xref: /freebsd/tests/sys/kern/ptrace_test.c (revision cddbc3b40812213ff00041f79174cac0be360a2a)
1 /*-
2  * Copyright (c) 2015 John Baldwin <jhb@FreeBSD.org>
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23  * SUCH DAMAGE.
24  */
25 
26 #include <sys/cdefs.h>
27 __FBSDID("$FreeBSD$");
28 
29 #include <sys/types.h>
30 #include <sys/cpuset.h>
31 #include <sys/event.h>
32 #include <sys/file.h>
33 #include <sys/time.h>
34 #include <sys/procctl.h>
35 #include <sys/ptrace.h>
36 #include <sys/queue.h>
37 #include <sys/runq.h>
38 #include <sys/syscall.h>
39 #include <sys/sysctl.h>
40 #include <sys/user.h>
41 #include <sys/wait.h>
42 #include <errno.h>
43 #include <machine/cpufunc.h>
44 #include <pthread.h>
45 #include <sched.h>
46 #include <semaphore.h>
47 #include <signal.h>
48 #include <stdio.h>
49 #include <stdlib.h>
50 #include <unistd.h>
51 #include <atf-c.h>
52 
53 /*
54  * Architectures with a user-visible breakpoint().
55  */
56 #if defined(__aarch64__) || defined(__amd64__) || defined(__arm__) ||	\
57     defined(__i386__) || defined(__mips__) || defined(__riscv) ||	\
58     defined(__sparc64__)
59 #define	HAVE_BREAKPOINT
60 #endif
61 
62 /*
63  * Adjust PC to skip over a breakpoint when stopped for a breakpoint trap.
64  */
65 #ifdef HAVE_BREAKPOINT
66 #if defined(__aarch64__)
67 #define	SKIP_BREAK(reg)	((reg)->elr += 4)
68 #elif defined(__amd64__) || defined(__i386__)
69 #define	SKIP_BREAK(reg)
70 #elif defined(__arm__)
71 #define	SKIP_BREAK(reg)	((reg)->r_pc += 4)
72 #elif defined(__mips__)
73 #define	SKIP_BREAK(reg)	((reg)->r_regs[PC] += 4)
74 #elif defined(__riscv)
75 #define	SKIP_BREAK(reg)	((reg)->sepc += 4)
76 #elif defined(__sparc64__)
77 #define	SKIP_BREAK(reg)	do {						\
78 	(reg)->r_tpc = (reg)->r_tnpc + 4;				\
79 	(reg)->r_tnpc += 8;						\
80 } while (0)
81 #endif
82 #endif
83 
84 /*
85  * A variant of ATF_REQUIRE that is suitable for use in child
86  * processes.  This only works if the parent process is tripped up by
87  * the early exit and fails some requirement itself.
88  */
89 #define	CHILD_REQUIRE(exp) do {						\
90 		if (!(exp))						\
91 			child_fail_require(__FILE__, __LINE__,		\
92 			    #exp " not met");				\
93 	} while (0)
94 
95 static __dead2 void
96 child_fail_require(const char *file, int line, const char *str)
97 {
98 	char buf[128];
99 
100 	snprintf(buf, sizeof(buf), "%s:%d: %s\n", file, line, str);
101 	write(2, buf, strlen(buf));
102 	_exit(32);
103 }
104 
105 static void
106 trace_me(void)
107 {
108 
109 	/* Attach the parent process as a tracer of this process. */
110 	CHILD_REQUIRE(ptrace(PT_TRACE_ME, 0, NULL, 0) != -1);
111 
112 	/* Trigger a stop. */
113 	raise(SIGSTOP);
114 }
115 
116 static void
117 attach_child(pid_t pid)
118 {
119 	pid_t wpid;
120 	int status;
121 
122 	ATF_REQUIRE(ptrace(PT_ATTACH, pid, NULL, 0) == 0);
123 
124 	wpid = waitpid(pid, &status, 0);
125 	ATF_REQUIRE(wpid == pid);
126 	ATF_REQUIRE(WIFSTOPPED(status));
127 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
128 }
129 
130 static void
131 wait_for_zombie(pid_t pid)
132 {
133 
134 	/*
135 	 * Wait for a process to exit.  This is kind of gross, but
136 	 * there is not a better way.
137 	 *
138 	 * Prior to r325719, the kern.proc.pid.<pid> sysctl failed
139 	 * with ESRCH.  After that change, a valid struct kinfo_proc
140 	 * is returned for zombies with ki_stat set to SZOMB.
141 	 */
142 	for (;;) {
143 		struct kinfo_proc kp;
144 		size_t len;
145 		int mib[4];
146 
147 		mib[0] = CTL_KERN;
148 		mib[1] = KERN_PROC;
149 		mib[2] = KERN_PROC_PID;
150 		mib[3] = pid;
151 		len = sizeof(kp);
152 		if (sysctl(mib, nitems(mib), &kp, &len, NULL, 0) == -1) {
153 			ATF_REQUIRE(errno == ESRCH);
154 			break;
155 		}
156 		if (kp.ki_stat == SZOMB)
157 			break;
158 		usleep(5000);
159 	}
160 }
161 
162 /*
163  * Verify that a parent debugger process "sees" the exit of a debugged
164  * process exactly once when attached via PT_TRACE_ME.
165  */
166 ATF_TC_WITHOUT_HEAD(ptrace__parent_wait_after_trace_me);
167 ATF_TC_BODY(ptrace__parent_wait_after_trace_me, tc)
168 {
169 	pid_t child, wpid;
170 	int status;
171 
172 	ATF_REQUIRE((child = fork()) != -1);
173 	if (child == 0) {
174 		/* Child process. */
175 		trace_me();
176 
177 		_exit(1);
178 	}
179 
180 	/* Parent process. */
181 
182 	/* The first wait() should report the stop from SIGSTOP. */
183 	wpid = waitpid(child, &status, 0);
184 	ATF_REQUIRE(wpid == child);
185 	ATF_REQUIRE(WIFSTOPPED(status));
186 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
187 
188 	/* Continue the child ignoring the SIGSTOP. */
189 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
190 
191 	/* The second wait() should report the exit status. */
192 	wpid = waitpid(child, &status, 0);
193 	ATF_REQUIRE(wpid == child);
194 	ATF_REQUIRE(WIFEXITED(status));
195 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
196 
197 	/* The child should no longer exist. */
198 	wpid = waitpid(child, &status, 0);
199 	ATF_REQUIRE(wpid == -1);
200 	ATF_REQUIRE(errno == ECHILD);
201 }
202 
203 /*
204  * Verify that a parent debugger process "sees" the exit of a debugged
205  * process exactly once when attached via PT_ATTACH.
206  */
207 ATF_TC_WITHOUT_HEAD(ptrace__parent_wait_after_attach);
208 ATF_TC_BODY(ptrace__parent_wait_after_attach, tc)
209 {
210 	pid_t child, wpid;
211 	int cpipe[2], status;
212 	char c;
213 
214 	ATF_REQUIRE(pipe(cpipe) == 0);
215 	ATF_REQUIRE((child = fork()) != -1);
216 	if (child == 0) {
217 		/* Child process. */
218 		close(cpipe[0]);
219 
220 		/* Wait for the parent to attach. */
221 		CHILD_REQUIRE(read(cpipe[1], &c, sizeof(c)) == 0);
222 
223 		_exit(1);
224 	}
225 	close(cpipe[1]);
226 
227 	/* Parent process. */
228 
229 	/* Attach to the child process. */
230 	attach_child(child);
231 
232 	/* Continue the child ignoring the SIGSTOP. */
233 	ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
234 
235 	/* Signal the child to exit. */
236 	close(cpipe[0]);
237 
238 	/* The second wait() should report the exit status. */
239 	wpid = waitpid(child, &status, 0);
240 	ATF_REQUIRE(wpid == child);
241 	ATF_REQUIRE(WIFEXITED(status));
242 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
243 
244 	/* The child should no longer exist. */
245 	wpid = waitpid(child, &status, 0);
246 	ATF_REQUIRE(wpid == -1);
247 	ATF_REQUIRE(errno == ECHILD);
248 }
249 
250 /*
251  * Verify that a parent process "sees" the exit of a debugged process only
252  * after the debugger has seen it.
253  */
254 ATF_TC_WITHOUT_HEAD(ptrace__parent_sees_exit_after_child_debugger);
255 ATF_TC_BODY(ptrace__parent_sees_exit_after_child_debugger, tc)
256 {
257 	pid_t child, debugger, wpid;
258 	int cpipe[2], dpipe[2], status;
259 	char c;
260 
261 	ATF_REQUIRE(pipe(cpipe) == 0);
262 	ATF_REQUIRE((child = fork()) != -1);
263 
264 	if (child == 0) {
265 		/* Child process. */
266 		close(cpipe[0]);
267 
268 		/* Wait for parent to be ready. */
269 		CHILD_REQUIRE(read(cpipe[1], &c, sizeof(c)) == sizeof(c));
270 
271 		_exit(1);
272 	}
273 	close(cpipe[1]);
274 
275 	ATF_REQUIRE(pipe(dpipe) == 0);
276 	ATF_REQUIRE((debugger = fork()) != -1);
277 
278 	if (debugger == 0) {
279 		/* Debugger process. */
280 		close(dpipe[0]);
281 
282 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
283 
284 		wpid = waitpid(child, &status, 0);
285 		CHILD_REQUIRE(wpid == child);
286 		CHILD_REQUIRE(WIFSTOPPED(status));
287 		CHILD_REQUIRE(WSTOPSIG(status) == SIGSTOP);
288 
289 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
290 
291 		/* Signal parent that debugger is attached. */
292 		CHILD_REQUIRE(write(dpipe[1], &c, sizeof(c)) == sizeof(c));
293 
294 		/* Wait for parent's failed wait. */
295 		CHILD_REQUIRE(read(dpipe[1], &c, sizeof(c)) == 0);
296 
297 		wpid = waitpid(child, &status, 0);
298 		CHILD_REQUIRE(wpid == child);
299 		CHILD_REQUIRE(WIFEXITED(status));
300 		CHILD_REQUIRE(WEXITSTATUS(status) == 1);
301 
302 		_exit(0);
303 	}
304 	close(dpipe[1]);
305 
306 	/* Parent process. */
307 
308 	/* Wait for the debugger to attach to the child. */
309 	ATF_REQUIRE(read(dpipe[0], &c, sizeof(c)) == sizeof(c));
310 
311 	/* Release the child. */
312 	ATF_REQUIRE(write(cpipe[0], &c, sizeof(c)) == sizeof(c));
313 	ATF_REQUIRE(read(cpipe[0], &c, sizeof(c)) == 0);
314 	close(cpipe[0]);
315 
316 	wait_for_zombie(child);
317 
318 	/*
319 	 * This wait should return a pid of 0 to indicate no status to
320 	 * report.  The parent should see the child as non-exited
321 	 * until the debugger sees the exit.
322 	 */
323 	wpid = waitpid(child, &status, WNOHANG);
324 	ATF_REQUIRE(wpid == 0);
325 
326 	/* Signal the debugger to wait for the child. */
327 	close(dpipe[0]);
328 
329 	/* Wait for the debugger. */
330 	wpid = waitpid(debugger, &status, 0);
331 	ATF_REQUIRE(wpid == debugger);
332 	ATF_REQUIRE(WIFEXITED(status));
333 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
334 
335 	/* The child process should now be ready. */
336 	wpid = waitpid(child, &status, WNOHANG);
337 	ATF_REQUIRE(wpid == child);
338 	ATF_REQUIRE(WIFEXITED(status));
339 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
340 }
341 
342 /*
343  * Verify that a parent process "sees" the exit of a debugged process
344  * only after a non-direct-child debugger has seen it.  In particular,
345  * various wait() calls in the parent must avoid failing with ESRCH by
346  * checking the parent's orphan list for the debugee.
347  */
348 ATF_TC_WITHOUT_HEAD(ptrace__parent_sees_exit_after_unrelated_debugger);
349 ATF_TC_BODY(ptrace__parent_sees_exit_after_unrelated_debugger, tc)
350 {
351 	pid_t child, debugger, fpid, wpid;
352 	int cpipe[2], dpipe[2], status;
353 	char c;
354 
355 	ATF_REQUIRE(pipe(cpipe) == 0);
356 	ATF_REQUIRE((child = fork()) != -1);
357 
358 	if (child == 0) {
359 		/* Child process. */
360 		close(cpipe[0]);
361 
362 		/* Wait for parent to be ready. */
363 		CHILD_REQUIRE(read(cpipe[1], &c, sizeof(c)) == sizeof(c));
364 
365 		_exit(1);
366 	}
367 	close(cpipe[1]);
368 
369 	ATF_REQUIRE(pipe(dpipe) == 0);
370 	ATF_REQUIRE((debugger = fork()) != -1);
371 
372 	if (debugger == 0) {
373 		/* Debugger parent. */
374 
375 		/*
376 		 * Fork again and drop the debugger parent so that the
377 		 * debugger is not a child of the main parent.
378 		 */
379 		CHILD_REQUIRE((fpid = fork()) != -1);
380 		if (fpid != 0)
381 			_exit(2);
382 
383 		/* Debugger process. */
384 		close(dpipe[0]);
385 
386 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
387 
388 		wpid = waitpid(child, &status, 0);
389 		CHILD_REQUIRE(wpid == child);
390 		CHILD_REQUIRE(WIFSTOPPED(status));
391 		CHILD_REQUIRE(WSTOPSIG(status) == SIGSTOP);
392 
393 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
394 
395 		/* Signal parent that debugger is attached. */
396 		CHILD_REQUIRE(write(dpipe[1], &c, sizeof(c)) == sizeof(c));
397 
398 		/* Wait for parent's failed wait. */
399 		CHILD_REQUIRE(read(dpipe[1], &c, sizeof(c)) == sizeof(c));
400 
401 		wpid = waitpid(child, &status, 0);
402 		CHILD_REQUIRE(wpid == child);
403 		CHILD_REQUIRE(WIFEXITED(status));
404 		CHILD_REQUIRE(WEXITSTATUS(status) == 1);
405 
406 		_exit(0);
407 	}
408 	close(dpipe[1]);
409 
410 	/* Parent process. */
411 
412 	/* Wait for the debugger parent process to exit. */
413 	wpid = waitpid(debugger, &status, 0);
414 	ATF_REQUIRE(wpid == debugger);
415 	ATF_REQUIRE(WIFEXITED(status));
416 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
417 
418 	/* A WNOHANG wait here should see the non-exited child. */
419 	wpid = waitpid(child, &status, WNOHANG);
420 	ATF_REQUIRE(wpid == 0);
421 
422 	/* Wait for the debugger to attach to the child. */
423 	ATF_REQUIRE(read(dpipe[0], &c, sizeof(c)) == sizeof(c));
424 
425 	/* Release the child. */
426 	ATF_REQUIRE(write(cpipe[0], &c, sizeof(c)) == sizeof(c));
427 	ATF_REQUIRE(read(cpipe[0], &c, sizeof(c)) == 0);
428 	close(cpipe[0]);
429 
430 	wait_for_zombie(child);
431 
432 	/*
433 	 * This wait should return a pid of 0 to indicate no status to
434 	 * report.  The parent should see the child as non-exited
435 	 * until the debugger sees the exit.
436 	 */
437 	wpid = waitpid(child, &status, WNOHANG);
438 	ATF_REQUIRE(wpid == 0);
439 
440 	/* Signal the debugger to wait for the child. */
441 	ATF_REQUIRE(write(dpipe[0], &c, sizeof(c)) == sizeof(c));
442 
443 	/* Wait for the debugger. */
444 	ATF_REQUIRE(read(dpipe[0], &c, sizeof(c)) == 0);
445 	close(dpipe[0]);
446 
447 	/* The child process should now be ready. */
448 	wpid = waitpid(child, &status, WNOHANG);
449 	ATF_REQUIRE(wpid == child);
450 	ATF_REQUIRE(WIFEXITED(status));
451 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
452 }
453 
454 /*
455  * Make sure that we can collect the exit status of an orphaned process.
456  */
457 ATF_TC_WITHOUT_HEAD(ptrace__parent_exits_before_child);
458 ATF_TC_BODY(ptrace__parent_exits_before_child, tc)
459 {
460 	ssize_t n;
461 	int cpipe1[2], cpipe2[2], gcpipe[2], status;
462 	pid_t child, gchild;
463 
464 	ATF_REQUIRE(pipe(cpipe1) == 0);
465 	ATF_REQUIRE(pipe(cpipe2) == 0);
466 	ATF_REQUIRE(pipe(gcpipe) == 0);
467 
468 	ATF_REQUIRE(procctl(P_PID, getpid(), PROC_REAP_ACQUIRE, NULL) == 0);
469 
470 	ATF_REQUIRE((child = fork()) != -1);
471 	if (child == 0) {
472 		CHILD_REQUIRE((gchild = fork()) != -1);
473 		if (gchild == 0) {
474 			status = 1;
475 			do {
476 				n = read(gcpipe[0], &status, sizeof(status));
477 			} while (n == -1 && errno == EINTR);
478 			_exit(status);
479 		}
480 
481 		CHILD_REQUIRE(write(cpipe1[1], &gchild, sizeof(gchild)) ==
482 		    sizeof(gchild));
483 		CHILD_REQUIRE(read(cpipe2[0], &status, sizeof(status)) ==
484 		    sizeof(status));
485 		_exit(status);
486 	}
487 
488 	ATF_REQUIRE(read(cpipe1[0], &gchild, sizeof(gchild)) == sizeof(gchild));
489 
490 	ATF_REQUIRE(ptrace(PT_ATTACH, gchild, NULL, 0) == 0);
491 
492 	status = 0;
493 	ATF_REQUIRE(write(cpipe2[1], &status, sizeof(status)) ==
494 	    sizeof(status));
495 	ATF_REQUIRE(waitpid(child, &status, 0) == child);
496 	ATF_REQUIRE(WIFEXITED(status) && WEXITSTATUS(status) == 0);
497 
498 	status = 0;
499 	ATF_REQUIRE(write(gcpipe[1], &status, sizeof(status)) ==
500 	    sizeof(status));
501 	ATF_REQUIRE(waitpid(gchild, &status, 0) == gchild);
502 	ATF_REQUIRE(WIFSTOPPED(status));
503 	ATF_REQUIRE(ptrace(PT_DETACH, gchild, (caddr_t)1, 0) == 0);
504 	ATF_REQUIRE(waitpid(gchild, &status, 0) == gchild);
505 	ATF_REQUIRE(WIFEXITED(status) && WEXITSTATUS(status) == 0);
506 
507 	ATF_REQUIRE(close(cpipe1[0]) == 0);
508 	ATF_REQUIRE(close(cpipe1[1]) == 0);
509 	ATF_REQUIRE(close(cpipe2[0]) == 0);
510 	ATF_REQUIRE(close(cpipe2[1]) == 0);
511 	ATF_REQUIRE(close(gcpipe[0]) == 0);
512 	ATF_REQUIRE(close(gcpipe[1]) == 0);
513 }
514 
515 /*
516  * The parent process should always act the same regardless of how the
517  * debugger is attached to it.
518  */
519 static __dead2 void
520 follow_fork_parent(bool use_vfork)
521 {
522 	pid_t fpid, wpid;
523 	int status;
524 
525 	if (use_vfork)
526 		CHILD_REQUIRE((fpid = vfork()) != -1);
527 	else
528 		CHILD_REQUIRE((fpid = fork()) != -1);
529 
530 	if (fpid == 0)
531 		/* Child */
532 		_exit(2);
533 
534 	wpid = waitpid(fpid, &status, 0);
535 	CHILD_REQUIRE(wpid == fpid);
536 	CHILD_REQUIRE(WIFEXITED(status));
537 	CHILD_REQUIRE(WEXITSTATUS(status) == 2);
538 
539 	_exit(1);
540 }
541 
542 /*
543  * Helper routine for follow fork tests.  This waits for two stops
544  * that report both "sides" of a fork.  It returns the pid of the new
545  * child process.
546  */
547 static pid_t
548 handle_fork_events(pid_t parent, struct ptrace_lwpinfo *ppl)
549 {
550 	struct ptrace_lwpinfo pl;
551 	bool fork_reported[2];
552 	pid_t child, wpid;
553 	int i, status;
554 
555 	fork_reported[0] = false;
556 	fork_reported[1] = false;
557 	child = -1;
558 
559 	/*
560 	 * Each process should report a fork event.  The parent should
561 	 * report a PL_FLAG_FORKED event, and the child should report
562 	 * a PL_FLAG_CHILD event.
563 	 */
564 	for (i = 0; i < 2; i++) {
565 		wpid = wait(&status);
566 		ATF_REQUIRE(wpid > 0);
567 		ATF_REQUIRE(WIFSTOPPED(status));
568 
569 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
570 		    sizeof(pl)) != -1);
571 		ATF_REQUIRE((pl.pl_flags & (PL_FLAG_FORKED | PL_FLAG_CHILD)) !=
572 		    0);
573 		ATF_REQUIRE((pl.pl_flags & (PL_FLAG_FORKED | PL_FLAG_CHILD)) !=
574 		    (PL_FLAG_FORKED | PL_FLAG_CHILD));
575 		if (pl.pl_flags & PL_FLAG_CHILD) {
576 			ATF_REQUIRE(wpid != parent);
577 			ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
578 			ATF_REQUIRE(!fork_reported[1]);
579 			if (child == -1)
580 				child = wpid;
581 			else
582 				ATF_REQUIRE(child == wpid);
583 			if (ppl != NULL)
584 				ppl[1] = pl;
585 			fork_reported[1] = true;
586 		} else {
587 			ATF_REQUIRE(wpid == parent);
588 			ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
589 			ATF_REQUIRE(!fork_reported[0]);
590 			if (child == -1)
591 				child = pl.pl_child_pid;
592 			else
593 				ATF_REQUIRE(child == pl.pl_child_pid);
594 			if (ppl != NULL)
595 				ppl[0] = pl;
596 			fork_reported[0] = true;
597 		}
598 	}
599 
600 	return (child);
601 }
602 
603 /*
604  * Verify that a new child process is stopped after a followed fork and
605  * that the traced parent sees the exit of the child after the debugger
606  * when both processes remain attached to the debugger.
607  */
608 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_both_attached);
609 ATF_TC_BODY(ptrace__follow_fork_both_attached, tc)
610 {
611 	pid_t children[2], fpid, wpid;
612 	int status;
613 
614 	ATF_REQUIRE((fpid = fork()) != -1);
615 	if (fpid == 0) {
616 		trace_me();
617 		follow_fork_parent(false);
618 	}
619 
620 	/* Parent process. */
621 	children[0] = fpid;
622 
623 	/* The first wait() should report the stop from SIGSTOP. */
624 	wpid = waitpid(children[0], &status, 0);
625 	ATF_REQUIRE(wpid == children[0]);
626 	ATF_REQUIRE(WIFSTOPPED(status));
627 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
628 
629 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
630 
631 	/* Continue the child ignoring the SIGSTOP. */
632 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
633 
634 	children[1] = handle_fork_events(children[0], NULL);
635 	ATF_REQUIRE(children[1] > 0);
636 
637 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
638 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
639 
640 	/*
641 	 * The child can't exit until the grandchild reports status, so the
642 	 * grandchild should report its exit first to the debugger.
643 	 */
644 	wpid = wait(&status);
645 	ATF_REQUIRE(wpid == children[1]);
646 	ATF_REQUIRE(WIFEXITED(status));
647 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
648 
649 	wpid = wait(&status);
650 	ATF_REQUIRE(wpid == children[0]);
651 	ATF_REQUIRE(WIFEXITED(status));
652 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
653 
654 	wpid = wait(&status);
655 	ATF_REQUIRE(wpid == -1);
656 	ATF_REQUIRE(errno == ECHILD);
657 }
658 
659 /*
660  * Verify that a new child process is stopped after a followed fork
661  * and that the traced parent sees the exit of the child when the new
662  * child process is detached after it reports its fork.
663  */
664 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_child_detached);
665 ATF_TC_BODY(ptrace__follow_fork_child_detached, tc)
666 {
667 	pid_t children[2], fpid, wpid;
668 	int status;
669 
670 	ATF_REQUIRE((fpid = fork()) != -1);
671 	if (fpid == 0) {
672 		trace_me();
673 		follow_fork_parent(false);
674 	}
675 
676 	/* Parent process. */
677 	children[0] = fpid;
678 
679 	/* The first wait() should report the stop from SIGSTOP. */
680 	wpid = waitpid(children[0], &status, 0);
681 	ATF_REQUIRE(wpid == children[0]);
682 	ATF_REQUIRE(WIFSTOPPED(status));
683 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
684 
685 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
686 
687 	/* Continue the child ignoring the SIGSTOP. */
688 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
689 
690 	children[1] = handle_fork_events(children[0], NULL);
691 	ATF_REQUIRE(children[1] > 0);
692 
693 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
694 	ATF_REQUIRE(ptrace(PT_DETACH, children[1], (caddr_t)1, 0) != -1);
695 
696 	/*
697 	 * Should not see any status from the grandchild now, only the
698 	 * child.
699 	 */
700 	wpid = wait(&status);
701 	ATF_REQUIRE(wpid == children[0]);
702 	ATF_REQUIRE(WIFEXITED(status));
703 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
704 
705 	wpid = wait(&status);
706 	ATF_REQUIRE(wpid == -1);
707 	ATF_REQUIRE(errno == ECHILD);
708 }
709 
710 /*
711  * Verify that a new child process is stopped after a followed fork
712  * and that the traced parent sees the exit of the child when the
713  * traced parent is detached after the fork.
714  */
715 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_parent_detached);
716 ATF_TC_BODY(ptrace__follow_fork_parent_detached, tc)
717 {
718 	pid_t children[2], fpid, wpid;
719 	int status;
720 
721 	ATF_REQUIRE((fpid = fork()) != -1);
722 	if (fpid == 0) {
723 		trace_me();
724 		follow_fork_parent(false);
725 	}
726 
727 	/* Parent process. */
728 	children[0] = fpid;
729 
730 	/* The first wait() should report the stop from SIGSTOP. */
731 	wpid = waitpid(children[0], &status, 0);
732 	ATF_REQUIRE(wpid == children[0]);
733 	ATF_REQUIRE(WIFSTOPPED(status));
734 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
735 
736 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
737 
738 	/* Continue the child ignoring the SIGSTOP. */
739 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
740 
741 	children[1] = handle_fork_events(children[0], NULL);
742 	ATF_REQUIRE(children[1] > 0);
743 
744 	ATF_REQUIRE(ptrace(PT_DETACH, children[0], (caddr_t)1, 0) != -1);
745 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
746 
747 	/*
748 	 * The child can't exit until the grandchild reports status, so the
749 	 * grandchild should report its exit first to the debugger.
750 	 *
751 	 * Even though the child process is detached, it is still a
752 	 * child of the debugger, so it will still report it's exit
753 	 * after the grandchild.
754 	 */
755 	wpid = wait(&status);
756 	ATF_REQUIRE(wpid == children[1]);
757 	ATF_REQUIRE(WIFEXITED(status));
758 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
759 
760 	wpid = wait(&status);
761 	ATF_REQUIRE(wpid == children[0]);
762 	ATF_REQUIRE(WIFEXITED(status));
763 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
764 
765 	wpid = wait(&status);
766 	ATF_REQUIRE(wpid == -1);
767 	ATF_REQUIRE(errno == ECHILD);
768 }
769 
770 static void
771 attach_fork_parent(int cpipe[2])
772 {
773 	pid_t fpid;
774 
775 	close(cpipe[0]);
776 
777 	/* Double-fork to disassociate from the debugger. */
778 	CHILD_REQUIRE((fpid = fork()) != -1);
779 	if (fpid != 0)
780 		_exit(3);
781 
782 	/* Send the pid of the disassociated child to the debugger. */
783 	fpid = getpid();
784 	CHILD_REQUIRE(write(cpipe[1], &fpid, sizeof(fpid)) == sizeof(fpid));
785 
786 	/* Wait for the debugger to attach. */
787 	CHILD_REQUIRE(read(cpipe[1], &fpid, sizeof(fpid)) == 0);
788 }
789 
790 /*
791  * Verify that a new child process is stopped after a followed fork and
792  * that the traced parent sees the exit of the child after the debugger
793  * when both processes remain attached to the debugger.  In this test
794  * the parent that forks is not a direct child of the debugger.
795  */
796 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_both_attached_unrelated_debugger);
797 ATF_TC_BODY(ptrace__follow_fork_both_attached_unrelated_debugger, tc)
798 {
799 	pid_t children[2], fpid, wpid;
800 	int cpipe[2], status;
801 
802 	ATF_REQUIRE(pipe(cpipe) == 0);
803 	ATF_REQUIRE((fpid = fork()) != -1);
804 	if (fpid == 0) {
805 		attach_fork_parent(cpipe);
806 		follow_fork_parent(false);
807 	}
808 
809 	/* Parent process. */
810 	close(cpipe[1]);
811 
812 	/* Wait for the direct child to exit. */
813 	wpid = waitpid(fpid, &status, 0);
814 	ATF_REQUIRE(wpid == fpid);
815 	ATF_REQUIRE(WIFEXITED(status));
816 	ATF_REQUIRE(WEXITSTATUS(status) == 3);
817 
818 	/* Read the pid of the fork parent. */
819 	ATF_REQUIRE(read(cpipe[0], &children[0], sizeof(children[0])) ==
820 	    sizeof(children[0]));
821 
822 	/* Attach to the fork parent. */
823 	attach_child(children[0]);
824 
825 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
826 
827 	/* Continue the fork parent ignoring the SIGSTOP. */
828 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
829 
830 	/* Signal the fork parent to continue. */
831 	close(cpipe[0]);
832 
833 	children[1] = handle_fork_events(children[0], NULL);
834 	ATF_REQUIRE(children[1] > 0);
835 
836 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
837 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
838 
839 	/*
840 	 * The fork parent can't exit until the child reports status,
841 	 * so the child should report its exit first to the debugger.
842 	 */
843 	wpid = wait(&status);
844 	ATF_REQUIRE(wpid == children[1]);
845 	ATF_REQUIRE(WIFEXITED(status));
846 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
847 
848 	wpid = wait(&status);
849 	ATF_REQUIRE(wpid == children[0]);
850 	ATF_REQUIRE(WIFEXITED(status));
851 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
852 
853 	wpid = wait(&status);
854 	ATF_REQUIRE(wpid == -1);
855 	ATF_REQUIRE(errno == ECHILD);
856 }
857 
858 /*
859  * Verify that a new child process is stopped after a followed fork
860  * and that the traced parent sees the exit of the child when the new
861  * child process is detached after it reports its fork.  In this test
862  * the parent that forks is not a direct child of the debugger.
863  */
864 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_child_detached_unrelated_debugger);
865 ATF_TC_BODY(ptrace__follow_fork_child_detached_unrelated_debugger, tc)
866 {
867 	pid_t children[2], fpid, wpid;
868 	int cpipe[2], status;
869 
870 	ATF_REQUIRE(pipe(cpipe) == 0);
871 	ATF_REQUIRE((fpid = fork()) != -1);
872 	if (fpid == 0) {
873 		attach_fork_parent(cpipe);
874 		follow_fork_parent(false);
875 	}
876 
877 	/* Parent process. */
878 	close(cpipe[1]);
879 
880 	/* Wait for the direct child to exit. */
881 	wpid = waitpid(fpid, &status, 0);
882 	ATF_REQUIRE(wpid == fpid);
883 	ATF_REQUIRE(WIFEXITED(status));
884 	ATF_REQUIRE(WEXITSTATUS(status) == 3);
885 
886 	/* Read the pid of the fork parent. */
887 	ATF_REQUIRE(read(cpipe[0], &children[0], sizeof(children[0])) ==
888 	    sizeof(children[0]));
889 
890 	/* Attach to the fork parent. */
891 	attach_child(children[0]);
892 
893 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
894 
895 	/* Continue the fork parent ignoring the SIGSTOP. */
896 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
897 
898 	/* Signal the fork parent to continue. */
899 	close(cpipe[0]);
900 
901 	children[1] = handle_fork_events(children[0], NULL);
902 	ATF_REQUIRE(children[1] > 0);
903 
904 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
905 	ATF_REQUIRE(ptrace(PT_DETACH, children[1], (caddr_t)1, 0) != -1);
906 
907 	/*
908 	 * Should not see any status from the child now, only the fork
909 	 * parent.
910 	 */
911 	wpid = wait(&status);
912 	ATF_REQUIRE(wpid == children[0]);
913 	ATF_REQUIRE(WIFEXITED(status));
914 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
915 
916 	wpid = wait(&status);
917 	ATF_REQUIRE(wpid == -1);
918 	ATF_REQUIRE(errno == ECHILD);
919 }
920 
921 /*
922  * Verify that a new child process is stopped after a followed fork
923  * and that the traced parent sees the exit of the child when the
924  * traced parent is detached after the fork.  In this test the parent
925  * that forks is not a direct child of the debugger.
926  */
927 ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_parent_detached_unrelated_debugger);
928 ATF_TC_BODY(ptrace__follow_fork_parent_detached_unrelated_debugger, tc)
929 {
930 	pid_t children[2], fpid, wpid;
931 	int cpipe[2], status;
932 
933 	ATF_REQUIRE(pipe(cpipe) == 0);
934 	ATF_REQUIRE((fpid = fork()) != -1);
935 	if (fpid == 0) {
936 		attach_fork_parent(cpipe);
937 		follow_fork_parent(false);
938 	}
939 
940 	/* Parent process. */
941 	close(cpipe[1]);
942 
943 	/* Wait for the direct child to exit. */
944 	wpid = waitpid(fpid, &status, 0);
945 	ATF_REQUIRE(wpid == fpid);
946 	ATF_REQUIRE(WIFEXITED(status));
947 	ATF_REQUIRE(WEXITSTATUS(status) == 3);
948 
949 	/* Read the pid of the fork parent. */
950 	ATF_REQUIRE(read(cpipe[0], &children[0], sizeof(children[0])) ==
951 	    sizeof(children[0]));
952 
953 	/* Attach to the fork parent. */
954 	attach_child(children[0]);
955 
956 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
957 
958 	/* Continue the fork parent ignoring the SIGSTOP. */
959 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
960 
961 	/* Signal the fork parent to continue. */
962 	close(cpipe[0]);
963 
964 	children[1] = handle_fork_events(children[0], NULL);
965 	ATF_REQUIRE(children[1] > 0);
966 
967 	ATF_REQUIRE(ptrace(PT_DETACH, children[0], (caddr_t)1, 0) != -1);
968 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
969 
970 	/*
971 	 * Should not see any status from the fork parent now, only
972 	 * the child.
973 	 */
974 	wpid = wait(&status);
975 	ATF_REQUIRE(wpid == children[1]);
976 	ATF_REQUIRE(WIFEXITED(status));
977 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
978 
979 	wpid = wait(&status);
980 	ATF_REQUIRE(wpid == -1);
981 	ATF_REQUIRE(errno == ECHILD);
982 }
983 
984 /*
985  * Verify that a child process does not see an unrelated debugger as its
986  * parent but sees its original parent process.
987  */
988 ATF_TC_WITHOUT_HEAD(ptrace__getppid);
989 ATF_TC_BODY(ptrace__getppid, tc)
990 {
991 	pid_t child, debugger, ppid, wpid;
992 	int cpipe[2], dpipe[2], status;
993 	char c;
994 
995 	ATF_REQUIRE(pipe(cpipe) == 0);
996 	ATF_REQUIRE((child = fork()) != -1);
997 
998 	if (child == 0) {
999 		/* Child process. */
1000 		close(cpipe[0]);
1001 
1002 		/* Wait for parent to be ready. */
1003 		CHILD_REQUIRE(read(cpipe[1], &c, sizeof(c)) == sizeof(c));
1004 
1005 		/* Report the parent PID to the parent. */
1006 		ppid = getppid();
1007 		CHILD_REQUIRE(write(cpipe[1], &ppid, sizeof(ppid)) ==
1008 		    sizeof(ppid));
1009 
1010 		_exit(1);
1011 	}
1012 	close(cpipe[1]);
1013 
1014 	ATF_REQUIRE(pipe(dpipe) == 0);
1015 	ATF_REQUIRE((debugger = fork()) != -1);
1016 
1017 	if (debugger == 0) {
1018 		/* Debugger process. */
1019 		close(dpipe[0]);
1020 
1021 		CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1);
1022 
1023 		wpid = waitpid(child, &status, 0);
1024 		CHILD_REQUIRE(wpid == child);
1025 		CHILD_REQUIRE(WIFSTOPPED(status));
1026 		CHILD_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1027 
1028 		CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1);
1029 
1030 		/* Signal parent that debugger is attached. */
1031 		CHILD_REQUIRE(write(dpipe[1], &c, sizeof(c)) == sizeof(c));
1032 
1033 		/* Wait for traced child to exit. */
1034 		wpid = waitpid(child, &status, 0);
1035 		CHILD_REQUIRE(wpid == child);
1036 		CHILD_REQUIRE(WIFEXITED(status));
1037 		CHILD_REQUIRE(WEXITSTATUS(status) == 1);
1038 
1039 		_exit(0);
1040 	}
1041 	close(dpipe[1]);
1042 
1043 	/* Parent process. */
1044 
1045 	/* Wait for the debugger to attach to the child. */
1046 	ATF_REQUIRE(read(dpipe[0], &c, sizeof(c)) == sizeof(c));
1047 
1048 	/* Release the child. */
1049 	ATF_REQUIRE(write(cpipe[0], &c, sizeof(c)) == sizeof(c));
1050 
1051 	/* Read the parent PID from the child. */
1052 	ATF_REQUIRE(read(cpipe[0], &ppid, sizeof(ppid)) == sizeof(ppid));
1053 	close(cpipe[0]);
1054 
1055 	ATF_REQUIRE(ppid == getpid());
1056 
1057 	/* Wait for the debugger. */
1058 	wpid = waitpid(debugger, &status, 0);
1059 	ATF_REQUIRE(wpid == debugger);
1060 	ATF_REQUIRE(WIFEXITED(status));
1061 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
1062 
1063 	/* The child process should now be ready. */
1064 	wpid = waitpid(child, &status, WNOHANG);
1065 	ATF_REQUIRE(wpid == child);
1066 	ATF_REQUIRE(WIFEXITED(status));
1067 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
1068 }
1069 
1070 /*
1071  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1072  * child process created via fork() reports the correct value.
1073  */
1074 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_fork);
1075 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_fork, tc)
1076 {
1077 	struct ptrace_lwpinfo pl[2];
1078 	pid_t children[2], fpid, wpid;
1079 	int status;
1080 
1081 	ATF_REQUIRE((fpid = fork()) != -1);
1082 	if (fpid == 0) {
1083 		trace_me();
1084 		follow_fork_parent(false);
1085 	}
1086 
1087 	/* Parent process. */
1088 	children[0] = fpid;
1089 
1090 	/* The first wait() should report the stop from SIGSTOP. */
1091 	wpid = waitpid(children[0], &status, 0);
1092 	ATF_REQUIRE(wpid == children[0]);
1093 	ATF_REQUIRE(WIFSTOPPED(status));
1094 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1095 
1096 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
1097 
1098 	/* Continue the child ignoring the SIGSTOP. */
1099 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1100 
1101 	/* Wait for both halves of the fork event to get reported. */
1102 	children[1] = handle_fork_events(children[0], pl);
1103 	ATF_REQUIRE(children[1] > 0);
1104 
1105 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_SCX) != 0);
1106 	ATF_REQUIRE((pl[1].pl_flags & PL_FLAG_SCX) != 0);
1107 	ATF_REQUIRE(pl[0].pl_syscall_code == SYS_fork);
1108 	ATF_REQUIRE(pl[0].pl_syscall_code == pl[1].pl_syscall_code);
1109 	ATF_REQUIRE(pl[0].pl_syscall_narg == pl[1].pl_syscall_narg);
1110 
1111 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1112 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1113 
1114 	/*
1115 	 * The child can't exit until the grandchild reports status, so the
1116 	 * grandchild should report its exit first to the debugger.
1117 	 */
1118 	wpid = wait(&status);
1119 	ATF_REQUIRE(wpid == children[1]);
1120 	ATF_REQUIRE(WIFEXITED(status));
1121 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
1122 
1123 	wpid = wait(&status);
1124 	ATF_REQUIRE(wpid == children[0]);
1125 	ATF_REQUIRE(WIFEXITED(status));
1126 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
1127 
1128 	wpid = wait(&status);
1129 	ATF_REQUIRE(wpid == -1);
1130 	ATF_REQUIRE(errno == ECHILD);
1131 }
1132 
1133 /*
1134  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1135  * child process created via vfork() reports the correct value.
1136  */
1137 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_vfork);
1138 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_vfork, tc)
1139 {
1140 	struct ptrace_lwpinfo pl[2];
1141 	pid_t children[2], fpid, wpid;
1142 	int status;
1143 
1144 	ATF_REQUIRE((fpid = fork()) != -1);
1145 	if (fpid == 0) {
1146 		trace_me();
1147 		follow_fork_parent(true);
1148 	}
1149 
1150 	/* Parent process. */
1151 	children[0] = fpid;
1152 
1153 	/* The first wait() should report the stop from SIGSTOP. */
1154 	wpid = waitpid(children[0], &status, 0);
1155 	ATF_REQUIRE(wpid == children[0]);
1156 	ATF_REQUIRE(WIFSTOPPED(status));
1157 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1158 
1159 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1);
1160 
1161 	/* Continue the child ignoring the SIGSTOP. */
1162 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1163 
1164 	/* Wait for both halves of the fork event to get reported. */
1165 	children[1] = handle_fork_events(children[0], pl);
1166 	ATF_REQUIRE(children[1] > 0);
1167 
1168 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_SCX) != 0);
1169 	ATF_REQUIRE((pl[1].pl_flags & PL_FLAG_SCX) != 0);
1170 	ATF_REQUIRE(pl[0].pl_syscall_code == SYS_vfork);
1171 	ATF_REQUIRE(pl[0].pl_syscall_code == pl[1].pl_syscall_code);
1172 	ATF_REQUIRE(pl[0].pl_syscall_narg == pl[1].pl_syscall_narg);
1173 
1174 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1175 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1176 
1177 	/*
1178 	 * The child can't exit until the grandchild reports status, so the
1179 	 * grandchild should report its exit first to the debugger.
1180 	 */
1181 	wpid = wait(&status);
1182 	ATF_REQUIRE(wpid == children[1]);
1183 	ATF_REQUIRE(WIFEXITED(status));
1184 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
1185 
1186 	wpid = wait(&status);
1187 	ATF_REQUIRE(wpid == children[0]);
1188 	ATF_REQUIRE(WIFEXITED(status));
1189 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
1190 
1191 	wpid = wait(&status);
1192 	ATF_REQUIRE(wpid == -1);
1193 	ATF_REQUIRE(errno == ECHILD);
1194 }
1195 
1196 static void *
1197 simple_thread(void *arg __unused)
1198 {
1199 
1200 	pthread_exit(NULL);
1201 }
1202 
1203 static __dead2 void
1204 simple_thread_main(void)
1205 {
1206 	pthread_t thread;
1207 
1208 	CHILD_REQUIRE(pthread_create(&thread, NULL, simple_thread, NULL) == 0);
1209 	CHILD_REQUIRE(pthread_join(thread, NULL) == 0);
1210 	exit(1);
1211 }
1212 
1213 /*
1214  * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new
1215  * thread reports the correct value.
1216  */
1217 ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_thread);
1218 ATF_TC_BODY(ptrace__new_child_pl_syscall_code_thread, tc)
1219 {
1220 	struct ptrace_lwpinfo pl;
1221 	pid_t fpid, wpid;
1222 	lwpid_t mainlwp;
1223 	int status;
1224 
1225 	ATF_REQUIRE((fpid = fork()) != -1);
1226 	if (fpid == 0) {
1227 		trace_me();
1228 		simple_thread_main();
1229 	}
1230 
1231 	/* The first wait() should report the stop from SIGSTOP. */
1232 	wpid = waitpid(fpid, &status, 0);
1233 	ATF_REQUIRE(wpid == fpid);
1234 	ATF_REQUIRE(WIFSTOPPED(status));
1235 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1236 
1237 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1238 	    sizeof(pl)) != -1);
1239 	mainlwp = pl.pl_lwpid;
1240 
1241 	/*
1242 	 * Continue the child ignoring the SIGSTOP and tracing all
1243 	 * system call exits.
1244 	 */
1245 	ATF_REQUIRE(ptrace(PT_TO_SCX, fpid, (caddr_t)1, 0) != -1);
1246 
1247 	/*
1248 	 * Wait for the new thread to arrive.  pthread_create() might
1249 	 * invoke any number of system calls.  For now we just wait
1250 	 * for the new thread to arrive and make sure it reports a
1251 	 * valid system call code.  If ptrace grows thread event
1252 	 * reporting then this test can be made more precise.
1253 	 */
1254 	for (;;) {
1255 		wpid = waitpid(fpid, &status, 0);
1256 		ATF_REQUIRE(wpid == fpid);
1257 		ATF_REQUIRE(WIFSTOPPED(status));
1258 		ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1259 
1260 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1261 		    sizeof(pl)) != -1);
1262 		ATF_REQUIRE((pl.pl_flags & PL_FLAG_SCX) != 0);
1263 		ATF_REQUIRE(pl.pl_syscall_code != 0);
1264 		if (pl.pl_lwpid != mainlwp)
1265 			/* New thread seen. */
1266 			break;
1267 
1268 		ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1269 	}
1270 
1271 	/* Wait for the child to exit. */
1272 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1273 	for (;;) {
1274 		wpid = waitpid(fpid, &status, 0);
1275 		ATF_REQUIRE(wpid == fpid);
1276 		if (WIFEXITED(status))
1277 			break;
1278 
1279 		ATF_REQUIRE(WIFSTOPPED(status));
1280 		ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1281 		ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1282 	}
1283 
1284 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
1285 
1286 	wpid = wait(&status);
1287 	ATF_REQUIRE(wpid == -1);
1288 	ATF_REQUIRE(errno == ECHILD);
1289 }
1290 
1291 /*
1292  * Verify that the expected LWP events are reported for a child thread.
1293  */
1294 ATF_TC_WITHOUT_HEAD(ptrace__lwp_events);
1295 ATF_TC_BODY(ptrace__lwp_events, tc)
1296 {
1297 	struct ptrace_lwpinfo pl;
1298 	pid_t fpid, wpid;
1299 	lwpid_t lwps[2];
1300 	int status;
1301 
1302 	ATF_REQUIRE((fpid = fork()) != -1);
1303 	if (fpid == 0) {
1304 		trace_me();
1305 		simple_thread_main();
1306 	}
1307 
1308 	/* The first wait() should report the stop from SIGSTOP. */
1309 	wpid = waitpid(fpid, &status, 0);
1310 	ATF_REQUIRE(wpid == fpid);
1311 	ATF_REQUIRE(WIFSTOPPED(status));
1312 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1313 
1314 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1315 	    sizeof(pl)) != -1);
1316 	lwps[0] = pl.pl_lwpid;
1317 
1318 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, wpid, NULL, 1) == 0);
1319 
1320 	/* Continue the child ignoring the SIGSTOP. */
1321 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1322 
1323 	/* The first event should be for the child thread's birth. */
1324 	wpid = waitpid(fpid, &status, 0);
1325 	ATF_REQUIRE(wpid == fpid);
1326 	ATF_REQUIRE(WIFSTOPPED(status));
1327 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1328 
1329 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1330 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)) ==
1331 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1332 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
1333 	lwps[1] = pl.pl_lwpid;
1334 
1335 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1336 
1337 	/* The next event should be for the child thread's death. */
1338 	wpid = waitpid(fpid, &status, 0);
1339 	ATF_REQUIRE(wpid == fpid);
1340 	ATF_REQUIRE(WIFSTOPPED(status));
1341 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1342 
1343 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1344 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_EXITED | PL_FLAG_SCE)) ==
1345 	    (PL_FLAG_EXITED | PL_FLAG_SCE));
1346 	ATF_REQUIRE(pl.pl_lwpid == lwps[1]);
1347 
1348 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1349 
1350 	/* The last event should be for the child process's exit. */
1351 	wpid = waitpid(fpid, &status, 0);
1352 	ATF_REQUIRE(WIFEXITED(status));
1353 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
1354 
1355 	wpid = wait(&status);
1356 	ATF_REQUIRE(wpid == -1);
1357 	ATF_REQUIRE(errno == ECHILD);
1358 }
1359 
1360 static void *
1361 exec_thread(void *arg __unused)
1362 {
1363 
1364 	execl("/usr/bin/true", "true", NULL);
1365 	exit(127);
1366 }
1367 
1368 static __dead2 void
1369 exec_thread_main(void)
1370 {
1371 	pthread_t thread;
1372 
1373 	CHILD_REQUIRE(pthread_create(&thread, NULL, exec_thread, NULL) == 0);
1374 	for (;;)
1375 		sleep(60);
1376 	exit(1);
1377 }
1378 
1379 /*
1380  * Verify that the expected LWP events are reported for a multithreaded
1381  * process that calls execve(2).
1382  */
1383 ATF_TC_WITHOUT_HEAD(ptrace__lwp_events_exec);
1384 ATF_TC_BODY(ptrace__lwp_events_exec, tc)
1385 {
1386 	struct ptrace_lwpinfo pl;
1387 	pid_t fpid, wpid;
1388 	lwpid_t lwps[2];
1389 	int status;
1390 
1391 	ATF_REQUIRE((fpid = fork()) != -1);
1392 	if (fpid == 0) {
1393 		trace_me();
1394 		exec_thread_main();
1395 	}
1396 
1397 	/* The first wait() should report the stop from SIGSTOP. */
1398 	wpid = waitpid(fpid, &status, 0);
1399 	ATF_REQUIRE(wpid == fpid);
1400 	ATF_REQUIRE(WIFSTOPPED(status));
1401 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1402 
1403 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1404 	    sizeof(pl)) != -1);
1405 	lwps[0] = pl.pl_lwpid;
1406 
1407 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, wpid, NULL, 1) == 0);
1408 
1409 	/* Continue the child ignoring the SIGSTOP. */
1410 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1411 
1412 	/* The first event should be for the child thread's birth. */
1413 	wpid = waitpid(fpid, &status, 0);
1414 	ATF_REQUIRE(wpid == fpid);
1415 	ATF_REQUIRE(WIFSTOPPED(status));
1416 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1417 
1418 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1419 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)) ==
1420 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1421 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
1422 	lwps[1] = pl.pl_lwpid;
1423 
1424 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1425 
1426 	/*
1427 	 * The next event should be for the main thread's death due to
1428 	 * single threading from execve().
1429 	 */
1430 	wpid = waitpid(fpid, &status, 0);
1431 	ATF_REQUIRE(wpid == fpid);
1432 	ATF_REQUIRE(WIFSTOPPED(status));
1433 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1434 
1435 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1436 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_EXITED | PL_FLAG_SCE)) ==
1437 	    (PL_FLAG_EXITED));
1438 	ATF_REQUIRE(pl.pl_lwpid == lwps[0]);
1439 
1440 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1441 
1442 	/* The next event should be for the child process's exec. */
1443 	wpid = waitpid(fpid, &status, 0);
1444 	ATF_REQUIRE(WIFSTOPPED(status));
1445 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1446 
1447 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1448 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_EXEC | PL_FLAG_SCX)) ==
1449 	    (PL_FLAG_EXEC | PL_FLAG_SCX));
1450 	ATF_REQUIRE(pl.pl_lwpid == lwps[1]);
1451 
1452 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1453 
1454 	/* The last event should be for the child process's exit. */
1455 	wpid = waitpid(fpid, &status, 0);
1456 	ATF_REQUIRE(WIFEXITED(status));
1457 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
1458 
1459 	wpid = wait(&status);
1460 	ATF_REQUIRE(wpid == -1);
1461 	ATF_REQUIRE(errno == ECHILD);
1462 }
1463 
1464 static void
1465 handler(int sig __unused)
1466 {
1467 }
1468 
1469 static void
1470 signal_main(void)
1471 {
1472 
1473 	signal(SIGINFO, handler);
1474 	raise(SIGINFO);
1475 	exit(0);
1476 }
1477 
1478 /*
1479  * Verify that the expected ptrace event is reported for a signal.
1480  */
1481 ATF_TC_WITHOUT_HEAD(ptrace__siginfo);
1482 ATF_TC_BODY(ptrace__siginfo, tc)
1483 {
1484 	struct ptrace_lwpinfo pl;
1485 	pid_t fpid, wpid;
1486 	int status;
1487 
1488 	ATF_REQUIRE((fpid = fork()) != -1);
1489 	if (fpid == 0) {
1490 		trace_me();
1491 		signal_main();
1492 	}
1493 
1494 	/* The first wait() should report the stop from SIGSTOP. */
1495 	wpid = waitpid(fpid, &status, 0);
1496 	ATF_REQUIRE(wpid == fpid);
1497 	ATF_REQUIRE(WIFSTOPPED(status));
1498 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1499 
1500 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1501 
1502 	/* The next event should be for the SIGINFO. */
1503 	wpid = waitpid(fpid, &status, 0);
1504 	ATF_REQUIRE(WIFSTOPPED(status));
1505 	ATF_REQUIRE(WSTOPSIG(status) == SIGINFO);
1506 
1507 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1508 	ATF_REQUIRE(pl.pl_event == PL_EVENT_SIGNAL);
1509 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
1510 	ATF_REQUIRE(pl.pl_siginfo.si_code == SI_LWP);
1511 	ATF_REQUIRE(pl.pl_siginfo.si_pid == wpid);
1512 
1513 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1514 
1515 	/* The last event should be for the child process's exit. */
1516 	wpid = waitpid(fpid, &status, 0);
1517 	ATF_REQUIRE(WIFEXITED(status));
1518 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
1519 
1520 	wpid = wait(&status);
1521 	ATF_REQUIRE(wpid == -1);
1522 	ATF_REQUIRE(errno == ECHILD);
1523 }
1524 
1525 /*
1526  * Verify that the expected ptrace events are reported for PTRACE_EXEC.
1527  */
1528 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_exec_disable);
1529 ATF_TC_BODY(ptrace__ptrace_exec_disable, tc)
1530 {
1531 	pid_t fpid, wpid;
1532 	int events, status;
1533 
1534 	ATF_REQUIRE((fpid = fork()) != -1);
1535 	if (fpid == 0) {
1536 		trace_me();
1537 		exec_thread(NULL);
1538 	}
1539 
1540 	/* The first wait() should report the stop from SIGSTOP. */
1541 	wpid = waitpid(fpid, &status, 0);
1542 	ATF_REQUIRE(wpid == fpid);
1543 	ATF_REQUIRE(WIFSTOPPED(status));
1544 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1545 
1546 	events = 0;
1547 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
1548 	    sizeof(events)) == 0);
1549 
1550 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1551 
1552 	/* Should get one event at exit. */
1553 	wpid = waitpid(fpid, &status, 0);
1554 	ATF_REQUIRE(WIFEXITED(status));
1555 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
1556 
1557 	wpid = wait(&status);
1558 	ATF_REQUIRE(wpid == -1);
1559 	ATF_REQUIRE(errno == ECHILD);
1560 }
1561 
1562 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_exec_enable);
1563 ATF_TC_BODY(ptrace__ptrace_exec_enable, tc)
1564 {
1565 	struct ptrace_lwpinfo pl;
1566 	pid_t fpid, wpid;
1567 	int events, status;
1568 
1569 	ATF_REQUIRE((fpid = fork()) != -1);
1570 	if (fpid == 0) {
1571 		trace_me();
1572 		exec_thread(NULL);
1573 	}
1574 
1575 	/* The first wait() should report the stop from SIGSTOP. */
1576 	wpid = waitpid(fpid, &status, 0);
1577 	ATF_REQUIRE(wpid == fpid);
1578 	ATF_REQUIRE(WIFSTOPPED(status));
1579 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1580 
1581 	events = PTRACE_EXEC;
1582 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
1583 	    sizeof(events)) == 0);
1584 
1585 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1586 
1587 	/* The next event should be for the child process's exec. */
1588 	wpid = waitpid(fpid, &status, 0);
1589 	ATF_REQUIRE(WIFSTOPPED(status));
1590 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1591 
1592 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1593 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_EXEC | PL_FLAG_SCX)) ==
1594 	    (PL_FLAG_EXEC | PL_FLAG_SCX));
1595 
1596 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1597 
1598 	/* The last event should be for the child process's exit. */
1599 	wpid = waitpid(fpid, &status, 0);
1600 	ATF_REQUIRE(WIFEXITED(status));
1601 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
1602 
1603 	wpid = wait(&status);
1604 	ATF_REQUIRE(wpid == -1);
1605 	ATF_REQUIRE(errno == ECHILD);
1606 }
1607 
1608 ATF_TC_WITHOUT_HEAD(ptrace__event_mask);
1609 ATF_TC_BODY(ptrace__event_mask, tc)
1610 {
1611 	pid_t fpid, wpid;
1612 	int events, status;
1613 
1614 	ATF_REQUIRE((fpid = fork()) != -1);
1615 	if (fpid == 0) {
1616 		trace_me();
1617 		exit(0);
1618 	}
1619 
1620 	/* The first wait() should report the stop from SIGSTOP. */
1621 	wpid = waitpid(fpid, &status, 0);
1622 	ATF_REQUIRE(wpid == fpid);
1623 	ATF_REQUIRE(WIFSTOPPED(status));
1624 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1625 
1626 	/* PT_FOLLOW_FORK should toggle the state of PTRACE_FORK. */
1627 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, fpid, NULL, 1) != -1);
1628 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1629 	    sizeof(events)) == 0);
1630 	ATF_REQUIRE(events & PTRACE_FORK);
1631 	ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, fpid, NULL, 0) != -1);
1632 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1633 	    sizeof(events)) == 0);
1634 	ATF_REQUIRE(!(events & PTRACE_FORK));
1635 
1636 	/* PT_LWP_EVENTS should toggle the state of PTRACE_LWP. */
1637 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, fpid, NULL, 1) != -1);
1638 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1639 	    sizeof(events)) == 0);
1640 	ATF_REQUIRE(events & PTRACE_LWP);
1641 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, fpid, NULL, 0) != -1);
1642 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1643 	    sizeof(events)) == 0);
1644 	ATF_REQUIRE(!(events & PTRACE_LWP));
1645 
1646 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1647 
1648 	/* Should get one event at exit. */
1649 	wpid = waitpid(fpid, &status, 0);
1650 	ATF_REQUIRE(WIFEXITED(status));
1651 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
1652 
1653 	wpid = wait(&status);
1654 	ATF_REQUIRE(wpid == -1);
1655 	ATF_REQUIRE(errno == ECHILD);
1656 }
1657 
1658 /*
1659  * Verify that the expected ptrace events are reported for PTRACE_VFORK.
1660  */
1661 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_vfork);
1662 ATF_TC_BODY(ptrace__ptrace_vfork, tc)
1663 {
1664 	struct ptrace_lwpinfo pl;
1665 	pid_t fpid, wpid;
1666 	int events, status;
1667 
1668 	ATF_REQUIRE((fpid = fork()) != -1);
1669 	if (fpid == 0) {
1670 		trace_me();
1671 		follow_fork_parent(true);
1672 	}
1673 
1674 	/* The first wait() should report the stop from SIGSTOP. */
1675 	wpid = waitpid(fpid, &status, 0);
1676 	ATF_REQUIRE(wpid == fpid);
1677 	ATF_REQUIRE(WIFSTOPPED(status));
1678 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1679 
1680 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
1681 	    sizeof(events)) == 0);
1682 	events |= PTRACE_VFORK;
1683 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
1684 	    sizeof(events)) == 0);
1685 
1686 	/* Continue the child ignoring the SIGSTOP. */
1687 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) != -1);
1688 
1689 	/* The next event should report the end of the vfork. */
1690 	wpid = wait(&status);
1691 	ATF_REQUIRE(wpid == fpid);
1692 	ATF_REQUIRE(WIFSTOPPED(status));
1693 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1694 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1695 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_VFORK_DONE) != 0);
1696 
1697 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) != -1);
1698 
1699 	wpid = wait(&status);
1700 	ATF_REQUIRE(wpid == fpid);
1701 	ATF_REQUIRE(WIFEXITED(status));
1702 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
1703 
1704 	wpid = wait(&status);
1705 	ATF_REQUIRE(wpid == -1);
1706 	ATF_REQUIRE(errno == ECHILD);
1707 }
1708 
1709 ATF_TC_WITHOUT_HEAD(ptrace__ptrace_vfork_follow);
1710 ATF_TC_BODY(ptrace__ptrace_vfork_follow, tc)
1711 {
1712 	struct ptrace_lwpinfo pl[2];
1713 	pid_t children[2], fpid, wpid;
1714 	int events, status;
1715 
1716 	ATF_REQUIRE((fpid = fork()) != -1);
1717 	if (fpid == 0) {
1718 		trace_me();
1719 		follow_fork_parent(true);
1720 	}
1721 
1722 	/* Parent process. */
1723 	children[0] = fpid;
1724 
1725 	/* The first wait() should report the stop from SIGSTOP. */
1726 	wpid = waitpid(children[0], &status, 0);
1727 	ATF_REQUIRE(wpid == children[0]);
1728 	ATF_REQUIRE(WIFSTOPPED(status));
1729 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1730 
1731 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, children[0], (caddr_t)&events,
1732 	    sizeof(events)) == 0);
1733 	events |= PTRACE_FORK | PTRACE_VFORK;
1734 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, children[0], (caddr_t)&events,
1735 	    sizeof(events)) == 0);
1736 
1737 	/* Continue the child ignoring the SIGSTOP. */
1738 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1739 
1740 	/* Wait for both halves of the fork event to get reported. */
1741 	children[1] = handle_fork_events(children[0], pl);
1742 	ATF_REQUIRE(children[1] > 0);
1743 
1744 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_VFORKED) != 0);
1745 
1746 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1747 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1);
1748 
1749 	/*
1750 	 * The child can't exit until the grandchild reports status, so the
1751 	 * grandchild should report its exit first to the debugger.
1752 	 */
1753 	wpid = waitpid(children[1], &status, 0);
1754 	ATF_REQUIRE(wpid == children[1]);
1755 	ATF_REQUIRE(WIFEXITED(status));
1756 	ATF_REQUIRE(WEXITSTATUS(status) == 2);
1757 
1758 	/*
1759 	 * The child should report it's vfork() completion before it
1760 	 * exits.
1761 	 */
1762 	wpid = wait(&status);
1763 	ATF_REQUIRE(wpid == children[0]);
1764 	ATF_REQUIRE(WIFSTOPPED(status));
1765 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1766 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl[0], sizeof(pl[0])) !=
1767 	    -1);
1768 	ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_VFORK_DONE) != 0);
1769 
1770 	ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1);
1771 
1772 	wpid = wait(&status);
1773 	ATF_REQUIRE(wpid == children[0]);
1774 	ATF_REQUIRE(WIFEXITED(status));
1775 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
1776 
1777 	wpid = wait(&status);
1778 	ATF_REQUIRE(wpid == -1);
1779 	ATF_REQUIRE(errno == ECHILD);
1780 }
1781 
1782 #ifdef HAVE_BREAKPOINT
1783 /*
1784  * Verify that no more events are reported after PT_KILL except for the
1785  * process exit when stopped due to a breakpoint trap.
1786  */
1787 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_breakpoint);
1788 ATF_TC_BODY(ptrace__PT_KILL_breakpoint, tc)
1789 {
1790 	pid_t fpid, wpid;
1791 	int status;
1792 
1793 	ATF_REQUIRE((fpid = fork()) != -1);
1794 	if (fpid == 0) {
1795 		trace_me();
1796 		breakpoint();
1797 		exit(1);
1798 	}
1799 
1800 	/* The first wait() should report the stop from SIGSTOP. */
1801 	wpid = waitpid(fpid, &status, 0);
1802 	ATF_REQUIRE(wpid == fpid);
1803 	ATF_REQUIRE(WIFSTOPPED(status));
1804 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1805 
1806 	/* Continue the child ignoring the SIGSTOP. */
1807 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1808 
1809 	/* The second wait() should report hitting the breakpoint. */
1810 	wpid = waitpid(fpid, &status, 0);
1811 	ATF_REQUIRE(wpid == fpid);
1812 	ATF_REQUIRE(WIFSTOPPED(status));
1813 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1814 
1815 	/* Kill the child process. */
1816 	ATF_REQUIRE(ptrace(PT_KILL, fpid, 0, 0) == 0);
1817 
1818 	/* The last wait() should report the SIGKILL. */
1819 	wpid = waitpid(fpid, &status, 0);
1820 	ATF_REQUIRE(wpid == fpid);
1821 	ATF_REQUIRE(WIFSIGNALED(status));
1822 	ATF_REQUIRE(WTERMSIG(status) == SIGKILL);
1823 
1824 	wpid = wait(&status);
1825 	ATF_REQUIRE(wpid == -1);
1826 	ATF_REQUIRE(errno == ECHILD);
1827 }
1828 #endif /* HAVE_BREAKPOINT */
1829 
1830 /*
1831  * Verify that no more events are reported after PT_KILL except for the
1832  * process exit when stopped inside of a system call.
1833  */
1834 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_system_call);
1835 ATF_TC_BODY(ptrace__PT_KILL_system_call, tc)
1836 {
1837 	struct ptrace_lwpinfo pl;
1838 	pid_t fpid, wpid;
1839 	int status;
1840 
1841 	ATF_REQUIRE((fpid = fork()) != -1);
1842 	if (fpid == 0) {
1843 		trace_me();
1844 		getpid();
1845 		exit(1);
1846 	}
1847 
1848 	/* The first wait() should report the stop from SIGSTOP. */
1849 	wpid = waitpid(fpid, &status, 0);
1850 	ATF_REQUIRE(wpid == fpid);
1851 	ATF_REQUIRE(WIFSTOPPED(status));
1852 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1853 
1854 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
1855 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
1856 
1857 	/* The second wait() should report a system call entry for getpid(). */
1858 	wpid = waitpid(fpid, &status, 0);
1859 	ATF_REQUIRE(wpid == fpid);
1860 	ATF_REQUIRE(WIFSTOPPED(status));
1861 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1862 
1863 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1864 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
1865 
1866 	/* Kill the child process. */
1867 	ATF_REQUIRE(ptrace(PT_KILL, fpid, 0, 0) == 0);
1868 
1869 	/* The last wait() should report the SIGKILL. */
1870 	wpid = waitpid(fpid, &status, 0);
1871 	ATF_REQUIRE(wpid == fpid);
1872 	ATF_REQUIRE(WIFSIGNALED(status));
1873 	ATF_REQUIRE(WTERMSIG(status) == SIGKILL);
1874 
1875 	wpid = wait(&status);
1876 	ATF_REQUIRE(wpid == -1);
1877 	ATF_REQUIRE(errno == ECHILD);
1878 }
1879 
1880 /*
1881  * Verify that no more events are reported after PT_KILL except for the
1882  * process exit when killing a multithreaded process.
1883  */
1884 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_threads);
1885 ATF_TC_BODY(ptrace__PT_KILL_threads, tc)
1886 {
1887 	struct ptrace_lwpinfo pl;
1888 	pid_t fpid, wpid;
1889 	lwpid_t main_lwp;
1890 	int status;
1891 
1892 	ATF_REQUIRE((fpid = fork()) != -1);
1893 	if (fpid == 0) {
1894 		trace_me();
1895 		simple_thread_main();
1896 	}
1897 
1898 	/* The first wait() should report the stop from SIGSTOP. */
1899 	wpid = waitpid(fpid, &status, 0);
1900 	ATF_REQUIRE(wpid == fpid);
1901 	ATF_REQUIRE(WIFSTOPPED(status));
1902 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
1903 
1904 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
1905 	    sizeof(pl)) != -1);
1906 	main_lwp = pl.pl_lwpid;
1907 
1908 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, wpid, NULL, 1) == 0);
1909 
1910 	/* Continue the child ignoring the SIGSTOP. */
1911 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
1912 
1913 	/* The first event should be for the child thread's birth. */
1914 	wpid = waitpid(fpid, &status, 0);
1915 	ATF_REQUIRE(wpid == fpid);
1916 	ATF_REQUIRE(WIFSTOPPED(status));
1917 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
1918 
1919 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
1920 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)) ==
1921 	    (PL_FLAG_BORN | PL_FLAG_SCX));
1922 	ATF_REQUIRE(pl.pl_lwpid != main_lwp);
1923 
1924 	/* Kill the child process. */
1925 	ATF_REQUIRE(ptrace(PT_KILL, fpid, 0, 0) == 0);
1926 
1927 	/* The last wait() should report the SIGKILL. */
1928 	wpid = waitpid(fpid, &status, 0);
1929 	ATF_REQUIRE(wpid == fpid);
1930 	ATF_REQUIRE(WIFSIGNALED(status));
1931 	ATF_REQUIRE(WTERMSIG(status) == SIGKILL);
1932 
1933 	wpid = wait(&status);
1934 	ATF_REQUIRE(wpid == -1);
1935 	ATF_REQUIRE(errno == ECHILD);
1936 }
1937 
1938 static void *
1939 mask_usr1_thread(void *arg)
1940 {
1941 	pthread_barrier_t *pbarrier;
1942 	sigset_t sigmask;
1943 
1944 	pbarrier = (pthread_barrier_t*)arg;
1945 
1946 	sigemptyset(&sigmask);
1947 	sigaddset(&sigmask, SIGUSR1);
1948 	CHILD_REQUIRE(pthread_sigmask(SIG_BLOCK, &sigmask, NULL) == 0);
1949 
1950 	/* Sync up with other thread after sigmask updated. */
1951 	pthread_barrier_wait(pbarrier);
1952 
1953 	for (;;)
1954 		sleep(60);
1955 
1956 	return (NULL);
1957 }
1958 
1959 /*
1960  * Verify that the SIGKILL from PT_KILL takes priority over other signals
1961  * and prevents spurious stops due to those other signals.
1962  */
1963 ATF_TC(ptrace__PT_KILL_competing_signal);
1964 ATF_TC_HEAD(ptrace__PT_KILL_competing_signal, tc)
1965 {
1966 
1967 	atf_tc_set_md_var(tc, "require.user", "root");
1968 }
1969 ATF_TC_BODY(ptrace__PT_KILL_competing_signal, tc)
1970 {
1971 	pid_t fpid, wpid;
1972 	int status;
1973 	cpuset_t setmask;
1974 	pthread_t t;
1975 	pthread_barrier_t barrier;
1976 	struct sched_param sched_param;
1977 
1978 	ATF_REQUIRE((fpid = fork()) != -1);
1979 	if (fpid == 0) {
1980 		/* Bind to one CPU so only one thread at a time will run. */
1981 		CPU_ZERO(&setmask);
1982 		CPU_SET(0, &setmask);
1983 		cpusetid_t setid;
1984 		CHILD_REQUIRE(cpuset(&setid) == 0);
1985 		CHILD_REQUIRE(cpuset_setaffinity(CPU_LEVEL_CPUSET,
1986 		    CPU_WHICH_CPUSET, setid, sizeof(setmask), &setmask) == 0);
1987 
1988 		CHILD_REQUIRE(pthread_barrier_init(&barrier, NULL, 2) == 0);
1989 
1990 		CHILD_REQUIRE(pthread_create(&t, NULL, mask_usr1_thread,
1991 		    (void*)&barrier) == 0);
1992 
1993 		/*
1994 		 * Give the main thread higher priority. The test always
1995 		 * assumes that, if both threads are able to run, the main
1996 		 * thread runs first.
1997 		 */
1998 		sched_param.sched_priority =
1999 		    (sched_get_priority_max(SCHED_FIFO) +
2000 		    sched_get_priority_min(SCHED_FIFO)) / 2;
2001 		CHILD_REQUIRE(pthread_setschedparam(pthread_self(),
2002 		    SCHED_FIFO, &sched_param) == 0);
2003 		sched_param.sched_priority -= RQ_PPQ;
2004 		CHILD_REQUIRE(pthread_setschedparam(t, SCHED_FIFO,
2005 		    &sched_param) == 0);
2006 
2007 		sigset_t sigmask;
2008 		sigemptyset(&sigmask);
2009 		sigaddset(&sigmask, SIGUSR2);
2010 		CHILD_REQUIRE(pthread_sigmask(SIG_BLOCK, &sigmask, NULL) == 0);
2011 
2012 		/* Sync up with other thread after sigmask updated. */
2013 		pthread_barrier_wait(&barrier);
2014 
2015 		trace_me();
2016 
2017 		for (;;)
2018 			sleep(60);
2019 
2020 		exit(1);
2021 	}
2022 
2023 	/* The first wait() should report the stop from SIGSTOP. */
2024 	wpid = waitpid(fpid, &status, 0);
2025 	ATF_REQUIRE(wpid == fpid);
2026 	ATF_REQUIRE(WIFSTOPPED(status));
2027 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2028 
2029 	/* Continue the child ignoring the SIGSTOP. */
2030 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2031 
2032 	/* Send a signal that only the second thread can handle. */
2033 	ATF_REQUIRE(kill(fpid, SIGUSR2) == 0);
2034 
2035 	/* The second wait() should report the SIGUSR2. */
2036 	wpid = waitpid(fpid, &status, 0);
2037 	ATF_REQUIRE(wpid == fpid);
2038 	ATF_REQUIRE(WIFSTOPPED(status));
2039 	ATF_REQUIRE(WSTOPSIG(status) == SIGUSR2);
2040 
2041 	/* Send a signal that only the first thread can handle. */
2042 	ATF_REQUIRE(kill(fpid, SIGUSR1) == 0);
2043 
2044 	/* Replace the SIGUSR2 with a kill. */
2045 	ATF_REQUIRE(ptrace(PT_KILL, fpid, 0, 0) == 0);
2046 
2047 	/* The last wait() should report the SIGKILL (not the SIGUSR signal). */
2048 	wpid = waitpid(fpid, &status, 0);
2049 	ATF_REQUIRE(wpid == fpid);
2050 	ATF_REQUIRE(WIFSIGNALED(status));
2051 	ATF_REQUIRE(WTERMSIG(status) == SIGKILL);
2052 
2053 	wpid = wait(&status);
2054 	ATF_REQUIRE(wpid == -1);
2055 	ATF_REQUIRE(errno == ECHILD);
2056 }
2057 
2058 /*
2059  * Verify that the SIGKILL from PT_KILL takes priority over other stop events
2060  * and prevents spurious stops caused by those events.
2061  */
2062 ATF_TC(ptrace__PT_KILL_competing_stop);
2063 ATF_TC_HEAD(ptrace__PT_KILL_competing_stop, tc)
2064 {
2065 
2066 	atf_tc_set_md_var(tc, "require.user", "root");
2067 }
2068 ATF_TC_BODY(ptrace__PT_KILL_competing_stop, tc)
2069 {
2070 	pid_t fpid, wpid;
2071 	int status;
2072 	cpuset_t setmask;
2073 	pthread_t t;
2074 	pthread_barrier_t barrier;
2075 	lwpid_t main_lwp;
2076 	struct ptrace_lwpinfo pl;
2077 	struct sched_param sched_param;
2078 
2079 	ATF_REQUIRE((fpid = fork()) != -1);
2080 	if (fpid == 0) {
2081 		trace_me();
2082 
2083 		/* Bind to one CPU so only one thread at a time will run. */
2084 		CPU_ZERO(&setmask);
2085 		CPU_SET(0, &setmask);
2086 		cpusetid_t setid;
2087 		CHILD_REQUIRE(cpuset(&setid) == 0);
2088 		CHILD_REQUIRE(cpuset_setaffinity(CPU_LEVEL_CPUSET,
2089 		    CPU_WHICH_CPUSET, setid, sizeof(setmask), &setmask) == 0);
2090 
2091 		CHILD_REQUIRE(pthread_barrier_init(&barrier, NULL, 2) == 0);
2092 
2093 		CHILD_REQUIRE(pthread_create(&t, NULL, mask_usr1_thread,
2094 		    (void*)&barrier) == 0);
2095 
2096 		/*
2097 		 * Give the main thread higher priority. The test always
2098 		 * assumes that, if both threads are able to run, the main
2099 		 * thread runs first.
2100 		 */
2101 		sched_param.sched_priority =
2102 		    (sched_get_priority_max(SCHED_FIFO) +
2103 		    sched_get_priority_min(SCHED_FIFO)) / 2;
2104 		CHILD_REQUIRE(pthread_setschedparam(pthread_self(),
2105 		    SCHED_FIFO, &sched_param) == 0);
2106 		sched_param.sched_priority -= RQ_PPQ;
2107 		CHILD_REQUIRE(pthread_setschedparam(t, SCHED_FIFO,
2108 		    &sched_param) == 0);
2109 
2110 		sigset_t sigmask;
2111 		sigemptyset(&sigmask);
2112 		sigaddset(&sigmask, SIGUSR2);
2113 		CHILD_REQUIRE(pthread_sigmask(SIG_BLOCK, &sigmask, NULL) == 0);
2114 
2115 		/* Sync up with other thread after sigmask updated. */
2116 		pthread_barrier_wait(&barrier);
2117 
2118 		/* Sync up with the test before doing the getpid(). */
2119 		raise(SIGSTOP);
2120 
2121 		getpid();
2122 		exit(1);
2123 	}
2124 
2125 	/* The first wait() should report the stop from SIGSTOP. */
2126 	wpid = waitpid(fpid, &status, 0);
2127 	ATF_REQUIRE(wpid == fpid);
2128 	ATF_REQUIRE(WIFSTOPPED(status));
2129 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2130 
2131 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2132 	main_lwp = pl.pl_lwpid;
2133 
2134 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2135 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
2136 
2137 	/*
2138 	 * Continue until child is done with setup, which is indicated with
2139 	 * SIGSTOP. Ignore system calls in the meantime.
2140 	 */
2141 	for (;;) {
2142 		wpid = waitpid(fpid, &status, 0);
2143 		ATF_REQUIRE(wpid == fpid);
2144 		ATF_REQUIRE(WIFSTOPPED(status));
2145 		if (WSTOPSIG(status) == SIGTRAP) {
2146 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
2147 			    sizeof(pl)) != -1);
2148 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2149 		} else {
2150 			ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2151 			break;
2152 		}
2153 		ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
2154 	}
2155 
2156 	/* Proceed, allowing main thread to hit syscall entry for getpid(). */
2157 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
2158 
2159 	wpid = waitpid(fpid, &status, 0);
2160 	ATF_REQUIRE(wpid == fpid);
2161 	ATF_REQUIRE(WIFSTOPPED(status));
2162 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
2163 
2164 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
2165 	    sizeof(pl)) != -1);
2166 	ATF_REQUIRE(pl.pl_lwpid == main_lwp);
2167 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2168 	/* Prevent the main thread from hitting its syscall exit for now. */
2169 	ATF_REQUIRE(ptrace(PT_SUSPEND, main_lwp, 0, 0) == 0);
2170 
2171 	/*
2172 	 * Proceed, allowing second thread to hit syscall exit for
2173 	 * pthread_barrier_wait().
2174 	 */
2175 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
2176 
2177 	wpid = waitpid(fpid, &status, 0);
2178 	ATF_REQUIRE(wpid == fpid);
2179 	ATF_REQUIRE(WIFSTOPPED(status));
2180 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
2181 
2182 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
2183 	    sizeof(pl)) != -1);
2184 	ATF_REQUIRE(pl.pl_lwpid != main_lwp);
2185 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
2186 
2187 	/* Send a signal that only the second thread can handle. */
2188 	ATF_REQUIRE(kill(fpid, SIGUSR2) == 0);
2189 
2190 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
2191 
2192 	/* The next wait() should report the SIGUSR2. */
2193 	wpid = waitpid(fpid, &status, 0);
2194 	ATF_REQUIRE(wpid == fpid);
2195 	ATF_REQUIRE(WIFSTOPPED(status));
2196 	ATF_REQUIRE(WSTOPSIG(status) == SIGUSR2);
2197 
2198 	/* Allow the main thread to try to finish its system call. */
2199 	ATF_REQUIRE(ptrace(PT_RESUME, main_lwp, 0, 0) == 0);
2200 
2201 	/*
2202 	 * At this point, the main thread is in the middle of a system call and
2203 	 * has been resumed. The second thread has taken a SIGUSR2 which will
2204 	 * be replaced with a SIGKILL below. The main thread will get to run
2205 	 * first. It should notice the kill request (even though the signal
2206 	 * replacement occurred in the other thread) and exit accordingly.  It
2207 	 * should not stop for the system call exit event.
2208 	 */
2209 
2210 	/* Replace the SIGUSR2 with a kill. */
2211 	ATF_REQUIRE(ptrace(PT_KILL, fpid, 0, 0) == 0);
2212 
2213 	/* The last wait() should report the SIGKILL (not a syscall exit). */
2214 	wpid = waitpid(fpid, &status, 0);
2215 	ATF_REQUIRE(wpid == fpid);
2216 	ATF_REQUIRE(WIFSIGNALED(status));
2217 	ATF_REQUIRE(WTERMSIG(status) == SIGKILL);
2218 
2219 	wpid = wait(&status);
2220 	ATF_REQUIRE(wpid == -1);
2221 	ATF_REQUIRE(errno == ECHILD);
2222 }
2223 
2224 static void
2225 sigusr1_handler(int sig)
2226 {
2227 
2228 	CHILD_REQUIRE(sig == SIGUSR1);
2229 	_exit(2);
2230 }
2231 
2232 /*
2233  * Verify that even if the signal queue is full for a child process,
2234  * a PT_KILL will kill the process.
2235  */
2236 ATF_TC_WITHOUT_HEAD(ptrace__PT_KILL_with_signal_full_sigqueue);
2237 ATF_TC_BODY(ptrace__PT_KILL_with_signal_full_sigqueue, tc)
2238 {
2239 	pid_t fpid, wpid;
2240 	int status;
2241 	int max_pending_per_proc;
2242 	size_t len;
2243 	int i;
2244 
2245 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_handler) != SIG_ERR);
2246 
2247 	ATF_REQUIRE((fpid = fork()) != -1);
2248 	if (fpid == 0) {
2249 		trace_me();
2250 		exit(1);
2251 	}
2252 
2253 	/* The first wait() should report the stop from SIGSTOP. */
2254 	wpid = waitpid(fpid, &status, 0);
2255 	ATF_REQUIRE(wpid == fpid);
2256 	ATF_REQUIRE(WIFSTOPPED(status));
2257 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2258 
2259 	len = sizeof(max_pending_per_proc);
2260 	ATF_REQUIRE(sysctlbyname("kern.sigqueue.max_pending_per_proc",
2261 	    &max_pending_per_proc, &len, NULL, 0) == 0);
2262 
2263 	/* Fill the signal queue. */
2264 	for (i = 0; i < max_pending_per_proc; ++i)
2265 		ATF_REQUIRE(kill(fpid, SIGUSR1) == 0);
2266 
2267 	/* Kill the child process. */
2268 	ATF_REQUIRE(ptrace(PT_KILL, fpid, 0, 0) == 0);
2269 
2270 	/* The last wait() should report the SIGKILL. */
2271 	wpid = waitpid(fpid, &status, 0);
2272 	ATF_REQUIRE(wpid == fpid);
2273 	ATF_REQUIRE(WIFSIGNALED(status));
2274 	ATF_REQUIRE(WTERMSIG(status) == SIGKILL);
2275 
2276 	wpid = wait(&status);
2277 	ATF_REQUIRE(wpid == -1);
2278 	ATF_REQUIRE(errno == ECHILD);
2279 }
2280 
2281 /*
2282  * Verify that when stopped at a system call entry, a signal can be
2283  * requested with PT_CONTINUE which will be delivered once the system
2284  * call is complete.
2285  */
2286 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_system_call_entry);
2287 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_system_call_entry, tc)
2288 {
2289 	struct ptrace_lwpinfo pl;
2290 	pid_t fpid, wpid;
2291 	int status;
2292 
2293 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_handler) != SIG_ERR);
2294 
2295 	ATF_REQUIRE((fpid = fork()) != -1);
2296 	if (fpid == 0) {
2297 		trace_me();
2298 		getpid();
2299 		exit(1);
2300 	}
2301 
2302 	/* The first wait() should report the stop from SIGSTOP. */
2303 	wpid = waitpid(fpid, &status, 0);
2304 	ATF_REQUIRE(wpid == fpid);
2305 	ATF_REQUIRE(WIFSTOPPED(status));
2306 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2307 
2308 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2309 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
2310 
2311 	/* The second wait() should report a system call entry for getpid(). */
2312 	wpid = waitpid(fpid, &status, 0);
2313 	ATF_REQUIRE(wpid == fpid);
2314 	ATF_REQUIRE(WIFSTOPPED(status));
2315 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
2316 
2317 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2318 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2319 
2320 	/* Continue the child process with a signal. */
2321 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
2322 
2323 	for (;;) {
2324 		/*
2325 		 * The last wait() should report exit 2, i.e., a normal _exit
2326 		 * from the signal handler. In the meantime, catch and proceed
2327 		 * past any syscall stops.
2328 		 */
2329 		wpid = waitpid(fpid, &status, 0);
2330 		ATF_REQUIRE(wpid == fpid);
2331 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2332 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2333 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2334 			ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2335 		} else {
2336 			ATF_REQUIRE(WIFEXITED(status));
2337 			ATF_REQUIRE(WEXITSTATUS(status) == 2);
2338 			break;
2339 		}
2340 	}
2341 
2342 	wpid = wait(&status);
2343 	ATF_REQUIRE(wpid == -1);
2344 	ATF_REQUIRE(errno == ECHILD);
2345 }
2346 
2347 static void
2348 sigusr1_counting_handler(int sig)
2349 {
2350 	static int counter = 0;
2351 
2352 	CHILD_REQUIRE(sig == SIGUSR1);
2353 	counter++;
2354 	if (counter == 2)
2355 		_exit(2);
2356 }
2357 
2358 /*
2359  * Verify that, when continuing from a stop at system call entry and exit,
2360  * a signal can be requested from both stops, and both will be delivered when
2361  * the system call is complete.
2362  */
2363 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_system_call_entry_and_exit);
2364 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_system_call_entry_and_exit, tc)
2365 {
2366 	struct ptrace_lwpinfo pl;
2367 	pid_t fpid, wpid;
2368 	int status;
2369 
2370 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_counting_handler) != SIG_ERR);
2371 
2372 	ATF_REQUIRE((fpid = fork()) != -1);
2373 	if (fpid == 0) {
2374 		trace_me();
2375 		getpid();
2376 		exit(1);
2377 	}
2378 
2379 	/* The first wait() should report the stop from SIGSTOP. */
2380 	wpid = waitpid(fpid, &status, 0);
2381 	ATF_REQUIRE(wpid == fpid);
2382 	ATF_REQUIRE(WIFSTOPPED(status));
2383 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2384 
2385 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2386 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
2387 
2388 	/* The second wait() should report a system call entry for getpid(). */
2389 	wpid = waitpid(fpid, &status, 0);
2390 	ATF_REQUIRE(wpid == fpid);
2391 	ATF_REQUIRE(WIFSTOPPED(status));
2392 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
2393 
2394 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2395 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2396 
2397 	/* Continue the child process with a signal. */
2398 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
2399 
2400 	/* The third wait() should report a system call exit for getpid(). */
2401 	wpid = waitpid(fpid, &status, 0);
2402 	ATF_REQUIRE(wpid == fpid);
2403 	ATF_REQUIRE(WIFSTOPPED(status));
2404 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
2405 
2406 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2407 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
2408 
2409 	/* Continue the child process with a signal. */
2410 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
2411 
2412 	for (;;) {
2413 		/*
2414 		 * The last wait() should report exit 2, i.e., a normal _exit
2415 		 * from the signal handler. In the meantime, catch and proceed
2416 		 * past any syscall stops.
2417 		 */
2418 		wpid = waitpid(fpid, &status, 0);
2419 		ATF_REQUIRE(wpid == fpid);
2420 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2421 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2422 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2423 			ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2424 		} else {
2425 			ATF_REQUIRE(WIFEXITED(status));
2426 			ATF_REQUIRE(WEXITSTATUS(status) == 2);
2427 			break;
2428 		}
2429 	}
2430 
2431 	wpid = wait(&status);
2432 	ATF_REQUIRE(wpid == -1);
2433 	ATF_REQUIRE(errno == ECHILD);
2434 }
2435 
2436 /*
2437  * Verify that even if the signal queue is full for a child process,
2438  * a PT_CONTINUE with a signal will not result in loss of that signal.
2439  */
2440 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_full_sigqueue);
2441 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_full_sigqueue, tc)
2442 {
2443 	pid_t fpid, wpid;
2444 	int status;
2445 	int max_pending_per_proc;
2446 	size_t len;
2447 	int i;
2448 
2449 	ATF_REQUIRE(signal(SIGUSR2, handler) != SIG_ERR);
2450 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_handler) != SIG_ERR);
2451 
2452 	ATF_REQUIRE((fpid = fork()) != -1);
2453 	if (fpid == 0) {
2454 		trace_me();
2455 		exit(1);
2456 	}
2457 
2458 	/* The first wait() should report the stop from SIGSTOP. */
2459 	wpid = waitpid(fpid, &status, 0);
2460 	ATF_REQUIRE(wpid == fpid);
2461 	ATF_REQUIRE(WIFSTOPPED(status));
2462 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2463 
2464 	len = sizeof(max_pending_per_proc);
2465 	ATF_REQUIRE(sysctlbyname("kern.sigqueue.max_pending_per_proc",
2466 	    &max_pending_per_proc, &len, NULL, 0) == 0);
2467 
2468 	/* Fill the signal queue. */
2469 	for (i = 0; i < max_pending_per_proc; ++i)
2470 		ATF_REQUIRE(kill(fpid, SIGUSR2) == 0);
2471 
2472 	/* Continue with signal. */
2473 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
2474 
2475 	for (;;) {
2476 		wpid = waitpid(fpid, &status, 0);
2477 		ATF_REQUIRE(wpid == fpid);
2478 		if (WIFSTOPPED(status)) {
2479 			ATF_REQUIRE(WSTOPSIG(status) == SIGUSR2);
2480 			ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2481 		} else {
2482 			/*
2483 			 * The last wait() should report normal _exit from the
2484 			 * SIGUSR1 handler.
2485 			 */
2486 			ATF_REQUIRE(WIFEXITED(status));
2487 			ATF_REQUIRE(WEXITSTATUS(status) == 2);
2488 			break;
2489 		}
2490 	}
2491 
2492 	wpid = wait(&status);
2493 	ATF_REQUIRE(wpid == -1);
2494 	ATF_REQUIRE(errno == ECHILD);
2495 }
2496 
2497 static sem_t sigusr1_sem;
2498 static int got_usr1;
2499 
2500 static void
2501 sigusr1_sempost_handler(int sig __unused)
2502 {
2503 
2504 	got_usr1++;
2505 	CHILD_REQUIRE(sem_post(&sigusr1_sem) == 0);
2506 }
2507 
2508 /*
2509  * Verify that even if the signal queue is full for a child process,
2510  * and the signal is masked, a PT_CONTINUE with a signal will not
2511  * result in loss of that signal.
2512  */
2513 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_masked_full_sigqueue);
2514 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_masked_full_sigqueue, tc)
2515 {
2516 	struct ptrace_lwpinfo pl;
2517 	pid_t fpid, wpid;
2518 	int status, err;
2519 	int max_pending_per_proc;
2520 	size_t len;
2521 	int i;
2522 	sigset_t sigmask;
2523 
2524 	ATF_REQUIRE(signal(SIGUSR2, handler) != SIG_ERR);
2525 	ATF_REQUIRE(sem_init(&sigusr1_sem, 0, 0) == 0);
2526 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
2527 
2528 	got_usr1 = 0;
2529 	ATF_REQUIRE((fpid = fork()) != -1);
2530 	if (fpid == 0) {
2531 		CHILD_REQUIRE(sigemptyset(&sigmask) == 0);
2532 		CHILD_REQUIRE(sigaddset(&sigmask, SIGUSR1) == 0);
2533 		CHILD_REQUIRE(sigprocmask(SIG_BLOCK, &sigmask, NULL) == 0);
2534 
2535 		trace_me();
2536 		CHILD_REQUIRE(got_usr1 == 0);
2537 
2538 		/* Allow the pending SIGUSR1 in now. */
2539 		CHILD_REQUIRE(sigprocmask(SIG_UNBLOCK, &sigmask, NULL) == 0);
2540 		/* Wait to receive the SIGUSR1. */
2541 		do {
2542 			err = sem_wait(&sigusr1_sem);
2543 			CHILD_REQUIRE(err == 0 || errno == EINTR);
2544 		} while (err != 0 && errno == EINTR);
2545 		CHILD_REQUIRE(got_usr1 == 1);
2546 		exit(1);
2547 	}
2548 
2549 	/* The first wait() should report the stop from SIGSTOP. */
2550 	wpid = waitpid(fpid, &status, 0);
2551 	ATF_REQUIRE(wpid == fpid);
2552 	ATF_REQUIRE(WIFSTOPPED(status));
2553 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2554 
2555 	len = sizeof(max_pending_per_proc);
2556 	ATF_REQUIRE(sysctlbyname("kern.sigqueue.max_pending_per_proc",
2557 	    &max_pending_per_proc, &len, NULL, 0) == 0);
2558 
2559 	/* Fill the signal queue. */
2560 	for (i = 0; i < max_pending_per_proc; ++i)
2561 		ATF_REQUIRE(kill(fpid, SIGUSR2) == 0);
2562 
2563 	/* Continue with signal. */
2564 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
2565 
2566 	/* Collect and ignore all of the SIGUSR2. */
2567 	for (i = 0; i < max_pending_per_proc; ++i) {
2568 		wpid = waitpid(fpid, &status, 0);
2569 		ATF_REQUIRE(wpid == fpid);
2570 		ATF_REQUIRE(WIFSTOPPED(status));
2571 		ATF_REQUIRE(WSTOPSIG(status) == SIGUSR2);
2572 		ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2573 	}
2574 
2575 	/* Now our PT_CONTINUE'd SIGUSR1 should cause a stop after unmask. */
2576 	wpid = waitpid(fpid, &status, 0);
2577 	ATF_REQUIRE(wpid == fpid);
2578 	ATF_REQUIRE(WIFSTOPPED(status));
2579 	ATF_REQUIRE(WSTOPSIG(status) == SIGUSR1);
2580 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
2581 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGUSR1);
2582 
2583 	/* Continue the child, ignoring the SIGUSR1. */
2584 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2585 
2586 	/* The last wait() should report exit after receiving SIGUSR1. */
2587 	wpid = waitpid(fpid, &status, 0);
2588 	ATF_REQUIRE(wpid == fpid);
2589 	ATF_REQUIRE(WIFEXITED(status));
2590 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
2591 
2592 	wpid = wait(&status);
2593 	ATF_REQUIRE(wpid == -1);
2594 	ATF_REQUIRE(errno == ECHILD);
2595 }
2596 
2597 /*
2598  * Verify that, after stopping due to a signal, that signal can be
2599  * replaced with another signal.
2600  */
2601 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_change_sig);
2602 ATF_TC_BODY(ptrace__PT_CONTINUE_change_sig, tc)
2603 {
2604 	struct ptrace_lwpinfo pl;
2605 	pid_t fpid, wpid;
2606 	int status;
2607 
2608 	ATF_REQUIRE((fpid = fork()) != -1);
2609 	if (fpid == 0) {
2610 		trace_me();
2611 		sleep(20);
2612 		exit(1);
2613 	}
2614 
2615 	/* The first wait() should report the stop from SIGSTOP. */
2616 	wpid = waitpid(fpid, &status, 0);
2617 	ATF_REQUIRE(wpid == fpid);
2618 	ATF_REQUIRE(WIFSTOPPED(status));
2619 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2620 
2621 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2622 
2623 	/* Send a signal without ptrace. */
2624 	ATF_REQUIRE(kill(fpid, SIGINT) == 0);
2625 
2626 	/* The second wait() should report a SIGINT was received. */
2627 	wpid = waitpid(fpid, &status, 0);
2628 	ATF_REQUIRE(wpid == fpid);
2629 	ATF_REQUIRE(WIFSTOPPED(status));
2630 	ATF_REQUIRE(WSTOPSIG(status) == SIGINT);
2631 
2632 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2633 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
2634 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGINT);
2635 
2636 	/* Continue the child process with a different signal. */
2637 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGTERM) == 0);
2638 
2639 	/*
2640 	 * The last wait() should report having died due to the new
2641 	 * signal, SIGTERM.
2642 	 */
2643 	wpid = waitpid(fpid, &status, 0);
2644 	ATF_REQUIRE(wpid == fpid);
2645 	ATF_REQUIRE(WIFSIGNALED(status));
2646 	ATF_REQUIRE(WTERMSIG(status) == SIGTERM);
2647 
2648 	wpid = wait(&status);
2649 	ATF_REQUIRE(wpid == -1);
2650 	ATF_REQUIRE(errno == ECHILD);
2651 }
2652 
2653 /*
2654  * Verify that a signal can be passed through to the child even when there
2655  * was no true signal originally. Such cases arise when a SIGTRAP is
2656  * invented for e.g, system call stops.
2657  */
2658 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_sigtrap_system_call_entry);
2659 ATF_TC_BODY(ptrace__PT_CONTINUE_with_sigtrap_system_call_entry, tc)
2660 {
2661 	struct ptrace_lwpinfo pl;
2662 	struct rlimit rl;
2663 	pid_t fpid, wpid;
2664 	int status;
2665 
2666 	ATF_REQUIRE((fpid = fork()) != -1);
2667 	if (fpid == 0) {
2668 		trace_me();
2669 		/* SIGTRAP expected to cause exit on syscall entry. */
2670 		rl.rlim_cur = rl.rlim_max = 0;
2671 		ATF_REQUIRE(setrlimit(RLIMIT_CORE, &rl) == 0);
2672 		getpid();
2673 		exit(1);
2674 	}
2675 
2676 	/* The first wait() should report the stop from SIGSTOP. */
2677 	wpid = waitpid(fpid, &status, 0);
2678 	ATF_REQUIRE(wpid == fpid);
2679 	ATF_REQUIRE(WIFSTOPPED(status));
2680 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2681 
2682 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2683 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
2684 
2685 	/* The second wait() should report a system call entry for getpid(). */
2686 	wpid = waitpid(fpid, &status, 0);
2687 	ATF_REQUIRE(wpid == fpid);
2688 	ATF_REQUIRE(WIFSTOPPED(status));
2689 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
2690 
2691 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2692 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2693 
2694 	/* Continue the child process with a SIGTRAP. */
2695 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGTRAP) == 0);
2696 
2697 	for (;;) {
2698 		/*
2699 		 * The last wait() should report exit due to SIGTRAP.  In the
2700 		 * meantime, catch and proceed past any syscall stops.
2701 		 */
2702 		wpid = waitpid(fpid, &status, 0);
2703 		ATF_REQUIRE(wpid == fpid);
2704 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2705 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2706 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2707 			ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2708 		} else {
2709 			ATF_REQUIRE(WIFSIGNALED(status));
2710 			ATF_REQUIRE(WTERMSIG(status) == SIGTRAP);
2711 			break;
2712 		}
2713 	}
2714 
2715 	wpid = wait(&status);
2716 	ATF_REQUIRE(wpid == -1);
2717 	ATF_REQUIRE(errno == ECHILD);
2718 
2719 }
2720 
2721 /*
2722  * A mixed bag PT_CONTINUE with signal test.
2723  */
2724 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_mix);
2725 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_mix, tc)
2726 {
2727 	struct ptrace_lwpinfo pl;
2728 	pid_t fpid, wpid;
2729 	int status;
2730 
2731 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_counting_handler) != SIG_ERR);
2732 
2733 	ATF_REQUIRE((fpid = fork()) != -1);
2734 	if (fpid == 0) {
2735 		trace_me();
2736 		getpid();
2737 		exit(1);
2738 	}
2739 
2740 	/* The first wait() should report the stop from SIGSTOP. */
2741 	wpid = waitpid(fpid, &status, 0);
2742 	ATF_REQUIRE(wpid == fpid);
2743 	ATF_REQUIRE(WIFSTOPPED(status));
2744 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2745 
2746 	/* Continue the child ignoring the SIGSTOP and tracing system calls. */
2747 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
2748 
2749 	/* The second wait() should report a system call entry for getpid(). */
2750 	wpid = waitpid(fpid, &status, 0);
2751 	ATF_REQUIRE(wpid == fpid);
2752 	ATF_REQUIRE(WIFSTOPPED(status));
2753 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
2754 
2755 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2756 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
2757 
2758 	/* Continue with the first SIGUSR1. */
2759 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
2760 
2761 	/* The next wait() should report a system call exit for getpid(). */
2762 	wpid = waitpid(fpid, &status, 0);
2763 	ATF_REQUIRE(wpid == fpid);
2764 	ATF_REQUIRE(WIFSTOPPED(status));
2765 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
2766 
2767 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2768 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCX);
2769 
2770 	/* Send an ABRT without ptrace. */
2771 	ATF_REQUIRE(kill(fpid, SIGABRT) == 0);
2772 
2773 	/* Continue normally. */
2774 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2775 
2776 	/* The next wait() should report the SIGABRT. */
2777 	wpid = waitpid(fpid, &status, 0);
2778 	ATF_REQUIRE(wpid == fpid);
2779 	ATF_REQUIRE(WIFSTOPPED(status));
2780 	ATF_REQUIRE(WSTOPSIG(status) == SIGABRT);
2781 
2782 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2783 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
2784 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGABRT);
2785 
2786 	/* Continue, replacing the SIGABRT with another SIGUSR1. */
2787 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
2788 
2789 	for (;;) {
2790 		/*
2791 		 * The last wait() should report exit 2, i.e., a normal _exit
2792 		 * from the signal handler. In the meantime, catch and proceed
2793 		 * past any syscall stops.
2794 		 */
2795 		wpid = waitpid(fpid, &status, 0);
2796 		ATF_REQUIRE(wpid == fpid);
2797 		if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
2798 			ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
2799 			ATF_REQUIRE(pl.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX));
2800 			ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2801 		} else {
2802 			ATF_REQUIRE(WIFEXITED(status));
2803 			ATF_REQUIRE(WEXITSTATUS(status) == 2);
2804 			break;
2805 		}
2806 	}
2807 
2808 	wpid = wait(&status);
2809 	ATF_REQUIRE(wpid == -1);
2810 	ATF_REQUIRE(errno == ECHILD);
2811 
2812 }
2813 
2814 /*
2815  * Verify a signal delivered by ptrace is noticed by kevent(2).
2816  */
2817 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_kqueue);
2818 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_kqueue, tc)
2819 {
2820 	pid_t fpid, wpid;
2821 	int status, kq, nevents;
2822 	struct kevent kev;
2823 
2824 	ATF_REQUIRE(signal(SIGUSR1, SIG_IGN) != SIG_ERR);
2825 
2826 	ATF_REQUIRE((fpid = fork()) != -1);
2827 	if (fpid == 0) {
2828 		CHILD_REQUIRE((kq = kqueue()) > 0);
2829 		EV_SET(&kev, SIGUSR1, EVFILT_SIGNAL, EV_ADD, 0, 0, 0);
2830 		CHILD_REQUIRE(kevent(kq, &kev, 1, NULL, 0, NULL) == 0);
2831 
2832 		trace_me();
2833 
2834 		for (;;) {
2835 			nevents = kevent(kq, NULL, 0, &kev, 1, NULL);
2836 			if (nevents == -1 && errno == EINTR)
2837 				continue;
2838 			CHILD_REQUIRE(nevents > 0);
2839 			CHILD_REQUIRE(kev.filter == EVFILT_SIGNAL);
2840 			CHILD_REQUIRE(kev.ident == SIGUSR1);
2841 			break;
2842 		}
2843 
2844 		exit(1);
2845 	}
2846 
2847 	/* The first wait() should report the stop from SIGSTOP. */
2848 	wpid = waitpid(fpid, &status, 0);
2849 	ATF_REQUIRE(wpid == fpid);
2850 	ATF_REQUIRE(WIFSTOPPED(status));
2851 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2852 
2853 	/* Continue with the SIGUSR1. */
2854 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
2855 
2856 	/*
2857 	 * The last wait() should report normal exit with code 1.
2858 	 */
2859 	wpid = waitpid(fpid, &status, 0);
2860 	ATF_REQUIRE(wpid == fpid);
2861 	ATF_REQUIRE(WIFEXITED(status));
2862 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
2863 
2864 	wpid = wait(&status);
2865 	ATF_REQUIRE(wpid == -1);
2866 	ATF_REQUIRE(errno == ECHILD);
2867 }
2868 
2869 static void *
2870 signal_thread(void *arg)
2871 {
2872 	int err;
2873 	sigset_t sigmask;
2874 
2875 	pthread_barrier_t *pbarrier = (pthread_barrier_t*)arg;
2876 
2877 	/* Wait for this thread to receive a SIGUSR1. */
2878 	do {
2879 		err = sem_wait(&sigusr1_sem);
2880 		CHILD_REQUIRE(err == 0 || errno == EINTR);
2881 	} while (err != 0 && errno == EINTR);
2882 
2883 	/* Free our companion thread from the barrier. */
2884 	pthread_barrier_wait(pbarrier);
2885 
2886 	/*
2887 	 * Swap ignore duties; the next SIGUSR1 should go to the
2888 	 * other thread.
2889 	 */
2890 	CHILD_REQUIRE(sigemptyset(&sigmask) == 0);
2891 	CHILD_REQUIRE(sigaddset(&sigmask, SIGUSR1) == 0);
2892 	CHILD_REQUIRE(pthread_sigmask(SIG_BLOCK, &sigmask, NULL) == 0);
2893 
2894 	/* Sync up threads after swapping signal masks. */
2895 	pthread_barrier_wait(pbarrier);
2896 
2897 	/* Wait until our companion has received its SIGUSR1. */
2898 	pthread_barrier_wait(pbarrier);
2899 
2900 	return (NULL);
2901 }
2902 
2903 /*
2904  * Verify that a traced process with blocked signal received the
2905  * signal from kill() once unmasked.
2906  */
2907 ATF_TC_WITHOUT_HEAD(ptrace__killed_with_sigmask);
2908 ATF_TC_BODY(ptrace__killed_with_sigmask, tc)
2909 {
2910 	struct ptrace_lwpinfo pl;
2911 	pid_t fpid, wpid;
2912 	int status, err;
2913 	sigset_t sigmask;
2914 
2915 	ATF_REQUIRE(sem_init(&sigusr1_sem, 0, 0) == 0);
2916 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
2917 	got_usr1 = 0;
2918 
2919 	ATF_REQUIRE((fpid = fork()) != -1);
2920 	if (fpid == 0) {
2921 		CHILD_REQUIRE(sigemptyset(&sigmask) == 0);
2922 		CHILD_REQUIRE(sigaddset(&sigmask, SIGUSR1) == 0);
2923 		CHILD_REQUIRE(sigprocmask(SIG_BLOCK, &sigmask, NULL) == 0);
2924 
2925 		trace_me();
2926 		CHILD_REQUIRE(got_usr1 == 0);
2927 
2928 		/* Allow the pending SIGUSR1 in now. */
2929 		CHILD_REQUIRE(sigprocmask(SIG_UNBLOCK, &sigmask, NULL) == 0);
2930 		/* Wait to receive a SIGUSR1. */
2931 		do {
2932 			err = sem_wait(&sigusr1_sem);
2933 			CHILD_REQUIRE(err == 0 || errno == EINTR);
2934 		} while (err != 0 && errno == EINTR);
2935 		CHILD_REQUIRE(got_usr1 == 1);
2936 		exit(1);
2937 	}
2938 
2939 	/* The first wait() should report the stop from SIGSTOP. */
2940 	wpid = waitpid(fpid, &status, 0);
2941 	ATF_REQUIRE(wpid == fpid);
2942 	ATF_REQUIRE(WIFSTOPPED(status));
2943 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
2944 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
2945 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGSTOP);
2946 
2947 	/* Send blocked SIGUSR1 which should cause a stop. */
2948 	ATF_REQUIRE(kill(fpid, SIGUSR1) == 0);
2949 
2950 	/* Continue the child ignoring the SIGSTOP. */
2951 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
2952 
2953 	/* The next wait() should report the kill(SIGUSR1) was received. */
2954 	wpid = waitpid(fpid, &status, 0);
2955 	ATF_REQUIRE(wpid == fpid);
2956 	ATF_REQUIRE(WIFSTOPPED(status));
2957 	ATF_REQUIRE(WSTOPSIG(status) == SIGUSR1);
2958 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
2959 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGUSR1);
2960 
2961 	/* Continue the child, allowing in the SIGUSR1. */
2962 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
2963 
2964 	/* The last wait() should report normal exit with code 1. */
2965 	wpid = waitpid(fpid, &status, 0);
2966 	ATF_REQUIRE(wpid == fpid);
2967 	ATF_REQUIRE(WIFEXITED(status));
2968 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
2969 
2970 	wpid = wait(&status);
2971 	ATF_REQUIRE(wpid == -1);
2972 	ATF_REQUIRE(errno == ECHILD);
2973 }
2974 
2975 /*
2976  * Verify that a traced process with blocked signal received the
2977  * signal from PT_CONTINUE once unmasked.
2978  */
2979 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_sigmask);
2980 ATF_TC_BODY(ptrace__PT_CONTINUE_with_sigmask, tc)
2981 {
2982 	struct ptrace_lwpinfo pl;
2983 	pid_t fpid, wpid;
2984 	int status, err;
2985 	sigset_t sigmask;
2986 
2987 	ATF_REQUIRE(sem_init(&sigusr1_sem, 0, 0) == 0);
2988 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
2989 	got_usr1 = 0;
2990 
2991 	ATF_REQUIRE((fpid = fork()) != -1);
2992 	if (fpid == 0) {
2993 		CHILD_REQUIRE(sigemptyset(&sigmask) == 0);
2994 		CHILD_REQUIRE(sigaddset(&sigmask, SIGUSR1) == 0);
2995 		CHILD_REQUIRE(sigprocmask(SIG_BLOCK, &sigmask, NULL) == 0);
2996 
2997 		trace_me();
2998 		CHILD_REQUIRE(got_usr1 == 0);
2999 
3000 		/* Allow the pending SIGUSR1 in now. */
3001 		CHILD_REQUIRE(sigprocmask(SIG_UNBLOCK, &sigmask, NULL) == 0);
3002 		/* Wait to receive a SIGUSR1. */
3003 		do {
3004 			err = sem_wait(&sigusr1_sem);
3005 			CHILD_REQUIRE(err == 0 || errno == EINTR);
3006 		} while (err != 0 && errno == EINTR);
3007 
3008 		CHILD_REQUIRE(got_usr1 == 1);
3009 		exit(1);
3010 	}
3011 
3012 	/* The first wait() should report the stop from SIGSTOP. */
3013 	wpid = waitpid(fpid, &status, 0);
3014 	ATF_REQUIRE(wpid == fpid);
3015 	ATF_REQUIRE(WIFSTOPPED(status));
3016 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3017 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
3018 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGSTOP);
3019 
3020 	/* Continue the child replacing SIGSTOP with SIGUSR1. */
3021 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
3022 
3023 	/* The next wait() should report the SIGUSR1 was received. */
3024 	wpid = waitpid(fpid, &status, 0);
3025 	ATF_REQUIRE(wpid == fpid);
3026 	ATF_REQUIRE(WIFSTOPPED(status));
3027 	ATF_REQUIRE(WSTOPSIG(status) == SIGUSR1);
3028 	ATF_REQUIRE(ptrace(PT_LWPINFO, fpid, (caddr_t)&pl, sizeof(pl)) != -1);
3029 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGUSR1);
3030 
3031 	/* Continue the child, ignoring the SIGUSR1. */
3032 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3033 
3034 	/* The last wait() should report normal exit with code 1. */
3035 	wpid = waitpid(fpid, &status, 0);
3036 	ATF_REQUIRE(wpid == fpid);
3037 	ATF_REQUIRE(WIFEXITED(status));
3038 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
3039 
3040 	wpid = wait(&status);
3041 	ATF_REQUIRE(wpid == -1);
3042 	ATF_REQUIRE(errno == ECHILD);
3043 }
3044 
3045 /*
3046  * Verify that if ptrace stops due to a signal but continues with
3047  * a different signal that the new signal is routed to a thread
3048  * that can accept it, and that the thread is awakened by the signal
3049  * in a timely manner.
3050  */
3051 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_with_signal_thread_sigmask);
3052 ATF_TC_BODY(ptrace__PT_CONTINUE_with_signal_thread_sigmask, tc)
3053 {
3054 	pid_t fpid, wpid;
3055 	int status, err;
3056 	pthread_t t;
3057 	sigset_t sigmask;
3058 	pthread_barrier_t barrier;
3059 
3060 	ATF_REQUIRE(pthread_barrier_init(&barrier, NULL, 2) == 0);
3061 	ATF_REQUIRE(sem_init(&sigusr1_sem, 0, 0) == 0);
3062 	ATF_REQUIRE(signal(SIGUSR1, sigusr1_sempost_handler) != SIG_ERR);
3063 
3064 	ATF_REQUIRE((fpid = fork()) != -1);
3065 	if (fpid == 0) {
3066 		CHILD_REQUIRE(pthread_create(&t, NULL, signal_thread, (void*)&barrier) == 0);
3067 
3068 		/* The other thread should receive the first SIGUSR1. */
3069 		CHILD_REQUIRE(sigemptyset(&sigmask) == 0);
3070 		CHILD_REQUIRE(sigaddset(&sigmask, SIGUSR1) == 0);
3071 		CHILD_REQUIRE(pthread_sigmask(SIG_BLOCK, &sigmask, NULL) == 0);
3072 
3073 		trace_me();
3074 
3075 		/* Wait until other thread has received its SIGUSR1. */
3076 		pthread_barrier_wait(&barrier);
3077 
3078 		/*
3079 		 * Swap ignore duties; the next SIGUSR1 should go to this
3080 		 * thread.
3081 		 */
3082 		CHILD_REQUIRE(pthread_sigmask(SIG_UNBLOCK, &sigmask, NULL) == 0);
3083 
3084 		/* Sync up threads after swapping signal masks. */
3085 		pthread_barrier_wait(&barrier);
3086 
3087 		/*
3088 		 * Sync up with test code; we're ready for the next SIGUSR1
3089 		 * now.
3090 		 */
3091 		raise(SIGSTOP);
3092 
3093 		/* Wait for this thread to receive a SIGUSR1. */
3094 		do {
3095 			err = sem_wait(&sigusr1_sem);
3096 			CHILD_REQUIRE(err == 0 || errno == EINTR);
3097 		} while (err != 0 && errno == EINTR);
3098 
3099 		/* Free the other thread from the barrier. */
3100 		pthread_barrier_wait(&barrier);
3101 
3102 		CHILD_REQUIRE(pthread_join(t, NULL) == 0);
3103 
3104 		exit(1);
3105 	}
3106 
3107 	/* The first wait() should report the stop from SIGSTOP. */
3108 	wpid = waitpid(fpid, &status, 0);
3109 	ATF_REQUIRE(wpid == fpid);
3110 	ATF_REQUIRE(WIFSTOPPED(status));
3111 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3112 
3113 	/* Continue the child ignoring the SIGSTOP. */
3114 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3115 
3116 	/*
3117 	 * Send a signal without ptrace that either thread will accept (USR2,
3118 	 * in this case).
3119 	 */
3120 	ATF_REQUIRE(kill(fpid, SIGUSR2) == 0);
3121 
3122 	/* The second wait() should report a SIGUSR2 was received. */
3123 	wpid = waitpid(fpid, &status, 0);
3124 	ATF_REQUIRE(wpid == fpid);
3125 	ATF_REQUIRE(WIFSTOPPED(status));
3126 	ATF_REQUIRE(WSTOPSIG(status) == SIGUSR2);
3127 
3128 	/* Continue the child, changing the signal to USR1. */
3129 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
3130 
3131 	/* The next wait() should report the stop from SIGSTOP. */
3132 	wpid = waitpid(fpid, &status, 0);
3133 	ATF_REQUIRE(wpid == fpid);
3134 	ATF_REQUIRE(WIFSTOPPED(status));
3135 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3136 
3137 	/* Continue the child ignoring the SIGSTOP. */
3138 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3139 
3140 	ATF_REQUIRE(kill(fpid, SIGUSR2) == 0);
3141 
3142 	/* The next wait() should report a SIGUSR2 was received. */
3143 	wpid = waitpid(fpid, &status, 0);
3144 	ATF_REQUIRE(wpid == fpid);
3145 	ATF_REQUIRE(WIFSTOPPED(status));
3146 	ATF_REQUIRE(WSTOPSIG(status) == SIGUSR2);
3147 
3148 	/* Continue the child, changing the signal to USR1. */
3149 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, SIGUSR1) == 0);
3150 
3151 	/* The last wait() should report normal exit with code 1. */
3152 	wpid = waitpid(fpid, &status, 0);
3153 	ATF_REQUIRE(wpid == fpid);
3154 	ATF_REQUIRE(WIFEXITED(status));
3155 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
3156 
3157 	wpid = wait(&status);
3158 	ATF_REQUIRE(wpid == -1);
3159 	ATF_REQUIRE(errno == ECHILD);
3160 }
3161 
3162 static void *
3163 raise_sigstop_thread(void *arg __unused)
3164 {
3165 
3166 	raise(SIGSTOP);
3167 	return NULL;
3168 }
3169 
3170 static void *
3171 sleep_thread(void *arg __unused)
3172 {
3173 
3174 	sleep(60);
3175 	return NULL;
3176 }
3177 
3178 static void
3179 terminate_with_pending_sigstop(bool sigstop_from_main_thread)
3180 {
3181 	pid_t fpid, wpid;
3182 	int status, i;
3183 	cpuset_t setmask;
3184 	cpusetid_t setid;
3185 	pthread_t t;
3186 
3187 	/*
3188 	 * Become the reaper for this process tree. We need to be able to check
3189 	 * that both child and grandchild have died.
3190 	 */
3191 	ATF_REQUIRE(procctl(P_PID, getpid(), PROC_REAP_ACQUIRE, NULL) == 0);
3192 
3193 	fpid = fork();
3194 	ATF_REQUIRE(fpid >= 0);
3195 	if (fpid == 0) {
3196 		fpid = fork();
3197 		CHILD_REQUIRE(fpid >= 0);
3198 		if (fpid == 0) {
3199 			trace_me();
3200 
3201 			/* Pin to CPU 0 to serialize thread execution. */
3202 			CPU_ZERO(&setmask);
3203 			CPU_SET(0, &setmask);
3204 			CHILD_REQUIRE(cpuset(&setid) == 0);
3205 			CHILD_REQUIRE(cpuset_setaffinity(CPU_LEVEL_CPUSET,
3206 			    CPU_WHICH_CPUSET, setid,
3207 			    sizeof(setmask), &setmask) == 0);
3208 
3209 			if (sigstop_from_main_thread) {
3210 				/*
3211 				 * We expect the SIGKILL sent when our parent
3212 				 * dies to be delivered to the new thread.
3213 				 * Raise the SIGSTOP in this thread so the
3214 				 * threads compete.
3215 				 */
3216 				CHILD_REQUIRE(pthread_create(&t, NULL,
3217 				    sleep_thread, NULL) == 0);
3218 				raise(SIGSTOP);
3219 			} else {
3220 				/*
3221 				 * We expect the SIGKILL to be delivered to
3222 				 * this thread. After creating the new thread,
3223 				 * just get off the CPU so the other thread can
3224 				 * raise the SIGSTOP.
3225 				 */
3226 				CHILD_REQUIRE(pthread_create(&t, NULL,
3227 				    raise_sigstop_thread, NULL) == 0);
3228 				sleep(60);
3229 			}
3230 
3231 			exit(0);
3232 		}
3233 		/* First stop is trace_me() immediately after fork. */
3234 		wpid = waitpid(fpid, &status, 0);
3235 		CHILD_REQUIRE(wpid == fpid);
3236 		CHILD_REQUIRE(WIFSTOPPED(status));
3237 		CHILD_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3238 
3239 		CHILD_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3240 
3241 		/* Second stop is from the raise(SIGSTOP). */
3242 		wpid = waitpid(fpid, &status, 0);
3243 		CHILD_REQUIRE(wpid == fpid);
3244 		CHILD_REQUIRE(WIFSTOPPED(status));
3245 		CHILD_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3246 
3247 		/*
3248 		 * Terminate tracing process without detaching. Our child
3249 		 * should be killed.
3250 		 */
3251 		exit(0);
3252 	}
3253 
3254 	/*
3255 	 * We should get a normal exit from our immediate child and a SIGKILL
3256 	 * exit from our grandchild. The latter case is the interesting one.
3257 	 * Our grandchild should not have stopped due to the SIGSTOP that was
3258 	 * left dangling when its parent died.
3259 	 */
3260 	for (i = 0; i < 2; ++i) {
3261 		wpid = wait(&status);
3262 		if (wpid == fpid)
3263 			ATF_REQUIRE(WIFEXITED(status) &&
3264 			    WEXITSTATUS(status) == 0);
3265 		else
3266 			ATF_REQUIRE(WIFSIGNALED(status) &&
3267 			    WTERMSIG(status) == SIGKILL);
3268 	}
3269 }
3270 
3271 /*
3272  * These two tests ensure that if the tracing process exits without detaching
3273  * just after the child received a SIGSTOP, the child is cleanly killed and
3274  * doesn't go to sleep due to the SIGSTOP. The parent's death will send a
3275  * SIGKILL to the child. If the SIGKILL and the SIGSTOP are handled by
3276  * different threads, the SIGKILL must win.  There are two variants of this
3277  * test, designed to catch the case where the SIGKILL is delivered to the
3278  * younger thread (the first test) and the case where the SIGKILL is delivered
3279  * to the older thread (the second test). This behavior has changed in the
3280  * past, so make no assumption.
3281  */
3282 ATF_TC(ptrace__parent_terminate_with_pending_sigstop1);
3283 ATF_TC_HEAD(ptrace__parent_terminate_with_pending_sigstop1, tc)
3284 {
3285 
3286 	atf_tc_set_md_var(tc, "require.user", "root");
3287 }
3288 ATF_TC_BODY(ptrace__parent_terminate_with_pending_sigstop1, tc)
3289 {
3290 
3291 	terminate_with_pending_sigstop(true);
3292 }
3293 
3294 ATF_TC(ptrace__parent_terminate_with_pending_sigstop2);
3295 ATF_TC_HEAD(ptrace__parent_terminate_with_pending_sigstop2, tc)
3296 {
3297 
3298 	atf_tc_set_md_var(tc, "require.user", "root");
3299 }
3300 ATF_TC_BODY(ptrace__parent_terminate_with_pending_sigstop2, tc)
3301 {
3302 
3303 	terminate_with_pending_sigstop(false);
3304 }
3305 
3306 /*
3307  * Verify that after ptrace() discards a SIGKILL signal, the event mask
3308  * is not modified.
3309  */
3310 ATF_TC_WITHOUT_HEAD(ptrace__event_mask_sigkill_discard);
3311 ATF_TC_BODY(ptrace__event_mask_sigkill_discard, tc)
3312 {
3313 	struct ptrace_lwpinfo pl;
3314 	pid_t fpid, wpid;
3315 	int status, event_mask, new_event_mask;
3316 
3317 	ATF_REQUIRE((fpid = fork()) != -1);
3318 	if (fpid == 0) {
3319 		trace_me();
3320 		raise(SIGSTOP);
3321 		exit(0);
3322 	}
3323 
3324 	/* The first wait() should report the stop from trace_me(). */
3325 	wpid = waitpid(fpid, &status, 0);
3326 	ATF_REQUIRE(wpid == fpid);
3327 	ATF_REQUIRE(WIFSTOPPED(status));
3328 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3329 
3330 	/* Set several unobtrusive event bits. */
3331 	event_mask = PTRACE_EXEC | PTRACE_FORK | PTRACE_LWP;
3332 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, wpid, (caddr_t)&event_mask,
3333 	    sizeof(event_mask)) == 0);
3334 
3335 	/* Send a SIGKILL without using ptrace. */
3336 	ATF_REQUIRE(kill(fpid, SIGKILL) == 0);
3337 
3338 	/* Continue the child ignoring the SIGSTOP. */
3339 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3340 
3341 	/* The next stop should be due to the SIGKILL. */
3342 	wpid = waitpid(fpid, &status, 0);
3343 	ATF_REQUIRE(wpid == fpid);
3344 	ATF_REQUIRE(WIFSTOPPED(status));
3345 	ATF_REQUIRE(WSTOPSIG(status) == SIGKILL);
3346 
3347 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3348 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3349 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGKILL);
3350 
3351 	/* Continue the child ignoring the SIGKILL. */
3352 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3353 
3354 	/* The next wait() should report the stop from SIGSTOP. */
3355 	wpid = waitpid(fpid, &status, 0);
3356 	ATF_REQUIRE(wpid == fpid);
3357 	ATF_REQUIRE(WIFSTOPPED(status));
3358 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3359 
3360 	/* Check the current event mask. It should not have changed. */
3361 	new_event_mask = 0;
3362 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, wpid, (caddr_t)&new_event_mask,
3363 	    sizeof(new_event_mask)) == 0);
3364 	ATF_REQUIRE(event_mask == new_event_mask);
3365 
3366 	/* Continue the child to let it exit. */
3367 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3368 
3369 	/* The last event should be for the child process's exit. */
3370 	wpid = waitpid(fpid, &status, 0);
3371 	ATF_REQUIRE(WIFEXITED(status));
3372 	ATF_REQUIRE(WEXITSTATUS(status) == 0);
3373 
3374 	wpid = wait(&status);
3375 	ATF_REQUIRE(wpid == -1);
3376 	ATF_REQUIRE(errno == ECHILD);
3377 }
3378 
3379 static void *
3380 flock_thread(void *arg)
3381 {
3382 	int fd;
3383 
3384 	fd = *(int *)arg;
3385 	(void)flock(fd, LOCK_EX);
3386 	(void)flock(fd, LOCK_UN);
3387 	return (NULL);
3388 }
3389 
3390 /*
3391  * Verify that PT_ATTACH will suspend threads sleeping in an SBDRY section.
3392  * We rely on the fact that the lockf implementation sets SBDRY before blocking
3393  * on a lock. This is a regression test for r318191.
3394  */
3395 ATF_TC_WITHOUT_HEAD(ptrace__PT_ATTACH_with_SBDRY_thread);
3396 ATF_TC_BODY(ptrace__PT_ATTACH_with_SBDRY_thread, tc)
3397 {
3398 	pthread_barrier_t barrier;
3399 	pthread_barrierattr_t battr;
3400 	char tmpfile[64];
3401 	pid_t child, wpid;
3402 	int error, fd, i, status;
3403 
3404 	ATF_REQUIRE(pthread_barrierattr_init(&battr) == 0);
3405 	ATF_REQUIRE(pthread_barrierattr_setpshared(&battr,
3406 	    PTHREAD_PROCESS_SHARED) == 0);
3407 	ATF_REQUIRE(pthread_barrier_init(&barrier, &battr, 2) == 0);
3408 
3409 	(void)snprintf(tmpfile, sizeof(tmpfile), "./ptrace.XXXXXX");
3410 	fd = mkstemp(tmpfile);
3411 	ATF_REQUIRE(fd >= 0);
3412 
3413 	ATF_REQUIRE((child = fork()) != -1);
3414 	if (child == 0) {
3415 		pthread_t t[2];
3416 		int cfd;
3417 
3418 		error = pthread_barrier_wait(&barrier);
3419 		if (error != 0 && error != PTHREAD_BARRIER_SERIAL_THREAD)
3420 			_exit(1);
3421 
3422 		cfd = open(tmpfile, O_RDONLY);
3423 		if (cfd < 0)
3424 			_exit(1);
3425 
3426 		/*
3427 		 * We want at least two threads blocked on the file lock since
3428 		 * the SIGSTOP from PT_ATTACH may kick one of them out of
3429 		 * sleep.
3430 		 */
3431 		if (pthread_create(&t[0], NULL, flock_thread, &cfd) != 0)
3432 			_exit(1);
3433 		if (pthread_create(&t[1], NULL, flock_thread, &cfd) != 0)
3434 			_exit(1);
3435 		if (pthread_join(t[0], NULL) != 0)
3436 			_exit(1);
3437 		if (pthread_join(t[1], NULL) != 0)
3438 			_exit(1);
3439 		_exit(0);
3440 	}
3441 
3442 	ATF_REQUIRE(flock(fd, LOCK_EX) == 0);
3443 
3444 	error = pthread_barrier_wait(&barrier);
3445 	ATF_REQUIRE(error == 0 || error == PTHREAD_BARRIER_SERIAL_THREAD);
3446 
3447 	/*
3448 	 * Give the child some time to block. Is there a better way to do this?
3449 	 */
3450 	sleep(1);
3451 
3452 	/*
3453 	 * Attach and give the child 3 seconds to stop.
3454 	 */
3455 	ATF_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) == 0);
3456 	for (i = 0; i < 3; i++) {
3457 		wpid = waitpid(child, &status, WNOHANG);
3458 		if (wpid == child && WIFSTOPPED(status) &&
3459 		    WSTOPSIG(status) == SIGSTOP)
3460 			break;
3461 		sleep(1);
3462 	}
3463 	ATF_REQUIRE_MSG(i < 3, "failed to stop child process after PT_ATTACH");
3464 
3465 	ATF_REQUIRE(ptrace(PT_DETACH, child, NULL, 0) == 0);
3466 
3467 	ATF_REQUIRE(flock(fd, LOCK_UN) == 0);
3468 	ATF_REQUIRE(unlink(tmpfile) == 0);
3469 	ATF_REQUIRE(close(fd) == 0);
3470 }
3471 
3472 static void
3473 sigusr1_step_handler(int sig)
3474 {
3475 
3476 	CHILD_REQUIRE(sig == SIGUSR1);
3477 	raise(SIGABRT);
3478 }
3479 
3480 /*
3481  * Verify that PT_STEP with a signal invokes the signal before
3482  * stepping the next instruction (and that the next instruction is
3483  * stepped correctly).
3484  */
3485 ATF_TC_WITHOUT_HEAD(ptrace__PT_STEP_with_signal);
3486 ATF_TC_BODY(ptrace__PT_STEP_with_signal, tc)
3487 {
3488 	struct ptrace_lwpinfo pl;
3489 	pid_t fpid, wpid;
3490 	int status;
3491 
3492 	ATF_REQUIRE((fpid = fork()) != -1);
3493 	if (fpid == 0) {
3494 		trace_me();
3495 		signal(SIGUSR1, sigusr1_step_handler);
3496 		raise(SIGABRT);
3497 		exit(1);
3498 	}
3499 
3500 	/* The first wait() should report the stop from SIGSTOP. */
3501 	wpid = waitpid(fpid, &status, 0);
3502 	ATF_REQUIRE(wpid == fpid);
3503 	ATF_REQUIRE(WIFSTOPPED(status));
3504 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3505 
3506 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3507 
3508 	/* The next stop should report the SIGABRT in the child body. */
3509 	wpid = waitpid(fpid, &status, 0);
3510 	ATF_REQUIRE(wpid == fpid);
3511 	ATF_REQUIRE(WIFSTOPPED(status));
3512 	ATF_REQUIRE(WSTOPSIG(status) == SIGABRT);
3513 
3514 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3515 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3516 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGABRT);
3517 
3518 	/* Step the child process inserting SIGUSR1. */
3519 	ATF_REQUIRE(ptrace(PT_STEP, fpid, (caddr_t)1, SIGUSR1) == 0);
3520 
3521 	/* The next stop should report the SIGABRT in the signal handler. */
3522 	wpid = waitpid(fpid, &status, 0);
3523 	ATF_REQUIRE(wpid == fpid);
3524 	ATF_REQUIRE(WIFSTOPPED(status));
3525 	ATF_REQUIRE(WSTOPSIG(status) == SIGABRT);
3526 
3527 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3528 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3529 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGABRT);
3530 
3531 	/* Continue the child process discarding the signal. */
3532 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3533 
3534 	/* The next stop should report a trace trap from PT_STEP. */
3535 	wpid = waitpid(fpid, &status, 0);
3536 	ATF_REQUIRE(wpid == fpid);
3537 	ATF_REQUIRE(WIFSTOPPED(status));
3538 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
3539 
3540 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3541 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3542 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGTRAP);
3543 	ATF_REQUIRE(pl.pl_siginfo.si_code == TRAP_TRACE);
3544 
3545 	/* Continue the child to let it exit. */
3546 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3547 
3548 	/* The last event should be for the child process's exit. */
3549 	wpid = waitpid(fpid, &status, 0);
3550 	ATF_REQUIRE(WIFEXITED(status));
3551 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
3552 
3553 	wpid = wait(&status);
3554 	ATF_REQUIRE(wpid == -1);
3555 	ATF_REQUIRE(errno == ECHILD);
3556 }
3557 
3558 #ifdef HAVE_BREAKPOINT
3559 /*
3560  * Verify that a SIGTRAP event with the TRAP_BRKPT code is reported
3561  * for a breakpoint trap.
3562  */
3563 ATF_TC_WITHOUT_HEAD(ptrace__breakpoint_siginfo);
3564 ATF_TC_BODY(ptrace__breakpoint_siginfo, tc)
3565 {
3566 	struct ptrace_lwpinfo pl;
3567 	pid_t fpid, wpid;
3568 	int status;
3569 
3570 	ATF_REQUIRE((fpid = fork()) != -1);
3571 	if (fpid == 0) {
3572 		trace_me();
3573 		breakpoint();
3574 		exit(1);
3575 	}
3576 
3577 	/* The first wait() should report the stop from SIGSTOP. */
3578 	wpid = waitpid(fpid, &status, 0);
3579 	ATF_REQUIRE(wpid == fpid);
3580 	ATF_REQUIRE(WIFSTOPPED(status));
3581 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3582 
3583 	/* Continue the child ignoring the SIGSTOP. */
3584 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3585 
3586 	/* The second wait() should report hitting the breakpoint. */
3587 	wpid = waitpid(fpid, &status, 0);
3588 	ATF_REQUIRE(wpid == fpid);
3589 	ATF_REQUIRE(WIFSTOPPED(status));
3590 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
3591 
3592 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3593 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3594 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGTRAP);
3595 	ATF_REQUIRE(pl.pl_siginfo.si_code == TRAP_BRKPT);
3596 
3597 	/* Kill the child process. */
3598 	ATF_REQUIRE(ptrace(PT_KILL, fpid, 0, 0) == 0);
3599 
3600 	/* The last wait() should report the SIGKILL. */
3601 	wpid = waitpid(fpid, &status, 0);
3602 	ATF_REQUIRE(wpid == fpid);
3603 	ATF_REQUIRE(WIFSIGNALED(status));
3604 	ATF_REQUIRE(WTERMSIG(status) == SIGKILL);
3605 
3606 	wpid = wait(&status);
3607 	ATF_REQUIRE(wpid == -1);
3608 	ATF_REQUIRE(errno == ECHILD);
3609 }
3610 #endif /* HAVE_BREAKPOINT */
3611 
3612 /*
3613  * Verify that a SIGTRAP event with the TRAP_TRACE code is reported
3614  * for a single-step trap from PT_STEP.
3615  */
3616 ATF_TC_WITHOUT_HEAD(ptrace__step_siginfo);
3617 ATF_TC_BODY(ptrace__step_siginfo, tc)
3618 {
3619 	struct ptrace_lwpinfo pl;
3620 	pid_t fpid, wpid;
3621 	int status;
3622 
3623 	ATF_REQUIRE((fpid = fork()) != -1);
3624 	if (fpid == 0) {
3625 		trace_me();
3626 		exit(1);
3627 	}
3628 
3629 	/* The first wait() should report the stop from SIGSTOP. */
3630 	wpid = waitpid(fpid, &status, 0);
3631 	ATF_REQUIRE(wpid == fpid);
3632 	ATF_REQUIRE(WIFSTOPPED(status));
3633 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3634 
3635 	/* Step the child ignoring the SIGSTOP. */
3636 	ATF_REQUIRE(ptrace(PT_STEP, fpid, (caddr_t)1, 0) == 0);
3637 
3638 	/* The second wait() should report a single-step trap. */
3639 	wpid = waitpid(fpid, &status, 0);
3640 	ATF_REQUIRE(wpid == fpid);
3641 	ATF_REQUIRE(WIFSTOPPED(status));
3642 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
3643 
3644 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3645 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3646 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGTRAP);
3647 	ATF_REQUIRE(pl.pl_siginfo.si_code == TRAP_TRACE);
3648 
3649 	/* Continue the child process. */
3650 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3651 
3652 	/* The last event should be for the child process's exit. */
3653 	wpid = waitpid(fpid, &status, 0);
3654 	ATF_REQUIRE(WIFEXITED(status));
3655 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
3656 
3657 	wpid = wait(&status);
3658 	ATF_REQUIRE(wpid == -1);
3659 	ATF_REQUIRE(errno == ECHILD);
3660 }
3661 
3662 #if defined(HAVE_BREAKPOINT) && defined(SKIP_BREAK)
3663 static void *
3664 continue_thread(void *arg __unused)
3665 {
3666 	breakpoint();
3667 	return (NULL);
3668 }
3669 
3670 static __dead2 void
3671 continue_thread_main(void)
3672 {
3673 	pthread_t threads[2];
3674 
3675 	CHILD_REQUIRE(pthread_create(&threads[0], NULL, continue_thread,
3676 	    NULL) == 0);
3677 	CHILD_REQUIRE(pthread_create(&threads[1], NULL, continue_thread,
3678 	    NULL) == 0);
3679 	CHILD_REQUIRE(pthread_join(threads[0], NULL) == 0);
3680 	CHILD_REQUIRE(pthread_join(threads[1], NULL) == 0);
3681 	exit(1);
3682 }
3683 
3684 /*
3685  * Ensure that PT_CONTINUE clears the status of the thread that
3686  * triggered the stop even if a different thread's LWP was passed to
3687  * PT_CONTINUE.
3688  */
3689 ATF_TC_WITHOUT_HEAD(ptrace__PT_CONTINUE_different_thread);
3690 ATF_TC_BODY(ptrace__PT_CONTINUE_different_thread, tc)
3691 {
3692 	struct ptrace_lwpinfo pl;
3693 	pid_t fpid, wpid;
3694 	lwpid_t lwps[2];
3695 	bool hit_break[2];
3696 	struct reg reg;
3697 	int i, j, status;
3698 
3699 	ATF_REQUIRE((fpid = fork()) != -1);
3700 	if (fpid == 0) {
3701 		trace_me();
3702 		continue_thread_main();
3703 	}
3704 
3705 	/* The first wait() should report the stop from SIGSTOP. */
3706 	wpid = waitpid(fpid, &status, 0);
3707 	ATF_REQUIRE(wpid == fpid);
3708 	ATF_REQUIRE(WIFSTOPPED(status));
3709 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3710 
3711 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
3712 	    sizeof(pl)) != -1);
3713 
3714 	ATF_REQUIRE(ptrace(PT_LWP_EVENTS, wpid, NULL, 1) == 0);
3715 
3716 	/* Continue the child ignoring the SIGSTOP. */
3717 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3718 
3719 	/* One of the new threads should report it's birth. */
3720 	wpid = waitpid(fpid, &status, 0);
3721 	ATF_REQUIRE(wpid == fpid);
3722 	ATF_REQUIRE(WIFSTOPPED(status));
3723 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
3724 
3725 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3726 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)) ==
3727 	    (PL_FLAG_BORN | PL_FLAG_SCX));
3728 	lwps[0] = pl.pl_lwpid;
3729 
3730 	/*
3731 	 * Suspend this thread to ensure both threads are alive before
3732 	 * hitting the breakpoint.
3733 	 */
3734 	ATF_REQUIRE(ptrace(PT_SUSPEND, lwps[0], NULL, 0) != -1);
3735 
3736 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3737 
3738 	/* Second thread should report it's birth. */
3739 	wpid = waitpid(fpid, &status, 0);
3740 	ATF_REQUIRE(wpid == fpid);
3741 	ATF_REQUIRE(WIFSTOPPED(status));
3742 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
3743 
3744 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3745 	ATF_REQUIRE((pl.pl_flags & (PL_FLAG_BORN | PL_FLAG_SCX)) ==
3746 	    (PL_FLAG_BORN | PL_FLAG_SCX));
3747 	ATF_REQUIRE(pl.pl_lwpid != lwps[0]);
3748 	lwps[1] = pl.pl_lwpid;
3749 
3750 	/* Resume both threads waiting for breakpoint events. */
3751 	hit_break[0] = hit_break[1] = false;
3752 	ATF_REQUIRE(ptrace(PT_RESUME, lwps[0], NULL, 0) != -1);
3753 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3754 
3755 	/* One thread should report a breakpoint. */
3756 	wpid = waitpid(fpid, &status, 0);
3757 	ATF_REQUIRE(wpid == fpid);
3758 	ATF_REQUIRE(WIFSTOPPED(status));
3759 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
3760 
3761 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3762 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3763 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGTRAP &&
3764 	    pl.pl_siginfo.si_code == TRAP_BRKPT);
3765 	if (pl.pl_lwpid == lwps[0])
3766 		i = 0;
3767 	else
3768 		i = 1;
3769 	hit_break[i] = true;
3770 	ATF_REQUIRE(ptrace(PT_GETREGS, pl.pl_lwpid, (caddr_t)&reg, 0) != -1);
3771 	SKIP_BREAK(&reg);
3772 	ATF_REQUIRE(ptrace(PT_SETREGS, pl.pl_lwpid, (caddr_t)&reg, 0) != -1);
3773 
3774 	/*
3775 	 * Resume both threads but pass the other thread's LWPID to
3776 	 * PT_CONTINUE.
3777 	 */
3778 	ATF_REQUIRE(ptrace(PT_CONTINUE, lwps[i ^ 1], (caddr_t)1, 0) == 0);
3779 
3780 	/*
3781 	 * Will now get two thread exit events and one more breakpoint
3782 	 * event.
3783 	 */
3784 	for (j = 0; j < 3; j++) {
3785 		wpid = waitpid(fpid, &status, 0);
3786 		ATF_REQUIRE(wpid == fpid);
3787 		ATF_REQUIRE(WIFSTOPPED(status));
3788 		ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
3789 
3790 		ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl,
3791 		    sizeof(pl)) != -1);
3792 
3793 		if (pl.pl_lwpid == lwps[0])
3794 			i = 0;
3795 		else
3796 			i = 1;
3797 
3798 		ATF_REQUIRE_MSG(lwps[i] != 0, "event for exited thread");
3799 		if (pl.pl_flags & PL_FLAG_EXITED) {
3800 			ATF_REQUIRE_MSG(hit_break[i],
3801 			    "exited thread did not report breakpoint");
3802 			lwps[i] = 0;
3803 		} else {
3804 			ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) != 0);
3805 			ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGTRAP &&
3806 			    pl.pl_siginfo.si_code == TRAP_BRKPT);
3807 			ATF_REQUIRE_MSG(!hit_break[i],
3808 			    "double breakpoint event");
3809 			hit_break[i] = true;
3810 			ATF_REQUIRE(ptrace(PT_GETREGS, pl.pl_lwpid, (caddr_t)&reg,
3811 			    0) != -1);
3812 			SKIP_BREAK(&reg);
3813 			ATF_REQUIRE(ptrace(PT_SETREGS, pl.pl_lwpid, (caddr_t)&reg,
3814 			    0) != -1);
3815 		}
3816 
3817 		ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3818 	}
3819 
3820 	/* Both threads should have exited. */
3821 	ATF_REQUIRE(lwps[0] == 0);
3822 	ATF_REQUIRE(lwps[1] == 0);
3823 
3824 	/* The last event should be for the child process's exit. */
3825 	wpid = waitpid(fpid, &status, 0);
3826 	ATF_REQUIRE(WIFEXITED(status));
3827 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
3828 
3829 	wpid = wait(&status);
3830 	ATF_REQUIRE(wpid == -1);
3831 	ATF_REQUIRE(errno == ECHILD);
3832 }
3833 #endif
3834 
3835 /*
3836  * Verify that PT_LWPINFO doesn't return stale siginfo.
3837  */
3838 ATF_TC_WITHOUT_HEAD(ptrace__PT_LWPINFO_stale_siginfo);
3839 ATF_TC_BODY(ptrace__PT_LWPINFO_stale_siginfo, tc)
3840 {
3841 	struct ptrace_lwpinfo pl;
3842 	pid_t fpid, wpid;
3843 	int events, status;
3844 
3845 	ATF_REQUIRE((fpid = fork()) != -1);
3846 	if (fpid == 0) {
3847 		trace_me();
3848 		raise(SIGABRT);
3849 		exit(1);
3850 	}
3851 
3852 	/* The first wait() should report the stop from SIGSTOP. */
3853 	wpid = waitpid(fpid, &status, 0);
3854 	ATF_REQUIRE(wpid == fpid);
3855 	ATF_REQUIRE(WIFSTOPPED(status));
3856 	ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP);
3857 
3858 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3859 
3860 	/* The next stop should report the SIGABRT in the child body. */
3861 	wpid = waitpid(fpid, &status, 0);
3862 	ATF_REQUIRE(wpid == fpid);
3863 	ATF_REQUIRE(WIFSTOPPED(status));
3864 	ATF_REQUIRE(WSTOPSIG(status) == SIGABRT);
3865 
3866 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3867 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SI);
3868 	ATF_REQUIRE(pl.pl_siginfo.si_signo == SIGABRT);
3869 
3870 	/*
3871 	 * Continue the process ignoring the signal, but enabling
3872 	 * syscall traps.
3873 	 */
3874 	ATF_REQUIRE(ptrace(PT_SYSCALL, fpid, (caddr_t)1, 0) == 0);
3875 
3876 	/*
3877 	 * The next stop should report a system call entry from
3878 	 * exit().  PL_FLAGS_SI should not be set.
3879 	 */
3880 	wpid = waitpid(fpid, &status, 0);
3881 	ATF_REQUIRE(wpid == fpid);
3882 	ATF_REQUIRE(WIFSTOPPED(status));
3883 	ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP);
3884 
3885 	ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, sizeof(pl)) != -1);
3886 	ATF_REQUIRE(pl.pl_flags & PL_FLAG_SCE);
3887 	ATF_REQUIRE((pl.pl_flags & PL_FLAG_SI) == 0);
3888 
3889 	/* Disable syscall tracing and continue the child to let it exit. */
3890 	ATF_REQUIRE(ptrace(PT_GET_EVENT_MASK, fpid, (caddr_t)&events,
3891 	    sizeof(events)) == 0);
3892 	events &= ~PTRACE_SYSCALL;
3893 	ATF_REQUIRE(ptrace(PT_SET_EVENT_MASK, fpid, (caddr_t)&events,
3894 	    sizeof(events)) == 0);
3895 	ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0);
3896 
3897 	/* The last event should be for the child process's exit. */
3898 	wpid = waitpid(fpid, &status, 0);
3899 	ATF_REQUIRE(WIFEXITED(status));
3900 	ATF_REQUIRE(WEXITSTATUS(status) == 1);
3901 
3902 	wpid = wait(&status);
3903 	ATF_REQUIRE(wpid == -1);
3904 	ATF_REQUIRE(errno == ECHILD);
3905 }
3906 
3907 ATF_TP_ADD_TCS(tp)
3908 {
3909 
3910 	ATF_TP_ADD_TC(tp, ptrace__parent_wait_after_trace_me);
3911 	ATF_TP_ADD_TC(tp, ptrace__parent_wait_after_attach);
3912 	ATF_TP_ADD_TC(tp, ptrace__parent_sees_exit_after_child_debugger);
3913 	ATF_TP_ADD_TC(tp, ptrace__parent_sees_exit_after_unrelated_debugger);
3914 	ATF_TP_ADD_TC(tp, ptrace__parent_exits_before_child);
3915 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_both_attached);
3916 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_child_detached);
3917 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_parent_detached);
3918 	ATF_TP_ADD_TC(tp, ptrace__follow_fork_both_attached_unrelated_debugger);
3919 	ATF_TP_ADD_TC(tp,
3920 	    ptrace__follow_fork_child_detached_unrelated_debugger);
3921 	ATF_TP_ADD_TC(tp,
3922 	    ptrace__follow_fork_parent_detached_unrelated_debugger);
3923 	ATF_TP_ADD_TC(tp, ptrace__getppid);
3924 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_fork);
3925 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_vfork);
3926 	ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_thread);
3927 	ATF_TP_ADD_TC(tp, ptrace__lwp_events);
3928 	ATF_TP_ADD_TC(tp, ptrace__lwp_events_exec);
3929 	ATF_TP_ADD_TC(tp, ptrace__siginfo);
3930 	ATF_TP_ADD_TC(tp, ptrace__ptrace_exec_disable);
3931 	ATF_TP_ADD_TC(tp, ptrace__ptrace_exec_enable);
3932 	ATF_TP_ADD_TC(tp, ptrace__event_mask);
3933 	ATF_TP_ADD_TC(tp, ptrace__ptrace_vfork);
3934 	ATF_TP_ADD_TC(tp, ptrace__ptrace_vfork_follow);
3935 #ifdef HAVE_BREAKPOINT
3936 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_breakpoint);
3937 #endif
3938 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_system_call);
3939 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_threads);
3940 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_competing_signal);
3941 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_competing_stop);
3942 	ATF_TP_ADD_TC(tp, ptrace__PT_KILL_with_signal_full_sigqueue);
3943 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_system_call_entry);
3944 	ATF_TP_ADD_TC(tp,
3945 	    ptrace__PT_CONTINUE_with_signal_system_call_entry_and_exit);
3946 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_full_sigqueue);
3947 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_masked_full_sigqueue);
3948 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_change_sig);
3949 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_sigtrap_system_call_entry);
3950 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_mix);
3951 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_kqueue);
3952 	ATF_TP_ADD_TC(tp, ptrace__killed_with_sigmask);
3953 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_sigmask);
3954 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_with_signal_thread_sigmask);
3955 	ATF_TP_ADD_TC(tp, ptrace__parent_terminate_with_pending_sigstop1);
3956 	ATF_TP_ADD_TC(tp, ptrace__parent_terminate_with_pending_sigstop2);
3957 	ATF_TP_ADD_TC(tp, ptrace__event_mask_sigkill_discard);
3958 	ATF_TP_ADD_TC(tp, ptrace__PT_ATTACH_with_SBDRY_thread);
3959 	ATF_TP_ADD_TC(tp, ptrace__PT_STEP_with_signal);
3960 #ifdef HAVE_BREAKPOINT
3961 	ATF_TP_ADD_TC(tp, ptrace__breakpoint_siginfo);
3962 #endif
3963 	ATF_TP_ADD_TC(tp, ptrace__step_siginfo);
3964 #if defined(HAVE_BREAKPOINT) && defined(SKIP_BREAK)
3965 	ATF_TP_ADD_TC(tp, ptrace__PT_CONTINUE_different_thread);
3966 #endif
3967 	ATF_TP_ADD_TC(tp, ptrace__PT_LWPINFO_stale_siginfo);
3968 
3969 	return (atf_no_error());
3970 }
3971