xref: /freebsd/tests/sys/kern/ptrace_test.c (revision 7543a9c0280a0f4262489671936a6e03b9b2c563)
1 /*-
2  * Copyright (c) 2015 John Baldwin <jhb@FreeBSD.org>
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23  * SUCH DAMAGE.
24  */
25 
26 #include <sys/cdefs.h>
27 __FBSDID("$FreeBSD$");
28 
29 #include <sys/types.h>
30 #include <sys/cpuset.h>
31 #include <sys/elf.h>
32 #include <sys/event.h>
33 #include <sys/file.h>
34 #include <sys/time.h>
35 #include <sys/procctl.h>
36 #include <sys/procdesc.h>
37 #define	_WANT_MIPS_REGNUM
38 #include <sys/ptrace.h>
39 #include <sys/procfs.h>
40 #include <sys/queue.h>
41 #include <sys/runq.h>
42 #include <sys/syscall.h>
43 #include <sys/sysctl.h>
44 #include <sys/user.h>
45 #include <sys/wait.h>
46 #include <errno.h>
47 #include <machine/cpufunc.h>
48 #include <pthread.h>
49 #include <sched.h>
50 #include <semaphore.h>
51 #include <signal.h>
52 #include <stdarg.h>
53 #include <stdio.h>
54 #include <stdlib.h>
55 #include <unistd.h>
56 #include <atf-c.h>
57 
58 /*
59  * Architectures with a user-visible breakpoint().
60  */
61 #if defined(__aarch64__) || defined(__amd64__) || defined(__arm__) ||	\
62     defined(__i386__) || defined(__riscv)
63 #define	HAVE_BREAKPOINT
64 #endif
65 
66 /*
67  * Adjust PC to skip over a breakpoint when stopped for a breakpoint trap.
68  */
69 #ifdef HAVE_BREAKPOINT
70 #if defined(__aarch64__)
71 #define	SKIP_BREAK(reg)	((reg)->elr += 4)
72 #elif defined(__amd64__) || defined(__i386__)
73 #define	SKIP_BREAK(reg)
74 #elif defined(__arm__)
75 #define	SKIP_BREAK(reg)	((reg)->r_pc += 4)
76 #elif defined(__riscv)
77 #define	SKIP_BREAK(reg)	((reg)->sepc += 4)
78 #endif
79 #endif
80 
81 /*
82  * A variant of ATF_REQUIRE that is suitable for use in child
83  * processes.  This only works if the parent process is tripped up by
84  * the early exit and fails some requirement itself.
85  */
86 #define	CHILD_REQUIRE(exp) do {				\
87 	if (!(exp))					\
88 		child_fail_require(__FILE__, __LINE__,	\
89 		    #exp " not met\n");			\
90 } while (0)
91 
92 #define	CHILD_REQUIRE_EQ(actual, expected) do {			\
93 	__typeof__(expected) _e = expected;			\
94 	__typeof__(actual) _a = actual;				\
95 	if (_e != _a)						\
96 		child_fail_require(__FILE__, __LINE__, #actual	\
97 		    " (%jd) == " #expected " (%jd) not met\n",	\
98 		    (intmax_t)_a, (intmax_t)_e);		\
99 } while (0)
100 
101 static __dead2 void
102 child_fail_require(const char *file, int line, const char *fmt, ...)
103 {
104 	va_list ap;
105 	char buf[1024];
106 
107 	/* Use write() not fprintf() to avoid possible duplicate output. */
108 	snprintf(buf, sizeof(buf), "%s:%d: ", file, line);
109 	write(STDERR_FILENO, buf, strlen(buf));
110 	va_start(ap, fmt);
111 	vsnprintf(buf, sizeof(buf), fmt, ap);
112 	write(STDERR_FILENO, buf, strlen(buf));
113 	va_end(ap);
114 
115 	_exit(32);
116 }
117 
118 #define	REQUIRE_EQ(actual, expected) do {				\
119 	__typeof__(expected) _e = expected;				\
120 	__typeof__(actual) _a = actual;					\
121 	ATF_REQUIRE_MSG(_e == _a, #actual " (%jd) == "			\
122 	    #expected " (%jd) not met", (intmax_t)_a, (intmax_t)_e);	\
123 } while (0)
124 
125 static void
126 trace_me(void)
127 {
128 
129 	/* Attach the parent process as a tracer of this process. */
130 	CHILD_REQUIRE(ptrace(PT_TRACE_ME, 0, NULL, 0) != -1);
131 
132 	/* Trigger a stop. */
133 	raise(SIGSTOP);
134 }
135 
136 static void
137 attach_child(pid_t pid)
138 {
139 	pid_t wpid;
140 	int status;
141 
142 	REQUIRE_EQ(ptrace(PT_ATTACH, pid, NULL, 0), 0);
143 
144 	wpid = waitpid(pid, &status, 0);
145 	REQUIRE_EQ(wpid, pid);
146 	ATF_REQUIRE(WIFSTOPPED(status));
147 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
148 }
149 
150 static void
151 wait_for_zombie(pid_t pid)
152 {
153 
154 	/*
155 	 * Wait for a process to exit.  This is kind of gross, but
156 	 * there is not a better way.
157 	 *
158 	 * Prior to r325719, the kern.proc.pid.<pid> sysctl failed
159 	 * with ESRCH.  After that change, a valid struct kinfo_proc
160 	 * is returned for zombies with ki_stat set to SZOMB.
161 	 */
162 	for (;;) {
163 		struct kinfo_proc kp;
164 		size_t len;
165 		int mib[4];
166 
167 		mib[0] = CTL_KERN;
168 		mib[1] = KERN_PROC;
169 		mib[2] = KERN_PROC_PID;
170 		mib[3] = pid;
171 		len = sizeof(kp);
172 		if (sysctl(mib, nitems(mib), &kp, &len, NULL, 0) == -1) {
173 			REQUIRE_EQ(errno, ESRCH);
174 			break;
175 		}
176 		if (kp.ki_stat == SZOMB)
177 			break;
178 		usleep(5000);
179 	}
180 }
181 
182 /*
183  * Verify that a parent debugger process "sees" the exit of a debugged
184  * process exactly once when attached via PT_TRACE_ME.
185  */
186 ATF_TC_WITHOUT_HEAD(ptrace__parent_wait_after_trace_me);
187 ATF_TC_BODY(ptrace__parent_wait_after_trace_me, tc)
188 {
189 	pid_t child, wpid;
190 	int status;
191 
192 	ATF_REQUIRE((child = fork()) != -1);
193 	if (child == 0) {
194 		/* Child process. */
195 		trace_me();
196 
197 		_exit(1);
198 	}
199 
200 	/* Parent process. */
201 
202 	/* The first wait() should report the stop from SIGSTOP. */
203 	wpid = waitpid(child, &status, 0);
204 	REQUIRE_EQ(wpid, child);
205 	ATF_REQUIRE(WIFSTOPPED(status));
206 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
207 
208 	/* Continue the child ignoring the SIGSTOP. */
209 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
210 
211 	/* The second wait() should report the exit status. */
212 	wpid = waitpid(child, &status, 0);
213 	REQUIRE_EQ(wpid, child);
214 	ATF_REQUIRE(WIFEXITED(status));
215 	REQUIRE_EQ(WEXITSTATUS(status), 1);
216 
217 	/* The child should no longer exist. */
218 	wpid = waitpid(child, &status, 0);
219 	REQUIRE_EQ(wpid, -1);
220 	REQUIRE_EQ(errno, ECHILD);
221 }
222 
223 /*
224  * Verify that a parent debugger process "sees" the exit of a debugged
225  * process exactly once when attached via PT_ATTACH.
226  */
227 ATF_TC_WITHOUT_HEAD(ptrace__parent_wait_after_attach);
228 ATF_TC_BODY(ptrace__parent_wait_after_attach, tc)
229 {
230 	pid_t child, wpid;
231 	int cpipe[2], status;
232 	char c;
233 
234 	REQUIRE_EQ(pipe(cpipe), 0);
235 	ATF_REQUIRE((child = fork()) != -1);
236 	if (child == 0) {
237 		/* Child process. */
238 		close(cpipe[0]);
239 
240 		/* Wait for the parent to attach. */
241 		CHILD_REQUIRE_EQ(0, read(cpipe[1], &c, sizeof(c)));
242 
243 		_exit(1);
244 	}
245 	close(cpipe[1]);
246 
247 	/* Parent process. */
248 
249 	/* Attach to the child process. */
250 	attach_child(child);
251 
252 	/* Continue the child ignoring the SIGSTOP. */
253 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
254 
255 	/* Signal the child to exit. */
256 	close(cpipe[0]);
257 
258 	/* The second wait() should report the exit status. */
259 	wpid = waitpid(child, &status, 0);
260 	REQUIRE_EQ(wpid, child);
261 	ATF_REQUIRE(WIFEXITED(status));
262 	REQUIRE_EQ(WEXITSTATUS(status), 1);
263 
264 	/* The child should no longer exist. */
265 	wpid = waitpid(child, &status, 0);
266 	REQUIRE_EQ(wpid, -1);
267 	REQUIRE_EQ(errno, ECHILD);
268 }
269 
270 /*
271  * Verify that a parent process "sees" the exit of a debugged process only
272  * after the debugger has seen it.
273  */
274 ATF_TC_WITHOUT_HEAD(ptrace__parent_sees_exit_after_child_debugger);
275 ATF_TC_BODY(ptrace__parent_sees_exit_after_child_debugger, tc)
276 {
277 	pid_t child, debugger, wpid;
278 	int cpipe[2], dpipe[2], status;
279 	char c;
280 
281 	REQUIRE_EQ(pipe(cpipe), 0);
282 	ATF_REQUIRE((child = fork()) != -1);
283 
284 	if (child == 0) {
285 		/* Child process. */
286 		close(cpipe[0]);
287 
288 		/* Wait for parent to be ready. */
289 		CHILD_REQUIRE_EQ(read(cpipe[1], &c, sizeof(c)),
290 		    (ssize_t)sizeof(c));
291 
292 		_exit(1);
293 	}
294 	close(cpipe[1]);
295 
296 	REQUIRE_EQ(pipe(dpipe), 0);
297 	ATF_REQUIRE((debugger = fork()) != -1);
298 
299 	if (debugger == 0) {
300 		/* Debugger process. */
301 		close(dpipe[0]);
302 
303 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
304 
305 		wpid = waitpid(child, &status, 0);
306 		CHILD_REQUIRE_EQ(wpid, child);
307 		CHILD_REQUIRE(WIFSTOPPED(status));
308 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
309 
310 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
311 
312 		/* Signal parent that debugger is attached. */
313 		CHILD_REQUIRE_EQ(write(dpipe[1], &c, sizeof(c)),
314 		    (ssize_t)sizeof(c));
315 
316 		/* Wait for parent's failed wait. */
317 		CHILD_REQUIRE_EQ(read(dpipe[1], &c, sizeof(c)), 0);
318 
319 		wpid = waitpid(child, &status, 0);
320 		CHILD_REQUIRE_EQ(wpid, child);
321 		CHILD_REQUIRE(WIFEXITED(status));
322 		CHILD_REQUIRE_EQ(WEXITSTATUS(status), 1);
323 
324 		_exit(0);
325 	}
326 	close(dpipe[1]);
327 
328 	/* Parent process. */
329 
330 	/* Wait for the debugger to attach to the child. */
331 	REQUIRE_EQ(read(dpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
332 
333 	/* Release the child. */
334 	REQUIRE_EQ(write(cpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
335 	REQUIRE_EQ(read(cpipe[0], &c, sizeof(c)), 0);
336 	close(cpipe[0]);
337 
338 	wait_for_zombie(child);
339 
340 	/*
341 	 * This wait should return a pid of 0 to indicate no status to
342 	 * report.  The parent should see the child as non-exited
343 	 * until the debugger sees the exit.
344 	 */
345 	wpid = waitpid(child, &status, WNOHANG);
346 	REQUIRE_EQ(wpid, 0);
347 
348 	/* Signal the debugger to wait for the child. */
349 	close(dpipe[0]);
350 
351 	/* Wait for the debugger. */
352 	wpid = waitpid(debugger, &status, 0);
353 	REQUIRE_EQ(wpid, debugger);
354 	ATF_REQUIRE(WIFEXITED(status));
355 	REQUIRE_EQ(WEXITSTATUS(status), 0);
356 
357 	/* The child process should now be ready. */
358 	wpid = waitpid(child, &status, WNOHANG);
359 	REQUIRE_EQ(wpid, child);
360 	ATF_REQUIRE(WIFEXITED(status));
361 	REQUIRE_EQ(WEXITSTATUS(status), 1);
362 }
363 
364 /*
365  * Verify that a parent process "sees" the exit of a debugged process
366  * only after a non-direct-child debugger has seen it.  In particular,
367  * various wait() calls in the parent must avoid failing with ESRCH by
368  * checking the parent's orphan list for the debugee.
369  */
370 ATF_TC_WITHOUT_HEAD(ptrace__parent_sees_exit_after_unrelated_debugger);
371 ATF_TC_BODY(ptrace__parent_sees_exit_after_unrelated_debugger, tc)
372 {
373 	pid_t child, debugger, fpid, wpid;
374 	int cpipe[2], dpipe[2], status;
375 	char c;
376 
377 	REQUIRE_EQ(pipe(cpipe), 0);
378 	ATF_REQUIRE((child = fork()) != -1);
379 
380 	if (child == 0) {
381 		/* Child process. */
382 		close(cpipe[0]);
383 
384 		/* Wait for parent to be ready. */
385 		CHILD_REQUIRE_EQ(read(cpipe[1], &c, sizeof(c)),
386 		    (ssize_t)sizeof(c));
387 
388 		_exit(1);
389 	}
390 	close(cpipe[1]);
391 
392 	REQUIRE_EQ(pipe(dpipe), 0);
393 	ATF_REQUIRE((debugger = fork()) != -1);
394 
395 	if (debugger == 0) {
396 		/* Debugger parent. */
397 
398 		/*
399 		 * Fork again and drop the debugger parent so that the
400 		 * debugger is not a child of the main parent.
401 		 */
402 		CHILD_REQUIRE((fpid = fork()) != -1);
403 		if (fpid != 0)
404 			_exit(2);
405 
406 		/* Debugger process. */
407 		close(dpipe[0]);
408 
409 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
410 
411 		wpid = waitpid(child, &status, 0);
412 		CHILD_REQUIRE_EQ(wpid, child);
413 		CHILD_REQUIRE(WIFSTOPPED(status));
414 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
415 
416 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
417 
418 		/* Signal parent that debugger is attached. */
419 		CHILD_REQUIRE_EQ(write(dpipe[1], &c, sizeof(c)),
420 		    (ssize_t)sizeof(c));
421 
422 		/* Wait for parent's failed wait. */
423 		CHILD_REQUIRE_EQ(read(dpipe[1], &c, sizeof(c)),
424 		    (ssize_t)sizeof(c));
425 
426 		wpid = waitpid(child, &status, 0);
427 		CHILD_REQUIRE_EQ(wpid, child);
428 		CHILD_REQUIRE(WIFEXITED(status));
429 		CHILD_REQUIRE_EQ(WEXITSTATUS(status), 1);
430 
431 		_exit(0);
432 	}
433 	close(dpipe[1]);
434 
435 	/* Parent process. */
436 
437 	/* Wait for the debugger parent process to exit. */
438 	wpid = waitpid(debugger, &status, 0);
439 	REQUIRE_EQ(wpid, debugger);
440 	ATF_REQUIRE(WIFEXITED(status));
441 	REQUIRE_EQ(WEXITSTATUS(status), 2);
442 
443 	/* A WNOHANG wait here should see the non-exited child. */
444 	wpid = waitpid(child, &status, WNOHANG);
445 	REQUIRE_EQ(wpid, 0);
446 
447 	/* Wait for the debugger to attach to the child. */
448 	REQUIRE_EQ(read(dpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
449 
450 	/* Release the child. */
451 	REQUIRE_EQ(write(cpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
452 	REQUIRE_EQ(read(cpipe[0], &c, sizeof(c)), 0);
453 	close(cpipe[0]);
454 
455 	wait_for_zombie(child);
456 
457 	/*
458 	 * This wait should return a pid of 0 to indicate no status to
459 	 * report.  The parent should see the child as non-exited
460 	 * until the debugger sees the exit.
461 	 */
462 	wpid = waitpid(child, &status, WNOHANG);
463 	REQUIRE_EQ(wpid, 0);
464 
465 	/* Signal the debugger to wait for the child. */
466 	REQUIRE_EQ(write(dpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
467 
468 	/* Wait for the debugger. */
469 	REQUIRE_EQ(read(dpipe[0], &c, sizeof(c)), 0);
470 	close(dpipe[0]);
471 
472 	/* The child process should now be ready. */
473 	wpid = waitpid(child, &status, WNOHANG);
474 	REQUIRE_EQ(wpid, child);
475 	ATF_REQUIRE(WIFEXITED(status));
476 	REQUIRE_EQ(WEXITSTATUS(status), 1);
477 }
478 
479 /*
480  * Make sure that we can collect the exit status of an orphaned process.
481  */
482 ATF_TC_WITHOUT_HEAD(ptrace__parent_exits_before_child);
483 ATF_TC_BODY(ptrace__parent_exits_before_child, tc)
484 {
485 	ssize_t n;
486 	int cpipe1[2], cpipe2[2], gcpipe[2], status;
487 	pid_t child, gchild;
488 
489 	REQUIRE_EQ(pipe(cpipe1), 0);
490 	REQUIRE_EQ(pipe(cpipe2), 0);
491 	REQUIRE_EQ(pipe(gcpipe), 0);
492 
493 	REQUIRE_EQ(procctl(P_PID, getpid(), PROC_REAP_ACQUIRE, NULL), 0);
494 
495 	ATF_REQUIRE((child = fork()) != -1);
496 	if (child == 0) {
497 		CHILD_REQUIRE((gchild = fork()) != -1);
498 		if (gchild == 0) {
499 			status = 1;
500 			do {
501 				n = read(gcpipe[0], &status, sizeof(status));
502 			} while (n == -1 && errno == EINTR);
503 			_exit(status);
504 		}
505 
506 		CHILD_REQUIRE_EQ(write(cpipe1[1], &gchild, sizeof(gchild)),
507 		    (ssize_t)sizeof(gchild));
508 		CHILD_REQUIRE_EQ(read(cpipe2[0], &status, sizeof(status)),
509 		    (ssize_t)sizeof(status));
510 		_exit(status);
511 	}
512 
513 	REQUIRE_EQ(read(cpipe1[0], &gchild, sizeof(gchild)),
514 	    (ssize_t)sizeof(gchild));
515 
516 	REQUIRE_EQ(ptrace(PT_ATTACH, gchild, NULL, 0), 0);
517 
518 	status = 0;
519 	REQUIRE_EQ(write(cpipe2[1], &status, sizeof(status)),
520 	    (ssize_t)sizeof(status));
521 	REQUIRE_EQ(waitpid(child, &status, 0), child);
522 	ATF_REQUIRE(WIFEXITED(status));
523 	REQUIRE_EQ(WEXITSTATUS(status), 0);
524 
525 	status = 0;
526 	REQUIRE_EQ(write(gcpipe[1], &status, sizeof(status)),
527 	    (ssize_t)sizeof(status));
528 	REQUIRE_EQ(waitpid(gchild, &status, 0), gchild);
529 	ATF_REQUIRE(WIFSTOPPED(status));
530 	REQUIRE_EQ(ptrace(PT_DETACH, gchild, (caddr_t)1, 0), 0);
531 	REQUIRE_EQ(waitpid(gchild, &status, 0), gchild);
532 	ATF_REQUIRE(WIFEXITED(status));
533 	REQUIRE_EQ(WEXITSTATUS(status), 0);
534 
535 	REQUIRE_EQ(close(cpipe1[0]), 0);
536 	REQUIRE_EQ(close(cpipe1[1]), 0);
537 	REQUIRE_EQ(close(cpipe2[0]), 0);
538 	REQUIRE_EQ(close(cpipe2[1]), 0);
539 	REQUIRE_EQ(close(gcpipe[0]), 0);
540 	REQUIRE_EQ(close(gcpipe[1]), 0);
541 }
542 
543 /*
544  * The parent process should always act the same regardless of how the
545  * debugger is attached to it.
546  */
547 static __dead2 void
548 follow_fork_parent(bool use_vfork)
549 {
550 	pid_t fpid, wpid;
551 	int status;
552 
553 	if (use_vfork)
554 		CHILD_REQUIRE((fpid = vfork()) != -1);
555 	else
556 		CHILD_REQUIRE((fpid = fork()) != -1);
557 
558 	if (fpid == 0)
559 		/* Child */
560 		_exit(2);
561 
562 	wpid = waitpid(fpid, &status, 0);
563 	CHILD_REQUIRE_EQ(wpid, fpid);
564 	CHILD_REQUIRE(WIFEXITED(status));
565 	CHILD_REQUIRE_EQ(WEXITSTATUS(status), 2);
566 
567 	_exit(1);
568 }
569 
570 /*
571  * Helper routine for follow fork tests.  This waits for two stops
572  * that report both "sides" of a fork.  It returns the pid of the new
573  * child process.
574  */
575 static pid_t
576 handle_fork_events(pid_t parent, struct ptrace_lwpinfo *ppl)
577 {
578 	struct ptrace_lwpinfo pl;
579 	bool fork_reported[2];
580 	pid_t child, wpid;
581 	int i, status;
582 
583 	fork_reported[0] = false;
584 	fork_reported[1] = false;
585 	child = -1;
586 
587 	/*
588 	 * Each process should report a fork event.  The parent should
589 	 * report a PL_FLAG_FORKED event, and the child should report
590 	 * a PL_FLAG_CHILD event.
591 	 */
592 	for (i = 0; i < 2; i++) {
593 		wpid = wait(&status);
594 		ATF_REQUIRE(wpid > 0);
595 		ATF_REQUIRE(WIFSTOPPED(status));
596 
597 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
598 		    sizeof(pl)) != -1);
599 		ATF_REQUIRE((pl.pl_flags & (PL_FLAG_FORKED | PL_FLAG_CHILD)) !=
600 		    0);
601 		ATF_REQUIRE((pl.pl_flags & (PL_FLAG_FORKED | PL_FLAG_CHILD)) !=
602 		    (PL_FLAG_FORKED | PL_FLAG_CHILD));
603 		if (pl.pl_flags & PL_FLAG_CHILD) {
604 			ATF_REQUIRE(wpid != parent);
605 			REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
606 			ATF_REQUIRE(!fork_reported[1]);
607 			if (child == -1)
608 				child = wpid;
609 			else
610 				REQUIRE_EQ(child, wpid);
611 			if (ppl != NULL)
612 				ppl[1] = pl;
613 			fork_reported[1] = true;
614 		} else {
615 			REQUIRE_EQ(wpid, parent);
616 			REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
617 			ATF_REQUIRE(!fork_reported[0]);
618 			if (child == -1)
619 				child = pl.pl_child_pid;
620 			else
621 				REQUIRE_EQ(child, pl.pl_child_pid);
622 			if (ppl != NULL)
623 				ppl[0] = pl;
624 			fork_reported[0] = true;
625 		}
626 	}
627 
628 	return (child);
629 }
630 
631 /*
632  * Verify that a new child process is stopped after a followed fork and
633  * that the traced parent sees the exit of the child after the debugger
634  * when both processes remain attached to the debugger.
635  */
636 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_both_attached);
637 ATF_TC_BODY(ptrace__follow_fork_both_attached, tc)
638 {
639 	pid_t children[2], fpid, wpid;
640 	int status;
641 
642 	ATF_REQUIRE((fpid = fork()) != -1);
643 	if (fpid == 0) {
644 		trace_me();
645 		follow_fork_parent(false);
646 	}
647 
648 	/* Parent process. */
649 	children[0] = fpid;
650 
651 	/* The first wait() should report the stop from SIGSTOP. */
652 	wpid = waitpid(children[0], &status, 0);
653 	REQUIRE_EQ(wpid, children[0]);
654 	ATF_REQUIRE(WIFSTOPPED(status));
655 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
656 
657 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
658 
659 	/* Continue the child ignoring the SIGSTOP. */
660 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
661 
662 	children[1] = handle_fork_events(children[0], NULL);
663 	ATF_REQUIRE(children[1] > 0);
664 
665 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
666 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
667 
668 	/*
669 	 * The child can't exit until the grandchild reports status, so the
670 	 * grandchild should report its exit first to the debugger.
671 	 */
672 	wpid = wait(&status);
673 	REQUIRE_EQ(wpid, children[1]);
674 	ATF_REQUIRE(WIFEXITED(status));
675 	REQUIRE_EQ(WEXITSTATUS(status), 2);
676 
677 	wpid = wait(&status);
678 	REQUIRE_EQ(wpid, children[0]);
679 	ATF_REQUIRE(WIFEXITED(status));
680 	REQUIRE_EQ(WEXITSTATUS(status), 1);
681 
682 	wpid = wait(&status);
683 	REQUIRE_EQ(wpid, -1);
684 	REQUIRE_EQ(errno, ECHILD);
685 }
686 
687 /*
688  * Verify that a new child process is stopped after a followed fork
689  * and that the traced parent sees the exit of the child when the new
690  * child process is detached after it reports its fork.
691  */
692 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_child_detached);
693 ATF_TC_BODY(ptrace__follow_fork_child_detached, tc)
694 {
695 	pid_t children[2], fpid, wpid;
696 	int status;
697 
698 	ATF_REQUIRE((fpid = fork()) != -1);
699 	if (fpid == 0) {
700 		trace_me();
701 		follow_fork_parent(false);
702 	}
703 
704 	/* Parent process. */
705 	children[0] = fpid;
706 
707 	/* The first wait() should report the stop from SIGSTOP. */
708 	wpid = waitpid(children[0], &status, 0);
709 	REQUIRE_EQ(wpid, children[0]);
710 	ATF_REQUIRE(WIFSTOPPED(status));
711 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
712 
713 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
714 
715 	/* Continue the child ignoring the SIGSTOP. */
716 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
717 
718 	children[1] = handle_fork_events(children[0], NULL);
719 	ATF_REQUIRE(children[1] > 0);
720 
721 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
722 	ATF_REQUIRE(ptrace(PT_DETACH, children[1], (caddr_t)1, 0) != -1);
723 
724 	/*
725 	 * Should not see any status from the grandchild now, only the
726 	 * child.
727 	 */
728 	wpid = wait(&status);
729 	REQUIRE_EQ(wpid, children[0]);
730 	ATF_REQUIRE(WIFEXITED(status));
731 	REQUIRE_EQ(WEXITSTATUS(status), 1);
732 
733 	wpid = wait(&status);
734 	REQUIRE_EQ(wpid, -1);
735 	REQUIRE_EQ(errno, ECHILD);
736 }
737 
738 /*
739  * Verify that a new child process is stopped after a followed fork
740  * and that the traced parent sees the exit of the child when the
741  * traced parent is detached after the fork.
742  */
743 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_parent_detached);
744 ATF_TC_BODY(ptrace__follow_fork_parent_detached, tc)
745 {
746 	pid_t children[2], fpid, wpid;
747 	int status;
748 
749 	ATF_REQUIRE((fpid = fork()) != -1);
750 	if (fpid == 0) {
751 		trace_me();
752 		follow_fork_parent(false);
753 	}
754 
755 	/* Parent process. */
756 	children[0] = fpid;
757 
758 	/* The first wait() should report the stop from SIGSTOP. */
759 	wpid = waitpid(children[0], &status, 0);
760 	REQUIRE_EQ(wpid, children[0]);
761 	ATF_REQUIRE(WIFSTOPPED(status));
762 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
763 
764 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
765 
766 	/* Continue the child ignoring the SIGSTOP. */
767 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
768 
769 	children[1] = handle_fork_events(children[0], NULL);
770 	ATF_REQUIRE(children[1] > 0);
771 
772 	ATF_REQUIRE(ptrace(PT_DETACH, children[0], (caddr_t)1, 0) != -1);
773 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
774 
775 	/*
776 	 * The child can't exit until the grandchild reports status, so the
777 	 * grandchild should report its exit first to the debugger.
778 	 *
779 	 * Even though the child process is detached, it is still a
780 	 * child of the debugger, so it will still report it's exit
781 	 * after the grandchild.
782 	 */
783 	wpid = wait(&status);
784 	REQUIRE_EQ(wpid, children[1]);
785 	ATF_REQUIRE(WIFEXITED(status));
786 	REQUIRE_EQ(WEXITSTATUS(status), 2);
787 
788 	wpid = wait(&status);
789 	REQUIRE_EQ(wpid, children[0]);
790 	ATF_REQUIRE(WIFEXITED(status));
791 	REQUIRE_EQ(WEXITSTATUS(status), 1);
792 
793 	wpid = wait(&status);
794 	REQUIRE_EQ(wpid, -1);
795 	REQUIRE_EQ(errno, ECHILD);
796 }
797 
798 static void
799 attach_fork_parent(int cpipe[2])
800 {
801 	pid_t fpid;
802 
803 	close(cpipe[0]);
804 
805 	/* Double-fork to disassociate from the debugger. */
806 	CHILD_REQUIRE((fpid = fork()) != -1);
807 	if (fpid != 0)
808 		_exit(3);
809 
810 	/* Send the pid of the disassociated child to the debugger. */
811 	fpid = getpid();
812 	CHILD_REQUIRE_EQ(write(cpipe[1], &fpid, sizeof(fpid)),
813 	    (ssize_t)sizeof(fpid));
814 
815 	/* Wait for the debugger to attach. */
816 	CHILD_REQUIRE_EQ(read(cpipe[1], &fpid, sizeof(fpid)), 0);
817 }
818 
819 /*
820  * Verify that a new child process is stopped after a followed fork and
821  * that the traced parent sees the exit of the child after the debugger
822  * when both processes remain attached to the debugger.  In this test
823  * the parent that forks is not a direct child of the debugger.
824  */
825 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_both_attached_unrelated_debugger);
826 ATF_TC_BODY(ptrace__follow_fork_both_attached_unrelated_debugger, tc)
827 {
828 	pid_t children[2], fpid, wpid;
829 	int cpipe[2], status;
830 
831 	REQUIRE_EQ(pipe(cpipe), 0);
832 	ATF_REQUIRE((fpid = fork()) != -1);
833 	if (fpid == 0) {
834 		attach_fork_parent(cpipe);
835 		follow_fork_parent(false);
836 	}
837 
838 	/* Parent process. */
839 	close(cpipe[1]);
840 
841 	/* Wait for the direct child to exit. */
842 	wpid = waitpid(fpid, &status, 0);
843 	REQUIRE_EQ(wpid, fpid);
844 	ATF_REQUIRE(WIFEXITED(status));
845 	REQUIRE_EQ(WEXITSTATUS(status), 3);
846 
847 	/* Read the pid of the fork parent. */
848 	REQUIRE_EQ(read(cpipe[0], &children[0], sizeof(children[0])),
849 	    (ssize_t)sizeof(children[0]));
850 
851 	/* Attach to the fork parent. */
852 	attach_child(children[0]);
853 
854 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
855 
856 	/* Continue the fork parent ignoring the SIGSTOP. */
857 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
858 
859 	/* Signal the fork parent to continue. */
860 	close(cpipe[0]);
861 
862 	children[1] = handle_fork_events(children[0], NULL);
863 	ATF_REQUIRE(children[1] > 0);
864 
865 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
866 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
867 
868 	/*
869 	 * The fork parent can't exit until the child reports status,
870 	 * so the child should report its exit first to the debugger.
871 	 */
872 	wpid = wait(&status);
873 	REQUIRE_EQ(wpid, children[1]);
874 	ATF_REQUIRE(WIFEXITED(status));
875 	REQUIRE_EQ(WEXITSTATUS(status), 2);
876 
877 	wpid = wait(&status);
878 	REQUIRE_EQ(wpid, children[0]);
879 	ATF_REQUIRE(WIFEXITED(status));
880 	REQUIRE_EQ(WEXITSTATUS(status), 1);
881 
882 	wpid = wait(&status);
883 	REQUIRE_EQ(wpid, -1);
884 	REQUIRE_EQ(errno, ECHILD);
885 }
886 
887 /*
888  * Verify that a new child process is stopped after a followed fork
889  * and that the traced parent sees the exit of the child when the new
890  * child process is detached after it reports its fork.  In this test
891  * the parent that forks is not a direct child of the debugger.
892  */
893 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_child_detached_unrelated_debugger);
894 ATF_TC_BODY(ptrace__follow_fork_child_detached_unrelated_debugger, tc)
895 {
896 	pid_t children[2], fpid, wpid;
897 	int cpipe[2], status;
898 
899 	REQUIRE_EQ(pipe(cpipe), 0);
900 	ATF_REQUIRE((fpid = fork()) != -1);
901 	if (fpid == 0) {
902 		attach_fork_parent(cpipe);
903 		follow_fork_parent(false);
904 	}
905 
906 	/* Parent process. */
907 	close(cpipe[1]);
908 
909 	/* Wait for the direct child to exit. */
910 	wpid = waitpid(fpid, &status, 0);
911 	REQUIRE_EQ(wpid, fpid);
912 	ATF_REQUIRE(WIFEXITED(status));
913 	REQUIRE_EQ(WEXITSTATUS(status), 3);
914 
915 	/* Read the pid of the fork parent. */
916 	REQUIRE_EQ(read(cpipe[0], &children[0], sizeof(children[0])),
917 	    (ssize_t)sizeof(children[0]));
918 
919 	/* Attach to the fork parent. */
920 	attach_child(children[0]);
921 
922 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
923 
924 	/* Continue the fork parent ignoring the SIGSTOP. */
925 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
926 
927 	/* Signal the fork parent to continue. */
928 	close(cpipe[0]);
929 
930 	children[1] = handle_fork_events(children[0], NULL);
931 	ATF_REQUIRE(children[1] > 0);
932 
933 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
934 	ATF_REQUIRE(ptrace(PT_DETACH, children[1], (caddr_t)1, 0) != -1);
935 
936 	/*
937 	 * Should not see any status from the child now, only the fork
938 	 * parent.
939 	 */
940 	wpid = wait(&status);
941 	REQUIRE_EQ(wpid, children[0]);
942 	ATF_REQUIRE(WIFEXITED(status));
943 	REQUIRE_EQ(WEXITSTATUS(status), 1);
944 
945 	wpid = wait(&status);
946 	REQUIRE_EQ(wpid, -1);
947 	REQUIRE_EQ(errno, ECHILD);
948 }
949 
950 /*
951  * Verify that a new child process is stopped after a followed fork
952  * and that the traced parent sees the exit of the child when the
953  * traced parent is detached after the fork.  In this test the parent
954  * that forks is not a direct child of the debugger.
955  */
956 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_parent_detached_unrelated_debugger);
957 ATF_TC_BODY(ptrace__follow_fork_parent_detached_unrelated_debugger, tc)
958 {
959 	pid_t children[2], fpid, wpid;
960 	int cpipe[2], status;
961 
962 	REQUIRE_EQ(pipe(cpipe), 0);
963 	ATF_REQUIRE((fpid = fork()) != -1);
964 	if (fpid == 0) {
965 		attach_fork_parent(cpipe);
966 		follow_fork_parent(false);
967 	}
968 
969 	/* Parent process. */
970 	close(cpipe[1]);
971 
972 	/* Wait for the direct child to exit. */
973 	wpid = waitpid(fpid, &status, 0);
974 	REQUIRE_EQ(wpid, fpid);
975 	ATF_REQUIRE(WIFEXITED(status));
976 	REQUIRE_EQ(WEXITSTATUS(status), 3);
977 
978 	/* Read the pid of the fork parent. */
979 	REQUIRE_EQ(read(cpipe[0], &children[0], sizeof(children[0])),
980 	    (ssize_t)sizeof(children[0]));
981 
982 	/* Attach to the fork parent. */
983 	attach_child(children[0]);
984 
985 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
986 
987 	/* Continue the fork parent ignoring the SIGSTOP. */
988 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
989 
990 	/* Signal the fork parent to continue. */
991 	close(cpipe[0]);
992 
993 	children[1] = handle_fork_events(children[0], NULL);
994 	ATF_REQUIRE(children[1] > 0);
995 
996 	ATF_REQUIRE(ptrace(PT_DETACH, children[0], (caddr_t)1, 0) != -1);
997 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
998 
999 	/*
1000 	 * Should not see any status from the fork parent now, only
1001 	 * the child.
1002 	 */
1003 	wpid = wait(&status);
1004 	REQUIRE_EQ(wpid, children[1]);
1005 	ATF_REQUIRE(WIFEXITED(status));
1006 	REQUIRE_EQ(WEXITSTATUS(status), 2);
1007 
1008 	wpid = wait(&status);
1009 	REQUIRE_EQ(wpid, -1);
1010 	REQUIRE_EQ(errno, ECHILD);
1011 }
1012 
1013 /*
1014  * Verify that a child process does not see an unrelated debugger as its
1015  * parent but sees its original parent process.
1016  */
1017 ATF_TC_WITHOUT_HEAD(ptrace__getppid);
1018 ATF_TC_BODY(ptrace__getppid, tc)
1019 {
1020 	pid_t child, debugger, ppid, wpid;
1021 	int cpipe[2], dpipe[2], status;
1022 	char c;
1023 
1024 	REQUIRE_EQ(pipe(cpipe), 0);
1025 	ATF_REQUIRE((child = fork()) != -1);
1026 
1027 	if (child == 0) {
1028 		/* Child process. */
1029 		close(cpipe[0]);
1030 
1031 		/* Wait for parent to be ready. */
1032 		CHILD_REQUIRE_EQ(read(cpipe[1], &c, sizeof(c)),
1033 		    (ssize_t)sizeof(c));
1034 
1035 		/* Report the parent PID to the parent. */
1036 		ppid = getppid();
1037 		CHILD_REQUIRE_EQ(write(cpipe[1], &ppid, sizeof(ppid)),
1038 		    (ssize_t)sizeof(ppid));
1039 
1040 		_exit(1);
1041 	}
1042 	close(cpipe[1]);
1043 
1044 	REQUIRE_EQ(pipe(dpipe), 0);
1045 	ATF_REQUIRE((debugger = fork()) != -1);
1046 
1047 	if (debugger == 0) {
1048 		/* Debugger process. */
1049 		close(dpipe[0]);
1050 
1051 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
1052 
1053 		wpid = waitpid(child, &status, 0);
1054 		CHILD_REQUIRE_EQ(wpid, child);
1055 		CHILD_REQUIRE(WIFSTOPPED(status));
1056 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1057 
1058 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
1059 
1060 		/* Signal parent that debugger is attached. */
1061 		CHILD_REQUIRE_EQ(write(dpipe[1], &c, sizeof(c)),
1062 		    (ssize_t)sizeof(c));
1063 
1064 		/* Wait for traced child to exit. */
1065 		wpid = waitpid(child, &status, 0);
1066 		CHILD_REQUIRE_EQ(wpid, child);
1067 		CHILD_REQUIRE(WIFEXITED(status));
1068 		CHILD_REQUIRE_EQ(WEXITSTATUS(status), 1);
1069 
1070 		_exit(0);
1071 	}
1072 	close(dpipe[1]);
1073 
1074 	/* Parent process. */
1075 
1076 	/* Wait for the debugger to attach to the child. */
1077 	REQUIRE_EQ(read(dpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
1078 
1079 	/* Release the child. */
1080 	REQUIRE_EQ(write(cpipe[0], &c, sizeof(c)), (ssize_t)sizeof(c));
1081 
1082 	/* Read the parent PID from the child. */
1083 	REQUIRE_EQ(read(cpipe[0], &ppid, sizeof(ppid)), (ssize_t)sizeof(ppid));
1084 	close(cpipe[0]);
1085 
1086 	REQUIRE_EQ(ppid, getpid());
1087 
1088 	/* Wait for the debugger. */
1089 	wpid = waitpid(debugger, &status, 0);
1090 	REQUIRE_EQ(wpid, debugger);
1091 	ATF_REQUIRE(WIFEXITED(status));
1092 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1093 
1094 	/* The child process should now be ready. */
1095 	wpid = waitpid(child, &status, WNOHANG);
1096 	REQUIRE_EQ(wpid, child);
1097 	ATF_REQUIRE(WIFEXITED(status));
1098 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1099 }
1100 
1101 /*
1102  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1103  * child process created via fork() reports the correct value.
1104  */
1105 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_fork);
1106 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_fork, tc)
1107 {
1108 	struct ptrace_lwpinfo pl[2];
1109 	pid_t children[2], fpid, wpid;
1110 	int status;
1111 
1112 	ATF_REQUIRE((fpid = fork()) != -1);
1113 	if (fpid == 0) {
1114 		trace_me();
1115 		follow_fork_parent(false);
1116 	}
1117 
1118 	/* Parent process. */
1119 	children[0] = fpid;
1120 
1121 	/* The first wait() should report the stop from SIGSTOP. */
1122 	wpid = waitpid(children[0], &status, 0);
1123 	REQUIRE_EQ(wpid, children[0]);
1124 	ATF_REQUIRE(WIFSTOPPED(status));
1125 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1126 
1127 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
1128 
1129 	/* Continue the child ignoring the SIGSTOP. */
1130 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1131 
1132 	/* Wait for both halves of the fork event to get reported. */
1133 	children[1] = handle_fork_events(children[0], pl);
1134 	ATF_REQUIRE(children[1] > 0);
1135 
1136 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_SCX) != 0);
1137 	ATF_REQUIRE((pl[1].pl_flags & PL_FLAG_SCX) != 0);
1138 	REQUIRE_EQ(pl[0].pl_syscall_code, (unsigned)SYS_fork);
1139 	REQUIRE_EQ(pl[0].pl_syscall_code, pl[1].pl_syscall_code);
1140 	REQUIRE_EQ(pl[0].pl_syscall_narg, pl[1].pl_syscall_narg);
1141 
1142 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1143 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1144 
1145 	/*
1146 	 * The child can't exit until the grandchild reports status, so the
1147 	 * grandchild should report its exit first to the debugger.
1148 	 */
1149 	wpid = wait(&status);
1150 	REQUIRE_EQ(wpid, children[1]);
1151 	ATF_REQUIRE(WIFEXITED(status));
1152 	REQUIRE_EQ(WEXITSTATUS(status), 2);
1153 
1154 	wpid = wait(&status);
1155 	REQUIRE_EQ(wpid, children[0]);
1156 	ATF_REQUIRE(WIFEXITED(status));
1157 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1158 
1159 	wpid = wait(&status);
1160 	REQUIRE_EQ(wpid, -1);
1161 	REQUIRE_EQ(errno, ECHILD);
1162 }
1163 
1164 /*
1165  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1166  * child process created via vfork() reports the correct value.
1167  */
1168 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_vfork);
1169 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_vfork, tc)
1170 {
1171 	struct ptrace_lwpinfo pl[2];
1172 	pid_t children[2], fpid, wpid;
1173 	int status;
1174 
1175 	ATF_REQUIRE((fpid = fork()) != -1);
1176 	if (fpid == 0) {
1177 		trace_me();
1178 		follow_fork_parent(true);
1179 	}
1180 
1181 	/* Parent process. */
1182 	children[0] = fpid;
1183 
1184 	/* The first wait() should report the stop from SIGSTOP. */
1185 	wpid = waitpid(children[0], &status, 0);
1186 	REQUIRE_EQ(wpid, children[0]);
1187 	ATF_REQUIRE(WIFSTOPPED(status));
1188 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1189 
1190 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
1191 
1192 	/* Continue the child ignoring the SIGSTOP. */
1193 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1194 
1195 	/* Wait for both halves of the fork event to get reported. */
1196 	children[1] = handle_fork_events(children[0], pl);
1197 	ATF_REQUIRE(children[1] > 0);
1198 
1199 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_SCX) != 0);
1200 	ATF_REQUIRE((pl[1].pl_flags & PL_FLAG_SCX) != 0);
1201 	REQUIRE_EQ(pl[0].pl_syscall_code, (unsigned)SYS_vfork);
1202 	REQUIRE_EQ(pl[0].pl_syscall_code, pl[1].pl_syscall_code);
1203 	REQUIRE_EQ(pl[0].pl_syscall_narg, pl[1].pl_syscall_narg);
1204 
1205 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1206 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1207 
1208 	/*
1209 	 * The child can't exit until the grandchild reports status, so the
1210 	 * grandchild should report its exit first to the debugger.
1211 	 */
1212 	wpid = wait(&status);
1213 	REQUIRE_EQ(wpid, children[1]);
1214 	ATF_REQUIRE(WIFEXITED(status));
1215 	REQUIRE_EQ(WEXITSTATUS(status), 2);
1216 
1217 	wpid = wait(&status);
1218 	REQUIRE_EQ(wpid, children[0]);
1219 	ATF_REQUIRE(WIFEXITED(status));
1220 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1221 
1222 	wpid = wait(&status);
1223 	REQUIRE_EQ(wpid, -1);
1224 	REQUIRE_EQ(errno, ECHILD);
1225 }
1226 
1227 static void *
1228 simple_thread(void *arg __unused)
1229 {
1230 
1231 	pthread_exit(NULL);
1232 }
1233 
1234 static __dead2 void
1235 simple_thread_main(void)
1236 {
1237 	pthread_t thread;
1238 
1239 	CHILD_REQUIRE_EQ(pthread_create(&thread, NULL, simple_thread, NULL), 0);
1240 	CHILD_REQUIRE_EQ(pthread_join(thread, NULL), 0);
1241 	exit(1);
1242 }
1243 
1244 /*
1245  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1246  * thread reports the correct value.
1247  */
1248 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_thread);
1249 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_thread, tc)
1250 {
1251 	struct ptrace_lwpinfo pl;
1252 	pid_t fpid, wpid;
1253 	lwpid_t mainlwp;
1254 	int status;
1255 
1256 	ATF_REQUIRE((fpid = fork()) != -1);
1257 	if (fpid == 0) {
1258 		trace_me();
1259 		simple_thread_main();
1260 	}
1261 
1262 	/* The first wait() should report the stop from SIGSTOP. */
1263 	wpid = waitpid(fpid, &status, 0);
1264 	REQUIRE_EQ(wpid, fpid);
1265 	ATF_REQUIRE(WIFSTOPPED(status));
1266 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1267 
1268 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1269 	    sizeof(pl)) != -1);
1270 	mainlwp = pl.pl_lwpid;
1271 
1272 	/*
1273 	 * Continue the child ignoring the SIGSTOP and tracing all
1274 	 * system call exits.
1275 	 */
1276 	ATF_REQUIRE(ptrace(PT_TO_SCX, fpid, (caddr_t)1, 0) != -1);
1277 
1278 	/*
1279 	 * Wait for the new thread to arrive.  pthread_create() might
1280 	 * invoke any number of system calls.  For now we just wait
1281 	 * for the new thread to arrive and make sure it reports a
1282 	 * valid system call code.  If ptrace grows thread event
1283 	 * reporting then this test can be made more precise.
1284 	 */
1285 	for (;;) {
1286 		wpid = waitpid(fpid, &status, 0);
1287 		REQUIRE_EQ(wpid, fpid);
1288 		ATF_REQUIRE(WIFSTOPPED(status));
1289 		REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1290 
1291 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1292 		    sizeof(pl)) != -1);
1293 		ATF_REQUIRE((pl.pl_flags & PL_FLAG_SCX) != 0);
1294 		ATF_REQUIRE(pl.pl_syscall_code != 0);
1295 		if (pl.pl_lwpid != mainlwp)
1296 			/* New thread seen. */
1297 			break;
1298 
1299 		REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1300 	}
1301 
1302 	/* Wait for the child to exit. */
1303 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1304 	for (;;) {
1305 		wpid = waitpid(fpid, &status, 0);
1306 		REQUIRE_EQ(wpid, fpid);
1307 		if (WIFEXITED(status))
1308 			break;
1309 
1310 		ATF_REQUIRE(WIFSTOPPED(status));
1311 		REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1312 		REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1313 	}
1314 
1315 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1316 
1317 	wpid = wait(&status);
1318 	REQUIRE_EQ(wpid, -1);
1319 	REQUIRE_EQ(errno, ECHILD);
1320 }
1321 
1322 /*
1323  * Verify that the expected LWP events are reported for a child thread.
1324  */
1325 ATF_TC_WITHOUT_HEAD(ptrace__lwp_events);
1326 ATF_TC_BODY(ptrace__lwp_events, tc)
1327 {
1328 	struct ptrace_lwpinfo pl;
1329 	pid_t fpid, wpid;
1330 	lwpid_t lwps[2];
1331 	int status;
1332 
1333 	ATF_REQUIRE((fpid = fork()) != -1);
1334 	if (fpid == 0) {
1335 		trace_me();
1336 		simple_thread_main();
1337 	}
1338 
1339 	/* The first wait() should report the stop from SIGSTOP. */
1340 	wpid = waitpid(fpid, &status, 0);
1341 	REQUIRE_EQ(wpid, fpid);
1342 	ATF_REQUIRE(WIFSTOPPED(status));
1343 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1344 
1345 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1346 	    sizeof(pl)) != -1);
1347 	lwps[0] = pl.pl_lwpid;
1348 
1349 	REQUIRE_EQ(ptrace(PT_LWP_EVENTS, wpid, NULL, 1), 0);
1350 
1351 	/* Continue the child ignoring the SIGSTOP. */
1352 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1353 
1354 	/* The first event should be for the child thread's birth. */
1355 	wpid = waitpid(fpid, &status, 0);
1356 	REQUIRE_EQ(wpid, fpid);
1357 	ATF_REQUIRE(WIFSTOPPED(status));
1358 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1359 
1360 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1361 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
1362 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1363 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
1364 	lwps[1] = pl.pl_lwpid;
1365 
1366 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1367 
1368 	/* The next event should be for the child thread's death. */
1369 	wpid = waitpid(fpid, &status, 0);
1370 	REQUIRE_EQ(wpid, fpid);
1371 	ATF_REQUIRE(WIFSTOPPED(status));
1372 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1373 
1374 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1375 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_EXITED | PL_FLAG_SCE)),
1376 	    (PL_FLAG_EXITED | PL_FLAG_SCE));
1377 	REQUIRE_EQ(pl.pl_lwpid, lwps[1]);
1378 
1379 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1380 
1381 	/* The last event should be for the child process's exit. */
1382 	wpid = waitpid(fpid, &status, 0);
1383 	ATF_REQUIRE(WIFEXITED(status));
1384 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1385 
1386 	wpid = wait(&status);
1387 	REQUIRE_EQ(wpid, -1);
1388 	REQUIRE_EQ(errno, ECHILD);
1389 }
1390 
1391 static void *
1392 exec_thread(void *arg __unused)
1393 {
1394 
1395 	execl("/usr/bin/true", "true", NULL);
1396 	exit(127);
1397 }
1398 
1399 static __dead2 void
1400 exec_thread_main(void)
1401 {
1402 	pthread_t thread;
1403 
1404 	CHILD_REQUIRE_EQ(pthread_create(&thread, NULL, exec_thread, NULL), 0);
1405 	for (;;)
1406 		sleep(60);
1407 	exit(1);
1408 }
1409 
1410 /*
1411  * Verify that the expected LWP events are reported for a multithreaded
1412  * process that calls execve(2).
1413  */
1414 ATF_TC_WITHOUT_HEAD(ptrace__lwp_events_exec);
1415 ATF_TC_BODY(ptrace__lwp_events_exec, tc)
1416 {
1417 	struct ptrace_lwpinfo pl;
1418 	pid_t fpid, wpid;
1419 	lwpid_t lwps[2];
1420 	int status;
1421 
1422 	ATF_REQUIRE((fpid = fork()) != -1);
1423 	if (fpid == 0) {
1424 		trace_me();
1425 		exec_thread_main();
1426 	}
1427 
1428 	/* The first wait() should report the stop from SIGSTOP. */
1429 	wpid = waitpid(fpid, &status, 0);
1430 	REQUIRE_EQ(wpid, fpid);
1431 	ATF_REQUIRE(WIFSTOPPED(status));
1432 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1433 
1434 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1435 	    sizeof(pl)) != -1);
1436 	lwps[0] = pl.pl_lwpid;
1437 
1438 	REQUIRE_EQ(ptrace(PT_LWP_EVENTS, wpid, NULL, 1), 0);
1439 
1440 	/* Continue the child ignoring the SIGSTOP. */
1441 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1442 
1443 	/* The first event should be for the child thread's birth. */
1444 	wpid = waitpid(fpid, &status, 0);
1445 	REQUIRE_EQ(wpid, fpid);
1446 	ATF_REQUIRE(WIFSTOPPED(status));
1447 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1448 
1449 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1450 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
1451 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1452 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
1453 	lwps[1] = pl.pl_lwpid;
1454 
1455 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1456 
1457 	/*
1458 	 * The next event should be for the main thread's death due to
1459 	 * single threading from execve().
1460 	 */
1461 	wpid = waitpid(fpid, &status, 0);
1462 	REQUIRE_EQ(wpid, fpid);
1463 	ATF_REQUIRE(WIFSTOPPED(status));
1464 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1465 
1466 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1467 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_EXITED | PL_FLAG_SCE)),
1468 	    (PL_FLAG_EXITED));
1469 	REQUIRE_EQ(pl.pl_lwpid, lwps[0]);
1470 
1471 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1472 
1473 	/* The next event should be for the child process's exec. */
1474 	wpid = waitpid(fpid, &status, 0);
1475 	ATF_REQUIRE(WIFSTOPPED(status));
1476 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1477 
1478 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1479 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_EXEC | PL_FLAG_SCX)),
1480 	    (PL_FLAG_EXEC | PL_FLAG_SCX));
1481 	REQUIRE_EQ(pl.pl_lwpid, lwps[1]);
1482 
1483 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1484 
1485 	/* The last event should be for the child process's exit. */
1486 	wpid = waitpid(fpid, &status, 0);
1487 	ATF_REQUIRE(WIFEXITED(status));
1488 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1489 
1490 	wpid = wait(&status);
1491 	REQUIRE_EQ(wpid, -1);
1492 	REQUIRE_EQ(errno, ECHILD);
1493 }
1494 
1495 static void
1496 handler(int sig __unused)
1497 {
1498 }
1499 
1500 static void
1501 signal_main(void)
1502 {
1503 
1504 	signal(SIGINFO, handler);
1505 	raise(SIGINFO);
1506 	exit(0);
1507 }
1508 
1509 /*
1510  * Verify that the expected ptrace event is reported for a signal.
1511  */
1512 ATF_TC_WITHOUT_HEAD(ptrace__siginfo);
1513 ATF_TC_BODY(ptrace__siginfo, tc)
1514 {
1515 	struct ptrace_lwpinfo pl;
1516 	pid_t fpid, wpid;
1517 	int status;
1518 
1519 	ATF_REQUIRE((fpid = fork()) != -1);
1520 	if (fpid == 0) {
1521 		trace_me();
1522 		signal_main();
1523 	}
1524 
1525 	/* The first wait() should report the stop from SIGSTOP. */
1526 	wpid = waitpid(fpid, &status, 0);
1527 	REQUIRE_EQ(wpid, fpid);
1528 	ATF_REQUIRE(WIFSTOPPED(status));
1529 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1530 
1531 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1532 
1533 	/* The next event should be for the SIGINFO. */
1534 	wpid = waitpid(fpid, &status, 0);
1535 	ATF_REQUIRE(WIFSTOPPED(status));
1536 	REQUIRE_EQ(WSTOPSIG(status), SIGINFO);
1537 
1538 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1539 	REQUIRE_EQ(pl.pl_event, PL_EVENT_SIGNAL);
1540 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
1541 	REQUIRE_EQ(pl.pl_siginfo.si_code, SI_LWP);
1542 	REQUIRE_EQ(pl.pl_siginfo.si_pid, wpid);
1543 
1544 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1545 
1546 	/* The last event should be for the child process's exit. */
1547 	wpid = waitpid(fpid, &status, 0);
1548 	ATF_REQUIRE(WIFEXITED(status));
1549 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1550 
1551 	wpid = wait(&status);
1552 	REQUIRE_EQ(wpid, -1);
1553 	REQUIRE_EQ(errno, ECHILD);
1554 }
1555 
1556 /*
1557  * Verify that the expected ptrace events are reported for PTRACE_EXEC.
1558  */
1559 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_exec_disable);
1560 ATF_TC_BODY(ptrace__ptrace_exec_disable, tc)
1561 {
1562 	pid_t fpid, wpid;
1563 	int events, status;
1564 
1565 	ATF_REQUIRE((fpid = fork()) != -1);
1566 	if (fpid == 0) {
1567 		trace_me();
1568 		exec_thread(NULL);
1569 	}
1570 
1571 	/* The first wait() should report the stop from SIGSTOP. */
1572 	wpid = waitpid(fpid, &status, 0);
1573 	REQUIRE_EQ(wpid, fpid);
1574 	ATF_REQUIRE(WIFSTOPPED(status));
1575 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1576 
1577 	events = 0;
1578 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
1579 	    sizeof(events)) == 0);
1580 
1581 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1582 
1583 	/* Should get one event at exit. */
1584 	wpid = waitpid(fpid, &status, 0);
1585 	ATF_REQUIRE(WIFEXITED(status));
1586 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1587 
1588 	wpid = wait(&status);
1589 	REQUIRE_EQ(wpid, -1);
1590 	REQUIRE_EQ(errno, ECHILD);
1591 }
1592 
1593 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_exec_enable);
1594 ATF_TC_BODY(ptrace__ptrace_exec_enable, tc)
1595 {
1596 	struct ptrace_lwpinfo pl;
1597 	pid_t fpid, wpid;
1598 	int events, status;
1599 
1600 	ATF_REQUIRE((fpid = fork()) != -1);
1601 	if (fpid == 0) {
1602 		trace_me();
1603 		exec_thread(NULL);
1604 	}
1605 
1606 	/* The first wait() should report the stop from SIGSTOP. */
1607 	wpid = waitpid(fpid, &status, 0);
1608 	REQUIRE_EQ(wpid, fpid);
1609 	ATF_REQUIRE(WIFSTOPPED(status));
1610 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1611 
1612 	events = PTRACE_EXEC;
1613 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
1614 	    sizeof(events)) == 0);
1615 
1616 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1617 
1618 	/* The next event should be for the child process's exec. */
1619 	wpid = waitpid(fpid, &status, 0);
1620 	ATF_REQUIRE(WIFSTOPPED(status));
1621 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1622 
1623 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1624 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_EXEC | PL_FLAG_SCX)),
1625 	    (PL_FLAG_EXEC | PL_FLAG_SCX));
1626 
1627 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1628 
1629 	/* The last event should be for the child process's exit. */
1630 	wpid = waitpid(fpid, &status, 0);
1631 	ATF_REQUIRE(WIFEXITED(status));
1632 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1633 
1634 	wpid = wait(&status);
1635 	REQUIRE_EQ(wpid, -1);
1636 	REQUIRE_EQ(errno, ECHILD);
1637 }
1638 
1639 ATF_TC_WITHOUT_HEAD(ptrace__event_mask);
1640 ATF_TC_BODY(ptrace__event_mask, tc)
1641 {
1642 	pid_t fpid, wpid;
1643 	int events, status;
1644 
1645 	ATF_REQUIRE((fpid = fork()) != -1);
1646 	if (fpid == 0) {
1647 		trace_me();
1648 		exit(0);
1649 	}
1650 
1651 	/* The first wait() should report the stop from SIGSTOP. */
1652 	wpid = waitpid(fpid, &status, 0);
1653 	REQUIRE_EQ(wpid, fpid);
1654 	ATF_REQUIRE(WIFSTOPPED(status));
1655 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1656 
1657 	/* PT_FOLLOW_FORK should toggle the state of PTRACE_FORK. */
1658 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, fpid, NULL, 1) != -1);
1659 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1660 	    sizeof(events)) == 0);
1661 	ATF_REQUIRE(events & PTRACE_FORK);
1662 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, fpid, NULL, 0) != -1);
1663 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1664 	    sizeof(events)) == 0);
1665 	ATF_REQUIRE(!(events & PTRACE_FORK));
1666 
1667 	/* PT_LWP_EVENTS should toggle the state of PTRACE_LWP. */
1668 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, fpid, NULL, 1) != -1);
1669 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1670 	    sizeof(events)) == 0);
1671 	ATF_REQUIRE(events & PTRACE_LWP);
1672 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, fpid, NULL, 0) != -1);
1673 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1674 	    sizeof(events)) == 0);
1675 	ATF_REQUIRE(!(events & PTRACE_LWP));
1676 
1677 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1678 
1679 	/* Should get one event at exit. */
1680 	wpid = waitpid(fpid, &status, 0);
1681 	ATF_REQUIRE(WIFEXITED(status));
1682 	REQUIRE_EQ(WEXITSTATUS(status), 0);
1683 
1684 	wpid = wait(&status);
1685 	REQUIRE_EQ(wpid, -1);
1686 	REQUIRE_EQ(errno, ECHILD);
1687 }
1688 
1689 /*
1690  * Verify that the expected ptrace events are reported for PTRACE_VFORK.
1691  */
1692 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_vfork);
1693 ATF_TC_BODY(ptrace__ptrace_vfork, tc)
1694 {
1695 	struct ptrace_lwpinfo pl;
1696 	pid_t fpid, wpid;
1697 	int events, status;
1698 
1699 	ATF_REQUIRE((fpid = fork()) != -1);
1700 	if (fpid == 0) {
1701 		trace_me();
1702 		follow_fork_parent(true);
1703 	}
1704 
1705 	/* The first wait() should report the stop from SIGSTOP. */
1706 	wpid = waitpid(fpid, &status, 0);
1707 	REQUIRE_EQ(wpid, fpid);
1708 	ATF_REQUIRE(WIFSTOPPED(status));
1709 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1710 
1711 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1712 	    sizeof(events)) == 0);
1713 	events |= PTRACE_VFORK;
1714 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
1715 	    sizeof(events)) == 0);
1716 
1717 	/* Continue the child ignoring the SIGSTOP. */
1718 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) != -1);
1719 
1720 	/* The next event should report the end of the vfork. */
1721 	wpid = wait(&status);
1722 	REQUIRE_EQ(wpid, fpid);
1723 	ATF_REQUIRE(WIFSTOPPED(status));
1724 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1725 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1726 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_VFORK_DONE) != 0);
1727 
1728 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) != -1);
1729 
1730 	wpid = wait(&status);
1731 	REQUIRE_EQ(wpid, fpid);
1732 	ATF_REQUIRE(WIFEXITED(status));
1733 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1734 
1735 	wpid = wait(&status);
1736 	REQUIRE_EQ(wpid, -1);
1737 	REQUIRE_EQ(errno, ECHILD);
1738 }
1739 
1740 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_vfork_follow);
1741 ATF_TC_BODY(ptrace__ptrace_vfork_follow, tc)
1742 {
1743 	struct ptrace_lwpinfo pl[2];
1744 	pid_t children[2], fpid, wpid;
1745 	int events, status;
1746 
1747 	ATF_REQUIRE((fpid = fork()) != -1);
1748 	if (fpid == 0) {
1749 		trace_me();
1750 		follow_fork_parent(true);
1751 	}
1752 
1753 	/* Parent process. */
1754 	children[0] = fpid;
1755 
1756 	/* The first wait() should report the stop from SIGSTOP. */
1757 	wpid = waitpid(children[0], &status, 0);
1758 	REQUIRE_EQ(wpid, children[0]);
1759 	ATF_REQUIRE(WIFSTOPPED(status));
1760 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1761 
1762 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, children[0], (caddr_t)&events,
1763 	    sizeof(events)) == 0);
1764 	events |= PTRACE_FORK | PTRACE_VFORK;
1765 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, children[0], (caddr_t)&events,
1766 	    sizeof(events)) == 0);
1767 
1768 	/* Continue the child ignoring the SIGSTOP. */
1769 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1770 
1771 	/* Wait for both halves of the fork event to get reported. */
1772 	children[1] = handle_fork_events(children[0], pl);
1773 	ATF_REQUIRE(children[1] > 0);
1774 
1775 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_VFORKED) != 0);
1776 
1777 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1778 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1779 
1780 	/*
1781 	 * The child can't exit until the grandchild reports status, so the
1782 	 * grandchild should report its exit first to the debugger.
1783 	 */
1784 	wpid = waitpid(children[1], &status, 0);
1785 	REQUIRE_EQ(wpid, children[1]);
1786 	ATF_REQUIRE(WIFEXITED(status));
1787 	REQUIRE_EQ(WEXITSTATUS(status), 2);
1788 
1789 	/*
1790 	 * The child should report it's vfork() completion before it
1791 	 * exits.
1792 	 */
1793 	wpid = wait(&status);
1794 	REQUIRE_EQ(wpid, children[0]);
1795 	ATF_REQUIRE(WIFSTOPPED(status));
1796 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1797 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl[0], sizeof(pl[0])) !=
1798 	    -1);
1799 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_VFORK_DONE) != 0);
1800 
1801 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1802 
1803 	wpid = wait(&status);
1804 	REQUIRE_EQ(wpid, children[0]);
1805 	ATF_REQUIRE(WIFEXITED(status));
1806 	REQUIRE_EQ(WEXITSTATUS(status), 1);
1807 
1808 	wpid = wait(&status);
1809 	REQUIRE_EQ(wpid, -1);
1810 	REQUIRE_EQ(errno, ECHILD);
1811 }
1812 
1813 #ifdef HAVE_BREAKPOINT
1814 /*
1815  * Verify that no more events are reported after PT_KILL except for the
1816  * process exit when stopped due to a breakpoint trap.
1817  */
1818 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_breakpoint);
1819 ATF_TC_BODY(ptrace__PT_KILL_breakpoint, tc)
1820 {
1821 	pid_t fpid, wpid;
1822 	int status;
1823 
1824 	ATF_REQUIRE((fpid = fork()) != -1);
1825 	if (fpid == 0) {
1826 		trace_me();
1827 		breakpoint();
1828 		exit(1);
1829 	}
1830 
1831 	/* The first wait() should report the stop from SIGSTOP. */
1832 	wpid = waitpid(fpid, &status, 0);
1833 	REQUIRE_EQ(wpid, fpid);
1834 	ATF_REQUIRE(WIFSTOPPED(status));
1835 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1836 
1837 	/* Continue the child ignoring the SIGSTOP. */
1838 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1839 
1840 	/* The second wait() should report hitting the breakpoint. */
1841 	wpid = waitpid(fpid, &status, 0);
1842 	REQUIRE_EQ(wpid, fpid);
1843 	ATF_REQUIRE(WIFSTOPPED(status));
1844 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1845 
1846 	/* Kill the child process. */
1847 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
1848 
1849 	/* The last wait() should report the SIGKILL. */
1850 	wpid = waitpid(fpid, &status, 0);
1851 	REQUIRE_EQ(wpid, fpid);
1852 	ATF_REQUIRE(WIFSIGNALED(status));
1853 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
1854 
1855 	wpid = wait(&status);
1856 	REQUIRE_EQ(wpid, -1);
1857 	REQUIRE_EQ(errno, ECHILD);
1858 }
1859 #endif /* HAVE_BREAKPOINT */
1860 
1861 /*
1862  * Verify that no more events are reported after PT_KILL except for the
1863  * process exit when stopped inside of a system call.
1864  */
1865 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_system_call);
1866 ATF_TC_BODY(ptrace__PT_KILL_system_call, tc)
1867 {
1868 	struct ptrace_lwpinfo pl;
1869 	pid_t fpid, wpid;
1870 	int status;
1871 
1872 	ATF_REQUIRE((fpid = fork()) != -1);
1873 	if (fpid == 0) {
1874 		trace_me();
1875 		getpid();
1876 		exit(1);
1877 	}
1878 
1879 	/* The first wait() should report the stop from SIGSTOP. */
1880 	wpid = waitpid(fpid, &status, 0);
1881 	REQUIRE_EQ(wpid, fpid);
1882 	ATF_REQUIRE(WIFSTOPPED(status));
1883 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1884 
1885 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
1886 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
1887 
1888 	/* The second wait() should report a system call entry for getpid(). */
1889 	wpid = waitpid(fpid, &status, 0);
1890 	REQUIRE_EQ(wpid, fpid);
1891 	ATF_REQUIRE(WIFSTOPPED(status));
1892 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1893 
1894 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1895 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
1896 
1897 	/* Kill the child process. */
1898 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
1899 
1900 	/* The last wait() should report the SIGKILL. */
1901 	wpid = waitpid(fpid, &status, 0);
1902 	REQUIRE_EQ(wpid, fpid);
1903 	ATF_REQUIRE(WIFSIGNALED(status));
1904 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
1905 
1906 	wpid = wait(&status);
1907 	REQUIRE_EQ(wpid, -1);
1908 	REQUIRE_EQ(errno, ECHILD);
1909 }
1910 
1911 /*
1912  * Verify that no more events are reported after PT_KILL except for the
1913  * process exit when killing a multithreaded process.
1914  */
1915 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_threads);
1916 ATF_TC_BODY(ptrace__PT_KILL_threads, tc)
1917 {
1918 	struct ptrace_lwpinfo pl;
1919 	pid_t fpid, wpid;
1920 	lwpid_t main_lwp;
1921 	int status;
1922 
1923 	ATF_REQUIRE((fpid = fork()) != -1);
1924 	if (fpid == 0) {
1925 		trace_me();
1926 		simple_thread_main();
1927 	}
1928 
1929 	/* The first wait() should report the stop from SIGSTOP. */
1930 	wpid = waitpid(fpid, &status, 0);
1931 	REQUIRE_EQ(wpid, fpid);
1932 	ATF_REQUIRE(WIFSTOPPED(status));
1933 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
1934 
1935 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1936 	    sizeof(pl)) != -1);
1937 	main_lwp = pl.pl_lwpid;
1938 
1939 	REQUIRE_EQ(ptrace(PT_LWP_EVENTS, wpid, NULL, 1), 0);
1940 
1941 	/* Continue the child ignoring the SIGSTOP. */
1942 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
1943 
1944 	/* The first event should be for the child thread's birth. */
1945 	wpid = waitpid(fpid, &status, 0);
1946 	REQUIRE_EQ(wpid, fpid);
1947 	ATF_REQUIRE(WIFSTOPPED(status));
1948 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
1949 
1950 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1951 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
1952 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1953 	ATF_REQUIRE(pl.pl_lwpid != main_lwp);
1954 
1955 	/* Kill the child process. */
1956 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
1957 
1958 	/* The last wait() should report the SIGKILL. */
1959 	wpid = waitpid(fpid, &status, 0);
1960 	REQUIRE_EQ(wpid, fpid);
1961 	ATF_REQUIRE(WIFSIGNALED(status));
1962 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
1963 
1964 	wpid = wait(&status);
1965 	REQUIRE_EQ(wpid, -1);
1966 	REQUIRE_EQ(errno, ECHILD);
1967 }
1968 
1969 static void *
1970 mask_usr1_thread(void *arg)
1971 {
1972 	pthread_barrier_t *pbarrier;
1973 	sigset_t sigmask;
1974 
1975 	pbarrier = (pthread_barrier_t*)arg;
1976 
1977 	sigemptyset(&sigmask);
1978 	sigaddset(&sigmask, SIGUSR1);
1979 	CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
1980 
1981 	/* Sync up with other thread after sigmask updated. */
1982 	pthread_barrier_wait(pbarrier);
1983 
1984 	for (;;)
1985 		sleep(60);
1986 
1987 	return (NULL);
1988 }
1989 
1990 /*
1991  * Verify that the SIGKILL from PT_KILL takes priority over other signals
1992  * and prevents spurious stops due to those other signals.
1993  */
1994 ATF_TC(ptrace__PT_KILL_competing_signal);
1995 ATF_TC_HEAD(ptrace__PT_KILL_competing_signal, tc)
1996 {
1997 
1998 	atf_tc_set_md_var(tc, "require.user", "root");
1999 }
2000 ATF_TC_BODY(ptrace__PT_KILL_competing_signal, tc)
2001 {
2002 	pid_t fpid, wpid;
2003 	int status;
2004 	cpuset_t setmask;
2005 	pthread_t t;
2006 	pthread_barrier_t barrier;
2007 	struct sched_param sched_param;
2008 
2009 	ATF_REQUIRE((fpid = fork()) != -1);
2010 	if (fpid == 0) {
2011 		/* Bind to one CPU so only one thread at a time will run. */
2012 		CPU_ZERO(&setmask);
2013 		CPU_SET(0, &setmask);
2014 		cpusetid_t setid;
2015 		CHILD_REQUIRE_EQ(cpuset(&setid), 0);
2016 		CHILD_REQUIRE(cpuset_setaffinity(CPU_LEVEL_CPUSET,
2017 		    CPU_WHICH_CPUSET, setid, sizeof(setmask), &setmask) == 0);
2018 
2019 		CHILD_REQUIRE_EQ(pthread_barrier_init(&barrier, NULL, 2), 0);
2020 
2021 		CHILD_REQUIRE(pthread_create(&t, NULL, mask_usr1_thread,
2022 		    (void*)&barrier) == 0);
2023 
2024 		/*
2025 		 * Give the main thread higher priority. The test always
2026 		 * assumes that, if both threads are able to run, the main
2027 		 * thread runs first.
2028 		 */
2029 		sched_param.sched_priority =
2030 		    (sched_get_priority_max(SCHED_FIFO) +
2031 		    sched_get_priority_min(SCHED_FIFO)) / 2;
2032 		CHILD_REQUIRE(pthread_setschedparam(pthread_self(),
2033 		    SCHED_FIFO, &sched_param) == 0);
2034 		sched_param.sched_priority -= RQ_PPQ;
2035 		CHILD_REQUIRE(pthread_setschedparam(t, SCHED_FIFO,
2036 		    &sched_param) == 0);
2037 
2038 		sigset_t sigmask;
2039 		sigemptyset(&sigmask);
2040 		sigaddset(&sigmask, SIGUSR2);
2041 		CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
2042 
2043 		/* Sync up with other thread after sigmask updated. */
2044 		pthread_barrier_wait(&barrier);
2045 
2046 		trace_me();
2047 
2048 		for (;;)
2049 			sleep(60);
2050 
2051 		exit(1);
2052 	}
2053 
2054 	/* The first wait() should report the stop from SIGSTOP. */
2055 	wpid = waitpid(fpid, &status, 0);
2056 	REQUIRE_EQ(wpid, fpid);
2057 	ATF_REQUIRE(WIFSTOPPED(status));
2058 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2059 
2060 	/* Continue the child ignoring the SIGSTOP. */
2061 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2062 
2063 	/* Send a signal that only the second thread can handle. */
2064 	REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
2065 
2066 	/* The second wait() should report the SIGUSR2. */
2067 	wpid = waitpid(fpid, &status, 0);
2068 	REQUIRE_EQ(wpid, fpid);
2069 	ATF_REQUIRE(WIFSTOPPED(status));
2070 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
2071 
2072 	/* Send a signal that only the first thread can handle. */
2073 	REQUIRE_EQ(kill(fpid, SIGUSR1), 0);
2074 
2075 	/* Replace the SIGUSR2 with a kill. */
2076 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
2077 
2078 	/* The last wait() should report the SIGKILL (not the SIGUSR signal). */
2079 	wpid = waitpid(fpid, &status, 0);
2080 	REQUIRE_EQ(wpid, fpid);
2081 	ATF_REQUIRE(WIFSIGNALED(status));
2082 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
2083 
2084 	wpid = wait(&status);
2085 	REQUIRE_EQ(wpid, -1);
2086 	REQUIRE_EQ(errno, ECHILD);
2087 }
2088 
2089 /*
2090  * Verify that the SIGKILL from PT_KILL takes priority over other stop events
2091  * and prevents spurious stops caused by those events.
2092  */
2093 ATF_TC(ptrace__PT_KILL_competing_stop);
2094 ATF_TC_HEAD(ptrace__PT_KILL_competing_stop, tc)
2095 {
2096 
2097 	atf_tc_set_md_var(tc, "require.user", "root");
2098 }
2099 ATF_TC_BODY(ptrace__PT_KILL_competing_stop, tc)
2100 {
2101 	pid_t fpid, wpid;
2102 	int status;
2103 	cpuset_t setmask;
2104 	pthread_t t;
2105 	pthread_barrier_t barrier;
2106 	lwpid_t main_lwp;
2107 	struct ptrace_lwpinfo pl;
2108 	struct sched_param sched_param;
2109 
2110 	ATF_REQUIRE((fpid = fork()) != -1);
2111 	if (fpid == 0) {
2112 		trace_me();
2113 
2114 		/* Bind to one CPU so only one thread at a time will run. */
2115 		CPU_ZERO(&setmask);
2116 		CPU_SET(0, &setmask);
2117 		cpusetid_t setid;
2118 		CHILD_REQUIRE_EQ(cpuset(&setid), 0);
2119 		CHILD_REQUIRE(cpuset_setaffinity(CPU_LEVEL_CPUSET,
2120 		    CPU_WHICH_CPUSET, setid, sizeof(setmask), &setmask) == 0);
2121 
2122 		CHILD_REQUIRE_EQ(pthread_barrier_init(&barrier, NULL, 2), 0);
2123 
2124 		CHILD_REQUIRE(pthread_create(&t, NULL, mask_usr1_thread,
2125 		    (void*)&barrier) == 0);
2126 
2127 		/*
2128 		 * Give the main thread higher priority. The test always
2129 		 * assumes that, if both threads are able to run, the main
2130 		 * thread runs first.
2131 		 */
2132 		sched_param.sched_priority =
2133 		    (sched_get_priority_max(SCHED_FIFO) +
2134 		    sched_get_priority_min(SCHED_FIFO)) / 2;
2135 		CHILD_REQUIRE(pthread_setschedparam(pthread_self(),
2136 		    SCHED_FIFO, &sched_param) == 0);
2137 		sched_param.sched_priority -= RQ_PPQ;
2138 		CHILD_REQUIRE(pthread_setschedparam(t, SCHED_FIFO,
2139 		    &sched_param) == 0);
2140 
2141 		sigset_t sigmask;
2142 		sigemptyset(&sigmask);
2143 		sigaddset(&sigmask, SIGUSR2);
2144 		CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
2145 
2146 		/* Sync up with other thread after sigmask updated. */
2147 		pthread_barrier_wait(&barrier);
2148 
2149 		/* Sync up with the test before doing the getpid(). */
2150 		raise(SIGSTOP);
2151 
2152 		getpid();
2153 		exit(1);
2154 	}
2155 
2156 	/* The first wait() should report the stop from SIGSTOP. */
2157 	wpid = waitpid(fpid, &status, 0);
2158 	REQUIRE_EQ(wpid, fpid);
2159 	ATF_REQUIRE(WIFSTOPPED(status));
2160 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2161 
2162 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2163 	main_lwp = pl.pl_lwpid;
2164 
2165 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2166 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2167 
2168 	/*
2169 	 * Continue until child is done with setup, which is indicated with
2170 	 * SIGSTOP. Ignore system calls in the meantime.
2171 	 */
2172 	for (;;) {
2173 		wpid = waitpid(fpid, &status, 0);
2174 		REQUIRE_EQ(wpid, fpid);
2175 		ATF_REQUIRE(WIFSTOPPED(status));
2176 		if (WSTOPSIG(status) == SIGTRAP) {
2177 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
2178 			    sizeof(pl)) != -1);
2179 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2180 		} else {
2181 			REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2182 			break;
2183 		}
2184 		REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2185 	}
2186 
2187 	/* Proceed, allowing main thread to hit syscall entry for getpid(). */
2188 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2189 
2190 	wpid = waitpid(fpid, &status, 0);
2191 	REQUIRE_EQ(wpid, fpid);
2192 	ATF_REQUIRE(WIFSTOPPED(status));
2193 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2194 
2195 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
2196 	    sizeof(pl)) != -1);
2197 	REQUIRE_EQ(pl.pl_lwpid, main_lwp);
2198 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2199 	/* Prevent the main thread from hitting its syscall exit for now. */
2200 	REQUIRE_EQ(ptrace(PT_SUSPEND, main_lwp, 0, 0), 0);
2201 
2202 	/*
2203 	 * Proceed, allowing second thread to hit syscall exit for
2204 	 * pthread_barrier_wait().
2205 	 */
2206 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2207 
2208 	wpid = waitpid(fpid, &status, 0);
2209 	REQUIRE_EQ(wpid, fpid);
2210 	ATF_REQUIRE(WIFSTOPPED(status));
2211 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2212 
2213 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
2214 	    sizeof(pl)) != -1);
2215 	ATF_REQUIRE(pl.pl_lwpid != main_lwp);
2216 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
2217 
2218 	/* Send a signal that only the second thread can handle. */
2219 	REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
2220 
2221 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2222 
2223 	/* The next wait() should report the SIGUSR2. */
2224 	wpid = waitpid(fpid, &status, 0);
2225 	REQUIRE_EQ(wpid, fpid);
2226 	ATF_REQUIRE(WIFSTOPPED(status));
2227 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
2228 
2229 	/* Allow the main thread to try to finish its system call. */
2230 	REQUIRE_EQ(ptrace(PT_RESUME, main_lwp, 0, 0), 0);
2231 
2232 	/*
2233 	 * At this point, the main thread is in the middle of a system call and
2234 	 * has been resumed. The second thread has taken a SIGUSR2 which will
2235 	 * be replaced with a SIGKILL below. The main thread will get to run
2236 	 * first. It should notice the kill request (even though the signal
2237 	 * replacement occurred in the other thread) and exit accordingly.  It
2238 	 * should not stop for the system call exit event.
2239 	 */
2240 
2241 	/* Replace the SIGUSR2 with a kill. */
2242 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
2243 
2244 	/* The last wait() should report the SIGKILL (not a syscall exit). */
2245 	wpid = waitpid(fpid, &status, 0);
2246 	REQUIRE_EQ(wpid, fpid);
2247 	ATF_REQUIRE(WIFSIGNALED(status));
2248 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
2249 
2250 	wpid = wait(&status);
2251 	REQUIRE_EQ(wpid, -1);
2252 	REQUIRE_EQ(errno, ECHILD);
2253 }
2254 
2255 static void
2256 sigusr1_handler(int sig)
2257 {
2258 
2259 	CHILD_REQUIRE_EQ(sig, SIGUSR1);
2260 	_exit(2);
2261 }
2262 
2263 /*
2264  * Verify that even if the signal queue is full for a child process,
2265  * a PT_KILL will kill the process.
2266  */
2267 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_with_signal_full_sigqueue);
2268 ATF_TC_BODY(ptrace__PT_KILL_with_signal_full_sigqueue, tc)
2269 {
2270 	pid_t fpid, wpid;
2271 	int status;
2272 	int max_pending_per_proc;
2273 	size_t len;
2274 	int i;
2275 
2276 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_handler) != SIG_ERR);
2277 
2278 	ATF_REQUIRE((fpid = fork()) != -1);
2279 	if (fpid == 0) {
2280 		trace_me();
2281 		exit(1);
2282 	}
2283 
2284 	/* The first wait() should report the stop from SIGSTOP. */
2285 	wpid = waitpid(fpid, &status, 0);
2286 	REQUIRE_EQ(wpid, fpid);
2287 	ATF_REQUIRE(WIFSTOPPED(status));
2288 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2289 
2290 	len = sizeof(max_pending_per_proc);
2291 	ATF_REQUIRE(sysctlbyname("kern.sigqueue.max_pending_per_proc",
2292 	    &max_pending_per_proc, &len, NULL, 0) == 0);
2293 
2294 	/* Fill the signal queue. */
2295 	for (i = 0; i < max_pending_per_proc; ++i)
2296 		REQUIRE_EQ(kill(fpid, SIGUSR1), 0);
2297 
2298 	/* Kill the child process. */
2299 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
2300 
2301 	/* The last wait() should report the SIGKILL. */
2302 	wpid = waitpid(fpid, &status, 0);
2303 	REQUIRE_EQ(wpid, fpid);
2304 	ATF_REQUIRE(WIFSIGNALED(status));
2305 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
2306 
2307 	wpid = wait(&status);
2308 	REQUIRE_EQ(wpid, -1);
2309 	REQUIRE_EQ(errno, ECHILD);
2310 }
2311 
2312 /*
2313  * Verify that when stopped at a system call entry, a signal can be
2314  * requested with PT_CONTINUE which will be delivered once the system
2315  * call is complete.
2316  */
2317 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_system_call_entry);
2318 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_system_call_entry, tc)
2319 {
2320 	struct ptrace_lwpinfo pl;
2321 	pid_t fpid, wpid;
2322 	int status;
2323 
2324 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_handler) != SIG_ERR);
2325 
2326 	ATF_REQUIRE((fpid = fork()) != -1);
2327 	if (fpid == 0) {
2328 		trace_me();
2329 		getpid();
2330 		exit(1);
2331 	}
2332 
2333 	/* The first wait() should report the stop from SIGSTOP. */
2334 	wpid = waitpid(fpid, &status, 0);
2335 	REQUIRE_EQ(wpid, fpid);
2336 	ATF_REQUIRE(WIFSTOPPED(status));
2337 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2338 
2339 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2340 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2341 
2342 	/* The second wait() should report a system call entry for getpid(). */
2343 	wpid = waitpid(fpid, &status, 0);
2344 	REQUIRE_EQ(wpid, fpid);
2345 	ATF_REQUIRE(WIFSTOPPED(status));
2346 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2347 
2348 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2349 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2350 
2351 	/* Continue the child process with a signal. */
2352 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2353 
2354 	for (;;) {
2355 		/*
2356 		 * The last wait() should report exit 2, i.e., a normal _exit
2357 		 * from the signal handler. In the meantime, catch and proceed
2358 		 * past any syscall stops.
2359 		 */
2360 		wpid = waitpid(fpid, &status, 0);
2361 		REQUIRE_EQ(wpid, fpid);
2362 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2363 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2364 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2365 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2366 		} else {
2367 			ATF_REQUIRE(WIFEXITED(status));
2368 			REQUIRE_EQ(WEXITSTATUS(status), 2);
2369 			break;
2370 		}
2371 	}
2372 
2373 	wpid = wait(&status);
2374 	REQUIRE_EQ(wpid, -1);
2375 	REQUIRE_EQ(errno, ECHILD);
2376 }
2377 
2378 static void
2379 sigusr1_counting_handler(int sig)
2380 {
2381 	static int counter = 0;
2382 
2383 	CHILD_REQUIRE_EQ(sig, SIGUSR1);
2384 	counter++;
2385 	if (counter == 2)
2386 		_exit(2);
2387 }
2388 
2389 /*
2390  * Verify that, when continuing from a stop at system call entry and exit,
2391  * a signal can be requested from both stops, and both will be delivered when
2392  * the system call is complete.
2393  */
2394 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_system_call_entry_and_exit);
2395 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_system_call_entry_and_exit, tc)
2396 {
2397 	struct ptrace_lwpinfo pl;
2398 	pid_t fpid, wpid;
2399 	int status;
2400 
2401 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_counting_handler) != SIG_ERR);
2402 
2403 	ATF_REQUIRE((fpid = fork()) != -1);
2404 	if (fpid == 0) {
2405 		trace_me();
2406 		getpid();
2407 		exit(1);
2408 	}
2409 
2410 	/* The first wait() should report the stop from SIGSTOP. */
2411 	wpid = waitpid(fpid, &status, 0);
2412 	REQUIRE_EQ(wpid, fpid);
2413 	ATF_REQUIRE(WIFSTOPPED(status));
2414 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2415 
2416 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2417 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2418 
2419 	/* The second wait() should report a system call entry for getpid(). */
2420 	wpid = waitpid(fpid, &status, 0);
2421 	REQUIRE_EQ(wpid, fpid);
2422 	ATF_REQUIRE(WIFSTOPPED(status));
2423 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2424 
2425 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2426 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2427 
2428 	/* Continue the child process with a signal. */
2429 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2430 
2431 	/* The third wait() should report a system call exit for getpid(). */
2432 	wpid = waitpid(fpid, &status, 0);
2433 	REQUIRE_EQ(wpid, fpid);
2434 	ATF_REQUIRE(WIFSTOPPED(status));
2435 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2436 
2437 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2438 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
2439 
2440 	/* Continue the child process with a signal. */
2441 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2442 
2443 	for (;;) {
2444 		/*
2445 		 * The last wait() should report exit 2, i.e., a normal _exit
2446 		 * from the signal handler. In the meantime, catch and proceed
2447 		 * past any syscall stops.
2448 		 */
2449 		wpid = waitpid(fpid, &status, 0);
2450 		REQUIRE_EQ(wpid, fpid);
2451 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2452 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2453 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2454 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2455 		} else {
2456 			ATF_REQUIRE(WIFEXITED(status));
2457 			REQUIRE_EQ(WEXITSTATUS(status), 2);
2458 			break;
2459 		}
2460 	}
2461 
2462 	wpid = wait(&status);
2463 	REQUIRE_EQ(wpid, -1);
2464 	REQUIRE_EQ(errno, ECHILD);
2465 }
2466 
2467 /*
2468  * Verify that even if the signal queue is full for a child process,
2469  * a PT_CONTINUE with a signal will not result in loss of that signal.
2470  */
2471 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_full_sigqueue);
2472 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_full_sigqueue, tc)
2473 {
2474 	pid_t fpid, wpid;
2475 	int status;
2476 	int max_pending_per_proc;
2477 	size_t len;
2478 	int i;
2479 
2480 	ATF_REQUIRE(signal(SIGUSR2, handler) != SIG_ERR);
2481 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_handler) != SIG_ERR);
2482 
2483 	ATF_REQUIRE((fpid = fork()) != -1);
2484 	if (fpid == 0) {
2485 		trace_me();
2486 		exit(1);
2487 	}
2488 
2489 	/* The first wait() should report the stop from SIGSTOP. */
2490 	wpid = waitpid(fpid, &status, 0);
2491 	REQUIRE_EQ(wpid, fpid);
2492 	ATF_REQUIRE(WIFSTOPPED(status));
2493 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2494 
2495 	len = sizeof(max_pending_per_proc);
2496 	ATF_REQUIRE(sysctlbyname("kern.sigqueue.max_pending_per_proc",
2497 	    &max_pending_per_proc, &len, NULL, 0) == 0);
2498 
2499 	/* Fill the signal queue. */
2500 	for (i = 0; i < max_pending_per_proc; ++i)
2501 		REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
2502 
2503 	/* Continue with signal. */
2504 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2505 
2506 	for (;;) {
2507 		wpid = waitpid(fpid, &status, 0);
2508 		REQUIRE_EQ(wpid, fpid);
2509 		if (WIFSTOPPED(status)) {
2510 			REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
2511 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2512 		} else {
2513 			/*
2514 			 * The last wait() should report normal _exit from the
2515 			 * SIGUSR1 handler.
2516 			 */
2517 			ATF_REQUIRE(WIFEXITED(status));
2518 			REQUIRE_EQ(WEXITSTATUS(status), 2);
2519 			break;
2520 		}
2521 	}
2522 
2523 	wpid = wait(&status);
2524 	REQUIRE_EQ(wpid, -1);
2525 	REQUIRE_EQ(errno, ECHILD);
2526 }
2527 
2528 static sem_t sigusr1_sem;
2529 static int got_usr1;
2530 
2531 static void
2532 sigusr1_sempost_handler(int sig __unused)
2533 {
2534 
2535 	got_usr1++;
2536 	CHILD_REQUIRE_EQ(sem_post(&sigusr1_sem), 0);
2537 }
2538 
2539 /*
2540  * Verify that even if the signal queue is full for a child process,
2541  * and the signal is masked, a PT_CONTINUE with a signal will not
2542  * result in loss of that signal.
2543  */
2544 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_masked_full_sigqueue);
2545 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_masked_full_sigqueue, tc)
2546 {
2547 	struct ptrace_lwpinfo pl;
2548 	pid_t fpid, wpid;
2549 	int status, err;
2550 	int max_pending_per_proc;
2551 	size_t len;
2552 	int i;
2553 	sigset_t sigmask;
2554 
2555 	ATF_REQUIRE(signal(SIGUSR2, handler) != SIG_ERR);
2556 	REQUIRE_EQ(sem_init(&sigusr1_sem, 0, 0), 0);
2557 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
2558 
2559 	got_usr1 = 0;
2560 	ATF_REQUIRE((fpid = fork()) != -1);
2561 	if (fpid == 0) {
2562 		CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
2563 		CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
2564 		CHILD_REQUIRE_EQ(sigprocmask(SIG_BLOCK, &sigmask, NULL), 0);
2565 
2566 		trace_me();
2567 		CHILD_REQUIRE_EQ(got_usr1, 0);
2568 
2569 		/* Allow the pending SIGUSR1 in now. */
2570 		CHILD_REQUIRE_EQ(sigprocmask(SIG_UNBLOCK, &sigmask, NULL), 0);
2571 		/* Wait to receive the SIGUSR1. */
2572 		do {
2573 			err = sem_wait(&sigusr1_sem);
2574 			CHILD_REQUIRE(err == 0 || errno == EINTR);
2575 		} while (err != 0 && errno == EINTR);
2576 		CHILD_REQUIRE_EQ(got_usr1, 1);
2577 		exit(1);
2578 	}
2579 
2580 	/* The first wait() should report the stop from SIGSTOP. */
2581 	wpid = waitpid(fpid, &status, 0);
2582 	REQUIRE_EQ(wpid, fpid);
2583 	ATF_REQUIRE(WIFSTOPPED(status));
2584 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2585 
2586 	len = sizeof(max_pending_per_proc);
2587 	ATF_REQUIRE(sysctlbyname("kern.sigqueue.max_pending_per_proc",
2588 	    &max_pending_per_proc, &len, NULL, 0) == 0);
2589 
2590 	/* Fill the signal queue. */
2591 	for (i = 0; i < max_pending_per_proc; ++i)
2592 		REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
2593 
2594 	/* Continue with signal. */
2595 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2596 
2597 	/* Collect and ignore all of the SIGUSR2. */
2598 	for (i = 0; i < max_pending_per_proc; ++i) {
2599 		wpid = waitpid(fpid, &status, 0);
2600 		REQUIRE_EQ(wpid, fpid);
2601 		ATF_REQUIRE(WIFSTOPPED(status));
2602 		REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
2603 		REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2604 	}
2605 
2606 	/* Now our PT_CONTINUE'd SIGUSR1 should cause a stop after unmask. */
2607 	wpid = waitpid(fpid, &status, 0);
2608 	REQUIRE_EQ(wpid, fpid);
2609 	ATF_REQUIRE(WIFSTOPPED(status));
2610 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR1);
2611 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
2612 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGUSR1);
2613 
2614 	/* Continue the child, ignoring the SIGUSR1. */
2615 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2616 
2617 	/* The last wait() should report exit after receiving SIGUSR1. */
2618 	wpid = waitpid(fpid, &status, 0);
2619 	REQUIRE_EQ(wpid, fpid);
2620 	ATF_REQUIRE(WIFEXITED(status));
2621 	REQUIRE_EQ(WEXITSTATUS(status), 1);
2622 
2623 	wpid = wait(&status);
2624 	REQUIRE_EQ(wpid, -1);
2625 	REQUIRE_EQ(errno, ECHILD);
2626 }
2627 
2628 /*
2629  * Verify that, after stopping due to a signal, that signal can be
2630  * replaced with another signal.
2631  */
2632 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_change_sig);
2633 ATF_TC_BODY(ptrace__PT_CONTINUE_change_sig, tc)
2634 {
2635 	struct ptrace_lwpinfo pl;
2636 	pid_t fpid, wpid;
2637 	int status;
2638 
2639 	ATF_REQUIRE((fpid = fork()) != -1);
2640 	if (fpid == 0) {
2641 		trace_me();
2642 		sleep(20);
2643 		exit(1);
2644 	}
2645 
2646 	/* The first wait() should report the stop from SIGSTOP. */
2647 	wpid = waitpid(fpid, &status, 0);
2648 	REQUIRE_EQ(wpid, fpid);
2649 	ATF_REQUIRE(WIFSTOPPED(status));
2650 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2651 
2652 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2653 
2654 	/* Send a signal without ptrace. */
2655 	REQUIRE_EQ(kill(fpid, SIGINT), 0);
2656 
2657 	/* The second wait() should report a SIGINT was received. */
2658 	wpid = waitpid(fpid, &status, 0);
2659 	REQUIRE_EQ(wpid, fpid);
2660 	ATF_REQUIRE(WIFSTOPPED(status));
2661 	REQUIRE_EQ(WSTOPSIG(status), SIGINT);
2662 
2663 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2664 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
2665 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGINT);
2666 
2667 	/* Continue the child process with a different signal. */
2668 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGTERM), 0);
2669 
2670 	/*
2671 	 * The last wait() should report having died due to the new
2672 	 * signal, SIGTERM.
2673 	 */
2674 	wpid = waitpid(fpid, &status, 0);
2675 	REQUIRE_EQ(wpid, fpid);
2676 	ATF_REQUIRE(WIFSIGNALED(status));
2677 	REQUIRE_EQ(WTERMSIG(status), SIGTERM);
2678 
2679 	wpid = wait(&status);
2680 	REQUIRE_EQ(wpid, -1);
2681 	REQUIRE_EQ(errno, ECHILD);
2682 }
2683 
2684 /*
2685  * Verify that a signal can be passed through to the child even when there
2686  * was no true signal originally. Such cases arise when a SIGTRAP is
2687  * invented for e.g, system call stops.
2688  */
2689 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_sigtrap_system_call_entry);
2690 ATF_TC_BODY(ptrace__PT_CONTINUE_with_sigtrap_system_call_entry, tc)
2691 {
2692 	struct ptrace_lwpinfo pl;
2693 	struct rlimit rl;
2694 	pid_t fpid, wpid;
2695 	int status;
2696 
2697 	ATF_REQUIRE((fpid = fork()) != -1);
2698 	if (fpid == 0) {
2699 		trace_me();
2700 		/* SIGTRAP expected to cause exit on syscall entry. */
2701 		rl.rlim_cur = rl.rlim_max = 0;
2702 		REQUIRE_EQ(setrlimit(RLIMIT_CORE, &rl), 0);
2703 		getpid();
2704 		exit(1);
2705 	}
2706 
2707 	/* The first wait() should report the stop from SIGSTOP. */
2708 	wpid = waitpid(fpid, &status, 0);
2709 	REQUIRE_EQ(wpid, fpid);
2710 	ATF_REQUIRE(WIFSTOPPED(status));
2711 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2712 
2713 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2714 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2715 
2716 	/* The second wait() should report a system call entry for getpid(). */
2717 	wpid = waitpid(fpid, &status, 0);
2718 	REQUIRE_EQ(wpid, fpid);
2719 	ATF_REQUIRE(WIFSTOPPED(status));
2720 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2721 
2722 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2723 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2724 
2725 	/* Continue the child process with a SIGTRAP. */
2726 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGTRAP), 0);
2727 
2728 	for (;;) {
2729 		/*
2730 		 * The last wait() should report exit due to SIGTRAP.  In the
2731 		 * meantime, catch and proceed past any syscall stops.
2732 		 */
2733 		wpid = waitpid(fpid, &status, 0);
2734 		REQUIRE_EQ(wpid, fpid);
2735 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2736 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2737 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2738 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2739 		} else {
2740 			ATF_REQUIRE(WIFSIGNALED(status));
2741 			REQUIRE_EQ(WTERMSIG(status), SIGTRAP);
2742 			break;
2743 		}
2744 	}
2745 
2746 	wpid = wait(&status);
2747 	REQUIRE_EQ(wpid, -1);
2748 	REQUIRE_EQ(errno, ECHILD);
2749 }
2750 
2751 /*
2752  * A mixed bag PT_CONTINUE with signal test.
2753  */
2754 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_mix);
2755 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_mix, tc)
2756 {
2757 	struct ptrace_lwpinfo pl;
2758 	pid_t fpid, wpid;
2759 	int status;
2760 
2761 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_counting_handler) != SIG_ERR);
2762 
2763 	ATF_REQUIRE((fpid = fork()) != -1);
2764 	if (fpid == 0) {
2765 		trace_me();
2766 		getpid();
2767 		exit(1);
2768 	}
2769 
2770 	/* The first wait() should report the stop from SIGSTOP. */
2771 	wpid = waitpid(fpid, &status, 0);
2772 	REQUIRE_EQ(wpid, fpid);
2773 	ATF_REQUIRE(WIFSTOPPED(status));
2774 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2775 
2776 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2777 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
2778 
2779 	/* The second wait() should report a system call entry for getpid(). */
2780 	wpid = waitpid(fpid, &status, 0);
2781 	REQUIRE_EQ(wpid, fpid);
2782 	ATF_REQUIRE(WIFSTOPPED(status));
2783 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2784 
2785 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2786 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2787 
2788 	/* Continue with the first SIGUSR1. */
2789 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2790 
2791 	/* The next wait() should report a system call exit for getpid(). */
2792 	wpid = waitpid(fpid, &status, 0);
2793 	REQUIRE_EQ(wpid, fpid);
2794 	ATF_REQUIRE(WIFSTOPPED(status));
2795 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
2796 
2797 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2798 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
2799 
2800 	/* Send an ABRT without ptrace. */
2801 	REQUIRE_EQ(kill(fpid, SIGABRT), 0);
2802 
2803 	/* Continue normally. */
2804 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2805 
2806 	/* The next wait() should report the SIGABRT. */
2807 	wpid = waitpid(fpid, &status, 0);
2808 	REQUIRE_EQ(wpid, fpid);
2809 	ATF_REQUIRE(WIFSTOPPED(status));
2810 	REQUIRE_EQ(WSTOPSIG(status), SIGABRT);
2811 
2812 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2813 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
2814 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGABRT);
2815 
2816 	/* Continue, replacing the SIGABRT with another SIGUSR1. */
2817 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2818 
2819 	for (;;) {
2820 		/*
2821 		 * The last wait() should report exit 2, i.e., a normal _exit
2822 		 * from the signal handler. In the meantime, catch and proceed
2823 		 * past any syscall stops.
2824 		 */
2825 		wpid = waitpid(fpid, &status, 0);
2826 		REQUIRE_EQ(wpid, fpid);
2827 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2828 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2829 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2830 			REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2831 		} else {
2832 			ATF_REQUIRE(WIFEXITED(status));
2833 			REQUIRE_EQ(WEXITSTATUS(status), 2);
2834 			break;
2835 		}
2836 	}
2837 
2838 	wpid = wait(&status);
2839 	REQUIRE_EQ(wpid, -1);
2840 	REQUIRE_EQ(errno, ECHILD);
2841 }
2842 
2843 /*
2844  * Verify a signal delivered by ptrace is noticed by kevent(2).
2845  */
2846 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_kqueue);
2847 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_kqueue, tc)
2848 {
2849 	pid_t fpid, wpid;
2850 	int status, kq, nevents;
2851 	struct kevent kev;
2852 
2853 	ATF_REQUIRE(signal(SIGUSR1, SIG_IGN) != SIG_ERR);
2854 
2855 	ATF_REQUIRE((fpid = fork()) != -1);
2856 	if (fpid == 0) {
2857 		CHILD_REQUIRE((kq = kqueue()) > 0);
2858 		EV_SET(&kev, SIGUSR1, EVFILT_SIGNAL, EV_ADD, 0, 0, 0);
2859 		CHILD_REQUIRE_EQ(kevent(kq, &kev, 1, NULL, 0, NULL), 0);
2860 
2861 		trace_me();
2862 
2863 		for (;;) {
2864 			nevents = kevent(kq, NULL, 0, &kev, 1, NULL);
2865 			if (nevents == -1 && errno == EINTR)
2866 				continue;
2867 			CHILD_REQUIRE(nevents > 0);
2868 			CHILD_REQUIRE_EQ(kev.filter, EVFILT_SIGNAL);
2869 			CHILD_REQUIRE_EQ(kev.ident, (uintptr_t)SIGUSR1);
2870 			break;
2871 		}
2872 
2873 		exit(1);
2874 	}
2875 
2876 	/* The first wait() should report the stop from SIGSTOP. */
2877 	wpid = waitpid(fpid, &status, 0);
2878 	REQUIRE_EQ(wpid, fpid);
2879 	ATF_REQUIRE(WIFSTOPPED(status));
2880 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2881 
2882 	/* Continue with the SIGUSR1. */
2883 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2884 
2885 	/*
2886 	 * The last wait() should report normal exit with code 1.
2887 	 */
2888 	wpid = waitpid(fpid, &status, 0);
2889 	REQUIRE_EQ(wpid, fpid);
2890 	ATF_REQUIRE(WIFEXITED(status));
2891 	REQUIRE_EQ(WEXITSTATUS(status), 1);
2892 
2893 	wpid = wait(&status);
2894 	REQUIRE_EQ(wpid, -1);
2895 	REQUIRE_EQ(errno, ECHILD);
2896 }
2897 
2898 static void *
2899 signal_thread(void *arg)
2900 {
2901 	int err;
2902 	sigset_t sigmask;
2903 
2904 	pthread_barrier_t *pbarrier = (pthread_barrier_t*)arg;
2905 
2906 	/* Wait for this thread to receive a SIGUSR1. */
2907 	do {
2908 		err = sem_wait(&sigusr1_sem);
2909 		CHILD_REQUIRE(err == 0 || errno == EINTR);
2910 	} while (err != 0 && errno == EINTR);
2911 
2912 	/* Free our companion thread from the barrier. */
2913 	pthread_barrier_wait(pbarrier);
2914 
2915 	/*
2916 	 * Swap ignore duties; the next SIGUSR1 should go to the
2917 	 * other thread.
2918 	 */
2919 	CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
2920 	CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
2921 	CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
2922 
2923 	/* Sync up threads after swapping signal masks. */
2924 	pthread_barrier_wait(pbarrier);
2925 
2926 	/* Wait until our companion has received its SIGUSR1. */
2927 	pthread_barrier_wait(pbarrier);
2928 
2929 	return (NULL);
2930 }
2931 
2932 /*
2933  * Verify that a traced process with blocked signal received the
2934  * signal from kill() once unmasked.
2935  */
2936 ATF_TC_WITHOUT_HEAD(ptrace__killed_with_sigmask);
2937 ATF_TC_BODY(ptrace__killed_with_sigmask, tc)
2938 {
2939 	struct ptrace_lwpinfo pl;
2940 	pid_t fpid, wpid;
2941 	int status, err;
2942 	sigset_t sigmask;
2943 
2944 	REQUIRE_EQ(sem_init(&sigusr1_sem, 0, 0), 0);
2945 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
2946 	got_usr1 = 0;
2947 
2948 	ATF_REQUIRE((fpid = fork()) != -1);
2949 	if (fpid == 0) {
2950 		CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
2951 		CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
2952 		CHILD_REQUIRE_EQ(sigprocmask(SIG_BLOCK, &sigmask, NULL), 0);
2953 
2954 		trace_me();
2955 		CHILD_REQUIRE_EQ(got_usr1, 0);
2956 
2957 		/* Allow the pending SIGUSR1 in now. */
2958 		CHILD_REQUIRE_EQ(sigprocmask(SIG_UNBLOCK, &sigmask, NULL), 0);
2959 		/* Wait to receive a SIGUSR1. */
2960 		do {
2961 			err = sem_wait(&sigusr1_sem);
2962 			CHILD_REQUIRE(err == 0 || errno == EINTR);
2963 		} while (err != 0 && errno == EINTR);
2964 		CHILD_REQUIRE_EQ(got_usr1, 1);
2965 		exit(1);
2966 	}
2967 
2968 	/* The first wait() should report the stop from SIGSTOP. */
2969 	wpid = waitpid(fpid, &status, 0);
2970 	REQUIRE_EQ(wpid, fpid);
2971 	ATF_REQUIRE(WIFSTOPPED(status));
2972 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
2973 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
2974 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGSTOP);
2975 
2976 	/* Send blocked SIGUSR1 which should cause a stop. */
2977 	REQUIRE_EQ(kill(fpid, SIGUSR1), 0);
2978 
2979 	/* Continue the child ignoring the SIGSTOP. */
2980 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
2981 
2982 	/* The next wait() should report the kill(SIGUSR1) was received. */
2983 	wpid = waitpid(fpid, &status, 0);
2984 	REQUIRE_EQ(wpid, fpid);
2985 	ATF_REQUIRE(WIFSTOPPED(status));
2986 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR1);
2987 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
2988 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGUSR1);
2989 
2990 	/* Continue the child, allowing in the SIGUSR1. */
2991 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
2992 
2993 	/* The last wait() should report normal exit with code 1. */
2994 	wpid = waitpid(fpid, &status, 0);
2995 	REQUIRE_EQ(wpid, fpid);
2996 	ATF_REQUIRE(WIFEXITED(status));
2997 	REQUIRE_EQ(WEXITSTATUS(status), 1);
2998 
2999 	wpid = wait(&status);
3000 	REQUIRE_EQ(wpid, -1);
3001 	REQUIRE_EQ(errno, ECHILD);
3002 }
3003 
3004 /*
3005  * Verify that a traced process with blocked signal received the
3006  * signal from PT_CONTINUE once unmasked.
3007  */
3008 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_sigmask);
3009 ATF_TC_BODY(ptrace__PT_CONTINUE_with_sigmask, tc)
3010 {
3011 	struct ptrace_lwpinfo pl;
3012 	pid_t fpid, wpid;
3013 	int status, err;
3014 	sigset_t sigmask;
3015 
3016 	REQUIRE_EQ(sem_init(&sigusr1_sem, 0, 0), 0);
3017 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
3018 	got_usr1 = 0;
3019 
3020 	ATF_REQUIRE((fpid = fork()) != -1);
3021 	if (fpid == 0) {
3022 		CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
3023 		CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
3024 		CHILD_REQUIRE_EQ(sigprocmask(SIG_BLOCK, &sigmask, NULL), 0);
3025 
3026 		trace_me();
3027 		CHILD_REQUIRE_EQ(got_usr1, 0);
3028 
3029 		/* Allow the pending SIGUSR1 in now. */
3030 		CHILD_REQUIRE_EQ(sigprocmask(SIG_UNBLOCK, &sigmask, NULL), 0);
3031 		/* Wait to receive a SIGUSR1. */
3032 		do {
3033 			err = sem_wait(&sigusr1_sem);
3034 			CHILD_REQUIRE(err == 0 || errno == EINTR);
3035 		} while (err != 0 && errno == EINTR);
3036 
3037 		CHILD_REQUIRE_EQ(got_usr1, 1);
3038 		exit(1);
3039 	}
3040 
3041 	/* The first wait() should report the stop from SIGSTOP. */
3042 	wpid = waitpid(fpid, &status, 0);
3043 	REQUIRE_EQ(wpid, fpid);
3044 	ATF_REQUIRE(WIFSTOPPED(status));
3045 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3046 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
3047 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGSTOP);
3048 
3049 	/* Continue the child replacing SIGSTOP with SIGUSR1. */
3050 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
3051 
3052 	/* The next wait() should report the SIGUSR1 was received. */
3053 	wpid = waitpid(fpid, &status, 0);
3054 	REQUIRE_EQ(wpid, fpid);
3055 	ATF_REQUIRE(WIFSTOPPED(status));
3056 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR1);
3057 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
3058 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGUSR1);
3059 
3060 	/* Continue the child, ignoring the SIGUSR1. */
3061 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3062 
3063 	/* The last wait() should report normal exit with code 1. */
3064 	wpid = waitpid(fpid, &status, 0);
3065 	REQUIRE_EQ(wpid, fpid);
3066 	ATF_REQUIRE(WIFEXITED(status));
3067 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3068 
3069 	wpid = wait(&status);
3070 	REQUIRE_EQ(wpid, -1);
3071 	REQUIRE_EQ(errno, ECHILD);
3072 }
3073 
3074 /*
3075  * Verify that if ptrace stops due to a signal but continues with
3076  * a different signal that the new signal is routed to a thread
3077  * that can accept it, and that the thread is awakened by the signal
3078  * in a timely manner.
3079  */
3080 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_thread_sigmask);
3081 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_thread_sigmask, tc)
3082 {
3083 	pid_t fpid, wpid;
3084 	int status, err;
3085 	pthread_t t;
3086 	sigset_t sigmask;
3087 	pthread_barrier_t barrier;
3088 
3089 	REQUIRE_EQ(pthread_barrier_init(&barrier, NULL, 2), 0);
3090 	REQUIRE_EQ(sem_init(&sigusr1_sem, 0, 0), 0);
3091 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
3092 
3093 	ATF_REQUIRE((fpid = fork()) != -1);
3094 	if (fpid == 0) {
3095 		CHILD_REQUIRE_EQ(pthread_create(&t, NULL, signal_thread,
3096 		    (void *)&barrier), 0);
3097 
3098 		/* The other thread should receive the first SIGUSR1. */
3099 		CHILD_REQUIRE_EQ(sigemptyset(&sigmask), 0);
3100 		CHILD_REQUIRE_EQ(sigaddset(&sigmask, SIGUSR1), 0);
3101 		CHILD_REQUIRE_EQ(pthread_sigmask(SIG_BLOCK, &sigmask, NULL), 0);
3102 
3103 		trace_me();
3104 
3105 		/* Wait until other thread has received its SIGUSR1. */
3106 		pthread_barrier_wait(&barrier);
3107 
3108 		/*
3109 		 * Swap ignore duties; the next SIGUSR1 should go to this
3110 		 * thread.
3111 		 */
3112 		CHILD_REQUIRE_EQ(pthread_sigmask(SIG_UNBLOCK, &sigmask, NULL),
3113 		    0);
3114 
3115 		/* Sync up threads after swapping signal masks. */
3116 		pthread_barrier_wait(&barrier);
3117 
3118 		/*
3119 		 * Sync up with test code; we're ready for the next SIGUSR1
3120 		 * now.
3121 		 */
3122 		raise(SIGSTOP);
3123 
3124 		/* Wait for this thread to receive a SIGUSR1. */
3125 		do {
3126 			err = sem_wait(&sigusr1_sem);
3127 			CHILD_REQUIRE(err == 0 || errno == EINTR);
3128 		} while (err != 0 && errno == EINTR);
3129 
3130 		/* Free the other thread from the barrier. */
3131 		pthread_barrier_wait(&barrier);
3132 
3133 		CHILD_REQUIRE_EQ(pthread_join(t, NULL), 0);
3134 
3135 		exit(1);
3136 	}
3137 
3138 	/* The first wait() should report the stop from SIGSTOP. */
3139 	wpid = waitpid(fpid, &status, 0);
3140 	REQUIRE_EQ(wpid, fpid);
3141 	ATF_REQUIRE(WIFSTOPPED(status));
3142 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3143 
3144 	/* Continue the child ignoring the SIGSTOP. */
3145 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3146 
3147 	/*
3148 	 * Send a signal without ptrace that either thread will accept (USR2,
3149 	 * in this case).
3150 	 */
3151 	REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
3152 
3153 	/* The second wait() should report a SIGUSR2 was received. */
3154 	wpid = waitpid(fpid, &status, 0);
3155 	REQUIRE_EQ(wpid, fpid);
3156 	ATF_REQUIRE(WIFSTOPPED(status));
3157 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
3158 
3159 	/* Continue the child, changing the signal to USR1. */
3160 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
3161 
3162 	/* The next wait() should report the stop from SIGSTOP. */
3163 	wpid = waitpid(fpid, &status, 0);
3164 	REQUIRE_EQ(wpid, fpid);
3165 	ATF_REQUIRE(WIFSTOPPED(status));
3166 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3167 
3168 	/* Continue the child ignoring the SIGSTOP. */
3169 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3170 
3171 	REQUIRE_EQ(kill(fpid, SIGUSR2), 0);
3172 
3173 	/* The next wait() should report a SIGUSR2 was received. */
3174 	wpid = waitpid(fpid, &status, 0);
3175 	REQUIRE_EQ(wpid, fpid);
3176 	ATF_REQUIRE(WIFSTOPPED(status));
3177 	REQUIRE_EQ(WSTOPSIG(status), SIGUSR2);
3178 
3179 	/* Continue the child, changing the signal to USR1. */
3180 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1), 0);
3181 
3182 	/* The last wait() should report normal exit with code 1. */
3183 	wpid = waitpid(fpid, &status, 0);
3184 	REQUIRE_EQ(wpid, fpid);
3185 	ATF_REQUIRE(WIFEXITED(status));
3186 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3187 
3188 	wpid = wait(&status);
3189 	REQUIRE_EQ(wpid, -1);
3190 	REQUIRE_EQ(errno, ECHILD);
3191 }
3192 
3193 /*
3194  * Verify that PT_GETREGSET returns registers and PT_SETREGSET updates them.
3195  */
3196 ATF_TC_WITHOUT_HEAD(ptrace__PT_REGSET);
3197 ATF_TC_BODY(ptrace__PT_REGSET, tc)
3198 {
3199 #if defined(__aarch64__)
3200 	struct arm64_addr_mask addr_mask;
3201 #endif
3202 	struct prstatus prstatus;
3203 	struct iovec vec;
3204 	pid_t child, wpid;
3205 	int status;
3206 
3207 	ATF_REQUIRE((child = fork()) != -1);
3208 	if (child == 0) {
3209 		trace_me();
3210 		exit(1);
3211 	}
3212 
3213 	/* The first wait() should report the stop from SIGSTOP. */
3214 	wpid = waitpid(child, &status, 0);
3215 	REQUIRE_EQ(wpid, child);
3216 	ATF_REQUIRE(WIFSTOPPED(status));
3217 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3218 
3219 	/* Check the size is returned when vec.iov_base is NULL */
3220 	vec.iov_base = NULL;
3221 	vec.iov_len = 0;
3222 	ATF_REQUIRE(ptrace(PT_GETREGSET, wpid, (caddr_t)&vec, NT_PRSTATUS) !=
3223 	    -1);
3224 	ATF_REQUIRE(vec.iov_len == sizeof(prstatus));
3225 	ATF_REQUIRE(vec.iov_base == NULL);
3226 
3227 	/* Read the registers. */
3228 	memset(&prstatus, 0, sizeof(prstatus));
3229 	vec.iov_base = &prstatus;
3230 	ATF_REQUIRE(ptrace(PT_GETREGSET, wpid, (caddr_t)&vec, NT_PRSTATUS) !=
3231 	    -1);
3232 	ATF_REQUIRE(vec.iov_len == sizeof(prstatus));
3233 	ATF_REQUIRE(vec.iov_base == &prstatus);
3234 	ATF_REQUIRE(prstatus.pr_statussz == sizeof(prstatus));
3235 
3236 	/* Write the registers back. */
3237 	ATF_REQUIRE(ptrace(PT_SETREGSET, wpid, (caddr_t)&vec, NT_PRSTATUS) !=
3238 	    -1);
3239 
3240 #if defined(__aarch64__)
3241 	vec.iov_base = &addr_mask;
3242 	vec.iov_len = sizeof(addr_mask);
3243 	ATF_REQUIRE(ptrace(PT_GETREGSET, wpid, (caddr_t)&vec,
3244 	    NT_ARM_ADDR_MASK) != -1);
3245 	REQUIRE_EQ(addr_mask.code, addr_mask.data);
3246 	ATF_REQUIRE(addr_mask.code == 0 ||
3247 	    addr_mask.code == 0xff7f000000000000UL);
3248 #endif
3249 
3250 	REQUIRE_EQ(ptrace(PT_CONTINUE, child, (caddr_t)1, 0), 0);
3251 
3252 	/* The second wait() should report the exit status. */
3253 	wpid = waitpid(child, &status, 0);
3254 	REQUIRE_EQ(wpid, child);
3255 	ATF_REQUIRE(WIFEXITED(status));
3256 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3257 
3258 	/* The child should no longer exist. */
3259 	wpid = waitpid(child, &status, 0);
3260 	REQUIRE_EQ(wpid, -1);
3261 	REQUIRE_EQ(errno, ECHILD);
3262 }
3263 
3264 static void *
3265 raise_sigstop_thread(void *arg __unused)
3266 {
3267 
3268 	raise(SIGSTOP);
3269 	return NULL;
3270 }
3271 
3272 static void *
3273 sleep_thread(void *arg __unused)
3274 {
3275 
3276 	sleep(60);
3277 	return NULL;
3278 }
3279 
3280 static void
3281 terminate_with_pending_sigstop(bool sigstop_from_main_thread)
3282 {
3283 	pid_t fpid, wpid;
3284 	int status, i;
3285 	cpuset_t setmask;
3286 	cpusetid_t setid;
3287 	pthread_t t;
3288 
3289 	/*
3290 	 * Become the reaper for this process tree. We need to be able to check
3291 	 * that both child and grandchild have died.
3292 	 */
3293 	REQUIRE_EQ(procctl(P_PID, getpid(), PROC_REAP_ACQUIRE, NULL), 0);
3294 
3295 	fpid = fork();
3296 	ATF_REQUIRE(fpid >= 0);
3297 	if (fpid == 0) {
3298 		fpid = fork();
3299 		CHILD_REQUIRE(fpid >= 0);
3300 		if (fpid == 0) {
3301 			trace_me();
3302 
3303 			/* Pin to CPU 0 to serialize thread execution. */
3304 			CPU_ZERO(&setmask);
3305 			CPU_SET(0, &setmask);
3306 			CHILD_REQUIRE_EQ(cpuset(&setid), 0);
3307 			CHILD_REQUIRE(cpuset_setaffinity(CPU_LEVEL_CPUSET,
3308 			    CPU_WHICH_CPUSET, setid,
3309 			    sizeof(setmask), &setmask) == 0);
3310 
3311 			if (sigstop_from_main_thread) {
3312 				/*
3313 				 * We expect the SIGKILL sent when our parent
3314 				 * dies to be delivered to the new thread.
3315 				 * Raise the SIGSTOP in this thread so the
3316 				 * threads compete.
3317 				 */
3318 				CHILD_REQUIRE(pthread_create(&t, NULL,
3319 				    sleep_thread, NULL) == 0);
3320 				raise(SIGSTOP);
3321 			} else {
3322 				/*
3323 				 * We expect the SIGKILL to be delivered to
3324 				 * this thread. After creating the new thread,
3325 				 * just get off the CPU so the other thread can
3326 				 * raise the SIGSTOP.
3327 				 */
3328 				CHILD_REQUIRE(pthread_create(&t, NULL,
3329 				    raise_sigstop_thread, NULL) == 0);
3330 				sleep(60);
3331 			}
3332 
3333 			exit(0);
3334 		}
3335 		/* First stop is trace_me() immediately after fork. */
3336 		wpid = waitpid(fpid, &status, 0);
3337 		CHILD_REQUIRE_EQ(wpid, fpid);
3338 		CHILD_REQUIRE(WIFSTOPPED(status));
3339 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3340 
3341 		CHILD_REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3342 
3343 		/* Second stop is from the raise(SIGSTOP). */
3344 		wpid = waitpid(fpid, &status, 0);
3345 		CHILD_REQUIRE_EQ(wpid, fpid);
3346 		CHILD_REQUIRE(WIFSTOPPED(status));
3347 		CHILD_REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3348 
3349 		/*
3350 		 * Terminate tracing process without detaching. Our child
3351 		 * should be killed.
3352 		 */
3353 		exit(0);
3354 	}
3355 
3356 	/*
3357 	 * We should get a normal exit from our immediate child and a SIGKILL
3358 	 * exit from our grandchild. The latter case is the interesting one.
3359 	 * Our grandchild should not have stopped due to the SIGSTOP that was
3360 	 * left dangling when its parent died.
3361 	 */
3362 	for (i = 0; i < 2; ++i) {
3363 		wpid = wait(&status);
3364 		if (wpid == fpid) {
3365 			ATF_REQUIRE(WIFEXITED(status));
3366 			REQUIRE_EQ(WEXITSTATUS(status), 0);
3367 		} else {
3368 			ATF_REQUIRE(WIFSIGNALED(status));
3369 			REQUIRE_EQ(WTERMSIG(status), SIGKILL);
3370 		}
3371 	}
3372 }
3373 
3374 /*
3375  * These two tests ensure that if the tracing process exits without detaching
3376  * just after the child received a SIGSTOP, the child is cleanly killed and
3377  * doesn't go to sleep due to the SIGSTOP. The parent's death will send a
3378  * SIGKILL to the child. If the SIGKILL and the SIGSTOP are handled by
3379  * different threads, the SIGKILL must win.  There are two variants of this
3380  * test, designed to catch the case where the SIGKILL is delivered to the
3381  * younger thread (the first test) and the case where the SIGKILL is delivered
3382  * to the older thread (the second test). This behavior has changed in the
3383  * past, so make no assumption.
3384  */
3385 ATF_TC(ptrace__parent_terminate_with_pending_sigstop1);
3386 ATF_TC_HEAD(ptrace__parent_terminate_with_pending_sigstop1, tc)
3387 {
3388 
3389 	atf_tc_set_md_var(tc, "require.user", "root");
3390 }
3391 ATF_TC_BODY(ptrace__parent_terminate_with_pending_sigstop1, tc)
3392 {
3393 
3394 	terminate_with_pending_sigstop(true);
3395 }
3396 
3397 ATF_TC(ptrace__parent_terminate_with_pending_sigstop2);
3398 ATF_TC_HEAD(ptrace__parent_terminate_with_pending_sigstop2, tc)
3399 {
3400 
3401 	atf_tc_set_md_var(tc, "require.user", "root");
3402 }
3403 ATF_TC_BODY(ptrace__parent_terminate_with_pending_sigstop2, tc)
3404 {
3405 
3406 	terminate_with_pending_sigstop(false);
3407 }
3408 
3409 /*
3410  * Verify that after ptrace() discards a SIGKILL signal, the event mask
3411  * is not modified.
3412  */
3413 ATF_TC_WITHOUT_HEAD(ptrace__event_mask_sigkill_discard);
3414 ATF_TC_BODY(ptrace__event_mask_sigkill_discard, tc)
3415 {
3416 	struct ptrace_lwpinfo pl;
3417 	pid_t fpid, wpid;
3418 	int status, event_mask, new_event_mask;
3419 
3420 	ATF_REQUIRE((fpid = fork()) != -1);
3421 	if (fpid == 0) {
3422 		trace_me();
3423 		raise(SIGSTOP);
3424 		exit(0);
3425 	}
3426 
3427 	/* The first wait() should report the stop from trace_me(). */
3428 	wpid = waitpid(fpid, &status, 0);
3429 	REQUIRE_EQ(wpid, fpid);
3430 	ATF_REQUIRE(WIFSTOPPED(status));
3431 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3432 
3433 	/* Set several unobtrusive event bits. */
3434 	event_mask = PTRACE_EXEC | PTRACE_FORK | PTRACE_LWP;
3435 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, wpid, (caddr_t)&event_mask,
3436 	    sizeof(event_mask)) == 0);
3437 
3438 	/* Send a SIGKILL without using ptrace. */
3439 	REQUIRE_EQ(kill(fpid, SIGKILL), 0);
3440 
3441 	/* Continue the child ignoring the SIGSTOP. */
3442 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3443 
3444 	/* The next stop should be due to the SIGKILL. */
3445 	wpid = waitpid(fpid, &status, 0);
3446 	REQUIRE_EQ(wpid, fpid);
3447 	ATF_REQUIRE(WIFSTOPPED(status));
3448 	REQUIRE_EQ(WSTOPSIG(status), SIGKILL);
3449 
3450 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3451 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3452 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGKILL);
3453 
3454 	/* Continue the child ignoring the SIGKILL. */
3455 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3456 
3457 	/* The next wait() should report the stop from SIGSTOP. */
3458 	wpid = waitpid(fpid, &status, 0);
3459 	REQUIRE_EQ(wpid, fpid);
3460 	ATF_REQUIRE(WIFSTOPPED(status));
3461 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3462 
3463 	/* Check the current event mask. It should not have changed. */
3464 	new_event_mask = 0;
3465 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, wpid, (caddr_t)&new_event_mask,
3466 	    sizeof(new_event_mask)) == 0);
3467 	REQUIRE_EQ(event_mask, new_event_mask);
3468 
3469 	/* Continue the child to let it exit. */
3470 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3471 
3472 	/* The last event should be for the child process's exit. */
3473 	wpid = waitpid(fpid, &status, 0);
3474 	ATF_REQUIRE(WIFEXITED(status));
3475 	REQUIRE_EQ(WEXITSTATUS(status), 0);
3476 
3477 	wpid = wait(&status);
3478 	REQUIRE_EQ(wpid, -1);
3479 	REQUIRE_EQ(errno, ECHILD);
3480 }
3481 
3482 static void *
3483 flock_thread(void *arg)
3484 {
3485 	int fd;
3486 
3487 	fd = *(int *)arg;
3488 	(void)flock(fd, LOCK_EX);
3489 	(void)flock(fd, LOCK_UN);
3490 	return (NULL);
3491 }
3492 
3493 /*
3494  * Verify that PT_ATTACH will suspend threads sleeping in an SBDRY section.
3495  * We rely on the fact that the lockf implementation sets SBDRY before blocking
3496  * on a lock. This is a regression test for r318191.
3497  */
3498 ATF_TC_WITHOUT_HEAD(ptrace__PT_ATTACH_with_SBDRY_thread);
3499 ATF_TC_BODY(ptrace__PT_ATTACH_with_SBDRY_thread, tc)
3500 {
3501 	pthread_barrier_t barrier;
3502 	pthread_barrierattr_t battr;
3503 	char tmpfile[64];
3504 	pid_t child, wpid;
3505 	int error, fd, i, status;
3506 
3507 	REQUIRE_EQ(pthread_barrierattr_init(&battr), 0);
3508 	ATF_REQUIRE(pthread_barrierattr_setpshared(&battr,
3509 	    PTHREAD_PROCESS_SHARED) == 0);
3510 	REQUIRE_EQ(pthread_barrier_init(&barrier, &battr, 2), 0);
3511 
3512 	(void)snprintf(tmpfile, sizeof(tmpfile), "./ptrace.XXXXXX");
3513 	fd = mkstemp(tmpfile);
3514 	ATF_REQUIRE(fd >= 0);
3515 
3516 	ATF_REQUIRE((child = fork()) != -1);
3517 	if (child == 0) {
3518 		pthread_t t[2];
3519 		int cfd;
3520 
3521 		error = pthread_barrier_wait(&barrier);
3522 		if (error != 0 && error != PTHREAD_BARRIER_SERIAL_THREAD)
3523 			_exit(1);
3524 
3525 		cfd = open(tmpfile, O_RDONLY);
3526 		if (cfd < 0)
3527 			_exit(1);
3528 
3529 		/*
3530 		 * We want at least two threads blocked on the file lock since
3531 		 * the SIGSTOP from PT_ATTACH may kick one of them out of
3532 		 * sleep.
3533 		 */
3534 		if (pthread_create(&t[0], NULL, flock_thread, &cfd) != 0)
3535 			_exit(1);
3536 		if (pthread_create(&t[1], NULL, flock_thread, &cfd) != 0)
3537 			_exit(1);
3538 		if (pthread_join(t[0], NULL) != 0)
3539 			_exit(1);
3540 		if (pthread_join(t[1], NULL) != 0)
3541 			_exit(1);
3542 		_exit(0);
3543 	}
3544 
3545 	REQUIRE_EQ(flock(fd, LOCK_EX), 0);
3546 
3547 	error = pthread_barrier_wait(&barrier);
3548 	ATF_REQUIRE(error == 0 || error == PTHREAD_BARRIER_SERIAL_THREAD);
3549 
3550 	/*
3551 	 * Give the child some time to block. Is there a better way to do this?
3552 	 */
3553 	sleep(1);
3554 
3555 	/*
3556 	 * Attach and give the child 3 seconds to stop.
3557 	 */
3558 	REQUIRE_EQ(ptrace(PT_ATTACH, child, NULL, 0), 0);
3559 	for (i = 0; i < 3; i++) {
3560 		wpid = waitpid(child, &status, WNOHANG);
3561 		if (wpid == child && WIFSTOPPED(status) &&
3562 		    WSTOPSIG(status) == SIGSTOP)
3563 			break;
3564 		sleep(1);
3565 	}
3566 	ATF_REQUIRE_MSG(i < 3, "failed to stop child process after PT_ATTACH");
3567 
3568 	REQUIRE_EQ(ptrace(PT_DETACH, child, NULL, 0), 0);
3569 
3570 	REQUIRE_EQ(flock(fd, LOCK_UN), 0);
3571 	REQUIRE_EQ(unlink(tmpfile), 0);
3572 	REQUIRE_EQ(close(fd), 0);
3573 }
3574 
3575 static void
3576 sigusr1_step_handler(int sig)
3577 {
3578 
3579 	CHILD_REQUIRE_EQ(sig, SIGUSR1);
3580 	raise(SIGABRT);
3581 }
3582 
3583 /*
3584  * Verify that PT_STEP with a signal invokes the signal before
3585  * stepping the next instruction (and that the next instruction is
3586  * stepped correctly).
3587  */
3588 ATF_TC_WITHOUT_HEAD(ptrace__PT_STEP_with_signal);
3589 ATF_TC_BODY(ptrace__PT_STEP_with_signal, tc)
3590 {
3591 	struct ptrace_lwpinfo pl;
3592 	pid_t fpid, wpid;
3593 	int status;
3594 
3595 	ATF_REQUIRE((fpid = fork()) != -1);
3596 	if (fpid == 0) {
3597 		trace_me();
3598 		signal(SIGUSR1, sigusr1_step_handler);
3599 		raise(SIGABRT);
3600 		exit(1);
3601 	}
3602 
3603 	/* The first wait() should report the stop from SIGSTOP. */
3604 	wpid = waitpid(fpid, &status, 0);
3605 	REQUIRE_EQ(wpid, fpid);
3606 	ATF_REQUIRE(WIFSTOPPED(status));
3607 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3608 
3609 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3610 
3611 	/* The next stop should report the SIGABRT in the child body. */
3612 	wpid = waitpid(fpid, &status, 0);
3613 	REQUIRE_EQ(wpid, fpid);
3614 	ATF_REQUIRE(WIFSTOPPED(status));
3615 	REQUIRE_EQ(WSTOPSIG(status), SIGABRT);
3616 
3617 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3618 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3619 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGABRT);
3620 
3621 	/* Step the child process inserting SIGUSR1. */
3622 	REQUIRE_EQ(ptrace(PT_STEP, fpid, (caddr_t)1, SIGUSR1), 0);
3623 
3624 	/* The next stop should report the SIGABRT in the signal handler. */
3625 	wpid = waitpid(fpid, &status, 0);
3626 	REQUIRE_EQ(wpid, fpid);
3627 	ATF_REQUIRE(WIFSTOPPED(status));
3628 	REQUIRE_EQ(WSTOPSIG(status), SIGABRT);
3629 
3630 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3631 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3632 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGABRT);
3633 
3634 	/* Continue the child process discarding the signal. */
3635 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3636 
3637 	/* The next stop should report a trace trap from PT_STEP. */
3638 	wpid = waitpid(fpid, &status, 0);
3639 	REQUIRE_EQ(wpid, fpid);
3640 	ATF_REQUIRE(WIFSTOPPED(status));
3641 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3642 
3643 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3644 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3645 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3646 	REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_TRACE);
3647 
3648 	/* Continue the child to let it exit. */
3649 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3650 
3651 	/* The last event should be for the child process's exit. */
3652 	wpid = waitpid(fpid, &status, 0);
3653 	ATF_REQUIRE(WIFEXITED(status));
3654 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3655 
3656 	wpid = wait(&status);
3657 	REQUIRE_EQ(wpid, -1);
3658 	REQUIRE_EQ(errno, ECHILD);
3659 }
3660 
3661 #ifdef HAVE_BREAKPOINT
3662 /*
3663  * Verify that a SIGTRAP event with the TRAP_BRKPT code is reported
3664  * for a breakpoint trap.
3665  */
3666 ATF_TC_WITHOUT_HEAD(ptrace__breakpoint_siginfo);
3667 ATF_TC_BODY(ptrace__breakpoint_siginfo, tc)
3668 {
3669 	struct ptrace_lwpinfo pl;
3670 	pid_t fpid, wpid;
3671 	int status;
3672 
3673 	ATF_REQUIRE((fpid = fork()) != -1);
3674 	if (fpid == 0) {
3675 		trace_me();
3676 		breakpoint();
3677 		exit(1);
3678 	}
3679 
3680 	/* The first wait() should report the stop from SIGSTOP. */
3681 	wpid = waitpid(fpid, &status, 0);
3682 	REQUIRE_EQ(wpid, fpid);
3683 	ATF_REQUIRE(WIFSTOPPED(status));
3684 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3685 
3686 	/* Continue the child ignoring the SIGSTOP. */
3687 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3688 
3689 	/* The second wait() should report hitting the breakpoint. */
3690 	wpid = waitpid(fpid, &status, 0);
3691 	REQUIRE_EQ(wpid, fpid);
3692 	ATF_REQUIRE(WIFSTOPPED(status));
3693 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3694 
3695 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3696 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3697 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3698 	REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_BRKPT);
3699 
3700 	/* Kill the child process. */
3701 	REQUIRE_EQ(ptrace(PT_KILL, fpid, 0, 0), 0);
3702 
3703 	/* The last wait() should report the SIGKILL. */
3704 	wpid = waitpid(fpid, &status, 0);
3705 	REQUIRE_EQ(wpid, fpid);
3706 	ATF_REQUIRE(WIFSIGNALED(status));
3707 	REQUIRE_EQ(WTERMSIG(status), SIGKILL);
3708 
3709 	wpid = wait(&status);
3710 	REQUIRE_EQ(wpid, -1);
3711 	REQUIRE_EQ(errno, ECHILD);
3712 }
3713 #endif /* HAVE_BREAKPOINT */
3714 
3715 /*
3716  * Verify that a SIGTRAP event with the TRAP_TRACE code is reported
3717  * for a single-step trap from PT_STEP.
3718  */
3719 ATF_TC_WITHOUT_HEAD(ptrace__step_siginfo);
3720 ATF_TC_BODY(ptrace__step_siginfo, tc)
3721 {
3722 	struct ptrace_lwpinfo pl;
3723 	pid_t fpid, wpid;
3724 	int status;
3725 
3726 	ATF_REQUIRE((fpid = fork()) != -1);
3727 	if (fpid == 0) {
3728 		trace_me();
3729 		exit(1);
3730 	}
3731 
3732 	/* The first wait() should report the stop from SIGSTOP. */
3733 	wpid = waitpid(fpid, &status, 0);
3734 	REQUIRE_EQ(wpid, fpid);
3735 	ATF_REQUIRE(WIFSTOPPED(status));
3736 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3737 
3738 	/* Step the child ignoring the SIGSTOP. */
3739 	REQUIRE_EQ(ptrace(PT_STEP, fpid, (caddr_t)1, 0), 0);
3740 
3741 	/* The second wait() should report a single-step trap. */
3742 	wpid = waitpid(fpid, &status, 0);
3743 	REQUIRE_EQ(wpid, fpid);
3744 	ATF_REQUIRE(WIFSTOPPED(status));
3745 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3746 
3747 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3748 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3749 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3750 	REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_TRACE);
3751 
3752 	/* Continue the child process. */
3753 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3754 
3755 	/* The last event should be for the child process's exit. */
3756 	wpid = waitpid(fpid, &status, 0);
3757 	ATF_REQUIRE(WIFEXITED(status));
3758 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3759 
3760 	wpid = wait(&status);
3761 	REQUIRE_EQ(wpid, -1);
3762 	REQUIRE_EQ(errno, ECHILD);
3763 }
3764 
3765 #if defined(HAVE_BREAKPOINT) && defined(SKIP_BREAK)
3766 static void *
3767 continue_thread(void *arg __unused)
3768 {
3769 	breakpoint();
3770 	return (NULL);
3771 }
3772 
3773 static __dead2 void
3774 continue_thread_main(void)
3775 {
3776 	pthread_t threads[2];
3777 
3778 	CHILD_REQUIRE(pthread_create(&threads[0], NULL, continue_thread,
3779 	    NULL) == 0);
3780 	CHILD_REQUIRE(pthread_create(&threads[1], NULL, continue_thread,
3781 	    NULL) == 0);
3782 	CHILD_REQUIRE_EQ(pthread_join(threads[0], NULL), 0);
3783 	CHILD_REQUIRE_EQ(pthread_join(threads[1], NULL), 0);
3784 	exit(1);
3785 }
3786 
3787 /*
3788  * Ensure that PT_CONTINUE clears the status of the thread that
3789  * triggered the stop even if a different thread's LWP was passed to
3790  * PT_CONTINUE.
3791  */
3792 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_different_thread);
3793 ATF_TC_BODY(ptrace__PT_CONTINUE_different_thread, tc)
3794 {
3795 	struct ptrace_lwpinfo pl;
3796 	pid_t fpid, wpid;
3797 	lwpid_t lwps[2];
3798 	bool hit_break[2];
3799 	struct reg reg;
3800 	int i, j, status;
3801 
3802 	ATF_REQUIRE((fpid = fork()) != -1);
3803 	if (fpid == 0) {
3804 		trace_me();
3805 		continue_thread_main();
3806 	}
3807 
3808 	/* The first wait() should report the stop from SIGSTOP. */
3809 	wpid = waitpid(fpid, &status, 0);
3810 	REQUIRE_EQ(wpid, fpid);
3811 	ATF_REQUIRE(WIFSTOPPED(status));
3812 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3813 
3814 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
3815 	    sizeof(pl)) != -1);
3816 
3817 	REQUIRE_EQ(ptrace(PT_LWP_EVENTS, wpid, NULL, 1), 0);
3818 
3819 	/* Continue the child ignoring the SIGSTOP. */
3820 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3821 
3822 	/* One of the new threads should report it's birth. */
3823 	wpid = waitpid(fpid, &status, 0);
3824 	REQUIRE_EQ(wpid, fpid);
3825 	ATF_REQUIRE(WIFSTOPPED(status));
3826 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3827 
3828 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3829 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
3830 	    (PL_FLAG_BORN | PL_FLAG_SCX));
3831 	lwps[0] = pl.pl_lwpid;
3832 
3833 	/*
3834 	 * Suspend this thread to ensure both threads are alive before
3835 	 * hitting the breakpoint.
3836 	 */
3837 	ATF_REQUIRE(ptrace(PT_SUSPEND, lwps[0], NULL, 0) != -1);
3838 
3839 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3840 
3841 	/* Second thread should report it's birth. */
3842 	wpid = waitpid(fpid, &status, 0);
3843 	REQUIRE_EQ(wpid, fpid);
3844 	ATF_REQUIRE(WIFSTOPPED(status));
3845 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3846 
3847 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3848 	REQUIRE_EQ((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)),
3849 	    (PL_FLAG_BORN | PL_FLAG_SCX));
3850 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
3851 	lwps[1] = pl.pl_lwpid;
3852 
3853 	/* Resume both threads waiting for breakpoint events. */
3854 	hit_break[0] = hit_break[1] = false;
3855 	ATF_REQUIRE(ptrace(PT_RESUME, lwps[0], NULL, 0) != -1);
3856 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3857 
3858 	/* One thread should report a breakpoint. */
3859 	wpid = waitpid(fpid, &status, 0);
3860 	REQUIRE_EQ(wpid, fpid);
3861 	ATF_REQUIRE(WIFSTOPPED(status));
3862 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3863 
3864 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3865 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3866 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3867 	REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_BRKPT);
3868 	if (pl.pl_lwpid == lwps[0])
3869 		i = 0;
3870 	else
3871 		i = 1;
3872 	hit_break[i] = true;
3873 	ATF_REQUIRE(ptrace(PT_GETREGS, pl.pl_lwpid, (caddr_t)&reg, 0) != -1);
3874 	SKIP_BREAK(&reg);
3875 	ATF_REQUIRE(ptrace(PT_SETREGS, pl.pl_lwpid, (caddr_t)&reg, 0) != -1);
3876 
3877 	/*
3878 	 * Resume both threads but pass the other thread's LWPID to
3879 	 * PT_CONTINUE.
3880 	 */
3881 	REQUIRE_EQ(ptrace(PT_CONTINUE, lwps[i ^ 1], (caddr_t)1, 0), 0);
3882 
3883 	/*
3884 	 * Will now get two thread exit events and one more breakpoint
3885 	 * event.
3886 	 */
3887 	for (j = 0; j < 3; j++) {
3888 		wpid = waitpid(fpid, &status, 0);
3889 		REQUIRE_EQ(wpid, fpid);
3890 		ATF_REQUIRE(WIFSTOPPED(status));
3891 		REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3892 
3893 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
3894 		    sizeof(pl)) != -1);
3895 
3896 		if (pl.pl_lwpid == lwps[0])
3897 			i = 0;
3898 		else
3899 			i = 1;
3900 
3901 		ATF_REQUIRE_MSG(lwps[i] != 0, "event for exited thread");
3902 		if (pl.pl_flags & PL_FLAG_EXITED) {
3903 			ATF_REQUIRE_MSG(hit_break[i],
3904 			    "exited thread did not report breakpoint");
3905 			lwps[i] = 0;
3906 		} else {
3907 			ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3908 			REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGTRAP);
3909 			REQUIRE_EQ(pl.pl_siginfo.si_code, TRAP_BRKPT);
3910 			ATF_REQUIRE_MSG(!hit_break[i],
3911 			    "double breakpoint event");
3912 			hit_break[i] = true;
3913 			ATF_REQUIRE(ptrace(PT_GETREGS, pl.pl_lwpid, (caddr_t)&reg,
3914 			    0) != -1);
3915 			SKIP_BREAK(&reg);
3916 			ATF_REQUIRE(ptrace(PT_SETREGS, pl.pl_lwpid, (caddr_t)&reg,
3917 			    0) != -1);
3918 		}
3919 
3920 		REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3921 	}
3922 
3923 	/* Both threads should have exited. */
3924 	REQUIRE_EQ(lwps[0], 0);
3925 	REQUIRE_EQ(lwps[1], 0);
3926 
3927 	/* The last event should be for the child process's exit. */
3928 	wpid = waitpid(fpid, &status, 0);
3929 	ATF_REQUIRE(WIFEXITED(status));
3930 	REQUIRE_EQ(WEXITSTATUS(status), 1);
3931 
3932 	wpid = wait(&status);
3933 	REQUIRE_EQ(wpid, -1);
3934 	REQUIRE_EQ(errno, ECHILD);
3935 }
3936 #endif
3937 
3938 /*
3939  * Verify that PT_LWPINFO doesn't return stale siginfo.
3940  */
3941 ATF_TC_WITHOUT_HEAD(ptrace__PT_LWPINFO_stale_siginfo);
3942 ATF_TC_BODY(ptrace__PT_LWPINFO_stale_siginfo, tc)
3943 {
3944 	struct ptrace_lwpinfo pl;
3945 	pid_t fpid, wpid;
3946 	int events, status;
3947 
3948 	ATF_REQUIRE((fpid = fork()) != -1);
3949 	if (fpid == 0) {
3950 		trace_me();
3951 		raise(SIGABRT);
3952 		exit(1);
3953 	}
3954 
3955 	/* The first wait() should report the stop from SIGSTOP. */
3956 	wpid = waitpid(fpid, &status, 0);
3957 	REQUIRE_EQ(wpid, fpid);
3958 	ATF_REQUIRE(WIFSTOPPED(status));
3959 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
3960 
3961 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3962 
3963 	/* The next stop should report the SIGABRT in the child body. */
3964 	wpid = waitpid(fpid, &status, 0);
3965 	REQUIRE_EQ(wpid, fpid);
3966 	ATF_REQUIRE(WIFSTOPPED(status));
3967 	REQUIRE_EQ(WSTOPSIG(status), SIGABRT);
3968 
3969 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3970 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3971 	REQUIRE_EQ(pl.pl_siginfo.si_signo, SIGABRT);
3972 
3973 	/*
3974 	 * Continue the process ignoring the signal, but enabling
3975 	 * syscall traps.
3976 	 */
3977 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
3978 
3979 	/*
3980 	 * The next stop should report a system call entry from
3981 	 * exit().  PL_FLAGS_SI should not be set.
3982 	 */
3983 	wpid = waitpid(fpid, &status, 0);
3984 	REQUIRE_EQ(wpid, fpid);
3985 	ATF_REQUIRE(WIFSTOPPED(status));
3986 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
3987 
3988 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3989 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
3990 	REQUIRE_EQ((pl.pl_flags & PL_FLAG_SI), 0);
3991 
3992 	/* Disable syscall tracing and continue the child to let it exit. */
3993 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
3994 	    sizeof(events)) == 0);
3995 	events &= ~PTRACE_SYSCALL;
3996 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
3997 	    sizeof(events)) == 0);
3998 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
3999 
4000 	/* The last event should be for the child process's exit. */
4001 	wpid = waitpid(fpid, &status, 0);
4002 	ATF_REQUIRE(WIFEXITED(status));
4003 	REQUIRE_EQ(WEXITSTATUS(status), 1);
4004 
4005 	wpid = wait(&status);
4006 	REQUIRE_EQ(wpid, -1);
4007 	REQUIRE_EQ(errno, ECHILD);
4008 }
4009 
4010 /*
4011  * A simple test of PT_GET_SC_ARGS and PT_GET_SC_RET.
4012  */
4013 ATF_TC_WITHOUT_HEAD(ptrace__syscall_args);
4014 ATF_TC_BODY(ptrace__syscall_args, tc)
4015 {
4016 	struct ptrace_lwpinfo pl;
4017 	struct ptrace_sc_ret psr;
4018 	pid_t fpid, wpid;
4019 	register_t args[2];
4020 	int events, status;
4021 
4022 	ATF_REQUIRE((fpid = fork()) != -1);
4023 	if (fpid == 0) {
4024 		trace_me();
4025 		kill(getpid(), 0);
4026 		/* Close a fd that should not exist. */
4027 		close(12345);
4028 		exit(1);
4029 	}
4030 
4031 	/* The first wait() should report the stop from SIGSTOP. */
4032 	wpid = waitpid(fpid, &status, 0);
4033 	REQUIRE_EQ(wpid, fpid);
4034 	ATF_REQUIRE(WIFSTOPPED(status));
4035 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4036 
4037 	/*
4038 	 * Continue the process ignoring the signal, but enabling
4039 	 * syscall traps.
4040 	 */
4041 	REQUIRE_EQ(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0), 0);
4042 
4043 	/*
4044 	 * The next stop should be the syscall entry from getpid().
4045 	 */
4046 	wpid = waitpid(fpid, &status, 0);
4047 	REQUIRE_EQ(wpid, fpid);
4048 	ATF_REQUIRE(WIFSTOPPED(status));
4049 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4050 
4051 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4052 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
4053 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_getpid);
4054 
4055 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4056 
4057 	/*
4058 	 * The next stop should be the syscall exit from getpid().
4059 	 */
4060 	wpid = waitpid(fpid, &status, 0);
4061 	REQUIRE_EQ(wpid, fpid);
4062 	ATF_REQUIRE(WIFSTOPPED(status));
4063 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4064 
4065 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4066 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
4067 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_getpid);
4068 
4069 	ATF_REQUIRE(ptrace(PT_GET_SC_RET, wpid, (caddr_t)&psr,
4070 	    sizeof(psr)) != -1);
4071 	REQUIRE_EQ(psr.sr_error, 0);
4072 	REQUIRE_EQ(psr.sr_retval[0], wpid);
4073 
4074 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4075 
4076 	/*
4077 	 * The next stop should be the syscall entry from kill().
4078 	 */
4079 	wpid = waitpid(fpid, &status, 0);
4080 	REQUIRE_EQ(wpid, fpid);
4081 	ATF_REQUIRE(WIFSTOPPED(status));
4082 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4083 
4084 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4085 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
4086 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_kill);
4087 	REQUIRE_EQ(pl.pl_syscall_narg, 2u);
4088 
4089 	ATF_REQUIRE(ptrace(PT_GET_SC_ARGS, wpid, (caddr_t)args,
4090 	    sizeof(args)) != -1);
4091 	REQUIRE_EQ(args[0], wpid);
4092 	REQUIRE_EQ(args[1], 0);
4093 
4094 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4095 
4096 	/*
4097 	 * The next stop should be the syscall exit from kill().
4098 	 */
4099 	wpid = waitpid(fpid, &status, 0);
4100 	REQUIRE_EQ(wpid, fpid);
4101 	ATF_REQUIRE(WIFSTOPPED(status));
4102 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4103 
4104 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4105 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
4106 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_kill);
4107 
4108 	ATF_REQUIRE(ptrace(PT_GET_SC_RET, wpid, (caddr_t)&psr,
4109 	    sizeof(psr)) != -1);
4110 	REQUIRE_EQ(psr.sr_error, 0);
4111 
4112 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4113 
4114 	/*
4115 	 * The next stop should be the syscall entry from close().
4116 	 */
4117 	wpid = waitpid(fpid, &status, 0);
4118 	REQUIRE_EQ(wpid, fpid);
4119 	ATF_REQUIRE(WIFSTOPPED(status));
4120 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4121 
4122 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4123 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
4124 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_close);
4125 	REQUIRE_EQ(pl.pl_syscall_narg, 1u);
4126 
4127 	ATF_REQUIRE(ptrace(PT_GET_SC_ARGS, wpid, (caddr_t)args,
4128 	    sizeof(args)) != -1);
4129 	REQUIRE_EQ(args[0], 12345);
4130 
4131 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4132 
4133 	/*
4134 	 * The next stop should be the syscall exit from close().
4135 	 */
4136 	wpid = waitpid(fpid, &status, 0);
4137 	REQUIRE_EQ(wpid, fpid);
4138 	ATF_REQUIRE(WIFSTOPPED(status));
4139 	REQUIRE_EQ(WSTOPSIG(status), SIGTRAP);
4140 
4141 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
4142 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
4143 	REQUIRE_EQ(pl.pl_syscall_code, (unsigned)SYS_close);
4144 
4145 	ATF_REQUIRE(ptrace(PT_GET_SC_RET, wpid, (caddr_t)&psr,
4146 	    sizeof(psr)) != -1);
4147 	REQUIRE_EQ(psr.sr_error, EBADF);
4148 
4149 	/* Disable syscall tracing and continue the child to let it exit. */
4150 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
4151 	    sizeof(events)) == 0);
4152 	events &= ~PTRACE_SYSCALL;
4153 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
4154 	    sizeof(events)) == 0);
4155 	REQUIRE_EQ(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0), 0);
4156 
4157 	/* The last event should be for the child process's exit. */
4158 	wpid = waitpid(fpid, &status, 0);
4159 	ATF_REQUIRE(WIFEXITED(status));
4160 	REQUIRE_EQ(WEXITSTATUS(status), 1);
4161 
4162 	wpid = wait(&status);
4163 	REQUIRE_EQ(wpid, -1);
4164 	REQUIRE_EQ(errno, ECHILD);
4165 }
4166 
4167 /*
4168  * Verify that when the process is traced that it isn't reparent
4169  * to the init process when we close all process descriptors.
4170  */
4171 ATF_TC(ptrace__proc_reparent);
4172 ATF_TC_HEAD(ptrace__proc_reparent, tc)
4173 {
4174 
4175 	atf_tc_set_md_var(tc, "timeout", "2");
4176 }
4177 ATF_TC_BODY(ptrace__proc_reparent, tc)
4178 {
4179 	pid_t traced, debuger, wpid;
4180 	int pd, status;
4181 
4182 	traced = pdfork(&pd, 0);
4183 	ATF_REQUIRE(traced >= 0);
4184 	if (traced == 0) {
4185 		raise(SIGSTOP);
4186 		exit(0);
4187 	}
4188 	ATF_REQUIRE(pd >= 0);
4189 
4190 	debuger = fork();
4191 	ATF_REQUIRE(debuger >= 0);
4192 	if (debuger == 0) {
4193 		/* The traced process is reparented to debuger. */
4194 		REQUIRE_EQ(ptrace(PT_ATTACH, traced, 0, 0), 0);
4195 		wpid = waitpid(traced, &status, 0);
4196 		REQUIRE_EQ(wpid, traced);
4197 		ATF_REQUIRE(WIFSTOPPED(status));
4198 		REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4199 		REQUIRE_EQ(close(pd), 0);
4200 		REQUIRE_EQ(ptrace(PT_DETACH, traced, (caddr_t)1, 0), 0);
4201 
4202 		/* We closed pd so we should not have any child. */
4203 		wpid = wait(&status);
4204 		REQUIRE_EQ(wpid, -1);
4205 		REQUIRE_EQ(errno, ECHILD);
4206 
4207 		exit(0);
4208 	}
4209 
4210 	REQUIRE_EQ(close(pd), 0);
4211 	wpid = waitpid(debuger, &status, 0);
4212 	REQUIRE_EQ(wpid, debuger);
4213 	REQUIRE_EQ(WEXITSTATUS(status), 0);
4214 
4215 	/* Check if we still have any child. */
4216 	wpid = wait(&status);
4217 	REQUIRE_EQ(wpid, -1);
4218 	REQUIRE_EQ(errno, ECHILD);
4219 }
4220 
4221 /*
4222  * Ensure that traced processes created with pdfork(2) are visible to
4223  * waitid(P_ALL).
4224  */
4225 ATF_TC_WITHOUT_HEAD(ptrace__procdesc_wait_child);
4226 ATF_TC_BODY(ptrace__procdesc_wait_child, tc)
4227 {
4228 	pid_t child, wpid;
4229 	int pd, status;
4230 
4231 	child = pdfork(&pd, 0);
4232 	ATF_REQUIRE(child >= 0);
4233 
4234 	if (child == 0) {
4235 		trace_me();
4236 		(void)raise(SIGSTOP);
4237 		exit(0);
4238 	}
4239 
4240 	wpid = waitpid(child, &status, 0);
4241 	REQUIRE_EQ(wpid, child);
4242 	ATF_REQUIRE(WIFSTOPPED(status));
4243 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4244 
4245 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
4246 
4247 	wpid = wait(&status);
4248 	REQUIRE_EQ(wpid, child);
4249 	ATF_REQUIRE(WIFSTOPPED(status));
4250 	REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4251 
4252 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
4253 
4254 	/*
4255 	 * If process was created by pdfork, the return code have to
4256 	 * be collected through process descriptor.
4257 	 */
4258 	wpid = wait(&status);
4259 	REQUIRE_EQ(wpid, -1);
4260 	REQUIRE_EQ(errno, ECHILD);
4261 
4262 	ATF_REQUIRE(close(pd) != -1);
4263 }
4264 
4265 /*
4266  * Ensure that traced processes created with pdfork(2) are not visible
4267  * after returning to parent - waitid(P_ALL).
4268  */
4269 ATF_TC_WITHOUT_HEAD(ptrace__procdesc_reparent_wait_child);
4270 ATF_TC_BODY(ptrace__procdesc_reparent_wait_child, tc)
4271 {
4272 	pid_t traced, debuger, wpid;
4273 	int pd, status;
4274 
4275 	traced = pdfork(&pd, 0);
4276 	ATF_REQUIRE(traced >= 0);
4277 	if (traced == 0) {
4278 		raise(SIGSTOP);
4279 		exit(0);
4280 	}
4281 	ATF_REQUIRE(pd >= 0);
4282 
4283 	/* Wait until the child process has stopped before fork()ing again. */
4284 	REQUIRE_EQ(traced, waitpid(traced, &status, WSTOPPED));
4285 	debuger = fork();
4286 	ATF_REQUIRE(debuger >= 0);
4287 	if (debuger == 0) {
4288 		/* The traced process is reparented to debuger. */
4289 		REQUIRE_EQ(ptrace(PT_ATTACH, traced, 0, 0), 0);
4290 		wpid = waitpid(traced, &status, 0);
4291 		REQUIRE_EQ(wpid, traced);
4292 		ATF_REQUIRE(WIFSTOPPED(status));
4293 		REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
4294 
4295 		/* Allow process to die. */
4296 		REQUIRE_EQ(ptrace(PT_CONTINUE, traced, (caddr_t)1, 0), 0);
4297 		wpid = waitpid(traced, &status, 0);
4298 		REQUIRE_EQ(wpid, traced);
4299 		ATF_REQUIRE(WIFEXITED(status));
4300 		REQUIRE_EQ(WEXITSTATUS(status), 0);
4301 
4302 		/* Reparent back to the orginal process. */
4303 		REQUIRE_EQ(close(pd), 0);
4304 		exit(0);
4305 	}
4306 
4307 	wpid = waitpid(debuger, &status, 0);
4308 	REQUIRE_EQ(wpid, debuger);
4309 	REQUIRE_EQ(WEXITSTATUS(status), 0);
4310 
4311 	/*
4312 	 * We have a child but it has a process descriptori
4313 	 * so we should not be able to collect it process.
4314 	 */
4315 	wpid = wait(&status);
4316 	REQUIRE_EQ(wpid, -1);
4317 	REQUIRE_EQ(errno, ECHILD);
4318 
4319 	REQUIRE_EQ(close(pd), 0);
4320 }
4321 
4322 ATF_TP_ADD_TCS(tp)
4323 {
4324 
4325 	ATF_TP_ADD_TC(tp, ptrace__parent_wait_after_trace_me);
4326 	ATF_TP_ADD_TC(tp, ptrace__parent_wait_after_attach);
4327 	ATF_TP_ADD_TC(tp, ptrace__parent_sees_exit_after_child_debugger);
4328 	ATF_TP_ADD_TC(tp, ptrace__parent_sees_exit_after_unrelated_debugger);
4329 	ATF_TP_ADD_TC(tp, ptrace__parent_exits_before_child);
4330 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_both_attached);
4331 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_child_detached);
4332 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_parent_detached);
4333 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_both_attached_unrelated_debugger);
4334 	ATF_TP_ADD_TC(tp,
4335 	    ptrace__follow_fork_child_detached_unrelated_debugger);
4336 	ATF_TP_ADD_TC(tp,
4337 	    ptrace__follow_fork_parent_detached_unrelated_debugger);
4338 	ATF_TP_ADD_TC(tp, ptrace__getppid);
4339 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_fork);
4340 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_vfork);
4341 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_thread);
4342 	ATF_TP_ADD_TC(tp, ptrace__lwp_events);
4343 	ATF_TP_ADD_TC(tp, ptrace__lwp_events_exec);
4344 	ATF_TP_ADD_TC(tp, ptrace__siginfo);
4345 	ATF_TP_ADD_TC(tp, ptrace__ptrace_exec_disable);
4346 	ATF_TP_ADD_TC(tp, ptrace__ptrace_exec_enable);
4347 	ATF_TP_ADD_TC(tp, ptrace__event_mask);
4348 	ATF_TP_ADD_TC(tp, ptrace__ptrace_vfork);
4349 	ATF_TP_ADD_TC(tp, ptrace__ptrace_vfork_follow);
4350 #ifdef HAVE_BREAKPOINT
4351 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_breakpoint);
4352 #endif
4353 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_system_call);
4354 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_threads);
4355 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_competing_signal);
4356 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_competing_stop);
4357 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_with_signal_full_sigqueue);
4358 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_system_call_entry);
4359 	ATF_TP_ADD_TC(tp,
4360 	    ptrace__PT_CONTINUE_with_signal_system_call_entry_and_exit);
4361 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_full_sigqueue);
4362 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_masked_full_sigqueue);
4363 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_change_sig);
4364 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_sigtrap_system_call_entry);
4365 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_mix);
4366 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_kqueue);
4367 	ATF_TP_ADD_TC(tp, ptrace__killed_with_sigmask);
4368 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_sigmask);
4369 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_thread_sigmask);
4370 	ATF_TP_ADD_TC(tp, ptrace__PT_REGSET);
4371 	ATF_TP_ADD_TC(tp, ptrace__parent_terminate_with_pending_sigstop1);
4372 	ATF_TP_ADD_TC(tp, ptrace__parent_terminate_with_pending_sigstop2);
4373 	ATF_TP_ADD_TC(tp, ptrace__event_mask_sigkill_discard);
4374 	ATF_TP_ADD_TC(tp, ptrace__PT_ATTACH_with_SBDRY_thread);
4375 	ATF_TP_ADD_TC(tp, ptrace__PT_STEP_with_signal);
4376 #ifdef HAVE_BREAKPOINT
4377 	ATF_TP_ADD_TC(tp, ptrace__breakpoint_siginfo);
4378 #endif
4379 	ATF_TP_ADD_TC(tp, ptrace__step_siginfo);
4380 #if defined(HAVE_BREAKPOINT) && defined(SKIP_BREAK)
4381 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_different_thread);
4382 #endif
4383 	ATF_TP_ADD_TC(tp, ptrace__PT_LWPINFO_stale_siginfo);
4384 	ATF_TP_ADD_TC(tp, ptrace__syscall_args);
4385 	ATF_TP_ADD_TC(tp, ptrace__proc_reparent);
4386 	ATF_TP_ADD_TC(tp, ptrace__procdesc_wait_child);
4387 	ATF_TP_ADD_TC(tp, ptrace__procdesc_reparent_wait_child);
4388 
4389 	return (atf_no_error());
4390 }
4391