xref: /freebsd/tests/sys/kern/ptrace_test.c (revision a0ee8cc636cd5c2374ec44ca71226564ea0bca95)
1 /*-
2  * Copyright (c) 2015 John Baldwin <jhb@FreeBSD.org>
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  */
26 
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
29 
30 #include <sys/types.h>
31 #include <sys/ptrace.h>
32 #include <sys/syscall.h>
33 #include <sys/sysctl.h>
34 #include <sys/user.h>
35 #include <sys/wait.h>
36 #include <errno.h>
37 #include <pthread.h>
38 #include <signal.h>
39 #include <stdio.h>
40 #include <stdlib.h>
41 #include <unistd.h>
42 #include <atf-c.h>
43 
44 /*
45  * A variant of ATF_REQUIRE that is suitable for use in child
46  * processes.  This only works if the parent process is tripped up by
47  * the early exit and fails some requirement itself.
48  */
49 #define	CHILD_REQUIRE(exp) do {						\
50 		if (!(exp))						\
51 			child_fail_require(__FILE__, __LINE__,		\
52 			    #exp " not met");				\
53 	} while (0)
54 
55 static __dead2 void
56 child_fail_require(const char *file, int line, const char *str)
57 {
58 	char buf[128];
59 
60 	snprintf(buf, sizeof(buf), "%s:%d: %s\n", file, line, str);
61 	write(2, buf, strlen(buf));
62 	_exit(32);
63 }
64 
65 static void
66 trace_me(void)
67 {
68 
69 	/* Attach the parent process as a tracer of this process. */
70 	CHILD_REQUIRE(ptrace(PT_TRACE_ME, 0, NULL, 0) != -1);
71 
72 	/* Trigger a stop. */
73 	raise(SIGSTOP);
74 }
75 
76 static void
77 attach_child(pid_t pid)
78 {
79 	pid_t wpid;
80 	int status;
81 
82 	ATF_REQUIRE(ptrace(PT_ATTACH, pid, NULL, 0) == 0);
83 
84 	wpid = waitpid(pid, &status, 0);
85 	ATF_REQUIRE(wpid == pid);
86 	ATF_REQUIRE(WIFSTOPPED(status));
87 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
88 }
89 
90 static void
91 wait_for_zombie(pid_t pid)
92 {
93 
94 	/*
95 	 * Wait for a process to exit.  This is kind of gross, but
96 	 * there is not a better way.
97 	 */
98 	for (;;) {
99 		struct kinfo_proc kp;
100 		size_t len;
101 		int mib[4];
102 
103 		mib[0] = CTL_KERN;
104 		mib[1] = KERN_PROC;
105 		mib[2] = KERN_PROC_PID;
106 		mib[3] = pid;
107 		len = sizeof(kp);
108 		if (sysctl(mib, nitems(mib), &kp, &len, NULL, 0) == -1) {
109 			/* The KERN_PROC_PID sysctl fails for zombies. */
110 			ATF_REQUIRE(errno == ESRCH);
111 			break;
112 		}
113 		usleep(5000);
114 	}
115 }
116 
117 /*
118  * Verify that a parent debugger process "sees" the exit of a debugged
119  * process exactly once when attached via PT_TRACE_ME.
120  */
121 ATF_TC_WITHOUT_HEAD(ptrace__parent_wait_after_trace_me);
122 ATF_TC_BODY(ptrace__parent_wait_after_trace_me, tc)
123 {
124 	pid_t child, wpid;
125 	int status;
126 
127 	ATF_REQUIRE((child = fork()) != -1);
128 	if (child == 0) {
129 		/* Child process. */
130 		trace_me();
131 
132 		_exit(1);
133 	}
134 
135 	/* Parent process. */
136 
137 	/* The first wait() should report the stop from SIGSTOP. */
138 	wpid = waitpid(child, &status, 0);
139 	ATF_REQUIRE(wpid == child);
140 	ATF_REQUIRE(WIFSTOPPED(status));
141 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
142 
143 	/* Continue the child ignoring the SIGSTOP. */
144 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
145 
146 	/* The second wait() should report the exit status. */
147 	wpid = waitpid(child, &status, 0);
148 	ATF_REQUIRE(wpid == child);
149 	ATF_REQUIRE(WIFEXITED(status));
150 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
151 
152 	/* The child should no longer exist. */
153 	wpid = waitpid(child, &status, 0);
154 	ATF_REQUIRE(wpid == -1);
155 	ATF_REQUIRE(errno == ECHILD);
156 }
157 
158 /*
159  * Verify that a parent debugger process "sees" the exit of a debugged
160  * process exactly once when attached via PT_ATTACH.
161  */
162 ATF_TC_WITHOUT_HEAD(ptrace__parent_wait_after_attach);
163 ATF_TC_BODY(ptrace__parent_wait_after_attach, tc)
164 {
165 	pid_t child, wpid;
166 	int cpipe[2], status;
167 	char c;
168 
169 	ATF_REQUIRE(pipe(cpipe) == 0);
170 	ATF_REQUIRE((child = fork()) != -1);
171 	if (child == 0) {
172 		/* Child process. */
173 		close(cpipe[0]);
174 
175 		/* Wait for the parent to attach. */
176 		CHILD_REQUIRE(read(cpipe[1], &c, sizeof(c)) == 0);
177 
178 		_exit(1);
179 	}
180 	close(cpipe[1]);
181 
182 	/* Parent process. */
183 
184 	/* Attach to the child process. */
185 	attach_child(child);
186 
187 	/* Continue the child ignoring the SIGSTOP. */
188 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
189 
190 	/* Signal the child to exit. */
191 	close(cpipe[0]);
192 
193 	/* The second wait() should report the exit status. */
194 	wpid = waitpid(child, &status, 0);
195 	ATF_REQUIRE(wpid == child);
196 	ATF_REQUIRE(WIFEXITED(status));
197 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
198 
199 	/* The child should no longer exist. */
200 	wpid = waitpid(child, &status, 0);
201 	ATF_REQUIRE(wpid == -1);
202 	ATF_REQUIRE(errno == ECHILD);
203 }
204 
205 /*
206  * Verify that a parent process "sees" the exit of a debugged process only
207  * after the debugger has seen it.
208  */
209 ATF_TC_WITHOUT_HEAD(ptrace__parent_sees_exit_after_child_debugger);
210 ATF_TC_BODY(ptrace__parent_sees_exit_after_child_debugger, tc)
211 {
212 	pid_t child, debugger, wpid;
213 	int cpipe[2], dpipe[2], status;
214 	char c;
215 
216 	ATF_REQUIRE(pipe(cpipe) == 0);
217 	ATF_REQUIRE((child = fork()) != -1);
218 
219 	if (child == 0) {
220 		/* Child process. */
221 		close(cpipe[0]);
222 
223 		/* Wait for parent to be ready. */
224 		CHILD_REQUIRE(read(cpipe[1], &c, sizeof(c)) == sizeof(c));
225 
226 		_exit(1);
227 	}
228 	close(cpipe[1]);
229 
230 	ATF_REQUIRE(pipe(dpipe) == 0);
231 	ATF_REQUIRE((debugger = fork()) != -1);
232 
233 	if (debugger == 0) {
234 		/* Debugger process. */
235 		close(dpipe[0]);
236 
237 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
238 
239 		wpid = waitpid(child, &status, 0);
240 		CHILD_REQUIRE(wpid == child);
241 		CHILD_REQUIRE(WIFSTOPPED(status));
242 		CHILD_REQUIRE(WSTOPSIG(status) == SIGSTOP);
243 
244 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
245 
246 		/* Signal parent that debugger is attached. */
247 		CHILD_REQUIRE(write(dpipe[1], &c, sizeof(c)) == sizeof(c));
248 
249 		/* Wait for parent's failed wait. */
250 		CHILD_REQUIRE(read(dpipe[1], &c, sizeof(c)) == 0);
251 
252 		wpid = waitpid(child, &status, 0);
253 		CHILD_REQUIRE(wpid == child);
254 		CHILD_REQUIRE(WIFEXITED(status));
255 		CHILD_REQUIRE(WEXITSTATUS(status) == 1);
256 
257 		_exit(0);
258 	}
259 	close(dpipe[1]);
260 
261 	/* Parent process. */
262 
263 	/* Wait for the debugger to attach to the child. */
264 	ATF_REQUIRE(read(dpipe[0], &c, sizeof(c)) == sizeof(c));
265 
266 	/* Release the child. */
267 	ATF_REQUIRE(write(cpipe[0], &c, sizeof(c)) == sizeof(c));
268 	ATF_REQUIRE(read(cpipe[0], &c, sizeof(c)) == 0);
269 	close(cpipe[0]);
270 
271 	wait_for_zombie(child);
272 
273 	/*
274 	 * This wait should return a pid of 0 to indicate no status to
275 	 * report.  The parent should see the child as non-exited
276 	 * until the debugger sees the exit.
277 	 */
278 	wpid = waitpid(child, &status, WNOHANG);
279 	ATF_REQUIRE(wpid == 0);
280 
281 	/* Signal the debugger to wait for the child. */
282 	close(dpipe[0]);
283 
284 	/* Wait for the debugger. */
285 	wpid = waitpid(debugger, &status, 0);
286 	ATF_REQUIRE(wpid == debugger);
287 	ATF_REQUIRE(WIFEXITED(status));
288 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
289 
290 	/* The child process should now be ready. */
291 	wpid = waitpid(child, &status, WNOHANG);
292 	ATF_REQUIRE(wpid == child);
293 	ATF_REQUIRE(WIFEXITED(status));
294 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
295 }
296 
297 /*
298  * Verify that a parent process "sees" the exit of a debugged process
299  * only after a non-direct-child debugger has seen it.  In particular,
300  * various wait() calls in the parent must avoid failing with ESRCH by
301  * checking the parent's orphan list for the debugee.
302  */
303 ATF_TC_WITHOUT_HEAD(ptrace__parent_sees_exit_after_unrelated_debugger);
304 ATF_TC_BODY(ptrace__parent_sees_exit_after_unrelated_debugger, tc)
305 {
306 	pid_t child, debugger, fpid, wpid;
307 	int cpipe[2], dpipe[2], status;
308 	char c;
309 
310 	ATF_REQUIRE(pipe(cpipe) == 0);
311 	ATF_REQUIRE((child = fork()) != -1);
312 
313 	if (child == 0) {
314 		/* Child process. */
315 		close(cpipe[0]);
316 
317 		/* Wait for parent to be ready. */
318 		CHILD_REQUIRE(read(cpipe[1], &c, sizeof(c)) == sizeof(c));
319 
320 		_exit(1);
321 	}
322 	close(cpipe[1]);
323 
324 	ATF_REQUIRE(pipe(dpipe) == 0);
325 	ATF_REQUIRE((debugger = fork()) != -1);
326 
327 	if (debugger == 0) {
328 		/* Debugger parent. */
329 
330 		/*
331 		 * Fork again and drop the debugger parent so that the
332 		 * debugger is not a child of the main parent.
333 		 */
334 		CHILD_REQUIRE((fpid = fork()) != -1);
335 		if (fpid != 0)
336 			_exit(2);
337 
338 		/* Debugger process. */
339 		close(dpipe[0]);
340 
341 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
342 
343 		wpid = waitpid(child, &status, 0);
344 		CHILD_REQUIRE(wpid == child);
345 		CHILD_REQUIRE(WIFSTOPPED(status));
346 		CHILD_REQUIRE(WSTOPSIG(status) == SIGSTOP);
347 
348 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
349 
350 		/* Signal parent that debugger is attached. */
351 		CHILD_REQUIRE(write(dpipe[1], &c, sizeof(c)) == sizeof(c));
352 
353 		/* Wait for parent's failed wait. */
354 		CHILD_REQUIRE(read(dpipe[1], &c, sizeof(c)) == sizeof(c));
355 
356 		wpid = waitpid(child, &status, 0);
357 		CHILD_REQUIRE(wpid == child);
358 		CHILD_REQUIRE(WIFEXITED(status));
359 		CHILD_REQUIRE(WEXITSTATUS(status) == 1);
360 
361 		_exit(0);
362 	}
363 	close(dpipe[1]);
364 
365 	/* Parent process. */
366 
367 	/* Wait for the debugger parent process to exit. */
368 	wpid = waitpid(debugger, &status, 0);
369 	ATF_REQUIRE(wpid == debugger);
370 	ATF_REQUIRE(WIFEXITED(status));
371 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
372 
373 	/* A WNOHANG wait here should see the non-exited child. */
374 	wpid = waitpid(child, &status, WNOHANG);
375 	ATF_REQUIRE(wpid == 0);
376 
377 	/* Wait for the debugger to attach to the child. */
378 	ATF_REQUIRE(read(dpipe[0], &c, sizeof(c)) == sizeof(c));
379 
380 	/* Release the child. */
381 	ATF_REQUIRE(write(cpipe[0], &c, sizeof(c)) == sizeof(c));
382 	ATF_REQUIRE(read(cpipe[0], &c, sizeof(c)) == 0);
383 	close(cpipe[0]);
384 
385 	wait_for_zombie(child);
386 
387 	/*
388 	 * This wait should return a pid of 0 to indicate no status to
389 	 * report.  The parent should see the child as non-exited
390 	 * until the debugger sees the exit.
391 	 */
392 	wpid = waitpid(child, &status, WNOHANG);
393 	ATF_REQUIRE(wpid == 0);
394 
395 	/* Signal the debugger to wait for the child. */
396 	ATF_REQUIRE(write(dpipe[0], &c, sizeof(c)) == sizeof(c));
397 
398 	/* Wait for the debugger. */
399 	ATF_REQUIRE(read(dpipe[0], &c, sizeof(c)) == 0);
400 	close(dpipe[0]);
401 
402 	/* The child process should now be ready. */
403 	wpid = waitpid(child, &status, WNOHANG);
404 	ATF_REQUIRE(wpid == child);
405 	ATF_REQUIRE(WIFEXITED(status));
406 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
407 }
408 
409 /*
410  * The parent process should always act the same regardless of how the
411  * debugger is attached to it.
412  */
413 static __dead2 void
414 follow_fork_parent(bool use_vfork)
415 {
416 	pid_t fpid, wpid;
417 	int status;
418 
419 	if (use_vfork)
420 		CHILD_REQUIRE((fpid = vfork()) != -1);
421 	else
422 		CHILD_REQUIRE((fpid = fork()) != -1);
423 
424 	if (fpid == 0)
425 		/* Child */
426 		_exit(2);
427 
428 	wpid = waitpid(fpid, &status, 0);
429 	CHILD_REQUIRE(wpid == fpid);
430 	CHILD_REQUIRE(WIFEXITED(status));
431 	CHILD_REQUIRE(WEXITSTATUS(status) == 2);
432 
433 	_exit(1);
434 }
435 
436 /*
437  * Helper routine for follow fork tests.  This waits for two stops
438  * that report both "sides" of a fork.  It returns the pid of the new
439  * child process.
440  */
441 static pid_t
442 handle_fork_events(pid_t parent, struct ptrace_lwpinfo *ppl)
443 {
444 	struct ptrace_lwpinfo pl;
445 	bool fork_reported[2];
446 	pid_t child, wpid;
447 	int i, status;
448 
449 	fork_reported[0] = false;
450 	fork_reported[1] = false;
451 	child = -1;
452 
453 	/*
454 	 * Each process should report a fork event.  The parent should
455 	 * report a PL_FLAG_FORKED event, and the child should report
456 	 * a PL_FLAG_CHILD event.
457 	 */
458 	for (i = 0; i < 2; i++) {
459 		wpid = wait(&status);
460 		ATF_REQUIRE(wpid > 0);
461 		ATF_REQUIRE(WIFSTOPPED(status));
462 
463 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
464 		    sizeof(pl)) != -1);
465 		ATF_REQUIRE((pl.pl_flags & (PL_FLAG_FORKED | PL_FLAG_CHILD)) !=
466 		    0);
467 		ATF_REQUIRE((pl.pl_flags & (PL_FLAG_FORKED | PL_FLAG_CHILD)) !=
468 		    (PL_FLAG_FORKED | PL_FLAG_CHILD));
469 		if (pl.pl_flags & PL_FLAG_CHILD) {
470 			ATF_REQUIRE(wpid != parent);
471 			ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
472 			ATF_REQUIRE(!fork_reported[1]);
473 			if (child == -1)
474 				child = wpid;
475 			else
476 				ATF_REQUIRE(child == wpid);
477 			if (ppl != NULL)
478 				ppl[1] = pl;
479 			fork_reported[1] = true;
480 		} else {
481 			ATF_REQUIRE(wpid == parent);
482 			ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
483 			ATF_REQUIRE(!fork_reported[0]);
484 			if (child == -1)
485 				child = pl.pl_child_pid;
486 			else
487 				ATF_REQUIRE(child == pl.pl_child_pid);
488 			if (ppl != NULL)
489 				ppl[0] = pl;
490 			fork_reported[0] = true;
491 		}
492 	}
493 
494 	return (child);
495 }
496 
497 /*
498  * Verify that a new child process is stopped after a followed fork and
499  * that the traced parent sees the exit of the child after the debugger
500  * when both processes remain attached to the debugger.
501  */
502 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_both_attached);
503 ATF_TC_BODY(ptrace__follow_fork_both_attached, tc)
504 {
505 	pid_t children[2], fpid, wpid;
506 	int status;
507 
508 	ATF_REQUIRE((fpid = fork()) != -1);
509 	if (fpid == 0) {
510 		trace_me();
511 		follow_fork_parent(false);
512 	}
513 
514 	/* Parent process. */
515 	children[0] = fpid;
516 
517 	/* The first wait() should report the stop from SIGSTOP. */
518 	wpid = waitpid(children[0], &status, 0);
519 	ATF_REQUIRE(wpid == children[0]);
520 	ATF_REQUIRE(WIFSTOPPED(status));
521 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
522 
523 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
524 
525 	/* Continue the child ignoring the SIGSTOP. */
526 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
527 
528 	children[1] = handle_fork_events(children[0], NULL);
529 	ATF_REQUIRE(children[1] > 0);
530 
531 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
532 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
533 
534 	/*
535 	 * The child can't exit until the grandchild reports status, so the
536 	 * grandchild should report its exit first to the debugger.
537 	 */
538 	wpid = wait(&status);
539 	ATF_REQUIRE(wpid == children[1]);
540 	ATF_REQUIRE(WIFEXITED(status));
541 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
542 
543 	wpid = wait(&status);
544 	ATF_REQUIRE(wpid == children[0]);
545 	ATF_REQUIRE(WIFEXITED(status));
546 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
547 
548 	wpid = wait(&status);
549 	ATF_REQUIRE(wpid == -1);
550 	ATF_REQUIRE(errno == ECHILD);
551 }
552 
553 /*
554  * Verify that a new child process is stopped after a followed fork
555  * and that the traced parent sees the exit of the child when the new
556  * child process is detached after it reports its fork.
557  */
558 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_child_detached);
559 ATF_TC_BODY(ptrace__follow_fork_child_detached, tc)
560 {
561 	pid_t children[2], fpid, wpid;
562 	int status;
563 
564 	ATF_REQUIRE((fpid = fork()) != -1);
565 	if (fpid == 0) {
566 		trace_me();
567 		follow_fork_parent(false);
568 	}
569 
570 	/* Parent process. */
571 	children[0] = fpid;
572 
573 	/* The first wait() should report the stop from SIGSTOP. */
574 	wpid = waitpid(children[0], &status, 0);
575 	ATF_REQUIRE(wpid == children[0]);
576 	ATF_REQUIRE(WIFSTOPPED(status));
577 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
578 
579 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
580 
581 	/* Continue the child ignoring the SIGSTOP. */
582 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
583 
584 	children[1] = handle_fork_events(children[0], NULL);
585 	ATF_REQUIRE(children[1] > 0);
586 
587 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
588 	ATF_REQUIRE(ptrace(PT_DETACH, children[1], (caddr_t)1, 0) != -1);
589 
590 	/*
591 	 * Should not see any status from the grandchild now, only the
592 	 * child.
593 	 */
594 	wpid = wait(&status);
595 	ATF_REQUIRE(wpid == children[0]);
596 	ATF_REQUIRE(WIFEXITED(status));
597 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
598 
599 	wpid = wait(&status);
600 	ATF_REQUIRE(wpid == -1);
601 	ATF_REQUIRE(errno == ECHILD);
602 }
603 
604 /*
605  * Verify that a new child process is stopped after a followed fork
606  * and that the traced parent sees the exit of the child when the
607  * traced parent is detached after the fork.
608  */
609 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_parent_detached);
610 ATF_TC_BODY(ptrace__follow_fork_parent_detached, tc)
611 {
612 	pid_t children[2], fpid, wpid;
613 	int status;
614 
615 	ATF_REQUIRE((fpid = fork()) != -1);
616 	if (fpid == 0) {
617 		trace_me();
618 		follow_fork_parent(false);
619 	}
620 
621 	/* Parent process. */
622 	children[0] = fpid;
623 
624 	/* The first wait() should report the stop from SIGSTOP. */
625 	wpid = waitpid(children[0], &status, 0);
626 	ATF_REQUIRE(wpid == children[0]);
627 	ATF_REQUIRE(WIFSTOPPED(status));
628 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
629 
630 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
631 
632 	/* Continue the child ignoring the SIGSTOP. */
633 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
634 
635 	children[1] = handle_fork_events(children[0], NULL);
636 	ATF_REQUIRE(children[1] > 0);
637 
638 	ATF_REQUIRE(ptrace(PT_DETACH, children[0], (caddr_t)1, 0) != -1);
639 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
640 
641 	/*
642 	 * The child can't exit until the grandchild reports status, so the
643 	 * grandchild should report its exit first to the debugger.
644 	 *
645 	 * Even though the child process is detached, it is still a
646 	 * child of the debugger, so it will still report it's exit
647 	 * after the grandchild.
648 	 */
649 	wpid = wait(&status);
650 	ATF_REQUIRE(wpid == children[1]);
651 	ATF_REQUIRE(WIFEXITED(status));
652 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
653 
654 	wpid = wait(&status);
655 	ATF_REQUIRE(wpid == children[0]);
656 	ATF_REQUIRE(WIFEXITED(status));
657 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
658 
659 	wpid = wait(&status);
660 	ATF_REQUIRE(wpid == -1);
661 	ATF_REQUIRE(errno == ECHILD);
662 }
663 
664 static void
665 attach_fork_parent(int cpipe[2])
666 {
667 	pid_t fpid;
668 
669 	close(cpipe[0]);
670 
671 	/* Double-fork to disassociate from the debugger. */
672 	CHILD_REQUIRE((fpid = fork()) != -1);
673 	if (fpid != 0)
674 		_exit(3);
675 
676 	/* Send the pid of the disassociated child to the debugger. */
677 	fpid = getpid();
678 	CHILD_REQUIRE(write(cpipe[1], &fpid, sizeof(fpid)) == sizeof(fpid));
679 
680 	/* Wait for the debugger to attach. */
681 	CHILD_REQUIRE(read(cpipe[1], &fpid, sizeof(fpid)) == 0);
682 }
683 
684 /*
685  * Verify that a new child process is stopped after a followed fork and
686  * that the traced parent sees the exit of the child after the debugger
687  * when both processes remain attached to the debugger.  In this test
688  * the parent that forks is not a direct child of the debugger.
689  */
690 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_both_attached_unrelated_debugger);
691 ATF_TC_BODY(ptrace__follow_fork_both_attached_unrelated_debugger, tc)
692 {
693 	pid_t children[2], fpid, wpid;
694 	int cpipe[2], status;
695 
696 	ATF_REQUIRE(pipe(cpipe) == 0);
697 	ATF_REQUIRE((fpid = fork()) != -1);
698 	if (fpid == 0) {
699 		attach_fork_parent(cpipe);
700 		follow_fork_parent(false);
701 	}
702 
703 	/* Parent process. */
704 	close(cpipe[1]);
705 
706 	/* Wait for the direct child to exit. */
707 	wpid = waitpid(fpid, &status, 0);
708 	ATF_REQUIRE(wpid == fpid);
709 	ATF_REQUIRE(WIFEXITED(status));
710 	ATF_REQUIRE(WEXITSTATUS(status) == 3);
711 
712 	/* Read the pid of the fork parent. */
713 	ATF_REQUIRE(read(cpipe[0], &children[0], sizeof(children[0])) ==
714 	    sizeof(children[0]));
715 
716 	/* Attach to the fork parent. */
717 	attach_child(children[0]);
718 
719 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
720 
721 	/* Continue the fork parent ignoring the SIGSTOP. */
722 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
723 
724 	/* Signal the fork parent to continue. */
725 	close(cpipe[0]);
726 
727 	children[1] = handle_fork_events(children[0], NULL);
728 	ATF_REQUIRE(children[1] > 0);
729 
730 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
731 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
732 
733 	/*
734 	 * The fork parent can't exit until the child reports status,
735 	 * so the child should report its exit first to the debugger.
736 	 */
737 	wpid = wait(&status);
738 	ATF_REQUIRE(wpid == children[1]);
739 	ATF_REQUIRE(WIFEXITED(status));
740 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
741 
742 	wpid = wait(&status);
743 	ATF_REQUIRE(wpid == children[0]);
744 	ATF_REQUIRE(WIFEXITED(status));
745 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
746 
747 	wpid = wait(&status);
748 	ATF_REQUIRE(wpid == -1);
749 	ATF_REQUIRE(errno == ECHILD);
750 }
751 
752 /*
753  * Verify that a new child process is stopped after a followed fork
754  * and that the traced parent sees the exit of the child when the new
755  * child process is detached after it reports its fork.  In this test
756  * the parent that forks is not a direct child of the debugger.
757  */
758 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_child_detached_unrelated_debugger);
759 ATF_TC_BODY(ptrace__follow_fork_child_detached_unrelated_debugger, tc)
760 {
761 	pid_t children[2], fpid, wpid;
762 	int cpipe[2], status;
763 
764 	ATF_REQUIRE(pipe(cpipe) == 0);
765 	ATF_REQUIRE((fpid = fork()) != -1);
766 	if (fpid == 0) {
767 		attach_fork_parent(cpipe);
768 		follow_fork_parent(false);
769 	}
770 
771 	/* Parent process. */
772 	close(cpipe[1]);
773 
774 	/* Wait for the direct child to exit. */
775 	wpid = waitpid(fpid, &status, 0);
776 	ATF_REQUIRE(wpid == fpid);
777 	ATF_REQUIRE(WIFEXITED(status));
778 	ATF_REQUIRE(WEXITSTATUS(status) == 3);
779 
780 	/* Read the pid of the fork parent. */
781 	ATF_REQUIRE(read(cpipe[0], &children[0], sizeof(children[0])) ==
782 	    sizeof(children[0]));
783 
784 	/* Attach to the fork parent. */
785 	attach_child(children[0]);
786 
787 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
788 
789 	/* Continue the fork parent ignoring the SIGSTOP. */
790 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
791 
792 	/* Signal the fork parent to continue. */
793 	close(cpipe[0]);
794 
795 	children[1] = handle_fork_events(children[0], NULL);
796 	ATF_REQUIRE(children[1] > 0);
797 
798 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
799 	ATF_REQUIRE(ptrace(PT_DETACH, children[1], (caddr_t)1, 0) != -1);
800 
801 	/*
802 	 * Should not see any status from the child now, only the fork
803 	 * parent.
804 	 */
805 	wpid = wait(&status);
806 	ATF_REQUIRE(wpid == children[0]);
807 	ATF_REQUIRE(WIFEXITED(status));
808 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
809 
810 	wpid = wait(&status);
811 	ATF_REQUIRE(wpid == -1);
812 	ATF_REQUIRE(errno == ECHILD);
813 }
814 
815 /*
816  * Verify that a new child process is stopped after a followed fork
817  * and that the traced parent sees the exit of the child when the
818  * traced parent is detached after the fork.  In this test the parent
819  * that forks is not a direct child of the debugger.
820  */
821 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_parent_detached_unrelated_debugger);
822 ATF_TC_BODY(ptrace__follow_fork_parent_detached_unrelated_debugger, tc)
823 {
824 	pid_t children[2], fpid, wpid;
825 	int cpipe[2], status;
826 
827 	ATF_REQUIRE(pipe(cpipe) == 0);
828 	ATF_REQUIRE((fpid = fork()) != -1);
829 	if (fpid == 0) {
830 		attach_fork_parent(cpipe);
831 		follow_fork_parent(false);
832 	}
833 
834 	/* Parent process. */
835 	close(cpipe[1]);
836 
837 	/* Wait for the direct child to exit. */
838 	wpid = waitpid(fpid, &status, 0);
839 	ATF_REQUIRE(wpid == fpid);
840 	ATF_REQUIRE(WIFEXITED(status));
841 	ATF_REQUIRE(WEXITSTATUS(status) == 3);
842 
843 	/* Read the pid of the fork parent. */
844 	ATF_REQUIRE(read(cpipe[0], &children[0], sizeof(children[0])) ==
845 	    sizeof(children[0]));
846 
847 	/* Attach to the fork parent. */
848 	attach_child(children[0]);
849 
850 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
851 
852 	/* Continue the fork parent ignoring the SIGSTOP. */
853 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
854 
855 	/* Signal the fork parent to continue. */
856 	close(cpipe[0]);
857 
858 	children[1] = handle_fork_events(children[0], NULL);
859 	ATF_REQUIRE(children[1] > 0);
860 
861 	ATF_REQUIRE(ptrace(PT_DETACH, children[0], (caddr_t)1, 0) != -1);
862 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
863 
864 	/*
865 	 * Should not see any status from the fork parent now, only
866 	 * the child.
867 	 */
868 	wpid = wait(&status);
869 	ATF_REQUIRE(wpid == children[1]);
870 	ATF_REQUIRE(WIFEXITED(status));
871 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
872 
873 	wpid = wait(&status);
874 	ATF_REQUIRE(wpid == -1);
875 	ATF_REQUIRE(errno == ECHILD);
876 }
877 
878 /*
879  * Verify that a child process does not see an unrelated debugger as its
880  * parent but sees its original parent process.
881  */
882 ATF_TC_WITHOUT_HEAD(ptrace__getppid);
883 ATF_TC_BODY(ptrace__getppid, tc)
884 {
885 	pid_t child, debugger, ppid, wpid;
886 	int cpipe[2], dpipe[2], status;
887 	char c;
888 
889 	ATF_REQUIRE(pipe(cpipe) == 0);
890 	ATF_REQUIRE((child = fork()) != -1);
891 
892 	if (child == 0) {
893 		/* Child process. */
894 		close(cpipe[0]);
895 
896 		/* Wait for parent to be ready. */
897 		CHILD_REQUIRE(read(cpipe[1], &c, sizeof(c)) == sizeof(c));
898 
899 		/* Report the parent PID to the parent. */
900 		ppid = getppid();
901 		CHILD_REQUIRE(write(cpipe[1], &ppid, sizeof(ppid)) ==
902 		    sizeof(ppid));
903 
904 		_exit(1);
905 	}
906 	close(cpipe[1]);
907 
908 	ATF_REQUIRE(pipe(dpipe) == 0);
909 	ATF_REQUIRE((debugger = fork()) != -1);
910 
911 	if (debugger == 0) {
912 		/* Debugger process. */
913 		close(dpipe[0]);
914 
915 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
916 
917 		wpid = waitpid(child, &status, 0);
918 		CHILD_REQUIRE(wpid == child);
919 		CHILD_REQUIRE(WIFSTOPPED(status));
920 		CHILD_REQUIRE(WSTOPSIG(status) == SIGSTOP);
921 
922 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
923 
924 		/* Signal parent that debugger is attached. */
925 		CHILD_REQUIRE(write(dpipe[1], &c, sizeof(c)) == sizeof(c));
926 
927 		/* Wait for traced child to exit. */
928 		wpid = waitpid(child, &status, 0);
929 		CHILD_REQUIRE(wpid == child);
930 		CHILD_REQUIRE(WIFEXITED(status));
931 		CHILD_REQUIRE(WEXITSTATUS(status) == 1);
932 
933 		_exit(0);
934 	}
935 	close(dpipe[1]);
936 
937 	/* Parent process. */
938 
939 	/* Wait for the debugger to attach to the child. */
940 	ATF_REQUIRE(read(dpipe[0], &c, sizeof(c)) == sizeof(c));
941 
942 	/* Release the child. */
943 	ATF_REQUIRE(write(cpipe[0], &c, sizeof(c)) == sizeof(c));
944 
945 	/* Read the parent PID from the child. */
946 	ATF_REQUIRE(read(cpipe[0], &ppid, sizeof(ppid)) == sizeof(ppid));
947 	close(cpipe[0]);
948 
949 	ATF_REQUIRE(ppid == getpid());
950 
951 	/* Wait for the debugger. */
952 	wpid = waitpid(debugger, &status, 0);
953 	ATF_REQUIRE(wpid == debugger);
954 	ATF_REQUIRE(WIFEXITED(status));
955 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
956 
957 	/* The child process should now be ready. */
958 	wpid = waitpid(child, &status, WNOHANG);
959 	ATF_REQUIRE(wpid == child);
960 	ATF_REQUIRE(WIFEXITED(status));
961 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
962 }
963 
964 /*
965  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
966  * child process created via fork() reports the correct value.
967  */
968 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_fork);
969 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_fork, tc)
970 {
971 	struct ptrace_lwpinfo pl[2];
972 	pid_t children[2], fpid, wpid;
973 	int status;
974 
975 	ATF_REQUIRE((fpid = fork()) != -1);
976 	if (fpid == 0) {
977 		trace_me();
978 		follow_fork_parent(false);
979 	}
980 
981 	/* Parent process. */
982 	children[0] = fpid;
983 
984 	/* The first wait() should report the stop from SIGSTOP. */
985 	wpid = waitpid(children[0], &status, 0);
986 	ATF_REQUIRE(wpid == children[0]);
987 	ATF_REQUIRE(WIFSTOPPED(status));
988 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
989 
990 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
991 
992 	/* Continue the child ignoring the SIGSTOP. */
993 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
994 
995 	/* Wait for both halves of the fork event to get reported. */
996 	children[1] = handle_fork_events(children[0], pl);
997 	ATF_REQUIRE(children[1] > 0);
998 
999 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_SCX) != 0);
1000 	ATF_REQUIRE((pl[1].pl_flags & PL_FLAG_SCX) != 0);
1001 	ATF_REQUIRE(pl[0].pl_syscall_code == SYS_fork);
1002 	ATF_REQUIRE(pl[0].pl_syscall_code == pl[1].pl_syscall_code);
1003 	ATF_REQUIRE(pl[0].pl_syscall_narg == pl[1].pl_syscall_narg);
1004 
1005 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1006 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1007 
1008 	/*
1009 	 * The child can't exit until the grandchild reports status, so the
1010 	 * grandchild should report its exit first to the debugger.
1011 	 */
1012 	wpid = wait(&status);
1013 	ATF_REQUIRE(wpid == children[1]);
1014 	ATF_REQUIRE(WIFEXITED(status));
1015 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
1016 
1017 	wpid = wait(&status);
1018 	ATF_REQUIRE(wpid == children[0]);
1019 	ATF_REQUIRE(WIFEXITED(status));
1020 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
1021 
1022 	wpid = wait(&status);
1023 	ATF_REQUIRE(wpid == -1);
1024 	ATF_REQUIRE(errno == ECHILD);
1025 }
1026 
1027 /*
1028  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1029  * child process created via vfork() reports the correct value.
1030  */
1031 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_vfork);
1032 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_vfork, tc)
1033 {
1034 	struct ptrace_lwpinfo pl[2];
1035 	pid_t children[2], fpid, wpid;
1036 	int status;
1037 
1038 	ATF_REQUIRE((fpid = fork()) != -1);
1039 	if (fpid == 0) {
1040 		trace_me();
1041 		follow_fork_parent(true);
1042 	}
1043 
1044 	/* Parent process. */
1045 	children[0] = fpid;
1046 
1047 	/* The first wait() should report the stop from SIGSTOP. */
1048 	wpid = waitpid(children[0], &status, 0);
1049 	ATF_REQUIRE(wpid == children[0]);
1050 	ATF_REQUIRE(WIFSTOPPED(status));
1051 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1052 
1053 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
1054 
1055 	/* Continue the child ignoring the SIGSTOP. */
1056 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1057 
1058 	/* Wait for both halves of the fork event to get reported. */
1059 	children[1] = handle_fork_events(children[0], pl);
1060 	ATF_REQUIRE(children[1] > 0);
1061 
1062 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_SCX) != 0);
1063 	ATF_REQUIRE((pl[1].pl_flags & PL_FLAG_SCX) != 0);
1064 	ATF_REQUIRE(pl[0].pl_syscall_code == SYS_vfork);
1065 	ATF_REQUIRE(pl[0].pl_syscall_code == pl[1].pl_syscall_code);
1066 	ATF_REQUIRE(pl[0].pl_syscall_narg == pl[1].pl_syscall_narg);
1067 
1068 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1069 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1070 
1071 	/*
1072 	 * The child can't exit until the grandchild reports status, so the
1073 	 * grandchild should report its exit first to the debugger.
1074 	 */
1075 	wpid = wait(&status);
1076 	ATF_REQUIRE(wpid == children[1]);
1077 	ATF_REQUIRE(WIFEXITED(status));
1078 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
1079 
1080 	wpid = wait(&status);
1081 	ATF_REQUIRE(wpid == children[0]);
1082 	ATF_REQUIRE(WIFEXITED(status));
1083 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
1084 
1085 	wpid = wait(&status);
1086 	ATF_REQUIRE(wpid == -1);
1087 	ATF_REQUIRE(errno == ECHILD);
1088 }
1089 
1090 static void *
1091 simple_thread(void *arg __unused)
1092 {
1093 
1094 	pthread_exit(NULL);
1095 }
1096 
1097 static __dead2 void
1098 simple_thread_main(void)
1099 {
1100 	pthread_t thread;
1101 
1102 	CHILD_REQUIRE(pthread_create(&thread, NULL, simple_thread, NULL) == 0);
1103 	CHILD_REQUIRE(pthread_join(thread, NULL) == 0);
1104 	exit(1);
1105 }
1106 
1107 /*
1108  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1109  * thread reports the correct value.
1110  */
1111 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_thread);
1112 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_thread, tc)
1113 {
1114 	struct ptrace_lwpinfo pl;
1115 	pid_t fpid, wpid;
1116 	lwpid_t mainlwp;
1117 	int status;
1118 
1119 	ATF_REQUIRE((fpid = fork()) != -1);
1120 	if (fpid == 0) {
1121 		trace_me();
1122 		simple_thread_main();
1123 	}
1124 
1125 	/* The first wait() should report the stop from SIGSTOP. */
1126 	wpid = waitpid(fpid, &status, 0);
1127 	ATF_REQUIRE(wpid == fpid);
1128 	ATF_REQUIRE(WIFSTOPPED(status));
1129 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1130 
1131 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1132 	    sizeof(pl)) != -1);
1133 	mainlwp = pl.pl_lwpid;
1134 
1135 	/*
1136 	 * Continue the child ignoring the SIGSTOP and tracing all
1137 	 * system call exits.
1138 	 */
1139 	ATF_REQUIRE(ptrace(PT_TO_SCX, fpid, (caddr_t)1, 0) != -1);
1140 
1141 	/*
1142 	 * Wait for the new thread to arrive.  pthread_create() might
1143 	 * invoke any number of system calls.  For now we just wait
1144 	 * for the new thread to arrive and make sure it reports a
1145 	 * valid system call code.  If ptrace grows thread event
1146 	 * reporting then this test can be made more precise.
1147 	 */
1148 	for (;;) {
1149 		wpid = waitpid(fpid, &status, 0);
1150 		ATF_REQUIRE(wpid == fpid);
1151 		ATF_REQUIRE(WIFSTOPPED(status));
1152 		ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1153 
1154 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1155 		    sizeof(pl)) != -1);
1156 		ATF_REQUIRE((pl.pl_flags & PL_FLAG_SCX) != 0);
1157 		ATF_REQUIRE(pl.pl_syscall_code != 0);
1158 		if (pl.pl_lwpid != mainlwp)
1159 			/* New thread seen. */
1160 			break;
1161 
1162 		ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1163 	}
1164 
1165 	/* Wait for the child to exit. */
1166 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1167 	for (;;) {
1168 		wpid = waitpid(fpid, &status, 0);
1169 		ATF_REQUIRE(wpid == fpid);
1170 		if (WIFEXITED(status))
1171 			break;
1172 
1173 		ATF_REQUIRE(WIFSTOPPED(status));
1174 		ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1175 		ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1176 	}
1177 
1178 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
1179 
1180 	wpid = wait(&status);
1181 	ATF_REQUIRE(wpid == -1);
1182 	ATF_REQUIRE(errno == ECHILD);
1183 }
1184 
1185 /*
1186  * Verify that the expected LWP events are reported for a child thread.
1187  */
1188 ATF_TC_WITHOUT_HEAD(ptrace__lwp_events);
1189 ATF_TC_BODY(ptrace__lwp_events, tc)
1190 {
1191 	struct ptrace_lwpinfo pl;
1192 	pid_t fpid, wpid;
1193 	lwpid_t lwps[2];
1194 	int status;
1195 
1196 	ATF_REQUIRE((fpid = fork()) != -1);
1197 	if (fpid == 0) {
1198 		trace_me();
1199 		simple_thread_main();
1200 	}
1201 
1202 	/* The first wait() should report the stop from SIGSTOP. */
1203 	wpid = waitpid(fpid, &status, 0);
1204 	ATF_REQUIRE(wpid == fpid);
1205 	ATF_REQUIRE(WIFSTOPPED(status));
1206 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1207 
1208 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1209 	    sizeof(pl)) != -1);
1210 	lwps[0] = pl.pl_lwpid;
1211 
1212 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, wpid, NULL, 1) == 0);
1213 
1214 	/* Continue the child ignoring the SIGSTOP. */
1215 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1216 
1217 	/* The first event should be for the child thread's birth. */
1218 	wpid = waitpid(fpid, &status, 0);
1219 	ATF_REQUIRE(wpid == fpid);
1220 	ATF_REQUIRE(WIFSTOPPED(status));
1221 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1222 
1223 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1224 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)) ==
1225 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1226 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
1227 	lwps[1] = pl.pl_lwpid;
1228 
1229 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1230 
1231 	/* The next event should be for the child thread's death. */
1232 	wpid = waitpid(fpid, &status, 0);
1233 	ATF_REQUIRE(wpid == fpid);
1234 	ATF_REQUIRE(WIFSTOPPED(status));
1235 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1236 
1237 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1238 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_EXITED | PL_FLAG_SCE)) ==
1239 	    (PL_FLAG_EXITED | PL_FLAG_SCE));
1240 	ATF_REQUIRE(pl.pl_lwpid == lwps[1]);
1241 
1242 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1243 
1244 	/* The last event should be for the child process's exit. */
1245 	wpid = waitpid(fpid, &status, 0);
1246 	ATF_REQUIRE(WIFEXITED(status));
1247 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
1248 
1249 	wpid = wait(&status);
1250 	ATF_REQUIRE(wpid == -1);
1251 	ATF_REQUIRE(errno == ECHILD);
1252 }
1253 
1254 static void *
1255 exec_thread(void *arg __unused)
1256 {
1257 
1258 	execl("/usr/bin/true", "true", NULL);
1259 	exit(127);
1260 }
1261 
1262 static __dead2 void
1263 exec_thread_main(void)
1264 {
1265 	pthread_t thread;
1266 
1267 	CHILD_REQUIRE(pthread_create(&thread, NULL, exec_thread, NULL) == 0);
1268 	for (;;)
1269 		sleep(60);
1270 	exit(1);
1271 }
1272 
1273 /*
1274  * Verify that the expected LWP events are reported for a multithreaded
1275  * process that calls execve(2).
1276  */
1277 ATF_TC_WITHOUT_HEAD(ptrace__lwp_events_exec);
1278 ATF_TC_BODY(ptrace__lwp_events_exec, tc)
1279 {
1280 	struct ptrace_lwpinfo pl;
1281 	pid_t fpid, wpid;
1282 	lwpid_t lwps[2];
1283 	int status;
1284 
1285 	ATF_REQUIRE((fpid = fork()) != -1);
1286 	if (fpid == 0) {
1287 		trace_me();
1288 		exec_thread_main();
1289 	}
1290 
1291 	/* The first wait() should report the stop from SIGSTOP. */
1292 	wpid = waitpid(fpid, &status, 0);
1293 	ATF_REQUIRE(wpid == fpid);
1294 	ATF_REQUIRE(WIFSTOPPED(status));
1295 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1296 
1297 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1298 	    sizeof(pl)) != -1);
1299 	lwps[0] = pl.pl_lwpid;
1300 
1301 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, wpid, NULL, 1) == 0);
1302 
1303 	/* Continue the child ignoring the SIGSTOP. */
1304 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1305 
1306 	/* The first event should be for the child thread's birth. */
1307 	wpid = waitpid(fpid, &status, 0);
1308 	ATF_REQUIRE(wpid == fpid);
1309 	ATF_REQUIRE(WIFSTOPPED(status));
1310 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1311 
1312 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1313 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)) ==
1314 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1315 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
1316 	lwps[1] = pl.pl_lwpid;
1317 
1318 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1319 
1320 	/*
1321 	 * The next event should be for the main thread's death due to
1322 	 * single threading from execve().
1323 	 */
1324 	wpid = waitpid(fpid, &status, 0);
1325 	ATF_REQUIRE(wpid == fpid);
1326 	ATF_REQUIRE(WIFSTOPPED(status));
1327 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1328 
1329 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1330 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_EXITED | PL_FLAG_SCE)) ==
1331 	    (PL_FLAG_EXITED));
1332 	ATF_REQUIRE(pl.pl_lwpid == lwps[0]);
1333 
1334 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1335 
1336 	/* The next event should be for the child process's exec. */
1337 	wpid = waitpid(fpid, &status, 0);
1338 	ATF_REQUIRE(WIFSTOPPED(status));
1339 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1340 
1341 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1342 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_EXEC | PL_FLAG_SCX)) ==
1343 	    (PL_FLAG_EXEC | PL_FLAG_SCX));
1344 	ATF_REQUIRE(pl.pl_lwpid == lwps[1]);
1345 
1346 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1347 
1348 	/* The last event should be for the child process's exit. */
1349 	wpid = waitpid(fpid, &status, 0);
1350 	ATF_REQUIRE(WIFEXITED(status));
1351 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
1352 
1353 	wpid = wait(&status);
1354 	ATF_REQUIRE(wpid == -1);
1355 	ATF_REQUIRE(errno == ECHILD);
1356 }
1357 
1358 ATF_TP_ADD_TCS(tp)
1359 {
1360 
1361 	ATF_TP_ADD_TC(tp, ptrace__parent_wait_after_trace_me);
1362 	ATF_TP_ADD_TC(tp, ptrace__parent_wait_after_attach);
1363 	ATF_TP_ADD_TC(tp, ptrace__parent_sees_exit_after_child_debugger);
1364 	ATF_TP_ADD_TC(tp, ptrace__parent_sees_exit_after_unrelated_debugger);
1365 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_both_attached);
1366 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_child_detached);
1367 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_parent_detached);
1368 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_both_attached_unrelated_debugger);
1369 	ATF_TP_ADD_TC(tp,
1370 	    ptrace__follow_fork_child_detached_unrelated_debugger);
1371 	ATF_TP_ADD_TC(tp,
1372 	    ptrace__follow_fork_parent_detached_unrelated_debugger);
1373 	ATF_TP_ADD_TC(tp, ptrace__getppid);
1374 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_fork);
1375 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_vfork);
1376 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_thread);
1377 	ATF_TP_ADD_TC(tp, ptrace__lwp_events);
1378 	ATF_TP_ADD_TC(tp, ptrace__lwp_events_exec);
1379 
1380 	return (atf_no_error());
1381 }
1382