!fork_reported[0]);
626 			if (child == -1)
627 				child = pl.pl_child_pid;
628 			else
629 				REQUIRE_EQ(child, pl.pl_child_pid);
630 			if (ppl != NULL)
631 				ppl[0] = pl;
632 			fork_reported[0] = true;
633 		}
634 	}
635 
636 	return (child);
637 }
638 
639 /*
640  * Verify that a new child process is stopped after a followed fork and
641  * that the traced parent sees the exit of the child after the debugger
642  * when both processes remain attached to the debugger.
643  */
644 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_both_attached);
645 ATF_TC_BODY(ptrace__follow_fork_both_attached, tc)
646 {
647 	pid_t children[2], fpid, wpid;
648 	int status;
649 
650 	ATF_REQUIRE((fpid = fork()) != -1);
651 	if (fpid == 0) {
652 		trace_me();
653 		follow_fork_parent(false);
654 	}
655 
656 	/* Parent process. */
657 	children[0] = fpid;
658 
659 	/* The first wait() should report the stop from SIGSTOP. */
660 	wpid = waitpid(children[0], &status, 0);
661 	REQUIRE_EQ(wpid, children[0]);
662 	ATF_REQUIRE(WIFSTOPPED(status));
663 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
664 
665 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
666 
667 	/* Continue the child ignoring the SIGSTOP. */
668 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
669 
670 	children[1] = handle_fork_events(children[0], NULL);
671 	ATF_REQUIRE(children[1] > 0);
672 
673 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
674 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
675 
676 	/*
677 	 * The child can't exit until the grandchild reports status, so the
678 	 * grandchild should report its exit first to the debugger.
679 	 */
680 	wpid = wait(&status);
681 	REQUIRE_EQ(wpid, children[1]);
682 	ATF_REQUIRE(WIFEXITED(status));
683 	REQUIRE_EQ(WEXITSTATUS(status), 2);
684 
685 	wpid = wait(&status);
686 	REQUIRE_EQ(wpid, children[0]);
687 	ATF_REQUIRE(WIFEXITED(status));
688 	REQUIRE_EQ(WEXITSTATUS(status), 1);
689 
690 	wpid = wait(&status);
691 	REQUIRE_EQ(wpid, -1);
692 	REQUIRE_EQ(errno, ECHILD);
693 }
694 
695 /*
696  * Verify that a new child process is stopped after a followed fork
697  * and that the traced parent sees the exit of the child when the new
698  * child process is detached after it reports its fork.
699  */
700 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_child_detached);
701 ATF_TC_BODY(ptrace__follow_fork_child_detached, tc)
702 {
703 	pid_t children[2], fpid, wpid;
704 	int status;
705 
706 	ATF_REQUIRE((fpid = fork()) != -1);
707 	if (fpid == 0) {
708 		trace_me();
709 		follow_fork_parent(false);
710 	}
711 
712 	/* Parent process. */
713 	children[0] = fpid;
714 
715 	/* The first wait() should report the stop from SIGSTOP. */
716 	wpid = waitpid(children[0], &status, 0);
717 	REQUIRE_EQ(wpid, children[0]);
718 	ATF_REQUIRE(WIFSTOPPED(status));
719 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
720 
721 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
722 
723 	/* Continue the child ignoring the SIGSTOP. */
724 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
725 
726 	children[1] = handle_fork_events(children[0], NULL);
727 	ATF_REQUIRE(children[1] > 0);
728 
729 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
730 	ATF_REQUIRE(ptrace(PT_DETACH, children[1], (caddr_t)1, 0) != -1);
731 
732 	/*
733 	 * Should not see any status from the grandchild now, only the
734 	 * child.
735 	 */
736 	wpid = wait(&status);
737 	REQUIRE_EQ(wpid, children[0]);
738 	ATF_REQUIRE(WIFEXITED(status));
739 	REQUIRE_EQ(WEXITSTATUS(status), 1);
740 
741 	wpid = wait(&status);
742 	REQUIRE_EQ(wpid, -1);
743 	REQUIRE_EQ(errno, ECHILD);
744 }
745 
746 /*
747  * Verify that a new child process is stopped after a followed fork
748  * and that the traced parent sees the exit of the child when the
749  * traced parent is detached after the fork.
750  */
751 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_parent_detached);
752 ATF_TC_BODY(ptrace__follow_fork_parent_detached, tc)
753 {
754 	pid_t children[2], fpid, wpid;
755 	int status;
756 
757 	ATF_REQUIRE((fpid = fork()) != -1);
758 	if (fpid == 0) {
759 		trace_me();
760 		follow_fork_parent(false);
761 	}
762 
763 	/* Parent process. */
764 	children[0] = fpid;
765 
766 	/* The first wait() should report the stop from SIGSTOP. */
767 	wpid = waitpid(children[0], &status, 0);
768 	REQUIRE_EQ(wpid, children[0]);
769 	ATF_REQUIRE(WIFSTOPPED(status));
770 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
771 
772 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
773 
774 	/* Continue the child ignoring the SIGSTOP. */
775 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
776 
777 	children[1] = handle_fork_events(children[0], NULL);
778 	ATF_REQUIRE(children[1] > 0);
779 
780 	ATF_REQUIRE(ptrace(PT_DETACH, children[0], (caddr_t)1, 0) != -1);
781 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
782 
783 	/*
784 	 * The child can't exit until the grandchild reports status, so the
785 	 * grandchild should report its exit first to the debugger.
786 	 *
787 	 * Even though the child process is detached, it is still a
788 	 * child of the debugger, so it will still report it's exit
789 	 * after the grandchild.
790 	 */
791 	wpid = wait(&status);
792 	REQUIRE_EQ(wpid, children[1]);
793 	ATF_REQUIRE(WIFEXITED(status));
794 	REQUIRE_EQ(WEXITSTATUS(status), 2);
795 
796 	wpid = wait(&status);
797 	REQUIRE_EQ(wpid, children[0]);
798 	ATF_REQUIRE(WIFEXITED(status));
799 	REQUIRE_EQ(WEXITSTATUS(status), 1);
800 
801 	wpid = wait(&status);
802 	REQUIRE_EQ(wpid, -1);
803 	REQUIRE_EQ(errno, ECHILD);
804 }
805 
806 static void
807 attach_fork_parent(int cpipe[2])
808 {
809 	pid_t fpid;
810 
811 	close(cpipe[0]);
812 
813 	/* Double-fork to disassociate from the debugger. */
814 	CHILD_REQUIRE((fpid = fork()) != -1);
815 	if (fpid != 0)
816 		_exit(3);
817 
818 	/* Send the pid of the disassociated child to the debugger. */
819 	fpid = getpid();
820 	CHILD_REQUIRE_EQ(write(cpipe[1], &fpid, sizeof(fpid)),
821 	    (ssize_t)sizeof(fpid));
822 
823 	/* Wait for the debugger to attach. */
824 	CHILD_REQUIRE_EQ(read(cpipe[1], &fpid, sizeof(fpid)), 0);
825 }
826 
827 /*
828  * Verify that a new child process is stopped after a followed fork and
829  * that the traced parent sees the exit of the child after the debugger
830  * when both processes remain attached to the debugger.  In this test
831  * the parent that forks is not a direct child of the debugger.
832  */
833 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_both_attached_unrelated_debugger);
834 ATF_TC_BODY(ptrace__follow_fork_both_attached_unrelated_debugger, tc)
835 {
836 	pid_t children[2], fpid, wpid;
837 	int cpipe[2], status;
838 
839 	REQUIRE_EQ(pipe(cpipe), 0);
840 	ATF_REQUIRE((fpid = fork()) != -1);
841 	if (fpid == 0) {
842 		attach_fork_parent(cpipe);
843 		follow_fork_parent(false);
844 	}
845 
846 	/* Parent process. */
847 	close(cpipe[1]);
848 
849 	/* Wait for the direct child to exit. */
850 	wpid = waitpid(fpid, &status, 0);
851 	REQUIRE_EQ(wpid, fpid);
852 	ATF_REQUIRE(WIFEXITED(status));
853 	REQUIRE_EQ(WEXITSTATUS(status), 3);
854 
855 	/* Read the pid of the fork parent. */
856 	REQUIRE_EQ(read(cpipe[0], &children[0], sizeof(children[0])),
857 	    (ssize_t)sizeof(children[0]));
858 
859 	/* Attach to the fork parent. */
860 	attach_child(children[0]);
861 
862 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
863 
864 	/* Continue the fork parent ignoring the SIGSTOP. */
865 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
866 
867 	/* Signal the fork parent to continue. */
868 	close(cpipe[0]);
869 
870 	children[1] = handle_fork_events(children[0], NULL);
871 	ATF_REQUIRE(children[1] > 0);
872 
873 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
874 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
875 
876 	/*
877 	 * The fork parent can't exit until the child reports status,
878 	 * so the child should report its exit first to the debugger.
879 	 */
880 	wpid = wait(&status);
881 	REQUIRE_EQ(wpid, children[1]);
882 	ATF_REQUIRE(WIFEXITED(status));
883 	REQUIRE_EQ(WEXITSTATUS(status), 2);
884 
885 	wpid = wait(&status);
886 	REQUIRE_EQ(wpid, children[0]);
887 	ATF_REQUIRE(WIFEXITED(status));
888 	REQUIRE_EQ(WEXITSTATUS(status), 1);
889 
890 	wpid = wait(&status);
891 	REQUIRE_EQ(wpid, -1);
892 	REQUIRE_EQ(errno, ECHILD);
893 }
894 
895 /*
896  * Verify that a new child process is stopped after a followed fork
897  * and that the traced parent sees the exit of the child when the new
898  * child process is detached after it reports its fork.  In this test
899  * the parent that forks is not a direct child of the debugger.
900  */
901 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_child_detached_unrelated_debugger);
902 ATF_TC_BODY(ptrace__follow_fork_child_detached_unrelated_debugger, tc)
903 {
904 	pid_t children[2], fpid, wpid;
905 	int cpipe[2], status;
906 
907 	REQUIRE_EQ(pipe(cpipe), 0);
908 	ATF_REQUIRE((fpid = fork()) != -1);
909 	if (fpid == 0) {
910 		attach_fork_parent(cpipe);
911 		follow_fork_parent(false);
912 	}
913 
914 	/* Parent process. */
915 	close(cpipe[1]);
916 
917 	/* Wait for the direct child to exit. */
918 	wpid = waitpid(fpid, &status, 0);
919 	REQUIRE_EQ(wpid, fpid);
920 	ATF_REQUIRE(WIFEXITED(status));
921 	REQUIRE_EQ(WEXITSTATUS(status), 3);
922 
923 	/* Read the pid of the fork parent. */
924 	REQUIRE_EQ(read(cpipe[0], &children[0], sizeof(children[0])),
925 	    (ssize_t)sizeof(children[0]));
926 
927 	/* Attach to the fork parent. */
928 	attach_child(children[0]);
929 
930 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
931 
932 	/* Continue the fork parent ignoring the SIGSTOP. */
933 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
934 
935 	/* Signal the fork parent to continue. */
936 	close(cpipe[0]);
937 
938 	children[1] = handle_fork_events(children[0], NULL);
939 	ATF_REQUIRE(children[1] > 0);
940 
941 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
942 	ATF_REQUIRE(ptrace(PT_DETACH, children[1], (caddr_t)1, 0) != -1);
943 
944 	/*
945 	 * Should not see any status from the child now, only the fork
946 	 * parent.
947 	 */
948 	wpid = wait(&status);
949 	REQUIRE_EQ(wpid, children[0]);
950 	ATF_REQUIRE(WIFEXITED(status));
951 	REQUIRE_EQ(WEXITSTATUS(status), 1);
952 
953 	wpid = wait(&status);
954 	REQUIRE_EQ(wpid, -1);
955 	REQUIRE_EQ(errno, ECHILD);
956 }
957 
958 /*
959  * Verify that a new child process is stopped after a followed fork
960  * and that the traced parent sees the exit of the child when the
961  * traced parent is detached after the fork.  In this test the parent
962  * that forks is not a direct child of the debugger.
963  */
964 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_parent_detached_unrelated_debugger);
965 ATF_TC_BODY(ptrace__follow_fork_parent_detached_unrelated_debugger, tc)
966 {
967 	pid_t children[2], fpid, wpid;
968 	int cpipe[2], status;
969 
970 	REQUIRE_EQ(pipe(cpipe), 0);
971 	ATF_REQUIRE((fpid = fork()) != -1);
972 	if (fpid == 0) {
973 		attach_fork_parent(cpipe);
974 		follow_fork_parent(false);
975 	}
976 
977 	/* Parent process. */
978 	close(cpipe[1]);
979 
980 	/* Wait for the direct child to exit. */
981 	wpid = waitpid(fpid, &status, 0);
982 	REQUIRE_EQ(wpid, fpid);
983 	ATF_REQUIRE(WIFEXITED(status));
984 	REQUIRE_EQ(WEXITSTATUS(status), 3);
985 
986 	/* Read the pid of the fork parent. */
987 	REQUIRE_EQ(read(cpipe[0], &children[0], sizeof(children[0])),
988 	    (ssize_t)sizeof(children[0]));
989 
990 	/* Attach to the fork parent. */
991 	attach_child(children[0]);
992 
993 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
994 
995 	/* Continue the fork parent ignoring the SIGSTOP. */
996 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
997 
998 	/* Signal the fork parent to continue. */
999 	close(cpipe[0]);
1000 
1001 	children[1] = handle_fork_events(children[0], NULL);
1002 	ATF_REQUIRE(children[1] > 0);
1003 
1004 	ATF_REQUIRE(ptrace(PT_DETACH, children[0], (caddr_t)1, 0) != -1);
1005 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1006 
1007 	/*
1008 	 * Should not see any status from the fork parent now, only
1009 	 * the child.
1010 	 */
1011 	wpid = wait(&status);
1012 	REQUIRE_EQ(wpid, children[1]);
1013 	ATF_REQUIRE(WIFEXITED(status));
1014 	REQUIRE_EQ(WEXITSTATUS(status), 2);
1015 
1016 	wpid = wait(&status);
1017 	REQUIRE_EQ(wpid, -1);
1018 	REQUIRE_EQ(errno, ECHILD);
1019 }
1020 
1021 /*
1022  * Verify that a child process does not see an unrelated debugger as its
1023  * parent but sees its original parent process.
1024  */
1025 ATF_TC_WITHOUT_HEAD(ptrace__getppid);
1026 ATF_TC_BODY(ptrace__getppid, tc)
1027 {
1028 	pid_t child, debugger, ppid, wpid;
1029 	int cpipe[2], dpipe[2], status;
1030 	char c;
1031 
1032 	REQUIRE_EQ(pipe(cpipe), 0);
1033 	ATF_REQUIRE((child = fork()) != -1);
1034 
1035 	if (child == 0) {
1036 		/* Child process. */
1037 		close(cpipe[0]);
1038 
1039 		/* Wait for parent to be ready. */
1040 		CHILD_REQUIRE_EQ(read(cpipe[1], &c, sizeof(c)),
1041 		    (ssize_t)sizeof(c));
1042 
1043 		/* Report the parent PID to the parent. */
1044 		ppid = getppid();
1045 		CHILD_REQUIRE_EQ(write(cpipe[1], &ppid, sizeof(ppid)),
1046 		    (ssize_t)sizeof(ppid));
1047 
1048 		_exit(1);
1049 	}
1050 	close(cpipe[1]);
1051 
1052 	REQUIRE_EQ(pipe(dpipe), 0);
1053 	ATF_REQUIRE((debugger = fork()) != -1);
1054 
1055 	if (debugger == 0) {
1056 		/* Debugger process. */
1057 		close(dpipe[0]);
1058 
1059 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
1060 
1061 		wpid = waitpid(child, &status, 0);
1062 		CHILD_REQUIRE_EQ(wpid, child);
1063 		CHILD_REQUIRE(WIFSTOPPED(status));
1064 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1065 
1066 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
1067 
1068 		/* Signal parent that debugger is attached. */
1069 		CHILD_REQUIRE_EQ(write(dpipe[1], &c, sizeof(c)),
1070 		    (ssize_t)sizeof(c));
1071 
1072 		/* Wait for traced child to exit. */
1073 		wpid = waitpid(child, &status, 0);
1074 		CHILD_REQUIRE_EQ(wpid, child);
1075 		CHILD_REQUIRE(WIFEXITED(status));
1076 		CHILD_REQUIRE_EQ(WEXITSTATUS(status), 1);
1077 
1078 		_exit(0);
1079 	}
1080 	close(dpipe[1]);
1081 
1082 	/* Parent process. */
1083 
1084 	/* Wait for the debugger to attach to the child. */
1085 	REQUIRE_EQ(read(dpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
1086 
1087 	/* Release the child. */
1088 	REQUIRE_EQ(write(cpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
1089 
1090 	/* Read the parent PID from the child. */
1091 	REQUIRE_EQ(read(cpipe[0], &ppid, sizeof(ppid)), (ssize_t)sizeof(ppid));
1092 	close(cpipe[0]);
1093 
1094 	REQUIRE_EQ(ppid, getpid());
1095 
1096 	/* Wait for the debugger. */
1097 	wpid = waitpid(debugger, &status, 0);
1098 	REQUIRE_EQ(wpid, debugger);
1099 	ATF_REQUIRE(WIFEXITED(status));
1100 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1101 
1102 	/* The child process should now be ready. */
1103 	wpid = waitpid(child, &status, WNOHANG);
1104 	REQUIRE_EQ(wpid, child);
1105 	ATF_REQUIRE(WIFEXITED(status));
1106 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1107 }
1108 
1109 /*
1110  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1111  * child process created via fork() reports the correct value.
1112  */
1113 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_fork);
1114 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_fork, tc)
1115 {
1116 	struct ptrace_lwpinfo pl[2];
1117 	pid_t children[2], fpid, wpid;
1118 	int status;
1119 
1120 	ATF_REQUIRE((fpid = fork()) != -1);
1121 	if (fpid == 0) {
1122 		trace_me();
1123 		follow_fork_parent(false);
1124 	}
1125 
1126 	/* Parent process. */
1127 	children[0] = fpid;
1128 
1129 	/* The first wait() should report the stop from SIGSTOP. */
1130 	wpid = waitpid(children[0], &status, 0);
1131 	REQUIRE_EQ(wpid, children[0]);
1132 	ATF_REQUIRE(WIFSTOPPED(status));
1133 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1134 
1135 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
1136 
1137 	/* Continue the child ignoring the SIGSTOP. */
1138 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1139 
1140 	/* Wait for both halves of the fork event to get reported. */
1141 	children[1] = handle_fork_events(children[0], pl);
1142 	ATF_REQUIRE(children[1] > 0);
1143 
1144 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_SCX) != 0);
1145 	ATF_REQUIRE((pl[1].pl_flags & PL_FLAG_SCX) != 0);
1146 	REQUIRE_EQ(pl[0].pl_syscall_code, (unsigned)SYS_fork);
1147 	REQUIRE_EQ(pl[0].pl_syscall_code, pl[1].pl_syscall_code);
1148 	REQUIRE_EQ(pl[0].pl_syscall_narg, pl[1].pl_syscall_narg);
1149 
1150 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1151 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1152 
1153 	/*
1154 	 * The child can't exit until the grandchild reports status, so the
1155 	 * grandchild should report its exit first to the debugger.
1156 	 */
1157 	wpid = wait(&status);
1158 	REQUIRE_EQ(wpid, children[1]);
1159 	ATF_REQUIRE(WIFEXITED(status));
1160 	REQUIRE_EQ(WEXITSTATUS(status), 2);
1161 
1162 	wpid = wait(&status);
1163 	REQUIRE_EQ(wpid, children[0]);
1164 	ATF_REQUIRE(WIFEXITED(status));
1165 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1166 
1167 	wpid = wait(&status);
1168 	REQUIRE_EQ(wpid, -1);
1169 	REQUIRE_EQ(errno, ECHILD);
1170 }
1171 
1172 /*
1173  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1174  * child process created via vfork() reports the correct value.
1175  */
1176 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_vfork);
1177 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_vfork, tc)
1178 {
1179 	struct ptrace_lwpinfo pl[2];
1180 	pid_t children[2], fpid, wpid;
1181 	int status;
1182 
1183 	ATF_REQUIRE((fpid = fork()) != -1);
1184 	if (fpid == 0) {
1185 		trace_me();
1186 		follow_fork_parent(true);
1187 	}
1188 
1189 	/* Parent process. */
1190 	children[0] = fpid;
1191 
1192 	/* The first wait() should report the stop from SIGSTOP. */
1193 	wpid = waitpid(children[0], &status, 0);
1194 	REQUIRE_EQ(wpid, children[0]);
1195 	ATF_REQUIRE(WIFSTOPPED(status));
1196 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1197 
1198 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
1199 
1200 	/* Continue the child ignoring the SIGSTOP. */
1201 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1202 
1203 	/* Wait for both halves of the fork event to get reported. */
1204 	children[1] = handle_fork_events(children[0], pl);
1205 	ATF_REQUIRE(children[1] > 0);
1206 
1207 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_SCX) != 0);
1208 	ATF_REQUIRE((pl[1].pl_flags & PL_FLAG_SCX) != 0);
1209 	REQUIRE_EQ(pl[0].pl_syscall_code, (unsigned)SYS_vfork);
1210 	REQUIRE_EQ(pl[0].pl_syscall_code, pl[1].pl_syscall_code);
1211 	REQUIRE_EQ(pl[0].pl_syscall_narg, pl[1].pl_syscall_narg);
1212 
1213 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1214 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1215 
1216 	/*
1217 	 * The child can't exit until the grandchild reports status, so the
1218 	 * grandchild should report its exit first to the debugger.
1219 	 */
1220 	wpid = wait(&status);
1221 	REQUIRE_EQ(wpid, children[1]);
1222 	ATF_REQUIRE(WIFEXITED(status));
1223 	REQUIRE_EQ(WEXITSTATUS(status), 2);
1224 
1225 	wpid = wait(&status);
1226 	REQUIRE_EQ(wpid, children[0]);
1227 	ATF_REQUIRE(WIFEXITED(status));
1228 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1229 
1230 	wpid = wait(&status);
1231 	REQUIRE_EQ(wpid, -1);
1232 	REQUIRE_EQ(errno, ECHILD);
1233 }
1234 
1235 static void *
1236 simple_thread(void *arg __unused)
1237 {
1238 
1239 	pthread_exit(NULL);
1240 }
1241 
1242 static __dead2 void
1243 simple_thread_main(void)
1244 {
1245 	pthread_t thread;
1246 
1247 	CHILD_REQUIRE_EQ(pthread_create(&thread, NULL, simple_thread, NULL), 0);
1248 	CHILD_REQUIRE_EQ(pthread_join(thread, NULL), 0);
1249 	exit(1);
1250 }
1251 
1252 /*
1253  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1254  * thread reports the correct value.
1255  */
1256 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_thread);
1257 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_thread, tc)
1258 {
1259 	struct ptrace_lwpinfo pl;
1260 	pid_t fpid, wpid;
1261 	lwpid_t mainlwp;
1262 	int status;
1263 
1264 	ATF_REQUIRE((fpid = fork()) != -1);
1265 	if (fpid == 0) {
1266 		trace_me();
1267 		simple_thread_main();
1268 	}
1269 
1270 	/* The first wait() should report the stop from SIGSTOP. */
1271 	wpid = waitpid(fpid, &status, 0);
1272 	REQUIRE_EQ(wpid, fpid);
1273 	ATF_REQUIRE(WIFSTOPPED(status));
1274 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1275 
1276 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1277 	    sizeof(pl)) != -1);
1278 	mainlwp = pl.pl_lwpid;
1279 
1280 	/*
1281 	 * Continue the child ignoring the SIGSTOP and tracing all
1282 	 * system call exits.
1283 	 */
1284 	ATF_REQUIRE(ptrace(PT_TO_SCX, fpid, (caddr_t)1, 0) != -1);
1285 
1286 	/*
1287 	 * Wait for the new thread to arrive.  pthread_create() might
1288 	 * invoke any number of system calls.  For now we just wait
1289 	 * for the new thread to arrive and make sure it reports a
1290 	 * valid system call code.  If ptrace grows thread event
1291 	 * reporting then this test can be made more precise.
1292 	 */
1293 	for (;;) {
1294 		wpid = waitpid(fpid, &status, 0);
1295 		REQUIRE_EQ(wpid, fpid);
1296 		ATF_REQUIRE(WIFSTOPPED(status));
1297 		REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1298 
1299 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1300 		    sizeof(pl)) != -1);
1301 		ATF_REQUIRE((pl.pl_flags & PL_FLAG_SCX) != 0);
1302 		ATF_REQUIRE(pl.pl_syscall_code != 0);
1303 		if (pl.pl_lwpid != mainlwp)
1304 			/* New thread seen. */
1305 			break;
1306 
1307 		REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1308 	}
1309 
1310 	/* Wait for the child to exit. */
1311 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1312 	for (;;) {
1313 		wpid = waitpid(fpid, &status, 0);
1314 		REQUIRE_EQ(wpid, fpid);
1315 		if (WIFEXITED(status))
1316 			break;
1317 
1318 		ATF_REQUIRE(WIFSTOPPED(status));
1319 		REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1320 		REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1321 	}
1322 
1323 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1324 
1325 	wpid = wait(&status);
1326 	REQUIRE_EQ(wpid, -1);
1327 	REQUIRE_EQ(errno, ECHILD);
1328 }
1329 
1330 /*
1331  * Verify that the expected LWP events are reported for a child thread.
1332  */
1333 ATF_TC_WITHOUT_HEAD(ptrace__lwp_events);
1334 ATF_TC_BODY(ptrace__lwp_events, tc)
1335 {
1336 	struct ptrace_lwpinfo pl;
1337 	pid_t fpid, wpid;
1338 	lwpid_t lwps[2];
1339 	int status;
1340 
1341 	ATF_REQUIRE((fpid = fork()) != -1);
1342 	if (fpid == 0) {
1343 		trace_me();
1344 		simple_thread_main();
1345 	}
1346 
1347 	/* The first wait() should report the stop from SIGSTOP. */
1348 	wpid = waitpid(fpid, &status, 0);
1349 	REQUIRE_EQ(wpid, fpid);
1350 	ATF_REQUIRE(WIFSTOPPED(status));
1351 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1352 
1353 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1354 	    sizeof(pl)) != -1);
1355 	lwps[0] = pl.pl_lwpid;
1356 
1357 	REQUIRE_EQ(ptrace(PT_LWP_EVENTS, wpid, NULL, 1), 0);
1358 
1359 	/* Continue the child ignoring the SIGSTOP. */
1360 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1361 
1362 	/* The first event should be for the child thread's birth. */
1363 	wpid = waitpid(fpid, &status, 0);
1364 	REQUIRE_EQ(wpid, fpid);
1365 	ATF_REQUIRE(WIFSTOPPED(status));
1366 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1367 
1368 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1369 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
1370 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1371 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
1372 	lwps[1] = pl.pl_lwpid;
1373 
1374 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1375 
1376 	/* The next event should be for the child thread's death. */
1377 	wpid = waitpid(fpid, &status, 0);
1378 	REQUIRE_EQ(wpid, fpid);
1379 	ATF_REQUIRE(WIFSTOPPED(status));
1380 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1381 
1382 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1383 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_EXITED | PL_FLAG_SCE)),
1384 	    (PL_FLAG_EXITED | PL_FLAG_SCE));
1385 	REQUIRE_EQ(pl.pl_lwpid, lwps[1]);
1386 
1387 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1388 
1389 	/* The last event should be for the child process's exit. */
1390 	wpid = waitpid(fpid, &status, 0);
1391 	ATF_REQUIRE(WIFEXITED(status));
1392 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1393 
1394 	wpid = wait(&status);
1395 	REQUIRE_EQ(wpid, -1);
1396 	REQUIRE_EQ(errno, ECHILD);
1397 }
1398 
1399 static void *
1400 exec_thread(void *arg __unused)
1401 {
1402 
1403 	execl("/usr/bin/true", "true", NULL);
1404 	exit(127);
1405 }
1406 
1407 static __dead2 void
1408 exec_thread_main(void)
1409 {
1410 	pthread_t thread;
1411 
1412 	CHILD_REQUIRE_EQ(pthread_create(&thread, NULL, exec_thread, NULL), 0);
1413 	for (;;)
1414 		sleep(60);
1415 	exit(1);
1416 }
1417 
1418 /*
1419  * Verify that the expected LWP events are reported for a multithreaded
1420  * process that calls execve(2).
1421  */
1422 ATF_TC_WITHOUT_HEAD(ptrace__lwp_events_exec);
1423 ATF_TC_BODY(ptrace__lwp_events_exec, tc)
1424 {
1425 	struct ptrace_lwpinfo pl;
1426 	pid_t fpid, wpid;
1427 	lwpid_t lwps[2];
1428 	int status;
1429 
1430 	ATF_REQUIRE((fpid = fork()) != -1);
1431 	if (fpid == 0) {
1432 		trace_me();
1433 		exec_thread_main();
1434 	}
1435 
1436 	/* The first wait() should report the stop from SIGSTOP. */
1437 	wpid = waitpid(fpid, &status, 0);
1438 	REQUIRE_EQ(wpid, fpid);
1439 	ATF_REQUIRE(WIFSTOPPED(status));
1440 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1441 
1442 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1443 	    sizeof(pl)) != -1);
1444 	lwps[0] = pl.pl_lwpid;
1445 
1446 	REQUIRE_EQ(ptrace(PT_LWP_EVENTS, wpid, NULL, 1), 0);
1447 
1448 	/* Continue the child ignoring the SIGSTOP. */
1449 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1450 
1451 	/* The first event should be for the child thread's birth. */
1452 	wpid = waitpid(fpid, &status, 0);
1453 	REQUIRE_EQ(wpid, fpid);
1454 	ATF_REQUIRE(WIFSTOPPED(status));
1455 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1456 
1457 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1458 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
1459 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1460 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
1461 	lwps[1] = pl.pl_lwpid;
1462 
1463 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1464 
1465 	/*
1466 	 * The next event should be for the main thread's death due to
1467 	 * single threading from execve().
1468 	 */
1469 	wpid = waitpid(fpid, &status, 0);
1470 	REQUIRE_EQ(wpid, fpid);
1471 	ATF_REQUIRE(WIFSTOPPED(status));
1472 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1473 
1474 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1475 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_EXITED | PL_FLAG_SCE)),
1476 	    (PL_FLAG_EXITED));
1477 	REQUIRE_EQ(pl.pl_lwpid, lwps[0]);
1478 
1479 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1480 
1481 	/* The next event should be for the child process's exec. */
1482 	wpid = waitpid(fpid, &status, 0);
1483 	ATF_REQUIRE(WIFSTOPPED(status));
1484 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1485 
1486 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1487 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_EXEC | PL_FLAG_SCX)),
1488 	    (PL_FLAG_EXEC | PL_FLAG_SCX));
1489 	REQUIRE_EQ(pl.pl_lwpid, lwps[1]);
1490 
1491 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1492 
1493 	/* The last event should be for the child process's exit. */
1494 	wpid = waitpid(fpid, &status, 0);
1495 	ATF_REQUIRE(WIFEXITED(status));
1496 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1497 
1498 	wpid = wait(&status);
1499 	REQUIRE_EQ(wpid, -1);
1500 	REQUIRE_EQ(errno, ECHILD);
1501 }
1502 
1503 static void
1504 handler(int sig __unused)
1505 {
1506 }
1507 
1508 static void
1509 signal_main(void)
1510 {
1511 
1512 	signal(SIGINFO, handler);
1513 	raise(SIGINFO);
1514 	exit(0);
1515 }
1516 
1517 /*
1518  * Verify that the expected ptrace event is reported for a signal.
1519  */
1520 ATF_TC_WITHOUT_HEAD(ptrace__siginfo);
1521 ATF_TC_BODY(ptrace__siginfo, tc)
1522 {
1523 	struct ptrace_lwpinfo pl;
1524 	pid_t fpid, wpid;
1525 	int status;
1526 
1527 	ATF_REQUIRE((fpid = fork()) != -1);
1528 	if (fpid == 0) {
1529 		trace_me();
1530 		signal_main();
1531 	}
1532 
1533 	/* The first wait() should report the stop from SIGSTOP. */
1534 	wpid = waitpid(fpid, &status, 0);
1535 	REQUIRE_EQ(wpid, fpid);
1536 	ATF_REQUIRE(WIFSTOPPED(status));
1537 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1538 
1539 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1540 
1541 	/* The next event should be for the SIGINFO. */
1542 	wpid = waitpid(fpid, &status, 0);
1543 	ATF_REQUIRE(WIFSTOPPED(status));
1544 	REQUIRE_EQ(WSTOPSIG(status), SIGINFO);
1545 
1546 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1547 	REQUIRE_EQ(pl.pl_event, PL_EVENT_SIGNAL);
1548 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
1549 	REQUIRE_EQ(pl.pl_siginfo.si_code, SI_LWP);
1550 	REQUIRE_EQ(pl.pl_siginfo.si_pid, wpid);
1551 
1552 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1553 
1554 	/* The last event should be for the child process's exit. */
1555 	wpid = waitpid(fpid, &status, 0);
1556 	ATF_REQUIRE(WIFEXITED(status));
1557 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1558 
1559 	wpid = wait(&status);
1560 	REQUIRE_EQ(wpid, -1);
1561 	REQUIRE_EQ(errno, ECHILD);
1562 }
1563 
1564 /*
1565  * Verify that the expected ptrace events are reported for PTRACE_EXEC.
1566  */
1567 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_exec_disable);
1568 ATF_TC_BODY(ptrace__ptrace_exec_disable, tc)
1569 {
1570 	pid_t fpid, wpid;
1571 	int events, status;
1572 
1573 	ATF_REQUIRE((fpid = fork()) != -1);
1574 	if (fpid == 0) {
1575 		trace_me();
1576 		exec_thread(NULL);
1577 	}
1578 
1579 	/* The first wait() should report the stop from SIGSTOP. */
1580 	wpid = waitpid(fpid, &status, 0);
1581 	REQUIRE_EQ(wpid, fpid);
1582 	ATF_REQUIRE(WIFSTOPPED(status));
1583 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1584 
1585 	events = 0;
1586 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
1587 	    sizeof(events)) == 0);
1588 
1589 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1590 
1591 	/* Should get one event at exit. */
1592 	wpid = waitpid(fpid, &status, 0);
1593 	ATF_REQUIRE(WIFEXITED(status));
1594 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1595 
1596 	wpid = wait(&status);
1597 	REQUIRE_EQ(wpid, -1);
1598 	REQUIRE_EQ(errno, ECHILD);
1599 }
1600 
1601 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_exec_enable);
1602 ATF_TC_BODY(ptrace__ptrace_exec_enable, tc)
1603 {
1604 	struct ptrace_lwpinfo pl;
1605 	pid_t fpid, wpid;
1606 	int events, status;
1607 
1608 	ATF_REQUIRE((fpid = fork()) != -1);
1609 	if (fpid == 0) {
1610 		trace_me();
1611 		exec_thread(NULL);
1612 	}
1613 
1614 	/* The first wait() should report the stop from SIGSTOP. */
1615 	wpid = waitpid(fpid, &status, 0);
1616 	REQUIRE_EQ(wpid, fpid);
1617 	ATF_REQUIRE(WIFSTOPPED(status));
1618 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1619 
1620 	events = PTRACE_EXEC;
1621 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
1622 	    sizeof(events)) == 0);
1623 
1624 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1625 
1626 	/* The next event should be for the child process's exec. */
1627 	wpid = waitpid(fpid, &status, 0);
1628 	ATF_REQUIRE(WIFSTOPPED(status));
1629 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1630 
1631 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1632 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_EXEC | PL_FLAG_SCX)),
1633 	    (PL_FLAG_EXEC | PL_FLAG_SCX));
1634 
1635 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1636 
1637 	/* The last event should be for the child process's exit. */
1638 	wpid = waitpid(fpid, &status, 0);
1639 	ATF_REQUIRE(WIFEXITED(status));
1640 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1641 
1642 	wpid = wait(&status);
1643 	REQUIRE_EQ(wpid, -1);
1644 	REQUIRE_EQ(errno, ECHILD);
1645 }
1646 
1647 ATF_TC_WITHOUT_HEAD(ptrace__event_mask);
1648 ATF_TC_BODY(ptrace__event_mask, tc)
1649 {
1650 	pid_t fpid, wpid;
1651 	int events, status;
1652 
1653 	ATF_REQUIRE((fpid = fork()) != -1);
1654 	if (fpid == 0) {
1655 		trace_me();
1656 		exit(0);
1657 	}
1658 
1659 	/* The first wait() should report the stop from SIGSTOP. */
1660 	wpid = waitpid(fpid, &status, 0);
1661 	REQUIRE_EQ(wpid, fpid);
1662 	ATF_REQUIRE(WIFSTOPPED(status));
1663 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1664 
1665 	/* PT_FOLLOW_FORK should toggle the state of PTRACE_FORK. */
1666 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, fpid, NULL, 1) != -1);
1667 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1668 	    sizeof(events)) == 0);
1669 	ATF_REQUIRE(events & PTRACE_FORK);
1670 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, fpid, NULL, 0) != -1);
1671 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1672 	    sizeof(events)) == 0);
1673 	ATF_REQUIRE(!(events & PTRACE_FORK));
1674 
1675 	/* PT_LWP_EVENTS should toggle the state of PTRACE_LWP. */
1676 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, fpid, NULL, 1) != -1);
1677 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1678 	    sizeof(events)) == 0);
1679 	ATF_REQUIRE(events & PTRACE_LWP);
1680 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, fpid, NULL, 0) != -1);
1681 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1682 	    sizeof(events)) == 0);
1683 	ATF_REQUIRE(!(events & PTRACE_LWP));
1684 
1685 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1686 
1687 	/* Should get one event at exit. */
1688 	wpid = waitpid(fpid, &status, 0);
1689 	ATF_REQUIRE(WIFEXITED(status));
1690 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1691 
1692 	wpid = wait(&status);
1693 	REQUIRE_EQ(wpid, -1);
1694 	REQUIRE_EQ(errno, ECHILD);
1695 }
1696 
1697 /*
1698  * Verify that the expected ptrace events are reported for PTRACE_VFORK.
1699  */
1700 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_vfork);
1701 ATF_TC_BODY(ptrace__ptrace_vfork, tc)
1702 {
1703 	struct ptrace_lwpinfo pl;
1704 	pid_t fpid, wpid;
1705 	int events, status;
1706 
1707 	ATF_REQUIRE((fpid = fork()) != -1);
1708 	if (fpid == 0) {
1709 		trace_me();
1710 		follow_fork_parent(true);
1711 	}
1712 
1713 	/* The first wait() should report the stop from SIGSTOP. */
1714 	wpid = waitpid(fpid, &status, 0);
1715 	REQUIRE_EQ(wpid, fpid);
1716 	ATF_REQUIRE(WIFSTOPPED(status));
1717 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1718 
1719 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1720 	    sizeof(events)) == 0);
1721 	events |= PTRACE_VFORK;
1722 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
1723 	    sizeof(events)) == 0);
1724 
1725 	/* Continue the child ignoring the SIGSTOP. */
1726 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) != -1);
1727 
1728 	/* The next event should report the end of the vfork. */
1729 	wpid = wait(&status);
1730 	REQUIRE_EQ(wpid, fpid);
1731 	ATF_REQUIRE(WIFSTOPPED(status));
1732 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1733 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1734 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_VFORK_DONE) != 0);
1735 
1736 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) != -1);
1737 
1738 	wpid = wait(&status);
1739 	REQUIRE_EQ(wpid, fpid);
1740 	ATF_REQUIRE(WIFEXITED(status));
1741 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1742 
1743 	wpid = wait(&status);
1744 	REQUIRE_EQ(wpid, -1);
1745 	REQUIRE_EQ(errno, ECHILD);
1746 }
1747 
1748 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_vfork_follow);
1749 ATF_TC_BODY(ptrace__ptrace_vfork_follow, tc)
1750 {
1751 	struct ptrace_lwpinfo pl[2];
1752 	pid_t children[2], fpid, wpid;
1753 	int events, status;
1754 
1755 	ATF_REQUIRE((fpid = fork()) != -1);
1756 	if (fpid == 0) {
1757 		trace_me();
1758 		follow_fork_parent(true);
1759 	}
1760 
1761 	/* Parent process. */
1762 	children[0] = fpid;
1763 
1764 	/* The first wait() should report the stop from SIGSTOP. */
1765 	wpid = waitpid(children[0], &status, 0);
1766 	REQUIRE_EQ(wpid, children[0]);
1767 	ATF_REQUIRE(WIFSTOPPED(status));
1768 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1769 
1770 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, children[0], (caddr_t)&events,
1771 	    sizeof(events)) == 0);
1772 	events |= PTRACE_FORK | PTRACE_VFORK;
1773 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, children[0], (caddr_t)&events,
1774 	    sizeof(events)) == 0);
1775 
1776 	/* Continue the child ignoring the SIGSTOP. */
1777 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1778 
1779 	/* Wait for both halves of the fork event to get reported. */
1780 	children[1] = handle_fork_events(children[0], pl);
1781 	ATF_REQUIRE(children[1] > 0);
1782 
1783 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_VFORKED) != 0);
1784 
1785 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1786 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1787 
1788 	/*
1789 	 * The child can't exit until the grandchild reports status, so the
1790 	 * grandchild should report its exit first to the debugger.
1791 	 */
1792 	wpid = waitpid(children[1], &status, 0);
1793 	REQUIRE_EQ(wpid, children[1]);
1794 	ATF_REQUIRE(WIFEXITED(status));
1795 	REQUIRE_EQ(WEXITSTATUS(status), 2);
1796 
1797 	/*
1798 	 * The child should report it's vfork() completion before it
1799 	 * exits.
1800 	 */
1801 	wpid = wait(&status);
1802 	REQUIRE_EQ(wpid, children[0]);
1803 	ATF_REQUIRE(WIFSTOPPED(status));
1804 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1805 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl[0], sizeof(pl[0])) !=
1806 	    -1);
1807 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_VFORK_DONE) != 0);
1808 
1809 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1810 
1811 	wpid = wait(&status);
1812 	REQUIRE_EQ(wpid, children[0]);
1813 	ATF_REQUIRE(WIFEXITED(status));
1814 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1815 
1816 	wpid = wait(&status);
1817 	REQUIRE_EQ(wpid, -1);
1818 	REQUIRE_EQ(errno, ECHILD);
1819 }
1820 
1821 #ifdef HAVE_BREAKPOINT
1822 /*
1823  * Verify that no more events are reported after PT_KILL except for the
1824  * process exit when stopped due to a breakpoint trap.
1825  */
1826 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_breakpoint);
1827 ATF_TC_BODY(ptrace__PT_KILL_breakpoint, tc)
1828 {
1829 	pid_t fpid, wpid;
1830 	int status;
1831 
1832 	ATF_REQUIRE((fpid = fork()) != -1);
1833 	if (fpid == 0) {
1834 		trace_me();
1835 		breakpoint();
1836 		exit(1);
1837 	}
1838 
1839 	/* The first wait() should report the stop from SIGSTOP. */
1840 	wpid = waitpid(fpid, &status, 0);
1841 	REQUIRE_EQ(wpid, fpid);
1842 	ATF_REQUIRE(WIFSTOPPED(status));
1843 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1844 
1845 	/* Continue the child ignoring the SIGSTOP. */
1846 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1847 
1848 	/* The second wait() should report hitting the breakpoint. */
1849 	wpid = waitpid(fpid, &status, 0);
1850 	REQUIRE_EQ(wpid, fpid);
1851 	ATF_REQUIRE(WIFSTOPPED(status));
1852 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1853 
1854 	/* Kill the child process. */
1855 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
1856 
1857 	/* The last wait() should report the SIGKILL. */
1858 	wpid = waitpid(fpid, &status, 0);
1859 	REQUIRE_EQ(wpid, fpid);
1860 	ATF_REQUIRE(WIFSIGNALED(status));
1861 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
1862 
1863 	wpid = wait(&status);
1864 	REQUIRE_EQ(wpid, -1);
1865 	REQUIRE_EQ(errno, ECHILD);
1866 }
1867 #endif /* HAVE_BREAKPOINT */
1868 
1869 /*
1870  * Verify that no more events are reported after PT_KILL except for the
1871  * process exit when stopped inside of a system call.
1872  */
1873 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_system_call);
1874 ATF_TC_BODY(ptrace__PT_KILL_system_call, tc)
1875 {
1876 	struct ptrace_lwpinfo pl;
1877 	pid_t fpid, wpid;
1878 	int status;
1879 
1880 	ATF_REQUIRE((fpid = fork()) != -1);
1881 	if (fpid == 0) {
1882 		trace_me();
1883 		getpid();
1884 		exit(1);
1885 	}
1886 
1887 	/* The first wait() should report the stop from SIGSTOP. */
1888 	wpid = waitpid(fpid, &status, 0);
1889 	REQUIRE_EQ(wpid, fpid);
1890 	ATF_REQUIRE(WIFSTOPPED(status));
1891 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1892 
1893 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
1894 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
1895 
1896 	/* The second wait() should report a system call entry for getpid(). */
1897 	wpid = waitpid(fpid, &status, 0);
1898 	REQUIRE_EQ(wpid, fpid);
1899 	ATF_REQUIRE(WIFSTOPPED(status));
1900 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1901 
1902 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1903 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
1904 
1905 	/* Kill the child process. */
1906 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
1907 
1908 	/* The last wait() should report the SIGKILL. */
1909 	wpid = waitpid(fpid, &status, 0);
1910 	REQUIRE_EQ(wpid, fpid);
1911 	ATF_REQUIRE(WIFSIGNALED(status));
1912 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
1913 
1914 	wpid = wait(&status);
1915 	REQUIRE_EQ(wpid, -1);
1916 	REQUIRE_EQ(errno, ECHILD);
1917 }
1918 
1919 /*
1920  * Verify that no more events are reported after PT_KILL except for the
1921  * process exit when killing a multithreaded process.
1922  */
1923 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_threads);
1924 ATF_TC_BODY(ptrace__PT_KILL_threads, tc)
1925 {
1926 	struct ptrace_lwpinfo pl;
1927 	pid_t fpid, wpid;
1928 	lwpid_t main_lwp;
1929 	int status;
1930 
1931 	ATF_REQUIRE((fpid = fork()) != -1);
1932 	if (fpid == 0) {
1933 		trace_me();
1934 		simple_thread_main();
1935 	}
1936 
1937 	/* The first wait() should report the stop from SIGSTOP. */
1938 	wpid = waitpid(fpid, &status, 0);
1939 	REQUIRE_EQ(wpid, fpid);
1940 	ATF_REQUIRE(WIFSTOPPED(status));
1941 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1942 
1943 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1944 	    sizeof(pl)) != -1);
1945 	main_lwp = pl.pl_lwpid;
1946 
1947 	REQUIRE_EQ(ptrace(PT_LWP_EVENTS, wpid, NULL, 1), 0);
1948 
1949 	/* Continue the child ignoring the SIGSTOP. */
1950 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1951 
1952 	/* The first event should be for the child thread's birth. */
1953 	wpid = waitpid(fpid, &status, 0);
1954 	REQUIRE_EQ(wpid, fpid);
1955 	ATF_REQUIRE(WIFSTOPPED(status));
1956 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1957 
1958 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1959 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
1960 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1961 	ATF_REQUIRE(pl.pl_lwpid != main_lwp);
1962 
1963 	/* Kill the child process. */
1964 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
1965 
1966 	/* The last wait() should report the SIGKILL. */
1967 	wpid = waitpid(fpid, &status, 0);
1968 	REQUIRE_EQ(wpid, fpid);
1969 	ATF_REQUIRE(WIFSIGNALED(status));
1970 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
1971 
1972 	wpid = wait(&status);
1973 	REQUIRE_EQ(wpid, -1);
1974 	REQUIRE_EQ(errno, ECHILD);
1975 }
1976 
1977 static void *
1978 mask_usr1_thread(void *arg)
1979 {
1980 	pthread_barrier_t *pbarrier;
1981 	sigset_t sigmask;
1982 
1983 	pbarrier = (pthread_barrier_t*)arg;
1984 
1985 	sigemptyset(&sigmask);
1986 	sigaddset(&sigmask, SIGUSR1);
1987 	CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
1988 
1989 	/* Sync up with other thread after sigmask updated. */
1990 	pthread_barrier_wait(pbarrier);
1991 
1992 	for (;;)
1993 		sleep(60);
1994 
1995 	return (NULL);
1996 }
1997 
1998 /*
1999  * Verify that the SIGKILL from PT_KILL takes priority over other signals
2000  * and prevents spurious stops due to those other signals.
2001  */
2002 ATF_TC(ptrace__PT_KILL_competing_signal);
2003 ATF_TC_HEAD(ptrace__PT_KILL_competing_signal, tc)
2004 {
2005 
2006 	atf_tc_set_md_var(tc, "require.user", "root");
2007 }
2008 ATF_TC_BODY(ptrace__PT_KILL_competing_signal, tc)
2009 {
2010 	pid_t fpid, wpid;
2011 	int status;
2012 	cpuset_t setmask;
2013 	pthread_t t;
2014 	pthread_barrier_t barrier;
2015 	struct sched_param sched_param;
2016 
2017 	ATF_REQUIRE((fpid = fork()) != -1);
2018 	if (fpid == 0) {
2019 		/* Bind to one CPU so only one thread at a time will run. */
2020 		CPU_ZERO(&setmask);
2021 		CPU_SET(0, &setmask);
2022 		cpusetid_t setid;
2023 		CHILD_REQUIRE_EQ(cpuset(&setid), 0);
2024 		CHILD_REQUIRE(cpuset_setaffinity(CPU_LEVEL_CPUSET,
2025 		    CPU_WHICH_CPUSET, setid, sizeof(setmask), &setmask) == 0);
2026 
2027 		CHILD_REQUIRE_EQ(pthread_barrier_init(&barrier, NULL, 2), 0);
2028 
2029 		CHILD_REQUIRE(pthread_create(&t, NULL, mask_usr1_thread,
2030 		    (void*)&barrier) == 0);
2031 
2032 		/*
2033 		 * Give the main thread higher priority. The test always
2034 		 * assumes that, if both threads are able to run, the main
2035 		 * thread runs first.
2036 		 */
2037 		sched_param.sched_priority =
2038 		    (sched_get_priority_max(SCHED_FIFO) +
2039 		    sched_get_priority_min(SCHED_FIFO)) / 2;
2040 		CHILD_REQUIRE(pthread_setschedparam(pthread_self(),
2041 		    SCHED_FIFO, &sched_param) == 0);
2042 		sched_param.sched_priority -= RQ_PPQ;
2043 		CHILD_REQUIRE(pthread_setschedparam(t, SCHED_FIFO,
2044 		    &sched_param) == 0);
2045 
2046 		sigset_t sigmask;
2047 		sigemptyset(&sigmask);
2048 		sigaddset(&sigmask, SIGUSR2);
2049 		CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
2050 
2051 		/* Sync up with other thread after sigmask updated. */
2052 		pthread_barrier_wait(&barrier);
2053 
2054 		trace_me();
2055 
2056 		for (;;)
2057 			sleep(60);
2058 
2059 		exit(1);
2060 	}
2061 
2062 	/* The first wait() should report the stop from SIGSTOP. */
2063 	wpid = waitpid(fpid, &status, 0);
2064 	REQUIRE_EQ(wpid, fpid);
2065 	ATF_REQUIRE(WIFSTOPPED(status));
2066 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2067 
2068 	/* Continue the child ignoring the SIGSTOP. */
2069 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2070 
2071 	/* Send a signal that only the second thread can handle. */
2072 	REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
2073 
2074 	/* The second wait() should report the SIGUSR2. */
2075 	wpid = waitpid(fpid, &status, 0);
2076 	REQUIRE_EQ(wpid, fpid);
2077 	ATF_REQUIRE(WIFSTOPPED(status));
2078 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
2079 
2080 	/* Send a signal that only the first thread can handle. */
2081 	REQUIRE_EQ(kill(fpid, SIGUSR1), 0);
2082 
2083 	/* Replace the SIGUSR2 with a kill. */
2084 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
2085 
2086 	/* The last wait() should report the SIGKILL (not the SIGUSR signal). */
2087 	wpid = waitpid(fpid, &status, 0);
2088 	REQUIRE_EQ(wpid, fpid);
2089 	ATF_REQUIRE(WIFSIGNALED(status));
2090 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
2091 
2092 	wpid = wait(&status);
2093 	REQUIRE_EQ(wpid, -1);
2094 	REQUIRE_EQ(errno, ECHILD);
2095 }
2096 
2097 /*
2098  * Verify that the SIGKILL from PT_KILL takes priority over other stop events
2099  * and prevents spurious stops caused by those events.
2100  */
2101 ATF_TC(ptrace__PT_KILL_competing_stop);
2102 ATF_TC_HEAD(ptrace__PT_KILL_competing_stop, tc)
2103 {
2104 
2105 	atf_tc_set_md_var(tc, "require.user", "root");
2106 }
2107 ATF_TC_BODY(ptrace__PT_KILL_competing_stop, tc)
2108 {
2109 	pid_t fpid, wpid;
2110 	int status;
2111 	cpuset_t setmask;
2112 	pthread_t t;
2113 	pthread_barrier_t barrier;
2114 	lwpid_t main_lwp;
2115 	struct ptrace_lwpinfo pl;
2116 	struct sched_param sched_param;
2117 
2118 	ATF_REQUIRE((fpid = fork()) != -1);
2119 	if (fpid == 0) {
2120 		trace_me();
2121 
2122 		/* Bind to one CPU so only one thread at a time will run. */
2123 		CPU_ZERO(&setmask);
2124 		CPU_SET(0, &setmask);
2125 		cpusetid_t setid;
2126 		CHILD_REQUIRE_EQ(cpuset(&setid), 0);
2127 		CHILD_REQUIRE(cpuset_setaffinity(CPU_LEVEL_CPUSET,
2128 		    CPU_WHICH_CPUSET, setid, sizeof(setmask), &setmask) == 0);
2129 
2130 		CHILD_REQUIRE_EQ(pthread_barrier_init(&barrier, NULL, 2), 0);
2131 
2132 		CHILD_REQUIRE(pthread_create(&t, NULL, mask_usr1_thread,
2133 		    (void*)&barrier) == 0);
2134 
2135 		/*
2136 		 * Give the main thread higher priority. The test always
2137 		 * assumes that, if both threads are able to run, the main
2138 		 * thread runs first.
2139 		 */
2140 		sched_param.sched_priority =
2141 		    (sched_get_priority_max(SCHED_FIFO) +
2142 		    sched_get_priority_min(SCHED_FIFO)) / 2;
2143 		CHILD_REQUIRE(pthread_setschedparam(pthread_self(),
2144 		    SCHED_FIFO, &sched_param) == 0);
2145 		sched_param.sched_priority -= RQ_PPQ;
2146 		CHILD_REQUIRE(pthread_setschedparam(t, SCHED_FIFO,
2147 		    &sched_param) == 0);
2148 
2149 		sigset_t sigmask;
2150 		sigemptyset(&sigmask);
2151 		sigaddset(&sigmask, SIGUSR2);
2152 		CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
2153 
2154 		/* Sync up with other thread after sigmask updated. */
2155 		pthread_barrier_wait(&barrier);
2156 
2157 		/* Sync up with the test before doing the getpid(). */
2158 		raise(SIGSTOP);
2159 
2160 		getpid();
2161 		exit(1);
2162 	}
2163 
2164 	/* The first wait() should report the stop from SIGSTOP. */
2165 	wpid = waitpid(fpid, &status, 0);
2166 	REQUIRE_EQ(wpid, fpid);
2167 	ATF_REQUIRE(WIFSTOPPED(status));
2168 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2169 
2170 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2171 	main_lwp = pl.pl_lwpid;
2172 
2173 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2174 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2175 
2176 	/*
2177 	 * Continue until child is done with setup, which is indicated with
2178 	 * SIGSTOP. Ignore system calls in the meantime.
2179 	 */
2180 	for (;;) {
2181 		wpid = waitpid(fpid, &status, 0);
2182 		REQUIRE_EQ(wpid, fpid);
2183 		ATF_REQUIRE(WIFSTOPPED(status));
2184 		if (WSTOPSIG(status) == SIGTRAP) {
2185 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
2186 			    sizeof(pl)) != -1);
2187 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2188 		} else {
2189 			REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2190 			break;
2191 		}
2192 		REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2193 	}
2194 
2195 	/* Proceed, allowing main thread to hit syscall entry for getpid(). */
2196 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2197 
2198 	wpid = waitpid(fpid, &status, 0);
2199 	REQUIRE_EQ(wpid, fpid);
2200 	ATF_REQUIRE(WIFSTOPPED(status));
2201 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2202 
2203 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
2204 	    sizeof(pl)) != -1);
2205 	REQUIRE_EQ(pl.pl_lwpid, main_lwp);
2206 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2207 	/* Prevent the main thread from hitting its syscall exit for now. */
2208 	REQUIRE_EQ(ptrace(PT_SUSPEND, main_lwp, 0, 0), 0);
2209 
2210 	/*
2211 	 * Proceed, allowing second thread to hit syscall exit for
2212 	 * pthread_barrier_wait().
2213 	 */
2214 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2215 
2216 	wpid = waitpid(fpid, &status, 0);
2217 	REQUIRE_EQ(wpid, fpid);
2218 	ATF_REQUIRE(WIFSTOPPED(status));
2219 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2220 
2221 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
2222 	    sizeof(pl)) != -1);
2223 	ATF_REQUIRE(pl.pl_lwpid != main_lwp);
2224 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
2225 
2226 	/* Send a signal that only the second thread can handle. */
2227 	REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
2228 
2229 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2230 
2231 	/* The next wait() should report the SIGUSR2. */
2232 	wpid = waitpid(fpid, &status, 0);
2233 	REQUIRE_EQ(wpid, fpid);
2234 	ATF_REQUIRE(WIFSTOPPED(status));
2235 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
2236 
2237 	/* Allow the main thread to try to finish its system call. */
2238 	REQUIRE_EQ(ptrace(PT_RESUME, main_lwp, 0, 0), 0);
2239 
2240 	/*
2241 	 * At this point, the main thread is in the middle of a system call and
2242 	 * has been resumed. The second thread has taken a SIGUSR2 which will
2243 	 * be replaced with a SIGKILL below. The main thread will get to run
2244 	 * first. It should notice the kill request (even though the signal
2245 	 * replacement occurred in the other thread) and exit accordingly.  It
2246 	 * should not stop for the system call exit event.
2247 	 */
2248 
2249 	/* Replace the SIGUSR2 with a kill. */
2250 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
2251 
2252 	/* The last wait() should report the SIGKILL (not a syscall exit). */
2253 	wpid = waitpid(fpid, &status, 0);
2254 	REQUIRE_EQ(wpid, fpid);
2255 	ATF_REQUIRE(WIFSIGNALED(status));
2256 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
2257 
2258 	wpid = wait(&status);
2259 	REQUIRE_EQ(wpid, -1);
2260 	REQUIRE_EQ(errno, ECHILD);
2261 }
2262 
2263 static void
2264 sigusr1_handler(int sig)
2265 {
2266 
2267 	CHILD_REQUIRE_EQ(sig, SIGUSR1);
2268 	_exit(2);
2269 }
2270 
2271 /*
2272  * Verify that even if the signal queue is full for a child process,
2273  * a PT_KILL will kill the process.
2274  */
2275 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_with_signal_full_sigqueue);
2276 ATF_TC_BODY(ptrace__PT_KILL_with_signal_full_sigqueue, tc)
2277 {
2278 	pid_t fpid, wpid;
2279 	int status;
2280 	int max_pending_per_proc;
2281 	size_t len;
2282 	int i;
2283 
2284 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_handler) != SIG_ERR);
2285 
2286 	ATF_REQUIRE((fpid = fork()) != -1);
2287 	if (fpid == 0) {
2288 		trace_me();
2289 		exit(1);
2290 	}
2291 
2292 	/* The first wait() should report the stop from SIGSTOP. */
2293 	wpid = waitpid(fpid, &status, 0);
2294 	REQUIRE_EQ(wpid, fpid);
2295 	ATF_REQUIRE(WIFSTOPPED(status));
2296 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2297 
2298 	len = sizeof(max_pending_per_proc);
2299 	ATF_REQUIRE(sysctlbyname("kern.sigqueue.max_pending_per_proc",
2300 	    &max_pending_per_proc, &len, NULL, 0) == 0);
2301 
2302 	/* Fill the signal queue. */
2303 	for (i = 0; i < max_pending_per_proc; ++i)
2304 		REQUIRE_EQ(kill(fpid, SIGUSR1), 0);
2305 
2306 	/* Kill the child process. */
2307 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
2308 
2309 	/* The last wait() should report the SIGKILL. */
2310 	wpid = waitpid(fpid, &status, 0);
2311 	REQUIRE_EQ(wpid, fpid);
2312 	ATF_REQUIRE(WIFSIGNALED(status));
2313 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
2314 
2315 	wpid = wait(&status);
2316 	REQUIRE_EQ(wpid, -1);
2317 	REQUIRE_EQ(errno, ECHILD);
2318 }
2319 
2320 /*
2321  * Verify that when stopped at a system call entry, a signal can be
2322  * requested with PT_CONTINUE which will be delivered once the system
2323  * call is complete.
2324  */
2325 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_system_call_entry);
2326 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_system_call_entry, tc)
2327 {
2328 	struct ptrace_lwpinfo pl;
2329 	pid_t fpid, wpid;
2330 	int status;
2331 
2332 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_handler) != SIG_ERR);
2333 
2334 	ATF_REQUIRE((fpid = fork()) != -1);
2335 	if (fpid == 0) {
2336 		trace_me();
2337 		getpid();
2338 		exit(1);
2339 	}
2340 
2341 	/* The first wait() should report the stop from SIGSTOP. */
2342 	wpid = waitpid(fpid, &status, 0);
2343 	REQUIRE_EQ(wpid, fpid);
2344 	ATF_REQUIRE(WIFSTOPPED(status));
2345 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2346 
2347 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2348 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2349 
2350 	/* The second wait() should report a system call entry for getpid(). */
2351 	wpid = waitpid(fpid, &status, 0);
2352 	REQUIRE_EQ(wpid, fpid);
2353 	ATF_REQUIRE(WIFSTOPPED(status));
2354 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2355 
2356 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2357 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2358 
2359 	/* Continue the child process with a signal. */
2360 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2361 
2362 	for (;;) {
2363 		/*
2364 		 * The last wait() should report exit 2, i.e., a normal _exit
2365 		 * from the signal handler. In the meantime, catch and proceed
2366 		 * past any syscall stops.
2367 		 */
2368 		wpid = waitpid(fpid, &status, 0);
2369 		REQUIRE_EQ(wpid, fpid);
2370 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2371 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2372 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2373 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2374 		} else {
2375 			ATF_REQUIRE(WIFEXITED(status));
2376 			REQUIRE_EQ(WEXITSTATUS(status), 2);
2377 			break;
2378 		}
2379 	}
2380 
2381 	wpid = wait(&status);
2382 	REQUIRE_EQ(wpid, -1);
2383 	REQUIRE_EQ(errno, ECHILD);
2384 }
2385 
2386 static void
2387 sigusr1_counting_handler(int sig)
2388 {
2389 	static int counter = 0;
2390 
2391 	CHILD_REQUIRE_EQ(sig, SIGUSR1);
2392 	counter++;
2393 	if (counter == 2)
2394 		_exit(2);
2395 }
2396 
2397 /*
2398  * Verify that, when continuing from a stop at system call entry and exit,
2399  * a signal can be requested from both stops, and both will be delivered when
2400  * the system call is complete.
2401  */
2402 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_system_call_entry_and_exit);
2403 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_system_call_entry_and_exit, tc)
2404 {
2405 	struct ptrace_lwpinfo pl;
2406 	pid_t fpid, wpid;
2407 	int status;
2408 
2409 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_counting_handler) != SIG_ERR);
2410 
2411 	ATF_REQUIRE((fpid = fork()) != -1);
2412 	if (fpid == 0) {
2413 		trace_me();
2414 		getpid();
2415 		exit(1);
2416 	}
2417 
2418 	/* The first wait() should report the stop from SIGSTOP. */
2419 	wpid = waitpid(fpid, &status, 0);
2420 	REQUIRE_EQ(wpid, fpid);
2421 	ATF_REQUIRE(WIFSTOPPED(status));
2422 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2423 
2424 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2425 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2426 
2427 	/* The second wait() should report a system call entry for getpid(). */
2428 	wpid = waitpid(fpid, &status, 0);
2429 	REQUIRE_EQ(wpid, fpid);
2430 	ATF_REQUIRE(WIFSTOPPED(status));
2431 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2432 
2433 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2434 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2435 
2436 	/* Continue the child process with a signal. */
2437 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2438 
2439 	/* The third wait() should report a system call exit for getpid(). */
2440 	wpid = waitpid(fpid, &status, 0);
2441 	REQUIRE_EQ(wpid, fpid);
2442 	ATF_REQUIRE(WIFSTOPPED(status));
2443 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2444 
2445 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2446 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
2447 
2448 	/* Continue the child process with a signal. */
2449 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2450 
2451 	for (;;) {
2452 		/*
2453 		 * The last wait() should report exit 2, i.e., a normal _exit
2454 		 * from the signal handler. In the meantime, catch and proceed
2455 		 * past any syscall stops.
2456 		 */
2457 		wpid = waitpid(fpid, &status, 0);
2458 		REQUIRE_EQ(wpid, fpid);
2459 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2460 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2461 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2462 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2463 		} else {
2464 			ATF_REQUIRE(WIFEXITED(status));
2465 			REQUIRE_EQ(WEXITSTATUS(status), 2);
2466 			break;
2467 		}
2468 	}
2469 
2470 	wpid = wait(&status);
2471 	REQUIRE_EQ(wpid, -1);
2472 	REQUIRE_EQ(errno, ECHILD);
2473 }
2474 
2475 /*
2476  * Verify that even if the signal queue is full for a child process,
2477  * a PT_CONTINUE with a signal will not result in loss of that signal.
2478  */
2479 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_full_sigqueue);
2480 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_full_sigqueue, tc)
2481 {
2482 	pid_t fpid, wpid;
2483 	int status;
2484 	int max_pending_per_proc;
2485 	size_t len;
2486 	int i;
2487 
2488 	ATF_REQUIRE(signal(SIGUSR2, handler) != SIG_ERR);
2489 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_handler) != SIG_ERR);
2490 
2491 	ATF_REQUIRE((fpid = fork()) != -1);
2492 	if (fpid == 0) {
2493 		trace_me();
2494 		exit(1);
2495 	}
2496 
2497 	/* The first wait() should report the stop from SIGSTOP. */
2498 	wpid = waitpid(fpid, &status, 0);
2499 	REQUIRE_EQ(wpid, fpid);
2500 	ATF_REQUIRE(WIFSTOPPED(status));
2501 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2502 
2503 	len = sizeof(max_pending_per_proc);
2504 	ATF_REQUIRE(sysctlbyname("kern.sigqueue.max_pending_per_proc",
2505 	    &max_pending_per_proc, &len, NULL, 0) == 0);
2506 
2507 	/* Fill the signal queue. */
2508 	for (i = 0; i < max_pending_per_proc; ++i)
2509 		REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
2510 
2511 	/* Continue with signal. */
2512 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2513 
2514 	for (;;) {
2515 		wpid = waitpid(fpid, &status, 0);
2516 		REQUIRE_EQ(wpid, fpid);
2517 		if (WIFSTOPPED(status)) {
2518 			REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
2519 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2520 		} else {
2521 			/*
2522 			 * The last wait() should report normal _exit from the
2523 			 * SIGUSR1 handler.
2524 			 */
2525 			ATF_REQUIRE(WIFEXITED(status));
2526 			REQUIRE_EQ(WEXITSTATUS(status), 2);
2527 			break;
2528 		}
2529 	}
2530 
2531 	wpid = wait(&status);
2532 	REQUIRE_EQ(wpid, -1);
2533 	REQUIRE_EQ(errno, ECHILD);
2534 }
2535 
2536 static sem_t sigusr1_sem;
2537 static int got_usr1;
2538 
2539 static void
2540 sigusr1_sempost_handler(int sig __unused)
2541 {
2542 
2543 	got_usr1++;
2544 	CHILD_REQUIRE_EQ(sem_post(&sigusr1_sem), 0);
2545 }
2546 
2547 /*
2548  * Verify that even if the signal queue is full for a child process,
2549  * and the signal is masked, a PT_CONTINUE with a signal will not
2550  * result in loss of that signal.
2551  */
2552 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_masked_full_sigqueue);
2553 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_masked_full_sigqueue, tc)
2554 {
2555 	struct ptrace_lwpinfo pl;
2556 	pid_t fpid, wpid;
2557 	int status, err;
2558 	int max_pending_per_proc;
2559 	size_t len;
2560 	int i;
2561 	sigset_t sigmask;
2562 
2563 	ATF_REQUIRE(signal(SIGUSR2, handler) != SIG_ERR);
2564 	REQUIRE_EQ(sem_init(&sigusr1_sem, 0, 0), 0);
2565 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
2566 
2567 	got_usr1 = 0;
2568 	ATF_REQUIRE((fpid = fork()) != -1);
2569 	if (fpid == 0) {
2570 		CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
2571 		CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
2572 		CHILD_REQUIRE_EQ(sigprocmask(SIG_BLOCK, &sigmask, NULL), 0);
2573 
2574 		trace_me();
2575 		CHILD_REQUIRE_EQ(got_usr1, 0);
2576 
2577 		/* Allow the pending SIGUSR1 in now. */
2578 		CHILD_REQUIRE_EQ(sigprocmask(SIG_UNBLOCK, &sigmask, NULL), 0);
2579 		/* Wait to receive the SIGUSR1. */
2580 		do {
2581 			err = sem_wait(&sigusr1_sem);
2582 			CHILD_REQUIRE(err == 0 || errno == EINTR);
2583 		} while (err != 0 && errno == EINTR);
2584 		CHILD_REQUIRE_EQ(got_usr1, 1);
2585 		exit(1);
2586 	}
2587 
2588 	/* The first wait() should report the stop from SIGSTOP. */
2589 	wpid = waitpid(fpid, &status, 0);
2590 	REQUIRE_EQ(wpid, fpid);
2591 	ATF_REQUIRE(WIFSTOPPED(status));
2592 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2593 
2594 	len = sizeof(max_pending_per_proc);
2595 	ATF_REQUIRE(sysctlbyname("kern.sigqueue.max_pending_per_proc",
2596 	    &max_pending_per_proc, &len, NULL, 0) == 0);
2597 
2598 	/* Fill the signal queue. */
2599 	for (i = 0; i < max_pending_per_proc; ++i)
2600 		REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
2601 
2602 	/* Continue with signal. */
2603 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2604 
2605 	/* Collect and ignore all of the SIGUSR2. */
2606 	for (i = 0; i < max_pending_per_proc; ++i) {
2607 		wpid = waitpid(fpid, &status, 0);
2608 		REQUIRE_EQ(wpid, fpid);
2609 		ATF_REQUIRE(WIFSTOPPED(status));
2610 		REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
2611 		REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2612 	}
2613 
2614 	/* Now our PT_CONTINUE'd SIGUSR1 should cause a stop after unmask. */
2615 	wpid = waitpid(fpid, &status, 0);
2616 	REQUIRE_EQ(wpid, fpid);
2617 	ATF_REQUIRE(WIFSTOPPED(status));
2618 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR1);
2619 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
2620 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGUSR1);
2621 
2622 	/* Continue the child, ignoring the SIGUSR1. */
2623 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2624 
2625 	/* The last wait() should report exit after receiving SIGUSR1. */
2626 	wpid = waitpid(fpid, &status, 0);
2627 	REQUIRE_EQ(wpid, fpid);
2628 	ATF_REQUIRE(WIFEXITED(status));
2629 	REQUIRE_EQ(WEXITSTATUS(status), 1);
2630 
2631 	wpid = wait(&status);
2632 	REQUIRE_EQ(wpid, -1);
2633 	REQUIRE_EQ(errno, ECHILD);
2634 }
2635 
2636 /*
2637  * Verify that, after stopping due to a signal, that signal can be
2638  * replaced with another signal.
2639  */
2640 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_change_sig);
2641 ATF_TC_BODY(ptrace__PT_CONTINUE_change_sig, tc)
2642 {
2643 	struct ptrace_lwpinfo pl;
2644 	pid_t fpid, wpid;
2645 	int status;
2646 
2647 	ATF_REQUIRE((fpid = fork()) != -1);
2648 	if (fpid == 0) {
2649 		trace_me();
2650 		sleep(20);
2651 		exit(1);
2652 	}
2653 
2654 	/* The first wait() should report the stop from SIGSTOP. */
2655 	wpid = waitpid(fpid, &status, 0);
2656 	REQUIRE_EQ(wpid, fpid);
2657 	ATF_REQUIRE(WIFSTOPPED(status));
2658 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2659 
2660 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2661 
2662 	/* Send a signal without ptrace. */
2663 	REQUIRE_EQ(kill(fpid, SIGINT), 0);
2664 
2665 	/* The second wait() should report a SIGINT was received. */
2666 	wpid = waitpid(fpid, &status, 0);
2667 	REQUIRE_EQ(wpid, fpid);
2668 	ATF_REQUIRE(WIFSTOPPED(status));
2669 	REQUIRE_EQ(WSTOPSIG(status), SIGINT);
2670 
2671 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2672 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
2673 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGINT);
2674 
2675 	/* Continue the child process with a different signal. */
2676 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGTERM), 0);
2677 
2678 	/*
2679 	 * The last wait() should report having died due to the new
2680 	 * signal, SIGTERM.
2681 	 */
2682 	wpid = waitpid(fpid, &status, 0);
2683 	REQUIRE_EQ(wpid, fpid);
2684 	ATF_REQUIRE(WIFSIGNALED(status));
2685 	REQUIRE_EQ(WTERMSIG(status), SIGTERM);
2686 
2687 	wpid = wait(&status);
2688 	REQUIRE_EQ(wpid, -1);
2689 	REQUIRE_EQ(errno, ECHILD);
2690 }
2691 
2692 /*
2693  * Verify that a signal can be passed through to the child even when there
2694  * was no true signal originally. Such cases arise when a SIGTRAP is
2695  * invented for e.g, system call stops.
2696  */
2697 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_sigtrap_system_call_entry);
2698 ATF_TC_BODY(ptrace__PT_CONTINUE_with_sigtrap_system_call_entry, tc)
2699 {
2700 	struct ptrace_lwpinfo pl;
2701 	struct rlimit rl;
2702 	pid_t fpid, wpid;
2703 	int status;
2704 
2705 	ATF_REQUIRE((fpid = fork()) != -1);
2706 	if (fpid == 0) {
2707 		trace_me();
2708 		/* SIGTRAP expected to cause exit on syscall entry. */
2709 		rl.rlim_cur = rl.rlim_max = 0;
2710 		REQUIRE_EQ(setrlimit(RLIMIT_CORE, &rl), 0);
2711 		getpid();
2712 		exit(1);
2713 	}
2714 
2715 	/* The first wait() should report the stop from SIGSTOP. */
2716 	wpid = waitpid(fpid, &status, 0);
2717 	REQUIRE_EQ(wpid, fpid);
2718 	ATF_REQUIRE(WIFSTOPPED(status));
2719 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2720 
2721 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2722 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2723 
2724 	/* The second wait() should report a system call entry for getpid(). */
2725 	wpid = waitpid(fpid, &status, 0);
2726 	REQUIRE_EQ(wpid, fpid);
2727 	ATF_REQUIRE(WIFSTOPPED(status));
2728 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2729 
2730 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2731 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2732 
2733 	/* Continue the child process with a SIGTRAP. */
2734 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGTRAP), 0);
2735 
2736 	for (;;) {
2737 		/*
2738 		 * The last wait() should report exit due to SIGTRAP.  In the
2739 		 * meantime, catch and proceed past any syscall stops.
2740 		 */
2741 		wpid = waitpid(fpid, &status, 0);
2742 		REQUIRE_EQ(wpid, fpid);
2743 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2744 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2745 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2746 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2747 		} else {
2748 			ATF_REQUIRE(WIFSIGNALED(status));
2749 			REQUIRE_EQ(WTERMSIG(status), SIGTRAP);
2750 			break;
2751 		}
2752 	}
2753 
2754 	wpid = wait(&status);
2755 	REQUIRE_EQ(wpid, -1);
2756 	REQUIRE_EQ(errno, ECHILD);
2757 }
2758 
2759 /*
2760  * A mixed bag PT_CONTINUE with signal test.
2761  */
2762 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_mix);
2763 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_mix, tc)
2764 {
2765 	struct ptrace_lwpinfo pl;
2766 	pid_t fpid, wpid;
2767 	int status;
2768 
2769 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_counting_handler) != SIG_ERR);
2770 
2771 	ATF_REQUIRE((fpid = fork()) != -1);
2772 	if (fpid == 0) {
2773 		trace_me();
2774 		getpid();
2775 		exit(1);
2776 	}
2777 
2778 	/* The first wait() should report the stop from SIGSTOP. */
2779 	wpid = waitpid(fpid, &status, 0);
2780 	REQUIRE_EQ(wpid, fpid);
2781 	ATF_REQUIRE(WIFSTOPPED(status));
2782 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2783 
2784 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2785 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2786 
2787 	/* The second wait() should report a system call entry for getpid(). */
2788 	wpid = waitpid(fpid, &status, 0);
2789 	REQUIRE_EQ(wpid, fpid);
2790 	ATF_REQUIRE(WIFSTOPPED(status));
2791 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2792 
2793 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2794 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2795 
2796 	/* Continue with the first SIGUSR1. */
2797 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2798 
2799 	/* The next wait() should report a system call exit for getpid(). */
2800 	wpid = waitpid(fpid, &status, 0);
2801 	REQUIRE_EQ(wpid, fpid);
2802 	ATF_REQUIRE(WIFSTOPPED(status));
2803 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2804 
2805 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2806 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
2807 
2808 	/* Send an ABRT without ptrace. */
2809 	REQUIRE_EQ(kill(fpid, SIGABRT), 0);
2810 
2811 	/* Continue normally. */
2812 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2813 
2814 	/* The next wait() should report the SIGABRT. */
2815 	wpid = waitpid(fpid, &status, 0);
2816 	REQUIRE_EQ(wpid, fpid);
2817 	ATF_REQUIRE(WIFSTOPPED(status));
2818 	REQUIRE_EQ(WSTOPSIG(status), SIGABRT);
2819 
2820 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2821 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
2822 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGABRT);
2823 
2824 	/* Continue, replacing the SIGABRT with another SIGUSR1. */
2825 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2826 
2827 	for (;;) {
2828 		/*
2829 		 * The last wait() should report exit 2, i.e., a normal _exit
2830 		 * from the signal handler. In the meantime, catch and proceed
2831 		 * past any syscall stops.
2832 		 */
2833 		wpid = waitpid(fpid, &status, 0);
2834 		REQUIRE_EQ(wpid, fpid);
2835 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2836 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2837 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2838 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2839 		} else {
2840 			ATF_REQUIRE(WIFEXITED(status));
2841 			REQUIRE_EQ(WEXITSTATUS(status), 2);
2842 			break;
2843 		}
2844 	}
2845 
2846 	wpid = wait(&status);
2847 	REQUIRE_EQ(wpid, -1);
2848 	REQUIRE_EQ(errno, ECHILD);
2849 }
2850 
2851 /*
2852  * Verify a signal delivered by ptrace is noticed by kevent(2).
2853  */
2854 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_kqueue);
2855 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_kqueue, tc)
2856 {
2857 	pid_t fpid, wpid;
2858 	int status, kq, nevents;
2859 	struct kevent kev;
2860 
2861 	ATF_REQUIRE(signal(SIGUSR1, SIG_IGN) != SIG_ERR);
2862 
2863 	ATF_REQUIRE((fpid = fork()) != -1);
2864 	if (fpid == 0) {
2865 		CHILD_REQUIRE((kq = kqueue()) > 0);
2866 		EV_SET(&kev, SIGUSR1, EVFILT_SIGNAL, EV_ADD, 0, 0, 0);
2867 		CHILD_REQUIRE_EQ(kevent(kq, &kev, 1, NULL, 0, NULL), 0);
2868 
2869 		trace_me();
2870 
2871 		for (;;) {
2872 			nevents = kevent(kq, NULL, 0, &kev, 1, NULL);
2873 			if (nevents == -1 && errno == EINTR)
2874 				continue;
2875 			CHILD_REQUIRE(nevents > 0);
2876 			CHILD_REQUIRE_EQ(kev.filter, EVFILT_SIGNAL);
2877 			CHILD_REQUIRE_EQ(kev.ident, (uintptr_t)SIGUSR1);
2878 			break;
2879 		}
2880 
2881 		exit(1);
2882 	}
2883 
2884 	/* The first wait() should report the stop from SIGSTOP. */
2885 	wpid = waitpid(fpid, &status, 0);
2886 	REQUIRE_EQ(wpid, fpid);
2887 	ATF_REQUIRE(WIFSTOPPED(status));
2888 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2889 
2890 	/* Continue with the SIGUSR1. */
2891 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2892 
2893 	/*
2894 	 * The last wait() should report normal exit with code 1.
2895 	 */
2896 	wpid = waitpid(fpid, &status, 0);
2897 	REQUIRE_EQ(wpid, fpid);
2898 	ATF_REQUIRE(WIFEXITED(status));
2899 	REQUIRE_EQ(WEXITSTATUS(status), 1);
2900 
2901 	wpid = wait(&status);
2902 	REQUIRE_EQ(wpid, -1);
2903 	REQUIRE_EQ(errno, ECHILD);
2904 }
2905 
2906 static void *
2907 signal_thread(void *arg)
2908 {
2909 	int err;
2910 	sigset_t sigmask;
2911 
2912 	pthread_barrier_t *pbarrier = (pthread_barrier_t*)arg;
2913 
2914 	/* Wait for this thread to receive a SIGUSR1. */
2915 	do {
2916 		err = sem_wait(&sigusr1_sem);
2917 		CHILD_REQUIRE(err == 0 || errno == EINTR);
2918 	} while (err != 0 && errno == EINTR);
2919 
2920 	/* Free our companion thread from the barrier. */
2921 	pthread_barrier_wait(pbarrier);
2922 
2923 	/*
2924 	 * Swap ignore duties; the next SIGUSR1 should go to the
2925 	 * other thread.
2926 	 */
2927 	CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
2928 	CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
2929 	CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
2930 
2931 	/* Sync up threads after swapping signal masks. */
2932 	pthread_barrier_wait(pbarrier);
2933 
2934 	/* Wait until our companion has received its SIGUSR1. */
2935 	pthread_barrier_wait(pbarrier);
2936 
2937 	return (NULL);
2938 }
2939 
2940 /*
2941  * Verify that a traced process with blocked signal received the
2942  * signal from kill() once unmasked.
2943  */
2944 ATF_TC_WITHOUT_HEAD(ptrace__killed_with_sigmask);
2945 ATF_TC_BODY(ptrace__killed_with_sigmask, tc)
2946 {
2947 	struct ptrace_lwpinfo pl;
2948 	pid_t fpid, wpid;
2949 	int status, err;
2950 	sigset_t sigmask;
2951 
2952 	REQUIRE_EQ(sem_init(&sigusr1_sem, 0, 0), 0);
2953 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
2954 	got_usr1 = 0;
2955 
2956 	ATF_REQUIRE((fpid = fork()) != -1);
2957 	if (fpid == 0) {
2958 		CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
2959 		CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
2960 		CHILD_REQUIRE_EQ(sigprocmask(SIG_BLOCK, &sigmask, NULL), 0);
2961 
2962 		trace_me();
2963 		CHILD_REQUIRE_EQ(got_usr1, 0);
2964 
2965 		/* Allow the pending SIGUSR1 in now. */
2966 		CHILD_REQUIRE_EQ(sigprocmask(SIG_UNBLOCK, &sigmask, NULL), 0);
2967 		/* Wait to receive a SIGUSR1. */
2968 		do {
2969 			err = sem_wait(&sigusr1_sem);
2970 			CHILD_REQUIRE(err == 0 || errno == EINTR);
2971 		} while (err != 0 && errno == EINTR);
2972 		CHILD_REQUIRE_EQ(got_usr1, 1);
2973 		exit(1);
2974 	}
2975 
2976 	/* The first wait() should report the stop from SIGSTOP. */
2977 	wpid = waitpid(fpid, &status, 0);
2978 	REQUIRE_EQ(wpid, fpid);
2979 	ATF_REQUIRE(WIFSTOPPED(status));
2980 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2981 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
2982 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGSTOP);
2983 
2984 	/* Send blocked SIGUSR1 which should cause a stop. */
2985 	REQUIRE_EQ(kill(fpid, SIGUSR1), 0);
2986 
2987 	/* Continue the child ignoring the SIGSTOP. */
2988 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2989 
2990 	/* The next wait() should report the kill(SIGUSR1) was received. */
2991 	wpid = waitpid(fpid, &status, 0);
2992 	REQUIRE_EQ(wpid, fpid);
2993 	ATF_REQUIRE(WIFSTOPPED(status));
2994 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR1);
2995 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
2996 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGUSR1);
2997 
2998 	/* Continue the child, allowing in the SIGUSR1. */
2999 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
3000 
3001 	/* The last wait() should report normal exit with code 1. */
3002 	wpid = waitpid(fpid, &status, 0);
3003 	REQUIRE_EQ(wpid, fpid);
3004 	ATF_REQUIRE(WIFEXITED(status));
3005 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3006 
3007 	wpid = wait(&status);
3008 	REQUIRE_EQ(wpid, -1);
3009 	REQUIRE_EQ(errno, ECHILD);
3010 }
3011 
3012 /*
3013  * Verify that a traced process with blocked signal received the
3014  * signal from PT_CONTINUE once unmasked.
3015  */
3016 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_sigmask);
3017 ATF_TC_BODY(ptrace__PT_CONTINUE_with_sigmask, tc)
3018 {
3019 	struct ptrace_lwpinfo pl;
3020 	pid_t fpid, wpid;
3021 	int status, err;
3022 	sigset_t sigmask;
3023 
3024 	REQUIRE_EQ(sem_init(&sigusr1_sem, 0, 0), 0);
3025 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
3026 	got_usr1 = 0;
3027 
3028 	ATF_REQUIRE((fpid = fork()) != -1);
3029 	if (fpid == 0) {
3030 		CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
3031 		CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
3032 		CHILD_REQUIRE_EQ(sigprocmask(SIG_BLOCK, &sigmask, NULL), 0);
3033 
3034 		trace_me();
3035 		CHILD_REQUIRE_EQ(got_usr1, 0);
3036 
3037 		/* Allow the pending SIGUSR1 in now. */
3038 		CHILD_REQUIRE_EQ(sigprocmask(SIG_UNBLOCK, &sigmask, NULL), 0);
3039 		/* Wait to receive a SIGUSR1. */
3040 		do {
3041 			err = sem_wait(&sigusr1_sem);
3042 			CHILD_REQUIRE(err == 0 || errno == EINTR);
3043 		} while (err != 0 && errno == EINTR);
3044 
3045 		CHILD_REQUIRE_EQ(got_usr1, 1);
3046 		exit(1);
3047 	}
3048 
3049 	/* The first wait() should report the stop from SIGSTOP. */
3050 	wpid = waitpid(fpid, &status, 0);
3051 	REQUIRE_EQ(wpid, fpid);
3052 	ATF_REQUIRE(WIFSTOPPED(status));
3053 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3054 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
3055 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGSTOP);
3056 
3057 	/* Continue the child replacing SIGSTOP with SIGUSR1. */
3058 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
3059 
3060 	/* The next wait() should report the SIGUSR1 was received. */
3061 	wpid = waitpid(fpid, &status, 0);
3062 	REQUIRE_EQ(wpid, fpid);
3063 	ATF_REQUIRE(WIFSTOPPED(status));
3064 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR1);
3065 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
3066 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGUSR1);
3067 
3068 	/* Continue the child, ignoring the SIGUSR1. */
3069 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3070 
3071 	/* The last wait() should report normal exit with code 1. */
3072 	wpid = waitpid(fpid, &status, 0);
3073 	REQUIRE_EQ(wpid, fpid);
3074 	ATF_REQUIRE(WIFEXITED(status));
3075 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3076 
3077 	wpid = wait(&status);
3078 	REQUIRE_EQ(wpid, -1);
3079 	REQUIRE_EQ(errno, ECHILD);
3080 }
3081 
3082 /*
3083  * Verify that if ptrace stops due to a signal but continues with
3084  * a different signal that the new signal is routed to a thread
3085  * that can accept it, and that the thread is awakened by the signal
3086  * in a timely manner.
3087  */
3088 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_thread_sigmask);
3089 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_thread_sigmask, tc)
3090 {
3091 	pid_t fpid, wpid;
3092 	int status, err;
3093 	pthread_t t;
3094 	sigset_t sigmask;
3095 	pthread_barrier_t barrier;
3096 
3097 	REQUIRE_EQ(pthread_barrier_init(&barrier, NULL, 2), 0);
3098 	REQUIRE_EQ(sem_init(&sigusr1_sem, 0, 0), 0);
3099 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
3100 
3101 	ATF_REQUIRE((fpid = fork()) != -1);
3102 	if (fpid == 0) {
3103 		CHILD_REQUIRE_EQ(pthread_create(&t, NULL, signal_thread,
3104 		    (void *)&barrier), 0);
3105 
3106 		/* The other thread should receive the first SIGUSR1. */
3107 		CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
3108 		CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
3109 		CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
3110 
3111 		trace_me();
3112 
3113 		/* Wait until other thread has received its SIGUSR1. */
3114 		pthread_barrier_wait(&barrier);
3115 
3116 		/*
3117 		 * Swap ignore duties; the next SIGUSR1 should go to this
3118 		 * thread.
3119 		 */
3120 		CHILD_REQUIRE_EQ(pthread_sigmask(SIG_UNBLOCK, &sigmask, NULL),
3121 		    0);
3122 
3123 		/* Sync up threads after swapping signal masks. */
3124 		pthread_barrier_wait(&barrier);
3125 
3126 		/*
3127 		 * Sync up with test code; we're ready for the next SIGUSR1
3128 		 * now.
3129 		 */
3130 		raise(SIGSTOP);
3131 
3132 		/* Wait for this thread to receive a SIGUSR1. */
3133 		do {
3134 			err = sem_wait(&sigusr1_sem);
3135 			CHILD_REQUIRE(err == 0 || errno == EINTR);
3136 		} while (err != 0 && errno == EINTR);
3137 
3138 		/* Free the other thread from the barrier. */
3139 		pthread_barrier_wait(&barrier);
3140 
3141 		CHILD_REQUIRE_EQ(pthread_join(t, NULL), 0);
3142 
3143 		exit(1);
3144 	}
3145 
3146 	/* The first wait() should report the stop from SIGSTOP. */
3147 	wpid = waitpid(fpid, &status, 0);
3148 	REQUIRE_EQ(wpid, fpid);
3149 	ATF_REQUIRE(WIFSTOPPED(status));
3150 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3151 
3152 	/* Continue the child ignoring the SIGSTOP. */
3153 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3154 
3155 	/*
3156 	 * Send a signal without ptrace that either thread will accept (USR2,
3157 	 * in this case).
3158 	 */
3159 	REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
3160 
3161 	/* The second wait() should report a SIGUSR2 was received. */
3162 	wpid = waitpid(fpid, &status, 0);
3163 	REQUIRE_EQ(wpid, fpid);
3164 	ATF_REQUIRE(WIFSTOPPED(status));
3165 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
3166 
3167 	/* Continue the child, changing the signal to USR1. */
3168 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
3169 
3170 	/* The next wait() should report the stop from SIGSTOP. */
3171 	wpid = waitpid(fpid, &status, 0);
3172 	REQUIRE_EQ(wpid, fpid);
3173 	ATF_REQUIRE(WIFSTOPPED(status));
3174 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3175 
3176 	/* Continue the child ignoring the SIGSTOP. */
3177 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3178 
3179 	REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
3180 
3181 	/* The next wait() should report a SIGUSR2 was received. */
3182 	wpid = waitpid(fpid, &status, 0);
3183 	REQUIRE_EQ(wpid, fpid);
3184 	ATF_REQUIRE(WIFSTOPPED(status));
3185 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
3186 
3187 	/* Continue the child, changing the signal to USR1. */
3188 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
3189 
3190 	/* The last wait() should report normal exit with code 1. */
3191 	wpid = waitpid(fpid, &status, 0);
3192 	REQUIRE_EQ(wpid, fpid);
3193 	ATF_REQUIRE(WIFEXITED(status));
3194 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3195 
3196 	wpid = wait(&status);
3197 	REQUIRE_EQ(wpid, -1);
3198 	REQUIRE_EQ(errno, ECHILD);
3199 }
3200 
3201 /*
3202  * Verify that PT_GETREGSET returns registers and PT_SETREGSET updates them.
3203  */
3204 ATF_TC_WITHOUT_HEAD(ptrace__PT_REGSET);
3205 ATF_TC_BODY(ptrace__PT_REGSET, tc)
3206 {
3207 #if defined(__aarch64__)
3208 	struct arm64_addr_mask addr_mask;
3209 #endif
3210 	struct prstatus prstatus;
3211 	struct iovec vec;
3212 	pid_t child, wpid;
3213 	int status;
3214 
3215 	ATF_REQUIRE((child = fork()) != -1);
3216 	if (child == 0) {
3217 		trace_me();
3218 		exit(1);
3219 	}
3220 
3221 	/* The first wait() should report the stop from SIGSTOP. */
3222 	wpid = waitpid(child, &status, 0);
3223 	REQUIRE_EQ(wpid, child);
3224 	ATF_REQUIRE(WIFSTOPPED(status));
3225 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3226 
3227 	/* Check the size is returned when vec.iov_base is NULL */
3228 	vec.iov_base = NULL;
3229 	vec.iov_len = 0;
3230 	ATF_REQUIRE(ptrace(PT_GETREGSET, wpid, (caddr_t)&vec, NT_PRSTATUS) !=
3231 	    -1);
3232 	ATF_REQUIRE(vec.iov_len == sizeof(prstatus));
3233 	ATF_REQUIRE(vec.iov_base == NULL);
3234 
3235 	/* Read the registers. */
3236 	memset(&prstatus, 0, sizeof(prstatus));
3237 	vec.iov_base = &prstatus;
3238 	ATF_REQUIRE(ptrace(PT_GETREGSET, wpid, (caddr_t)&vec, NT_PRSTATUS) !=
3239 	    -1);
3240 	ATF_REQUIRE(vec.iov_len == sizeof(prstatus));
3241 	ATF_REQUIRE(vec.iov_base == &prstatus);
3242 	ATF_REQUIRE(prstatus.pr_statussz == sizeof(prstatus));
3243 
3244 	/* Write the registers back. */
3245 	ATF_REQUIRE(ptrace(PT_SETREGSET, wpid, (caddr_t)&vec, NT_PRSTATUS) !=
3246 	    -1);
3247 
3248 #if defined(__aarch64__)
3249 	vec.iov_base = &addr_mask;
3250 	vec.iov_len = sizeof(addr_mask);
3251 	ATF_REQUIRE(ptrace(PT_GETREGSET, wpid, (caddr_t)&vec,
3252 	    NT_ARM_ADDR_MASK) != -1);
3253 	REQUIRE_EQ(addr_mask.code, addr_mask.data);
3254 	ATF_REQUIRE(addr_mask.code == 0 ||
3255 	    addr_mask.code == 0xff7f000000000000UL);
3256 #endif
3257 
3258 	REQUIRE_EQ(ptrace(PT_CONTINUE, child, (caddr_t)1, 0), 0);
3259 
3260 	/* The second wait() should report the exit status. */
3261 	wpid = waitpid(child, &status, 0);
3262 	REQUIRE_EQ(wpid, child);
3263 	ATF_REQUIRE(WIFEXITED(status));
3264 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3265 
3266 	/* The child should no longer exist. */
3267 	wpid = waitpid(child, &status, 0);
3268 	REQUIRE_EQ(wpid, -1);
3269 	REQUIRE_EQ(errno, ECHILD);
3270 }
3271 
3272 static void *
3273 raise_sigstop_thread(void *arg __unused)
3274 {
3275 
3276 	raise(SIGSTOP);
3277 	return NULL;
3278 }
3279 
3280 static void *
3281 sleep_thread(void *arg __unused)
3282 {
3283 
3284 	sleep(60);
3285 	return NULL;
3286 }
3287 
3288 static void
3289 terminate_with_pending_sigstop(bool sigstop_from_main_thread)
3290 {
3291 	pid_t fpid, wpid;
3292 	int status, i;
3293 	cpuset_t setmask;
3294 	cpusetid_t setid;
3295 	pthread_t t;
3296 
3297 	/*
3298 	 * Become the reaper for this process tree. We need to be able to check
3299 	 * that both child and grandchild have died.
3300 	 */
3301 	REQUIRE_EQ(procctl(P_PID, getpid(), PROC_REAP_ACQUIRE, NULL), 0);
3302 
3303 	fpid = fork();
3304 	ATF_REQUIRE(fpid >= 0);
3305 	if (fpid == 0) {
3306 		fpid = fork();
3307 		CHILD_REQUIRE(fpid >= 0);
3308 		if (fpid == 0) {
3309 			trace_me();
3310 
3311 			/* Pin to CPU 0 to serialize thread execution. */
3312 			CPU_ZERO(&setmask);
3313 			CPU_SET(0, &setmask);
3314 			CHILD_REQUIRE_EQ(cpuset(&setid), 0);
3315 			CHILD_REQUIRE(cpuset_setaffinity(CPU_LEVEL_CPUSET,
3316 			    CPU_WHICH_CPUSET, setid,
3317 			    sizeof(setmask), &setmask) == 0);
3318 
3319 			if (sigstop_from_main_thread) {
3320 				/*
3321 				 * We expect the SIGKILL sent when our parent
3322 				 * dies to be delivered to the new thread.
3323 				 * Raise the SIGSTOP in this thread so the
3324 				 * threads compete.
3325 				 */
3326 				CHILD_REQUIRE(pthread_create(&t, NULL,
3327 				    sleep_thread, NULL) == 0);
3328 				raise(SIGSTOP);
3329 			} else {
3330 				/*
3331 				 * We expect the SIGKILL to be delivered to
3332 				 * this thread. After creating the new thread,
3333 				 * just get off the CPU so the other thread can
3334 				 * raise the SIGSTOP.
3335 				 */
3336 				CHILD_REQUIRE(pthread_create(&t, NULL,
3337 				    raise_sigstop_thread, NULL) == 0);
3338 				sleep(60);
3339 			}
3340 
3341 			exit(0);
3342 		}
3343 		/* First stop is trace_me() immediately after fork. */
3344 		wpid = waitpid(fpid, &status, 0);
3345 		CHILD_REQUIRE_EQ(wpid, fpid);
3346 		CHILD_REQUIRE(WIFSTOPPED(status));
3347 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3348 
3349 		CHILD_REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3350 
3351 		/* Second stop is from the raise(SIGSTOP). */
3352 		wpid = waitpid(fpid, &status, 0);
3353 		CHILD_REQUIRE_EQ(wpid, fpid);
3354 		CHILD_REQUIRE(WIFSTOPPED(status));
3355 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3356 
3357 		/*
3358 		 * Terminate tracing process without detaching. Our child
3359 		 * should be killed.
3360 		 */
3361 		exit(0);
3362 	}
3363 
3364 	/*
3365 	 * We should get a normal exit from our immediate child and a SIGKILL
3366 	 * exit from our grandchild. The latter case is the interesting one.
3367 	 * Our grandchild should not have stopped due to the SIGSTOP that was
3368 	 * left dangling when its parent died.
3369 	 */
3370 	for (i = 0; i < 2; ++i) {
3371 		wpid = wait(&status);
3372 		if (wpid == fpid) {
3373 			ATF_REQUIRE(WIFEXITED(status));
3374 			REQUIRE_EQ(WEXITSTATUS(status), 0);
3375 		} else {
3376 			ATF_REQUIRE(WIFSIGNALED(status));
3377 			REQUIRE_EQ(WTERMSIG(status), SIGKILL);
3378 		}
3379 	}
3380 }
3381 
3382 /*
3383  * These two tests ensure that if the tracing process exits without detaching
3384  * just after the child received a SIGSTOP, the child is cleanly killed and
3385  * doesn't go to sleep due to the SIGSTOP. The parent's death will send a
3386  * SIGKILL to the child. If the SIGKILL and the SIGSTOP are handled by
3387  * different threads, the SIGKILL must win.  There are two variants of this
3388  * test, designed to catch the case where the SIGKILL is delivered to the
3389  * younger thread (the first test) and the case where the SIGKILL is delivered
3390  * to the older thread (the second test). This behavior has changed in the
3391  * past, so make no assumption.
3392  */
3393 ATF_TC(ptrace__parent_terminate_with_pending_sigstop1);
3394 ATF_TC_HEAD(ptrace__parent_terminate_with_pending_sigstop1, tc)
3395 {
3396 
3397 	atf_tc_set_md_var(tc, "require.user", "root");
3398 }
3399 ATF_TC_BODY(ptrace__parent_terminate_with_pending_sigstop1, tc)
3400 {
3401 
3402 	terminate_with_pending_sigstop(true);
3403 }
3404 
3405 ATF_TC(ptrace__parent_terminate_with_pending_sigstop2);
3406 ATF_TC_HEAD(ptrace__parent_terminate_with_pending_sigstop2, tc)
3407 {
3408 
3409 	atf_tc_set_md_var(tc, "require.user", "root");
3410 }
3411 ATF_TC_BODY(ptrace__parent_terminate_with_pending_sigstop2, tc)
3412 {
3413 
3414 	terminate_with_pending_sigstop(false);
3415 }
3416 
3417 /*
3418  * Verify that after ptrace() discards a SIGKILL signal, the event mask
3419  * is not modified.
3420  */
3421 ATF_TC_WITHOUT_HEAD(ptrace__event_mask_sigkill_discard);
3422 ATF_TC_BODY(ptrace__event_mask_sigkill_discard, tc)
3423 {
3424 	struct ptrace_lwpinfo pl;
3425 	pid_t fpid, wpid;
3426 	int status, event_mask, new_event_mask;
3427 
3428 	ATF_REQUIRE((fpid = fork()) != -1);
3429 	if (fpid == 0) {
3430 		trace_me();
3431 		raise(SIGSTOP);
3432 		exit(0);
3433 	}
3434 
3435 	/* The first wait() should report the stop from trace_me(). */
3436 	wpid = waitpid(fpid, &status, 0);
3437 	REQUIRE_EQ(wpid, fpid);
3438 	ATF_REQUIRE(WIFSTOPPED(status));
3439 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3440 
3441 	/* Set several unobtrusive event bits. */
3442 	event_mask = PTRACE_EXEC | PTRACE_FORK | PTRACE_LWP;
3443 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, wpid, (caddr_t)&event_mask,
3444 	    sizeof(event_mask)) == 0);
3445 
3446 	/* Send a SIGKILL without using ptrace. */
3447 	REQUIRE_EQ(kill(fpid, SIGKILL), 0);
3448 
3449 	/* Continue the child ignoring the SIGSTOP. */
3450 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3451 
3452 	/* The next stop should be due to the SIGKILL. */
3453 	wpid = waitpid(fpid, &status, 0);
3454 	REQUIRE_EQ(wpid, fpid);
3455 	ATF_REQUIRE(WIFSTOPPED(status));
3456 	REQUIRE_EQ(WSTOPSIG(status), SIGKILL);
3457 
3458 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3459 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3460 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGKILL);
3461 
3462 	/* Continue the child ignoring the SIGKILL. */
3463 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3464 
3465 	/* The next wait() should report the stop from SIGSTOP. */
3466 	wpid = waitpid(fpid, &status, 0);
3467 	REQUIRE_EQ(wpid, fpid);
3468 	ATF_REQUIRE(WIFSTOPPED(status));
3469 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3470 
3471 	/* Check the current event mask. It should not have changed. */
3472 	new_event_mask = 0;
3473 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, wpid, (caddr_t)&new_event_mask,
3474 	    sizeof(new_event_mask)) == 0);
3475 	REQUIRE_EQ(event_mask, new_event_mask);
3476 
3477 	/* Continue the child to let it exit. */
3478 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3479 
3480 	/* The last event should be for the child process's exit. */
3481 	wpid = waitpid(fpid, &status, 0);
3482 	ATF_REQUIRE(WIFEXITED(status));
3483 	REQUIRE_EQ(WEXITSTATUS(status), 0);
3484 
3485 	wpid = wait(&status);
3486 	REQUIRE_EQ(wpid, -1);
3487 	REQUIRE_EQ(errno, ECHILD);
3488 }
3489 
3490 static void *
3491 flock_thread(void *arg)
3492 {
3493 	int fd;
3494 
3495 	fd = *(int *)arg;
3496 	(void)flock(fd, LOCK_EX);
3497 	(void)flock(fd, LOCK_UN);
3498 	return (NULL);
3499 }
3500 
3501 /*
3502  * Verify that PT_ATTACH will suspend threads sleeping in an SBDRY section.
3503  * We rely on the fact that the lockf implementation sets SBDRY before blocking
3504  * on a lock. This is a regression test for r318191.
3505  */
3506 ATF_TC_WITHOUT_HEAD(ptrace__PT_ATTACH_with_SBDRY_thread);
3507 ATF_TC_BODY(ptrace__PT_ATTACH_with_SBDRY_thread, tc)
3508 {
3509 	pthread_barrier_t barrier;
3510 	pthread_barrierattr_t battr;
3511 	char tmpfile[64];
3512 	pid_t child, wpid;
3513 	int error, fd, i, status;
3514 
3515 	REQUIRE_EQ(pthread_barrierattr_init(&battr), 0);
3516 	ATF_REQUIRE(pthread_barrierattr_setpshared(&battr,
3517 	    PTHREAD_PROCESS_SHARED) == 0);
3518 	REQUIRE_EQ(pthread_barrier_init(&barrier, &battr, 2), 0);
3519 
3520 	(void)snprintf(tmpfile, sizeof(tmpfile), "./ptrace.XXXXXX");
3521 	fd = mkstemp(tmpfile);
3522 	ATF_REQUIRE(fd >= 0);
3523 
3524 	ATF_REQUIRE((child = fork()) != -1);
3525 	if (child == 0) {
3526 		pthread_t t[2];
3527 		int cfd;
3528 
3529 		error = pthread_barrier_wait(&barrier);
3530 		if (error != 0 && error != PTHREAD_BARRIER_SERIAL_THREAD)
3531 			_exit(1);
3532 
3533 		cfd = open(tmpfile, O_RDONLY);
3534 		if (cfd < 0)
3535 			_exit(1);
3536 
3537 		/*
3538 		 * We want at least two threads blocked on the file lock since
3539 		 * the SIGSTOP from PT_ATTACH may kick one of them out of
3540 		 * sleep.
3541 		 */
3542 		if (pthread_create(&t[0], NULL, flock_thread, &cfd) != 0)
3543 			_exit(1);
3544 		if (pthread_create(&t[1], NULL, flock_thread, &cfd) != 0)
3545 			_exit(1);
3546 		if (pthread_join(t[0], NULL) != 0)
3547 			_exit(1);
3548 		if (pthread_join(t[1], NULL) != 0)
3549 			_exit(1);
3550 		_exit(0);
3551 	}
3552 
3553 	REQUIRE_EQ(flock(fd, LOCK_EX), 0);
3554 
3555 	error = pthread_barrier_wait(&barrier);
3556 	ATF_REQUIRE(error == 0 || error == PTHREAD_BARRIER_SERIAL_THREAD);
3557 
3558 	/*
3559 	 * Give the child some time to block. Is there a better way to do this?
3560 	 */
3561 	sleep(1);
3562 
3563 	/*
3564 	 * Attach and give the child 3 seconds to stop.
3565 	 */
3566 	REQUIRE_EQ(ptrace(PT_ATTACH, child, NULL, 0), 0);
3567 	for (i = 0; i < 3; i++) {
3568 		wpid = waitpid(child, &status, WNOHANG);
3569 		if (wpid == child && WIFSTOPPED(status) &&
3570 		    WSTOPSIG(status) == SIGSTOP)
3571 			break;
3572 		sleep(1);
3573 	}
3574 	ATF_REQUIRE_MSG(i < 3, "failed to stop child process after PT_ATTACH");
3575 
3576 	REQUIRE_EQ(ptrace(PT_DETACH, child, NULL, 0), 0);
3577 
3578 	REQUIRE_EQ(flock(fd, LOCK_UN), 0);
3579 	REQUIRE_EQ(unlink(tmpfile), 0);
3580 	REQUIRE_EQ(close(fd), 0);
3581 }
3582 
3583 static void
3584 sigusr1_step_handler(int sig)
3585 {
3586 
3587 	CHILD_REQUIRE_EQ(sig, SIGUSR1);
3588 	raise(SIGABRT);
3589 }
3590 
3591 /*
3592  * Verify that PT_STEP with a signal invokes the signal before
3593  * stepping the next instruction (and that the next instruction is
3594  * stepped correctly).
3595  */
3596 ATF_TC_WITHOUT_HEAD(ptrace__PT_STEP_with_signal);
3597 ATF_TC_BODY(ptrace__PT_STEP_with_signal, tc)
3598 {
3599 	struct ptrace_lwpinfo pl;
3600 	pid_t fpid, wpid;
3601 	int status;
3602 
3603 	ATF_REQUIRE((fpid = fork()) != -1);
3604 	if (fpid == 0) {
3605 		trace_me();
3606 		signal(SIGUSR1, sigusr1_step_handler);
3607 		raise(SIGABRT);
3608 		exit(1);
3609 	}
3610 
3611 	/* The first wait() should report the stop from SIGSTOP. */
3612 	wpid = waitpid(fpid, &status, 0);
3613 	REQUIRE_EQ(wpid, fpid);
3614 	ATF_REQUIRE(WIFSTOPPED(status));
3615 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3616 
3617 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3618 
3619 	/* The next stop should report the SIGABRT in the child body. */
3620 	wpid = waitpid(fpid, &status, 0);
3621 	REQUIRE_EQ(wpid, fpid);
3622 	ATF_REQUIRE(WIFSTOPPED(status));
3623 	REQUIRE_EQ(WSTOPSIG(status), SIGABRT);
3624 
3625 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3626 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3627 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGABRT);
3628 
3629 	/* Step the child process inserting SIGUSR1. */
3630 	REQUIRE_EQ(ptrace(PT_STEP, fpid, (caddr_t)1, SIGUSR1), 0);
3631 
3632 	/* The next stop should report the SIGABRT in the signal handler. */
3633 	wpid = waitpid(fpid, &status, 0);
3634 	REQUIRE_EQ(wpid, fpid);
3635 	ATF_REQUIRE(WIFSTOPPED(status));
3636 	REQUIRE_EQ(WSTOPSIG(status), SIGABRT);
3637 
3638 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3639 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3640 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGABRT);
3641 
3642 	/* Continue the child process discarding the signal. */
3643 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3644 
3645 	/* The next stop should report a trace trap from PT_STEP. */
3646 	wpid = waitpid(fpid, &status, 0);
3647 	REQUIRE_EQ(wpid, fpid);
3648 	ATF_REQUIRE(WIFSTOPPED(status));
3649 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3650 
3651 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3652 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3653 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3654 	REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_TRACE);
3655 
3656 	/* Continue the child to let it exit. */
3657 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3658 
3659 	/* The last event should be for the child process's exit. */
3660 	wpid = waitpid(fpid, &status, 0);
3661 	ATF_REQUIRE(WIFEXITED(status));
3662 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3663 
3664 	wpid = wait(&status);
3665 	REQUIRE_EQ(wpid, -1);
3666 	REQUIRE_EQ(errno, ECHILD);
3667 }
3668 
3669 #ifdef HAVE_BREAKPOINT
3670 /*
3671  * Verify that a SIGTRAP event with the TRAP_BRKPT code is reported
3672  * for a breakpoint trap.
3673  */
3674 ATF_TC_WITHOUT_HEAD(ptrace__breakpoint_siginfo);
3675 ATF_TC_BODY(ptrace__breakpoint_siginfo, tc)
3676 {
3677 	struct ptrace_lwpinfo pl;
3678 	pid_t fpid, wpid;
3679 	int status;
3680 
3681 	ATF_REQUIRE((fpid = fork()) != -1);
3682 	if (fpid == 0) {
3683 		trace_me();
3684 		breakpoint();
3685 		exit(1);
3686 	}
3687 
3688 	/* The first wait() should report the stop from SIGSTOP. */
3689 	wpid = waitpid(fpid, &status, 0);
3690 	REQUIRE_EQ(wpid, fpid);
3691 	ATF_REQUIRE(WIFSTOPPED(status));
3692 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3693 
3694 	/* Continue the child ignoring the SIGSTOP. */
3695 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3696 
3697 	/* The second wait() should report hitting the breakpoint. */
3698 	wpid = waitpid(fpid, &status, 0);
3699 	REQUIRE_EQ(wpid, fpid);
3700 	ATF_REQUIRE(WIFSTOPPED(status));
3701 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3702 
3703 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3704 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3705 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3706 	REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_BRKPT);
3707 
3708 	/* Kill the child process. */
3709 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
3710 
3711 	/* The last wait() should report the SIGKILL. */
3712 	wpid = waitpid(fpid, &status, 0);
3713 	REQUIRE_EQ(wpid, fpid);
3714 	ATF_REQUIRE(WIFSIGNALED(status));
3715 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
3716 
3717 	wpid = wait(&status);
3718 	REQUIRE_EQ(wpid, -1);
3719 	REQUIRE_EQ(errno, ECHILD);
3720 }
3721 #endif /* HAVE_BREAKPOINT */
3722 
3723 /*
3724  * Verify that a SIGTRAP event with the TRAP_TRACE code is reported
3725  * for a single-step trap from PT_STEP.
3726  */
3727 ATF_TC_WITHOUT_HEAD(ptrace__step_siginfo);
3728 ATF_TC_BODY(ptrace__step_siginfo, tc)
3729 {
3730 	struct ptrace_lwpinfo pl;
3731 	pid_t fpid, wpid;
3732 	int status;
3733 
3734 	ATF_REQUIRE((fpid = fork()) != -1);
3735 	if (fpid == 0) {
3736 		trace_me();
3737 		exit(1);
3738 	}
3739 
3740 	/* The first wait() should report the stop from SIGSTOP. */
3741 	wpid = waitpid(fpid, &status, 0);
3742 	REQUIRE_EQ(wpid, fpid);
3743 	ATF_REQUIRE(WIFSTOPPED(status));
3744 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3745 
3746 	/* Step the child ignoring the SIGSTOP. */
3747 	REQUIRE_EQ(ptrace(PT_STEP, fpid, (caddr_t)1, 0), 0);
3748 
3749 	/* The second wait() should report a single-step trap. */
3750 	wpid = waitpid(fpid, &status, 0);
3751 	REQUIRE_EQ(wpid, fpid);
3752 	ATF_REQUIRE(WIFSTOPPED(status));
3753 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3754 
3755 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3756 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3757 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3758 	REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_TRACE);
3759 
3760 	/* Continue the child process. */
3761 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3762 
3763 	/* The last event should be for the child process's exit. */
3764 	wpid = waitpid(fpid, &status, 0);
3765 	ATF_REQUIRE(WIFEXITED(status));
3766 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3767 
3768 	wpid = wait(&status);
3769 	REQUIRE_EQ(wpid, -1);
3770 	REQUIRE_EQ(errno, ECHILD);
3771 }
3772 
3773 #if defined(HAVE_BREAKPOINT) && defined(SKIP_BREAK)
3774 static void *
3775 continue_thread(void *arg __unused)
3776 {
3777 	breakpoint();
3778 	return (NULL);
3779 }
3780 
3781 static __dead2 void
3782 continue_thread_main(void)
3783 {
3784 	pthread_t threads[2];
3785 
3786 	CHILD_REQUIRE(pthread_create(&threads[0], NULL, continue_thread,
3787 	    NULL) == 0);
3788 	CHILD_REQUIRE(pthread_create(&threads[1], NULL, continue_thread,
3789 	    NULL) == 0);
3790 	CHILD_REQUIRE_EQ(pthread_join(threads[0], NULL), 0);
3791 	CHILD_REQUIRE_EQ(pthread_join(threads[1], NULL), 0);
3792 	exit(1);
3793 }
3794 
3795 /*
3796  * Ensure that PT_CONTINUE clears the status of the thread that
3797  * triggered the stop even if a different thread's LWP was passed to
3798  * PT_CONTINUE.
3799  */
3800 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_different_thread);
3801 ATF_TC_BODY(ptrace__PT_CONTINUE_different_thread, tc)
3802 {
3803 	struct ptrace_lwpinfo pl;
3804 	pid_t fpid, wpid;
3805 	lwpid_t lwps[2];
3806 	bool hit_break[2];
3807 	struct reg reg;
3808 	int i, j, status;
3809 
3810 	ATF_REQUIRE((fpid = fork()) != -1);
3811 	if (fpid == 0) {
3812 		trace_me();
3813 		continue_thread_main();
3814 	}
3815 
3816 	/* The first wait() should report the stop from SIGSTOP. */
3817 	wpid = waitpid(fpid, &status, 0);
3818 	REQUIRE_EQ(wpid, fpid);
3819 	ATF_REQUIRE(WIFSTOPPED(status));
3820 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3821 
3822 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
3823 	    sizeof(pl)) != -1);
3824 
3825 	REQUIRE_EQ(ptrace(PT_LWP_EVENTS, wpid, NULL, 1), 0);
3826 
3827 	/* Continue the child ignoring the SIGSTOP. */
3828 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3829 
3830 	/* One of the new threads should report it's birth. */
3831 	wpid = waitpid(fpid, &status, 0);
3832 	REQUIRE_EQ(wpid, fpid);
3833 	ATF_REQUIRE(WIFSTOPPED(status));
3834 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3835 
3836 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3837 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
3838 	    (PL_FLAG_BORN | PL_FLAG_SCX));
3839 	lwps[0] = pl.pl_lwpid;
3840 
3841 	/*
3842 	 * Suspend this thread to ensure both threads are alive before
3843 	 * hitting the breakpoint.
3844 	 */
3845 	ATF_REQUIRE(ptrace(PT_SUSPEND, lwps[0], NULL, 0) != -1);
3846 
3847 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3848 
3849 	/* Second thread should report it's birth. */
3850 	wpid = waitpid(fpid, &status, 0);
3851 	REQUIRE_EQ(wpid, fpid);
3852 	ATF_REQUIRE(WIFSTOPPED(status));
3853 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3854 
3855 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3856 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
3857 	    (PL_FLAG_BORN | PL_FLAG_SCX));
3858 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
3859 	lwps[1] = pl.pl_lwpid;
3860 
3861 	/* Resume both threads waiting for breakpoint events. */
3862 	hit_break[0] = hit_break[1] = false;
3863 	ATF_REQUIRE(ptrace(PT_RESUME, lwps[0], NULL, 0) != -1);
3864 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3865 
3866 	/* One thread should report a breakpoint. */
3867 	wpid = waitpid(fpid, &status, 0);
3868 	REQUIRE_EQ(wpid, fpid);
3869 	ATF_REQUIRE(WIFSTOPPED(status));
3870 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3871 
3872 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3873 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3874 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3875 	REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_BRKPT);
3876 	if (pl.pl_lwpid == lwps[0])
3877 		i = 0;
3878 	else
3879 		i = 1;
3880 	hit_break[i] = true;
3881 	ATF_REQUIRE(ptrace(PT_GETREGS, pl.pl_lwpid, (caddr_t)&reg, 0) != -1);
3882 	SKIP_BREAK(&reg);
3883 	ATF_REQUIRE(ptrace(PT_SETREGS, pl.pl_lwpid, (caddr_t)&reg, 0) != -1);
3884 
3885 	/*
3886 	 * Resume both threads but pass the other thread's LWPID to
3887 	 * PT_CONTINUE.
3888 	 */
3889 	REQUIRE_EQ(ptrace(PT_CONTINUE, lwps[i ^ 1], (caddr_t)1, 0), 0);
3890 
3891 	/*
3892 	 * Will now get two thread exit events and one more breakpoint
3893 	 * event.
3894 	 */
3895 	for (j = 0; j < 3; j++) {
3896 		wpid = waitpid(fpid, &status, 0);
3897 		REQUIRE_EQ(wpid, fpid);
3898 		ATF_REQUIRE(WIFSTOPPED(status));
3899 		REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3900 
3901 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
3902 		    sizeof(pl)) != -1);
3903 
3904 		if (pl.pl_lwpid == lwps[0])
3905 			i = 0;
3906 		else
3907 			i = 1;
3908 
3909 		ATF_REQUIRE_MSG(lwps[i] != 0, "event for exited thread");
3910 		if (pl.pl_flags & PL_FLAG_EXITED) {
3911 			ATF_REQUIRE_MSG(hit_break[i],
3912 			    "exited thread did not report breakpoint");
3913 			lwps[i] = 0;
3914 		} else {
3915 			ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3916 			REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3917 			REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_BRKPT);
3918 			ATF_REQUIRE_MSG(!hit_break[i],
3919 			    "double breakpoint event");
3920 			hit_break[i] = true;
3921 			ATF_REQUIRE(ptrace(PT_GETREGS, pl.pl_lwpid, (caddr_t)&reg,
3922 			    0) != -1);
3923 			SKIP_BREAK(&reg);
3924 			ATF_REQUIRE(ptrace(PT_SETREGS, pl.pl_lwpid, (caddr_t)&reg,
3925 			    0) != -1);
3926 		}
3927 
3928 		REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3929 	}
3930 
3931 	/* Both threads should have exited. */
3932 	REQUIRE_EQ(lwps[0], 0);
3933 	REQUIRE_EQ(lwps[1], 0);
3934 
3935 	/* The last event should be for the child process's exit. */
3936 	wpid = waitpid(fpid, &status, 0);
3937 	ATF_REQUIRE(WIFEXITED(status));
3938 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3939 
3940 	wpid = wait(&status);
3941 	REQUIRE_EQ(wpid, -1);
3942 	REQUIRE_EQ(errno, ECHILD);
3943 }
3944 #endif
3945 
3946 /*
3947  * Verify that PT_LWPINFO doesn't return stale siginfo.
3948  */
3949 ATF_TC_WITHOUT_HEAD(ptrace__PT_LWPINFO_stale_siginfo);
3950 ATF_TC_BODY(ptrace__PT_LWPINFO_stale_siginfo, tc)
3951 {
3952 	struct ptrace_lwpinfo pl;
3953 	pid_t fpid, wpid;
3954 	int events, status;
3955 
3956 	ATF_REQUIRE((fpid = fork()) != -1);
3957 	if (fpid == 0) {
3958 		trace_me();
3959 		raise(SIGABRT);
3960 		exit(1);
3961 	}
3962 
3963 	/* The first wait() should report the stop from SIGSTOP. */
3964 	wpid = waitpid(fpid, &status, 0);
3965 	REQUIRE_EQ(wpid, fpid);
3966 	ATF_REQUIRE(WIFSTOPPED(status));
3967 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3968 
3969 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3970 
3971 	/* The next stop should report the SIGABRT in the child body. */
3972 	wpid = waitpid(fpid, &status, 0);
3973 	REQUIRE_EQ(wpid, fpid);
3974 	ATF_REQUIRE(WIFSTOPPED(status));
3975 	REQUIRE_EQ(WSTOPSIG(status), SIGABRT);
3976 
3977 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3978 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3979 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGABRT);
3980 
3981 	/*
3982 	 * Continue the process ignoring the signal, but enabling
3983 	 * syscall traps.
3984 	 */
3985 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
3986 
3987 	/*
3988 	 * The next stop should report a system call entry from
3989 	 * exit().  PL_FLAGS_SI should not be set.
3990 	 */
3991 	wpid = waitpid(fpid, &status, 0);
3992 	REQUIRE_EQ(wpid, fpid);
3993 	ATF_REQUIRE(WIFSTOPPED(status));
3994 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3995 
3996 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3997 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
3998 	REQUIRE_EQ((pl.pl_flags & PL_FLAG_SI), 0);
3999 
4000 	/* Disable syscall tracing and continue the child to let it exit. */
4001 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
4002 	    sizeof(events)) == 0);
4003 	events &= ~PTRACE_SYSCALL;
4004 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
4005 	    sizeof(events)) == 0);
4006 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4007 
4008 	/* The last event should be for the child process's exit. */
4009 	wpid = waitpid(fpid, &status, 0);
4010 	ATF_REQUIRE(WIFEXITED(status));
4011 	REQUIRE_EQ(WEXITSTATUS(status), 1);
4012 
4013 	wpid = wait(&status);
4014 	REQUIRE_EQ(wpid, -1);
4015 	REQUIRE_EQ(errno, ECHILD);
4016 }
4017 
4018 /*
4019  * A simple test of PT_GET_SC_ARGS and PT_GET_SC_RET.
4020  */
4021 ATF_TC_WITHOUT_HEAD(ptrace__syscall_args);
4022 ATF_TC_BODY(ptrace__syscall_args, tc)
4023 {
4024 	struct ptrace_lwpinfo pl;
4025 	struct ptrace_sc_ret psr;
4026 	pid_t fpid, wpid;
4027 	register_t args[2];
4028 	int events, status;
4029 
4030 	ATF_REQUIRE((fpid = fork()) != -1);
4031 	if (fpid == 0) {
4032 		trace_me();
4033 		kill(getpid(), 0);
4034 		/* Close a fd that should not exist. */
4035 		close(12345);
4036 		exit(1);
4037 	}
4038 
4039 	/* The first wait() should report the stop from SIGSTOP. */
4040 	wpid = waitpid(fpid, &status, 0);
4041 	REQUIRE_EQ(wpid, fpid);
4042 	ATF_REQUIRE(WIFSTOPPED(status));
4043 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4044 
4045 	/*
4046 	 * Continue the process ignoring the signal, but enabling
4047 	 * syscall traps.
4048 	 */
4049 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
4050 
4051 	/*
4052 	 * The next stop should be the syscall entry from getpid().
4053 	 */
4054 	wpid = waitpid(fpid, &status, 0);
4055 	REQUIRE_EQ(wpid, fpid);
4056 	ATF_REQUIRE(WIFSTOPPED(status));
4057 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4058 
4059 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4060 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
4061 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_getpid);
4062 
4063 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4064 
4065 	/*
4066 	 * The next stop should be the syscall exit from getpid().
4067 	 */
4068 	wpid = waitpid(fpid, &status, 0);
4069 	REQUIRE_EQ(wpid, fpid);
4070 	ATF_REQUIRE(WIFSTOPPED(status));
4071 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4072 
4073 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4074 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
4075 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_getpid);
4076 
4077 	ATF_REQUIRE(ptrace(PT_GET_SC_RET, wpid, (caddr_t)&psr,
4078 	    sizeof(psr)) != -1);
4079 	REQUIRE_EQ(psr.sr_error, 0);
4080 	REQUIRE_EQ(psr.sr_retval[0], wpid);
4081 
4082 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4083 
4084 	/*
4085 	 * The next stop should be the syscall entry from kill().
4086 	 */
4087 	wpid = waitpid(fpid, &status, 0);
4088 	REQUIRE_EQ(wpid, fpid);
4089 	ATF_REQUIRE(WIFSTOPPED(status));
4090 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4091 
4092 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4093 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
4094 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_kill);
4095 	REQUIRE_EQ(pl.pl_syscall_narg, 2u);
4096 
4097 	ATF_REQUIRE(ptrace(PT_GET_SC_ARGS, wpid, (caddr_t)args,
4098 	    sizeof(args)) != -1);
4099 	REQUIRE_EQ(args[0], wpid);
4100 	REQUIRE_EQ(args[1], 0);
4101 
4102 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4103 
4104 	/*
4105 	 * The next stop should be the syscall exit from kill().
4106 	 */
4107 	wpid = waitpid(fpid, &status, 0);
4108 	REQUIRE_EQ(wpid, fpid);
4109 	ATF_REQUIRE(WIFSTOPPED(status));
4110 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4111 
4112 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4113 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
4114 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_kill);
4115 
4116 	ATF_REQUIRE(ptrace(PT_GET_SC_RET, wpid, (caddr_t)&psr,
4117 	    sizeof(psr)) != -1);
4118 	REQUIRE_EQ(psr.sr_error, 0);
4119 
4120 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4121 
4122 	/*
4123 	 * The next stop should be the syscall entry from close().
4124 	 */
4125 	wpid = waitpid(fpid, &status, 0);
4126 	REQUIRE_EQ(wpid, fpid);
4127 	ATF_REQUIRE(WIFSTOPPED(status));
4128 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4129 
4130 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4131 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
4132 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_close);
4133 	REQUIRE_EQ(pl.pl_syscall_narg, 1u);
4134 
4135 	ATF_REQUIRE(ptrace(PT_GET_SC_ARGS, wpid, (caddr_t)args,
4136 	    sizeof(args)) != -1);
4137 	REQUIRE_EQ(args[0], 12345);
4138 
4139 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4140 
4141 	/*
4142 	 * The next stop should be the syscall exit from close().
4143 	 */
4144 	wpid = waitpid(fpid, &status, 0);
4145 	REQUIRE_EQ(wpid, fpid);
4146 	ATF_REQUIRE(WIFSTOPPED(status));
4147 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4148 
4149 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4150 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
4151 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_close);
4152 
4153 	ATF_REQUIRE(ptrace(PT_GET_SC_RET, wpid, (caddr_t)&psr,
4154 	    sizeof(psr)) != -1);
4155 	REQUIRE_EQ(psr.sr_error, EBADF);
4156 
4157 	/* Disable syscall tracing and continue the child to let it exit. */
4158 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
4159 	    sizeof(events)) == 0);
4160 	events &= ~PTRACE_SYSCALL;
4161 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
4162 	    sizeof(events)) == 0);
4163 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4164 
4165 	/* The last event should be for the child process's exit. */
4166 	wpid = waitpid(fpid, &status, 0);
4167 	ATF_REQUIRE(WIFEXITED(status));
4168 	REQUIRE_EQ(WEXITSTATUS(status), 1);
4169 
4170 	wpid = wait(&status);
4171 	REQUIRE_EQ(wpid, -1);
4172 	REQUIRE_EQ(errno, ECHILD);
4173 }
4174 
4175 /*
4176  * Verify that when the process is traced that it isn't reparent
4177  * to the init process when we close all process descriptors.
4178  */
4179 ATF_TC(ptrace__proc_reparent);
4180 ATF_TC_HEAD(ptrace__proc_reparent, tc)
4181 {
4182 
4183 	atf_tc_set_md_var(tc, "timeout", "2");
4184 }
4185 ATF_TC_BODY(ptrace__proc_reparent, tc)
4186 {
4187 	pid_t traced, debuger, wpid;
4188 	int pd, status;
4189 
4190 	traced = pdfork(&pd, 0);
4191 	ATF_REQUIRE(traced >= 0);
4192 	if (traced == 0) {
4193 		raise(SIGSTOP);
4194 		exit(0);
4195 	}
4196 	ATF_REQUIRE(pd >= 0);
4197 
4198 	debuger = fork();
4199 	ATF_REQUIRE(debuger >= 0);
4200 	if (debuger == 0) {
4201 		/* The traced process is reparented to debuger. */
4202 		REQUIRE_EQ(ptrace(PT_ATTACH, traced, 0, 0), 0);
4203 		wpid = waitpid(traced, &status, 0);
4204 		REQUIRE_EQ(wpid, traced);
4205 		ATF_REQUIRE(WIFSTOPPED(status));
4206 		REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4207 		REQUIRE_EQ(close(pd), 0);
4208 		REQUIRE_EQ(ptrace(PT_DETACH, traced, (caddr_t)1, 0), 0);
4209 
4210 		/* We closed pd so we should not have any child. */
4211 		wpid = wait(&status);
4212 		REQUIRE_EQ(wpid, -1);
4213 		REQUIRE_EQ(errno, ECHILD);
4214 
4215 		exit(0);
4216 	}
4217 
4218 	REQUIRE_EQ(close(pd), 0);
4219 	wpid = waitpid(debuger, &status, 0);
4220 	REQUIRE_EQ(wpid, debuger);
4221 	REQUIRE_EQ(WEXITSTATUS(status), 0);
4222 
4223 	/* Check if we still have any child. */
4224 	wpid = wait(&status);
4225 	REQUIRE_EQ(wpid, -1);
4226 	REQUIRE_EQ(errno, ECHILD);
4227 }
4228 
4229 /*
4230  * Ensure that traced processes created with pdfork(2) are visible to
4231  * waitid(P_ALL).
4232  */
4233 ATF_TC_WITHOUT_HEAD(ptrace__procdesc_wait_child);
4234 ATF_TC_BODY(ptrace__procdesc_wait_child, tc)
4235 {
4236 	pid_t child, wpid;
4237 	int pd, status;
4238 
4239 	child = pdfork(&pd, 0);
4240 	ATF_REQUIRE(child >= 0);
4241 
4242 	if (child == 0) {
4243 		trace_me();
4244 		(void)raise(SIGSTOP);
4245 		exit(0);
4246 	}
4247 
4248 	wpid = waitpid(child, &status, 0);
4249 	REQUIRE_EQ(wpid, child);
4250 	ATF_REQUIRE(WIFSTOPPED(status));
4251 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4252 
4253 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
4254 
4255 	wpid = wait(&status);
4256 	REQUIRE_EQ(wpid, child);
4257 	ATF_REQUIRE(WIFSTOPPED(status));
4258 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4259 
4260 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
4261 
4262 	/*
4263 	 * If process was created by pdfork, the return code have to
4264 	 * be collected through process descriptor.
4265 	 */
4266 	wpid = wait(&status);
4267 	REQUIRE_EQ(wpid, -1);
4268 	REQUIRE_EQ(errno, ECHILD);
4269 
4270 	ATF_REQUIRE(close(pd) != -1);
4271 }
4272 
4273 /*
4274  * Ensure that traced processes created with pdfork(2) are not visible
4275  * after returning to parent - waitid(P_ALL).
4276  */
4277 ATF_TC_WITHOUT_HEAD(ptrace__procdesc_reparent_wait_child);
4278 ATF_TC_BODY(ptrace__procdesc_reparent_wait_child, tc)
4279 {
4280 	pid_t traced, debuger, wpid;
4281 	int pd, status;
4282 
4283 	traced = pdfork(&pd, 0);
4284 	ATF_REQUIRE(traced >= 0);
4285 	if (traced == 0) {
4286 		raise(SIGSTOP);
4287 		exit(0);
4288 	}
4289 	ATF_REQUIRE(pd >= 0);
4290 
4291 	/* Wait until the child process has stopped before fork()ing again. */
4292 	REQUIRE_EQ(traced, waitpid(traced, &status, WSTOPPED));
4293 	debuger = fork();
4294 	ATF_REQUIRE(debuger >= 0);
4295 	if (debuger == 0) {
4296 		/* The traced process is reparented to debuger. */
4297 		REQUIRE_EQ(ptrace(PT_ATTACH, traced, 0, 0), 0);
4298 		wpid = waitpid(traced, &status, 0);
4299 		REQUIRE_EQ(wpid, traced);
4300 		ATF_REQUIRE(WIFSTOPPED(status));
4301 		REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4302 
4303 		/* Allow process to die. */
4304 		REQUIRE_EQ(ptrace(PT_CONTINUE, traced, (caddr_t)1, 0), 0);
4305 		wpid = waitpid(traced, &status, 0);
4306 		REQUIRE_EQ(wpid, traced);
4307 		ATF_REQUIRE(WIFEXITED(status));
4308 		REQUIRE_EQ(WEXITSTATUS(status), 0);
4309 
4310 		/* Reparent back to the orginal process. */
4311 		REQUIRE_EQ(close(pd), 0);
4312 		exit(0);
4313 	}
4314 
4315 	wpid = waitpid(debuger, &status, 0);
4316 	REQUIRE_EQ(wpid, debuger);
4317 	REQUIRE_EQ(WEXITSTATUS(status), 0);
4318 
4319 	/*
4320 	 * We have a child but it has a process descriptori
4321 	 * so we should not be able to collect it process.
4322 	 */
4323 	wpid = wait(&status);
4324 	REQUIRE_EQ(wpid, -1);
4325 	REQUIRE_EQ(errno, ECHILD);
4326 
4327 	REQUIRE_EQ(close(pd), 0);
4328 }
4329 
4330 ATF_TP_ADD_TCS(tp)
4331 {
4332 
4333 	ATF_TP_ADD_TC(tp, ptrace__parent_wait_after_trace_me);
4334 	ATF_TP_ADD_TC(tp, ptrace__parent_wait_after_attach);
4335 	ATF_TP_ADD_TC(tp, ptrace__parent_sees_exit_after_child_debugger);
4336 	ATF_TP_ADD_TC(tp, ptrace__parent_sees_exit_after_unrelated_debugger);
4337 	ATF_TP_ADD_TC(tp, ptrace__parent_exits_before_child);
4338 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_both_attached);
4339 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_child_detached);
4340 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_parent_detached);
4341 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_both_attached_unrelated_debugger);
4342 	ATF_TP_ADD_TC(tp,
4343 	    ptrace__follow_fork_child_detached_unrelated_debugger);
4344 	ATF_TP_ADD_TC(tp,
4345 	    ptrace__follow_fork_parent_detached_unrelated_debugger);
4346 	ATF_TP_ADD_TC(tp, ptrace__getppid);
4347 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_fork);
4348 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_vfork);
4349 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_thread);
4350 	ATF_TP_ADD_TC(tp, ptrace__lwp_events);
4351 	ATF_TP_ADD_TC(tp, ptrace__lwp_events_exec);
4352 	ATF_TP_ADD_TC(tp, ptrace__siginfo);
4353 	ATF_TP_ADD_TC(tp, ptrace__ptrace_exec_disable);
4354 	ATF_TP_ADD_TC(tp, ptrace__ptrace_exec_enable);
4355 	ATF_TP_ADD_TC(tp, ptrace__event_mask);
4356 	ATF_TP_ADD_TC(tp, ptrace__ptrace_vfork);
4357 	ATF_TP_ADD_TC(tp, ptrace__ptrace_vfork_follow);
4358 #ifdef HAVE_BREAKPOINT
4359 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_breakpoint);
4360 #endif
4361 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_system_call);
4362 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_threads);
4363 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_competing_signal);
4364 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_competing_stop);
4365 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_with_signal_full_sigqueue);
4366 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_system_call_entry);
4367 	ATF_TP_ADD_TC(tp,
4368 	    ptrace__PT_CONTINUE_with_signal_system_call_entry_and_exit);
4369 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_full_sigqueue);
4370 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_masked_full_sigqueue);
4371 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_change_sig);
4372 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_sigtrap_system_call_entry);
4373 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_mix);
4374 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_kqueue);
4375 	ATF_TP_ADD_TC(tp, ptrace__killed_with_sigmask);
4376 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_sigmask);
4377 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_thread_sigmask);
4378 	ATF_TP_ADD_TC(tp, ptrace__PT_REGSET);
4379 	ATF_TP_ADD_TC(tp, ptrace__parent_terminate_with_pending_sigstop1);
4380 	ATF_TP_ADD_TC(tp, ptrace__parent_terminate_with_pending_sigstop2);
4381 	ATF_TP_ADD_TC(tp, ptrace__event_mask_sigkill_discard);
4382 	ATF_TP_ADD_TC(tp, ptrace__PT_ATTACH_with_SBDRY_thread);
4383 	ATF_TP_ADD_TC(tp, ptrace__PT_STEP_with_signal);
4384 #ifdef HAVE_BREAKPOINT
4385 	ATF_TP_ADD_TC(tp, ptrace__breakpoint_siginfo);
4386 #endif
4387 	ATF_TP_ADD_TC(tp, ptrace__step_siginfo);
4388 #if defined(HAVE_BREAKPOINT) && defined(SKIP_BREAK)
4389 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_different_thread);
4390 #endif
4391 	ATF_TP_ADD_TC(tp, ptrace__PT_LWPINFO_stale_siginfo);
4392 	ATF_TP_ADD_TC(tp, ptrace__syscall_args);
4393 	ATF_TP_ADD_TC(tp, ptrace__proc_reparent);
4394 	ATF_TP_ADD_TC(tp, ptrace__procdesc_wait_child);
4395 	ATF_TP_ADD_TC(tp, ptrace__procdesc_reparent_wait_child);
4396 
4397 	return (atf_no_error());
4398 }
4399