59#include <sys/resourcevar.h> 60#include <sys/sbuf.h> 61#include <sys/signalvar.h> 62#include <sys/sched.h> 63#include <sys/sx.h> 64#include <sys/syscallsubr.h> 65#include <sys/syslog.h> 66#include <sys/ptrace.h> 67#include <sys/acct.h> /* for acct_process() function prototype */ 68#include <sys/filedesc.h> 69#include <sys/sdt.h> 70#include <sys/shm.h> 71#include <sys/sem.h> 72#ifdef KTRACE 73#include <sys/ktrace.h> 74#endif 75 76#include <security/audit/audit.h> 77#include <security/mac/mac_framework.h> 78 79#include <vm/vm.h> 80#include <vm/vm_extern.h> 81#include <vm/vm_param.h> 82#include <vm/pmap.h> 83#include <vm/vm_map.h> 84#include <vm/vm_page.h> 85#include <vm/uma.h> 86 87#ifdef KDTRACE_HOOKS 88#include <sys/dtrace_bsd.h> 89dtrace_execexit_func_t dtrace_fasttrap_exit; 90#endif 91 92SDT_PROVIDER_DECLARE(proc); 93SDT_PROBE_DEFINE(proc, kernel, , exit, exit); 94SDT_PROBE_ARGTYPE(proc, kernel, , exit, 0, "int"); 95 96/* Required to be non-static for SysVR4 emulator */ 97MALLOC_DEFINE(M_ZOMBIE, "zombie", "zombie proc status"); 98 99/* Hook for NFS teardown procedure. */ 100void (*nlminfo_release_p)(struct proc *p); 101 102/* 103 * exit -- death of process. 104 */ 105void 106sys_exit(struct thread *td, struct sys_exit_args *uap) 107{ 108 109 exit1(td, W_EXITCODE(uap->rval, 0)); 110 /* NOTREACHED */ 111} 112 113/* 114 * Exit: deallocate address space and other resources, change proc state to 115 * zombie, and unlink proc from allproc and parent's lists. Save exit status 116 * and rusage for wait(). Check for child processes and orphan them. 117 */ 118void 119exit1(struct thread *td, int rv) 120{ 121 struct proc *p, *nq, *q; 122 struct vnode *vtmp; 123 struct vnode *ttyvp = NULL; 124 struct plimit *plim; 125 int locked; 126 127 mtx_assert(&Giant, MA_NOTOWNED); 128 129 p = td->td_proc; 130 /* 131 * XXX in case we're rebooting we just let init die in order to 132 * work around an unsolved stack overflow seen very late during 133 * shutdown on sparc64 when the gmirror worker process exists. 134 */ 135 if (p == initproc && rebooting == 0) { 136 printf("init died (signal %d, exit %d)\n", 137 WTERMSIG(rv), WEXITSTATUS(rv)); 138 panic("Going nowhere without my init!"); 139 } 140 141 /* 142 * MUST abort all other threads before proceeding past here. 143 */ 144 PROC_LOCK(p); 145 while (p->p_flag & P_HADTHREADS) { 146 /* 147 * First check if some other thread got here before us.. 148 * if so, act apropriatly, (exit or suspend); 149 */ 150 thread_suspend_check(0); 151 152 /* 153 * Kill off the other threads. This requires 154 * some co-operation from other parts of the kernel 155 * so it may not be instantaneous. With this state set 156 * any thread entering the kernel from userspace will 157 * thread_exit() in trap(). Any thread attempting to 158 * sleep will return immediately with EINTR or EWOULDBLOCK 159 * which will hopefully force them to back out to userland 160 * freeing resources as they go. Any thread attempting 161 * to return to userland will thread_exit() from userret(). 162 * thread_exit() will unsuspend us when the last of the 163 * other threads exits. 164 * If there is already a thread singler after resumption, 165 * calling thread_single will fail; in that case, we just 166 * re-check all suspension request, the thread should 167 * either be suspended there or exit. 168 */ 169 if (! thread_single(SINGLE_EXIT)) 170 break; 171 172 /* 173 * All other activity in this process is now stopped. 174 * Threading support has been turned off. 175 */ 176 } 177 KASSERT(p->p_numthreads == 1, 178 ("exit1: proc %p exiting with %d threads", p, p->p_numthreads)); 179 /* 180 * Wakeup anyone in procfs' PIOCWAIT. They should have a hold 181 * on our vmspace, so we should block below until they have 182 * released their reference to us. Note that if they have 183 * requested S_EXIT stops we will block here until they ack 184 * via PIOCCONT. 185 */ 186 _STOPEVENT(p, S_EXIT, rv); 187 188 /* 189 * Note that we are exiting and do another wakeup of anyone in 190 * PIOCWAIT in case they aren't listening for S_EXIT stops or 191 * decided to wait again after we told them we are exiting. 192 */ 193 p->p_flag |= P_WEXIT; 194 wakeup(&p->p_stype); 195 196 /* 197 * Wait for any processes that have a hold on our vmspace to 198 * release their reference. 199 */ 200 while (p->p_lock > 0) 201 msleep(&p->p_lock, &p->p_mtx, PWAIT, "exithold", 0); 202 203 p->p_xstat = rv; /* Let event handler change exit status */ 204 PROC_UNLOCK(p); 205 /* Drain the limit callout while we don't have the proc locked */ 206 callout_drain(&p->p_limco); 207 208#ifdef AUDIT 209 /* 210 * The Sun BSM exit token contains two components: an exit status as 211 * passed to exit(), and a return value to indicate what sort of exit 212 * it was. The exit status is WEXITSTATUS(rv), but it's not clear 213 * what the return value is. 214 */ 215 AUDIT_ARG_EXIT(WEXITSTATUS(rv), 0); 216 AUDIT_SYSCALL_EXIT(0, td); 217#endif 218 219 /* Are we a task leader? */ 220 if (p == p->p_leader) { 221 mtx_lock(&ppeers_lock); 222 q = p->p_peers; 223 while (q != NULL) { 224 PROC_LOCK(q); 225 psignal(q, SIGKILL); 226 PROC_UNLOCK(q); 227 q = q->p_peers; 228 } 229 while (p->p_peers != NULL) 230 msleep(p, &ppeers_lock, PWAIT, "exit1", 0); 231 mtx_unlock(&ppeers_lock); 232 } 233 234 /* 235 * Check if any loadable modules need anything done at process exit. 236 * E.g. SYSV IPC stuff 237 * XXX what if one of these generates an error? 238 */ 239 EVENTHANDLER_INVOKE(process_exit, p); 240 241 /* 242 * If parent is waiting for us to exit or exec, 243 * P_PPWAIT is set; we will wakeup the parent below. 244 */ 245 PROC_LOCK(p); 246 rv = p->p_xstat; /* Event handler could change exit status */ 247 stopprofclock(p); 248 p->p_flag &= ~(P_TRACED | P_PPWAIT); 249 250 /* 251 * Stop the real interval timer. If the handler is currently 252 * executing, prevent it from rearming itself and let it finish. 253 */ 254 if (timevalisset(&p->p_realtimer.it_value) && 255 callout_stop(&p->p_itcallout) == 0) { 256 timevalclear(&p->p_realtimer.it_interval); 257 msleep(&p->p_itcallout, &p->p_mtx, PWAIT, "ritwait", 0); 258 KASSERT(!timevalisset(&p->p_realtimer.it_value), 259 ("realtime timer is still armed")); 260 } 261 PROC_UNLOCK(p); 262 263 /* 264 * Reset any sigio structures pointing to us as a result of 265 * F_SETOWN with our pid. 266 */ 267 funsetownlst(&p->p_sigiolst); 268 269 /* 270 * If this process has an nlminfo data area (for lockd), release it 271 */ 272 if (nlminfo_release_p != NULL && p->p_nlminfo != NULL) 273 (*nlminfo_release_p)(p); 274 275 /* 276 * Close open files and release open-file table. 277 * This may block! 278 */ 279 fdfree(td); 280 281 /* 282 * If this thread tickled GEOM, we need to wait for the giggling to 283 * stop before we return to userland 284 */ 285 if (td->td_pflags & TDP_GEOM) 286 g_waitidle(); 287 288 /* 289 * Remove ourself from our leader's peer list and wake our leader. 290 */ 291 mtx_lock(&ppeers_lock); 292 if (p->p_leader->p_peers) { 293 q = p->p_leader; 294 while (q->p_peers != p) 295 q = q->p_peers; 296 q->p_peers = p->p_peers; 297 wakeup(p->p_leader); 298 } 299 mtx_unlock(&ppeers_lock); 300 301 vmspace_exit(td); 302 303 sx_xlock(&proctree_lock); 304 if (SESS_LEADER(p)) { 305 struct session *sp = p->p_session; 306 struct tty *tp; 307 308 /* 309 * s_ttyp is not zero'd; we use this to indicate that 310 * the session once had a controlling terminal. (for 311 * logging and informational purposes) 312 */ 313 SESS_LOCK(sp); 314 ttyvp = sp->s_ttyvp; 315 tp = sp->s_ttyp; 316 sp->s_ttyvp = NULL; 317 sp->s_ttydp = NULL; 318 sp->s_leader = NULL; 319 SESS_UNLOCK(sp); 320 321 /* 322 * Signal foreground pgrp and revoke access to 323 * controlling terminal if it has not been revoked 324 * already. 325 * 326 * Because the TTY may have been revoked in the mean 327 * time and could already have a new session associated 328 * with it, make sure we don't send a SIGHUP to a 329 * foreground process group that does not belong to this 330 * session. 331 */ 332 333 if (tp != NULL) { 334 tty_lock(tp); 335 if (tp->t_session == sp) 336 tty_signal_pgrp(tp, SIGHUP); 337 tty_unlock(tp); 338 } 339 340 if (ttyvp != NULL) { 341 sx_xunlock(&proctree_lock); 342 if (vn_lock(ttyvp, LK_EXCLUSIVE) == 0) { 343 VOP_REVOKE(ttyvp, REVOKEALL); 344 VOP_UNLOCK(ttyvp, 0); 345 } 346 sx_xlock(&proctree_lock); 347 } 348 } 349 fixjobc(p, p->p_pgrp, 0); 350 sx_xunlock(&proctree_lock); 351 (void)acct_process(td); 352 353 /* Release the TTY now we've unlocked everything. */ 354 if (ttyvp != NULL) 355 vrele(ttyvp); 356#ifdef KTRACE 357 ktrprocexit(td); 358#endif 359 /* 360 * Release reference to text vnode 361 */ 362 if ((vtmp = p->p_textvp) != NULL) { 363 p->p_textvp = NULL; 364 locked = VFS_LOCK_GIANT(vtmp->v_mount); 365 vrele(vtmp); 366 VFS_UNLOCK_GIANT(locked); 367 } 368 369 /* 370 * Release our limits structure. 371 */ 372 PROC_LOCK(p); 373 plim = p->p_limit; 374 p->p_limit = NULL; 375 PROC_UNLOCK(p); 376 lim_free(plim); 377 378 tidhash_remove(td); 379 380 /* 381 * Remove proc from allproc queue and pidhash chain. 382 * Place onto zombproc. Unlink from parent's child list. 383 */ 384 sx_xlock(&allproc_lock); 385 LIST_REMOVE(p, p_list); 386 LIST_INSERT_HEAD(&zombproc, p, p_list); 387 LIST_REMOVE(p, p_hash); 388 sx_xunlock(&allproc_lock); 389 390 /* 391 * Call machine-dependent code to release any 392 * machine-dependent resources other than the address space. 393 * The address space is released by "vmspace_exitfree(p)" in 394 * vm_waitproc(). 395 */ 396 cpu_exit(td); 397 398 WITNESS_WARN(WARN_PANIC, NULL, "process (pid %d) exiting", p->p_pid); 399 400 /* 401 * Reparent all of our children to init. 402 */ 403 sx_xlock(&proctree_lock); 404 q = LIST_FIRST(&p->p_children); 405 if (q != NULL) /* only need this if any child is S_ZOMB */ 406 wakeup(initproc); 407 for (; q != NULL; q = nq) { 408 nq = LIST_NEXT(q, p_sibling); 409 PROC_LOCK(q); 410 proc_reparent(q, initproc); 411 q->p_sigparent = SIGCHLD; 412 /* 413 * Traced processes are killed 414 * since their existence means someone is screwing up. 415 */ 416 if (q->p_flag & P_TRACED) { 417 struct thread *temp; 418 419 q->p_flag &= ~(P_TRACED | P_STOPPED_TRACE); 420 FOREACH_THREAD_IN_PROC(q, temp) 421 temp->td_dbgflags &= ~TDB_SUSPEND; 422 psignal(q, SIGKILL); 423 } 424 PROC_UNLOCK(q); 425 } 426 427 /* Save exit status. */ 428 PROC_LOCK(p); 429 p->p_xthread = td; 430 431 /* Tell the prison that we are gone. */ 432 prison_proc_free(p->p_ucred->cr_prison); 433 434#ifdef KDTRACE_HOOKS 435 /* 436 * Tell the DTrace fasttrap provider about the exit if it 437 * has declared an interest. 438 */ 439 if (dtrace_fasttrap_exit) 440 dtrace_fasttrap_exit(p); 441#endif 442 443 /* 444 * Notify interested parties of our demise. 445 */ 446 KNOTE_LOCKED(&p->p_klist, NOTE_EXIT); 447 448#ifdef KDTRACE_HOOKS 449 int reason = CLD_EXITED; 450 if (WCOREDUMP(rv)) 451 reason = CLD_DUMPED; 452 else if (WIFSIGNALED(rv)) 453 reason = CLD_KILLED; 454 SDT_PROBE(proc, kernel, , exit, reason, 0, 0, 0, 0); 455#endif 456 457 /* 458 * Just delete all entries in the p_klist. At this point we won't 459 * report any more events, and there are nasty race conditions that 460 * can beat us if we don't. 461 */ 462 knlist_clear(&p->p_klist, 1); 463 464 /* 465 * Notify parent that we're gone. If parent has the PS_NOCLDWAIT 466 * flag set, or if the handler is set to SIG_IGN, notify process 467 * 1 instead (and hope it will handle this situation). 468 */ 469 PROC_LOCK(p->p_pptr); 470 mtx_lock(&p->p_pptr->p_sigacts->ps_mtx); 471 if (p->p_pptr->p_sigacts->ps_flag & (PS_NOCLDWAIT | PS_CLDSIGIGN)) { 472 struct proc *pp; 473 474 mtx_unlock(&p->p_pptr->p_sigacts->ps_mtx); 475 pp = p->p_pptr; 476 PROC_UNLOCK(pp); 477 proc_reparent(p, initproc); 478 p->p_sigparent = SIGCHLD; 479 PROC_LOCK(p->p_pptr); 480 481 /* 482 * Notify parent, so in case he was wait(2)ing or 483 * executing waitpid(2) with our pid, he will 484 * continue. 485 */ 486 wakeup(pp); 487 } else 488 mtx_unlock(&p->p_pptr->p_sigacts->ps_mtx); 489 490 if (p->p_pptr == initproc) 491 psignal(p->p_pptr, SIGCHLD); 492 else if (p->p_sigparent != 0) { 493 if (p->p_sigparent == SIGCHLD) 494 childproc_exited(p); 495 else /* LINUX thread */ 496 psignal(p->p_pptr, p->p_sigparent); 497 } 498 sx_xunlock(&proctree_lock); 499 500 /* 501 * The state PRS_ZOMBIE prevents other proesses from sending 502 * signal to the process, to avoid memory leak, we free memory 503 * for signal queue at the time when the state is set. 504 */ 505 sigqueue_flush(&p->p_sigqueue); 506 sigqueue_flush(&td->td_sigqueue); 507 508 /* 509 * We have to wait until after acquiring all locks before 510 * changing p_state. We need to avoid all possible context 511 * switches (including ones from blocking on a mutex) while 512 * marked as a zombie. We also have to set the zombie state 513 * before we release the parent process' proc lock to avoid 514 * a lost wakeup. So, we first call wakeup, then we grab the 515 * sched lock, update the state, and release the parent process' 516 * proc lock. 517 */ 518 wakeup(p->p_pptr); 519 cv_broadcast(&p->p_pwait); 520 sched_exit(p->p_pptr, td); 521 PROC_SLOCK(p); 522 p->p_state = PRS_ZOMBIE; 523 PROC_UNLOCK(p->p_pptr); 524 525 /* 526 * Hopefully no one will try to deliver a signal to the process this 527 * late in the game. 528 */ 529 knlist_destroy(&p->p_klist); 530 531 /* 532 * Save our children's rusage information in our exit rusage. 533 */ 534 ruadd(&p->p_ru, &p->p_rux, &p->p_stats->p_cru, &p->p_crux); 535 536 /* 537 * Make sure the scheduler takes this thread out of its tables etc. 538 * This will also release this thread's reference to the ucred. 539 * Other thread parts to release include pcb bits and such. 540 */ 541 thread_exit(); 542} 543 544 545#ifndef _SYS_SYSPROTO_H_ 546struct abort2_args { 547 char *why; 548 int nargs; 549 void **args; 550}; 551#endif 552 553int 554abort2(struct thread *td, struct abort2_args *uap) 555{ 556 struct proc *p = td->td_proc; 557 struct sbuf *sb; 558 void *uargs[16]; 559 int error, i, sig; 560 561 /* 562 * Do it right now so we can log either proper call of abort2(), or 563 * note, that invalid argument was passed. 512 is big enough to 564 * handle 16 arguments' descriptions with additional comments. 565 */ 566 sb = sbuf_new(NULL, NULL, 512, SBUF_FIXEDLEN); 567 sbuf_clear(sb); 568 sbuf_printf(sb, "%s(pid %d uid %d) aborted: ", 569 p->p_comm, p->p_pid, td->td_ucred->cr_uid); 570 /* 571 * Since we can't return from abort2(), send SIGKILL in cases, where 572 * abort2() was called improperly 573 */ 574 sig = SIGKILL; 575 /* Prevent from DoSes from user-space. */ 576 if (uap->nargs < 0 || uap->nargs > 16) 577 goto out; 578 if (uap->nargs > 0) { 579 if (uap->args == NULL) 580 goto out; 581 error = copyin(uap->args, uargs, uap->nargs * sizeof(void *)); 582 if (error != 0) 583 goto out; 584 } 585 /* 586 * Limit size of 'reason' string to 128. Will fit even when 587 * maximal number of arguments was chosen to be logged. 588 */ 589 if (uap->why != NULL) { 590 error = sbuf_copyin(sb, uap->why, 128); 591 if (error < 0) 592 goto out; 593 } else { 594 sbuf_printf(sb, "(null)"); 595 } 596 if (uap->nargs > 0) { 597 sbuf_printf(sb, "("); 598 for (i = 0;i < uap->nargs; i++) 599 sbuf_printf(sb, "%s%p", i == 0 ? "" : ", ", uargs[i]); 600 sbuf_printf(sb, ")"); 601 } 602 /* 603 * Final stage: arguments were proper, string has been 604 * successfully copied from userspace, and copying pointers 605 * from user-space succeed. 606 */ 607 sig = SIGABRT; 608out: 609 if (sig == SIGKILL) { 610 sbuf_trim(sb); 611 sbuf_printf(sb, " (Reason text inaccessible)"); 612 } 613 sbuf_cat(sb, "\n"); 614 sbuf_finish(sb); 615 log(LOG_INFO, "%s", sbuf_data(sb)); 616 sbuf_delete(sb); 617 exit1(td, W_EXITCODE(0, sig)); 618 return (0); 619} 620 621 622#ifdef COMPAT_43 623/* 624 * The dirty work is handled by kern_wait(). 625 */ 626int 627owait(struct thread *td, struct owait_args *uap __unused) 628{ 629 int error, status; 630 631 error = kern_wait(td, WAIT_ANY, &status, 0, NULL); 632 if (error == 0) 633 td->td_retval[1] = status; 634 return (error); 635} 636#endif /* COMPAT_43 */ 637 638/* 639 * The dirty work is handled by kern_wait(). 640 */ 641int 642wait4(struct thread *td, struct wait_args *uap) 643{ 644 struct rusage ru, *rup; 645 int error, status; 646 647 if (uap->rusage != NULL) 648 rup = &ru; 649 else 650 rup = NULL; 651 error = kern_wait(td, uap->pid, &status, uap->options, rup); 652 if (uap->status != NULL && error == 0) 653 error = copyout(&status, uap->status, sizeof(status)); 654 if (uap->rusage != NULL && error == 0) 655 error = copyout(&ru, uap->rusage, sizeof(struct rusage)); 656 return (error); 657} 658 659/* 660 * Reap the remains of a zombie process and optionally return status and 661 * rusage. Asserts and will release both the proctree_lock and the process 662 * lock as part of its work. 663 */ 664static void 665proc_reap(struct thread *td, struct proc *p, int *status, int options, 666 struct rusage *rusage) 667{ 668 struct proc *q, *t; 669 670 sx_assert(&proctree_lock, SA_XLOCKED); 671 PROC_LOCK_ASSERT(p, MA_OWNED); 672 PROC_SLOCK_ASSERT(p, MA_OWNED); 673 KASSERT(p->p_state == PRS_ZOMBIE, ("proc_reap: !PRS_ZOMBIE")); 674 675 q = td->td_proc; 676 if (rusage) { 677 *rusage = p->p_ru; 678 calcru(p, &rusage->ru_utime, &rusage->ru_stime); 679 } 680 PROC_SUNLOCK(p); 681 td->td_retval[0] = p->p_pid; 682 if (status) 683 *status = p->p_xstat; /* convert to int */ 684 if (options & WNOWAIT) { 685 /* 686 * Only poll, returning the status. Caller does not wish to 687 * release the proc struct just yet. 688 */ 689 PROC_UNLOCK(p); 690 sx_xunlock(&proctree_lock); 691 return; 692 } 693 694 PROC_LOCK(q); 695 sigqueue_take(p->p_ksi); 696 PROC_UNLOCK(q); 697 PROC_UNLOCK(p); 698 699 /* 700 * If we got the child via a ptrace 'attach', we need to give it back 701 * to the old parent. 702 */ 703 if (p->p_oppid && (t = pfind(p->p_oppid)) != NULL) { 704 PROC_LOCK(p); 705 p->p_oppid = 0; 706 proc_reparent(p, t); 707 PROC_UNLOCK(p); 708 pksignal(t, SIGCHLD, p->p_ksi); 709 wakeup(t); 710 cv_broadcast(&p->p_pwait); 711 PROC_UNLOCK(t); 712 sx_xunlock(&proctree_lock); 713 return; 714 } 715 716 /* 717 * Remove other references to this process to ensure we have an 718 * exclusive reference. 719 */ 720 sx_xlock(&allproc_lock); 721 LIST_REMOVE(p, p_list); /* off zombproc */ 722 sx_xunlock(&allproc_lock); 723 LIST_REMOVE(p, p_sibling); 724 leavepgrp(p); 725 sx_xunlock(&proctree_lock); 726 727 /* 728 * As a side effect of this lock, we know that all other writes to 729 * this proc are visible now, so no more locking is needed for p. 730 */ 731 PROC_LOCK(p); 732 p->p_xstat = 0; /* XXX: why? */ 733 PROC_UNLOCK(p); 734 PROC_LOCK(q); 735 ruadd(&q->p_stats->p_cru, &q->p_crux, &p->p_ru, &p->p_rux); 736 PROC_UNLOCK(q); 737 738 /* 739 * Decrement the count of procs running with this uid. 740 */ 741 (void)chgproccnt(p->p_ucred->cr_ruidinfo, -1, 0); 742 743 /*
| 60#include <sys/resourcevar.h> 61#include <sys/sbuf.h> 62#include <sys/signalvar.h> 63#include <sys/sched.h> 64#include <sys/sx.h> 65#include <sys/syscallsubr.h> 66#include <sys/syslog.h> 67#include <sys/ptrace.h> 68#include <sys/acct.h> /* for acct_process() function prototype */ 69#include <sys/filedesc.h> 70#include <sys/sdt.h> 71#include <sys/shm.h> 72#include <sys/sem.h> 73#ifdef KTRACE 74#include <sys/ktrace.h> 75#endif 76 77#include <security/audit/audit.h> 78#include <security/mac/mac_framework.h> 79 80#include <vm/vm.h> 81#include <vm/vm_extern.h> 82#include <vm/vm_param.h> 83#include <vm/pmap.h> 84#include <vm/vm_map.h> 85#include <vm/vm_page.h> 86#include <vm/uma.h> 87 88#ifdef KDTRACE_HOOKS 89#include <sys/dtrace_bsd.h> 90dtrace_execexit_func_t dtrace_fasttrap_exit; 91#endif 92 93SDT_PROVIDER_DECLARE(proc); 94SDT_PROBE_DEFINE(proc, kernel, , exit, exit); 95SDT_PROBE_ARGTYPE(proc, kernel, , exit, 0, "int"); 96 97/* Required to be non-static for SysVR4 emulator */ 98MALLOC_DEFINE(M_ZOMBIE, "zombie", "zombie proc status"); 99 100/* Hook for NFS teardown procedure. */ 101void (*nlminfo_release_p)(struct proc *p); 102 103/* 104 * exit -- death of process. 105 */ 106void 107sys_exit(struct thread *td, struct sys_exit_args *uap) 108{ 109 110 exit1(td, W_EXITCODE(uap->rval, 0)); 111 /* NOTREACHED */ 112} 113 114/* 115 * Exit: deallocate address space and other resources, change proc state to 116 * zombie, and unlink proc from allproc and parent's lists. Save exit status 117 * and rusage for wait(). Check for child processes and orphan them. 118 */ 119void 120exit1(struct thread *td, int rv) 121{ 122 struct proc *p, *nq, *q; 123 struct vnode *vtmp; 124 struct vnode *ttyvp = NULL; 125 struct plimit *plim; 126 int locked; 127 128 mtx_assert(&Giant, MA_NOTOWNED); 129 130 p = td->td_proc; 131 /* 132 * XXX in case we're rebooting we just let init die in order to 133 * work around an unsolved stack overflow seen very late during 134 * shutdown on sparc64 when the gmirror worker process exists. 135 */ 136 if (p == initproc && rebooting == 0) { 137 printf("init died (signal %d, exit %d)\n", 138 WTERMSIG(rv), WEXITSTATUS(rv)); 139 panic("Going nowhere without my init!"); 140 } 141 142 /* 143 * MUST abort all other threads before proceeding past here. 144 */ 145 PROC_LOCK(p); 146 while (p->p_flag & P_HADTHREADS) { 147 /* 148 * First check if some other thread got here before us.. 149 * if so, act apropriatly, (exit or suspend); 150 */ 151 thread_suspend_check(0); 152 153 /* 154 * Kill off the other threads. This requires 155 * some co-operation from other parts of the kernel 156 * so it may not be instantaneous. With this state set 157 * any thread entering the kernel from userspace will 158 * thread_exit() in trap(). Any thread attempting to 159 * sleep will return immediately with EINTR or EWOULDBLOCK 160 * which will hopefully force them to back out to userland 161 * freeing resources as they go. Any thread attempting 162 * to return to userland will thread_exit() from userret(). 163 * thread_exit() will unsuspend us when the last of the 164 * other threads exits. 165 * If there is already a thread singler after resumption, 166 * calling thread_single will fail; in that case, we just 167 * re-check all suspension request, the thread should 168 * either be suspended there or exit. 169 */ 170 if (! thread_single(SINGLE_EXIT)) 171 break; 172 173 /* 174 * All other activity in this process is now stopped. 175 * Threading support has been turned off. 176 */ 177 } 178 KASSERT(p->p_numthreads == 1, 179 ("exit1: proc %p exiting with %d threads", p, p->p_numthreads)); 180 /* 181 * Wakeup anyone in procfs' PIOCWAIT. They should have a hold 182 * on our vmspace, so we should block below until they have 183 * released their reference to us. Note that if they have 184 * requested S_EXIT stops we will block here until they ack 185 * via PIOCCONT. 186 */ 187 _STOPEVENT(p, S_EXIT, rv); 188 189 /* 190 * Note that we are exiting and do another wakeup of anyone in 191 * PIOCWAIT in case they aren't listening for S_EXIT stops or 192 * decided to wait again after we told them we are exiting. 193 */ 194 p->p_flag |= P_WEXIT; 195 wakeup(&p->p_stype); 196 197 /* 198 * Wait for any processes that have a hold on our vmspace to 199 * release their reference. 200 */ 201 while (p->p_lock > 0) 202 msleep(&p->p_lock, &p->p_mtx, PWAIT, "exithold", 0); 203 204 p->p_xstat = rv; /* Let event handler change exit status */ 205 PROC_UNLOCK(p); 206 /* Drain the limit callout while we don't have the proc locked */ 207 callout_drain(&p->p_limco); 208 209#ifdef AUDIT 210 /* 211 * The Sun BSM exit token contains two components: an exit status as 212 * passed to exit(), and a return value to indicate what sort of exit 213 * it was. The exit status is WEXITSTATUS(rv), but it's not clear 214 * what the return value is. 215 */ 216 AUDIT_ARG_EXIT(WEXITSTATUS(rv), 0); 217 AUDIT_SYSCALL_EXIT(0, td); 218#endif 219 220 /* Are we a task leader? */ 221 if (p == p->p_leader) { 222 mtx_lock(&ppeers_lock); 223 q = p->p_peers; 224 while (q != NULL) { 225 PROC_LOCK(q); 226 psignal(q, SIGKILL); 227 PROC_UNLOCK(q); 228 q = q->p_peers; 229 } 230 while (p->p_peers != NULL) 231 msleep(p, &ppeers_lock, PWAIT, "exit1", 0); 232 mtx_unlock(&ppeers_lock); 233 } 234 235 /* 236 * Check if any loadable modules need anything done at process exit. 237 * E.g. SYSV IPC stuff 238 * XXX what if one of these generates an error? 239 */ 240 EVENTHANDLER_INVOKE(process_exit, p); 241 242 /* 243 * If parent is waiting for us to exit or exec, 244 * P_PPWAIT is set; we will wakeup the parent below. 245 */ 246 PROC_LOCK(p); 247 rv = p->p_xstat; /* Event handler could change exit status */ 248 stopprofclock(p); 249 p->p_flag &= ~(P_TRACED | P_PPWAIT); 250 251 /* 252 * Stop the real interval timer. If the handler is currently 253 * executing, prevent it from rearming itself and let it finish. 254 */ 255 if (timevalisset(&p->p_realtimer.it_value) && 256 callout_stop(&p->p_itcallout) == 0) { 257 timevalclear(&p->p_realtimer.it_interval); 258 msleep(&p->p_itcallout, &p->p_mtx, PWAIT, "ritwait", 0); 259 KASSERT(!timevalisset(&p->p_realtimer.it_value), 260 ("realtime timer is still armed")); 261 } 262 PROC_UNLOCK(p); 263 264 /* 265 * Reset any sigio structures pointing to us as a result of 266 * F_SETOWN with our pid. 267 */ 268 funsetownlst(&p->p_sigiolst); 269 270 /* 271 * If this process has an nlminfo data area (for lockd), release it 272 */ 273 if (nlminfo_release_p != NULL && p->p_nlminfo != NULL) 274 (*nlminfo_release_p)(p); 275 276 /* 277 * Close open files and release open-file table. 278 * This may block! 279 */ 280 fdfree(td); 281 282 /* 283 * If this thread tickled GEOM, we need to wait for the giggling to 284 * stop before we return to userland 285 */ 286 if (td->td_pflags & TDP_GEOM) 287 g_waitidle(); 288 289 /* 290 * Remove ourself from our leader's peer list and wake our leader. 291 */ 292 mtx_lock(&ppeers_lock); 293 if (p->p_leader->p_peers) { 294 q = p->p_leader; 295 while (q->p_peers != p) 296 q = q->p_peers; 297 q->p_peers = p->p_peers; 298 wakeup(p->p_leader); 299 } 300 mtx_unlock(&ppeers_lock); 301 302 vmspace_exit(td); 303 304 sx_xlock(&proctree_lock); 305 if (SESS_LEADER(p)) { 306 struct session *sp = p->p_session; 307 struct tty *tp; 308 309 /* 310 * s_ttyp is not zero'd; we use this to indicate that 311 * the session once had a controlling terminal. (for 312 * logging and informational purposes) 313 */ 314 SESS_LOCK(sp); 315 ttyvp = sp->s_ttyvp; 316 tp = sp->s_ttyp; 317 sp->s_ttyvp = NULL; 318 sp->s_ttydp = NULL; 319 sp->s_leader = NULL; 320 SESS_UNLOCK(sp); 321 322 /* 323 * Signal foreground pgrp and revoke access to 324 * controlling terminal if it has not been revoked 325 * already. 326 * 327 * Because the TTY may have been revoked in the mean 328 * time and could already have a new session associated 329 * with it, make sure we don't send a SIGHUP to a 330 * foreground process group that does not belong to this 331 * session. 332 */ 333 334 if (tp != NULL) { 335 tty_lock(tp); 336 if (tp->t_session == sp) 337 tty_signal_pgrp(tp, SIGHUP); 338 tty_unlock(tp); 339 } 340 341 if (ttyvp != NULL) { 342 sx_xunlock(&proctree_lock); 343 if (vn_lock(ttyvp, LK_EXCLUSIVE) == 0) { 344 VOP_REVOKE(ttyvp, REVOKEALL); 345 VOP_UNLOCK(ttyvp, 0); 346 } 347 sx_xlock(&proctree_lock); 348 } 349 } 350 fixjobc(p, p->p_pgrp, 0); 351 sx_xunlock(&proctree_lock); 352 (void)acct_process(td); 353 354 /* Release the TTY now we've unlocked everything. */ 355 if (ttyvp != NULL) 356 vrele(ttyvp); 357#ifdef KTRACE 358 ktrprocexit(td); 359#endif 360 /* 361 * Release reference to text vnode 362 */ 363 if ((vtmp = p->p_textvp) != NULL) { 364 p->p_textvp = NULL; 365 locked = VFS_LOCK_GIANT(vtmp->v_mount); 366 vrele(vtmp); 367 VFS_UNLOCK_GIANT(locked); 368 } 369 370 /* 371 * Release our limits structure. 372 */ 373 PROC_LOCK(p); 374 plim = p->p_limit; 375 p->p_limit = NULL; 376 PROC_UNLOCK(p); 377 lim_free(plim); 378 379 tidhash_remove(td); 380 381 /* 382 * Remove proc from allproc queue and pidhash chain. 383 * Place onto zombproc. Unlink from parent's child list. 384 */ 385 sx_xlock(&allproc_lock); 386 LIST_REMOVE(p, p_list); 387 LIST_INSERT_HEAD(&zombproc, p, p_list); 388 LIST_REMOVE(p, p_hash); 389 sx_xunlock(&allproc_lock); 390 391 /* 392 * Call machine-dependent code to release any 393 * machine-dependent resources other than the address space. 394 * The address space is released by "vmspace_exitfree(p)" in 395 * vm_waitproc(). 396 */ 397 cpu_exit(td); 398 399 WITNESS_WARN(WARN_PANIC, NULL, "process (pid %d) exiting", p->p_pid); 400 401 /* 402 * Reparent all of our children to init. 403 */ 404 sx_xlock(&proctree_lock); 405 q = LIST_FIRST(&p->p_children); 406 if (q != NULL) /* only need this if any child is S_ZOMB */ 407 wakeup(initproc); 408 for (; q != NULL; q = nq) { 409 nq = LIST_NEXT(q, p_sibling); 410 PROC_LOCK(q); 411 proc_reparent(q, initproc); 412 q->p_sigparent = SIGCHLD; 413 /* 414 * Traced processes are killed 415 * since their existence means someone is screwing up. 416 */ 417 if (q->p_flag & P_TRACED) { 418 struct thread *temp; 419 420 q->p_flag &= ~(P_TRACED | P_STOPPED_TRACE); 421 FOREACH_THREAD_IN_PROC(q, temp) 422 temp->td_dbgflags &= ~TDB_SUSPEND; 423 psignal(q, SIGKILL); 424 } 425 PROC_UNLOCK(q); 426 } 427 428 /* Save exit status. */ 429 PROC_LOCK(p); 430 p->p_xthread = td; 431 432 /* Tell the prison that we are gone. */ 433 prison_proc_free(p->p_ucred->cr_prison); 434 435#ifdef KDTRACE_HOOKS 436 /* 437 * Tell the DTrace fasttrap provider about the exit if it 438 * has declared an interest. 439 */ 440 if (dtrace_fasttrap_exit) 441 dtrace_fasttrap_exit(p); 442#endif 443 444 /* 445 * Notify interested parties of our demise. 446 */ 447 KNOTE_LOCKED(&p->p_klist, NOTE_EXIT); 448 449#ifdef KDTRACE_HOOKS 450 int reason = CLD_EXITED; 451 if (WCOREDUMP(rv)) 452 reason = CLD_DUMPED; 453 else if (WIFSIGNALED(rv)) 454 reason = CLD_KILLED; 455 SDT_PROBE(proc, kernel, , exit, reason, 0, 0, 0, 0); 456#endif 457 458 /* 459 * Just delete all entries in the p_klist. At this point we won't 460 * report any more events, and there are nasty race conditions that 461 * can beat us if we don't. 462 */ 463 knlist_clear(&p->p_klist, 1); 464 465 /* 466 * Notify parent that we're gone. If parent has the PS_NOCLDWAIT 467 * flag set, or if the handler is set to SIG_IGN, notify process 468 * 1 instead (and hope it will handle this situation). 469 */ 470 PROC_LOCK(p->p_pptr); 471 mtx_lock(&p->p_pptr->p_sigacts->ps_mtx); 472 if (p->p_pptr->p_sigacts->ps_flag & (PS_NOCLDWAIT | PS_CLDSIGIGN)) { 473 struct proc *pp; 474 475 mtx_unlock(&p->p_pptr->p_sigacts->ps_mtx); 476 pp = p->p_pptr; 477 PROC_UNLOCK(pp); 478 proc_reparent(p, initproc); 479 p->p_sigparent = SIGCHLD; 480 PROC_LOCK(p->p_pptr); 481 482 /* 483 * Notify parent, so in case he was wait(2)ing or 484 * executing waitpid(2) with our pid, he will 485 * continue. 486 */ 487 wakeup(pp); 488 } else 489 mtx_unlock(&p->p_pptr->p_sigacts->ps_mtx); 490 491 if (p->p_pptr == initproc) 492 psignal(p->p_pptr, SIGCHLD); 493 else if (p->p_sigparent != 0) { 494 if (p->p_sigparent == SIGCHLD) 495 childproc_exited(p); 496 else /* LINUX thread */ 497 psignal(p->p_pptr, p->p_sigparent); 498 } 499 sx_xunlock(&proctree_lock); 500 501 /* 502 * The state PRS_ZOMBIE prevents other proesses from sending 503 * signal to the process, to avoid memory leak, we free memory 504 * for signal queue at the time when the state is set. 505 */ 506 sigqueue_flush(&p->p_sigqueue); 507 sigqueue_flush(&td->td_sigqueue); 508 509 /* 510 * We have to wait until after acquiring all locks before 511 * changing p_state. We need to avoid all possible context 512 * switches (including ones from blocking on a mutex) while 513 * marked as a zombie. We also have to set the zombie state 514 * before we release the parent process' proc lock to avoid 515 * a lost wakeup. So, we first call wakeup, then we grab the 516 * sched lock, update the state, and release the parent process' 517 * proc lock. 518 */ 519 wakeup(p->p_pptr); 520 cv_broadcast(&p->p_pwait); 521 sched_exit(p->p_pptr, td); 522 PROC_SLOCK(p); 523 p->p_state = PRS_ZOMBIE; 524 PROC_UNLOCK(p->p_pptr); 525 526 /* 527 * Hopefully no one will try to deliver a signal to the process this 528 * late in the game. 529 */ 530 knlist_destroy(&p->p_klist); 531 532 /* 533 * Save our children's rusage information in our exit rusage. 534 */ 535 ruadd(&p->p_ru, &p->p_rux, &p->p_stats->p_cru, &p->p_crux); 536 537 /* 538 * Make sure the scheduler takes this thread out of its tables etc. 539 * This will also release this thread's reference to the ucred. 540 * Other thread parts to release include pcb bits and such. 541 */ 542 thread_exit(); 543} 544 545 546#ifndef _SYS_SYSPROTO_H_ 547struct abort2_args { 548 char *why; 549 int nargs; 550 void **args; 551}; 552#endif 553 554int 555abort2(struct thread *td, struct abort2_args *uap) 556{ 557 struct proc *p = td->td_proc; 558 struct sbuf *sb; 559 void *uargs[16]; 560 int error, i, sig; 561 562 /* 563 * Do it right now so we can log either proper call of abort2(), or 564 * note, that invalid argument was passed. 512 is big enough to 565 * handle 16 arguments' descriptions with additional comments. 566 */ 567 sb = sbuf_new(NULL, NULL, 512, SBUF_FIXEDLEN); 568 sbuf_clear(sb); 569 sbuf_printf(sb, "%s(pid %d uid %d) aborted: ", 570 p->p_comm, p->p_pid, td->td_ucred->cr_uid); 571 /* 572 * Since we can't return from abort2(), send SIGKILL in cases, where 573 * abort2() was called improperly 574 */ 575 sig = SIGKILL; 576 /* Prevent from DoSes from user-space. */ 577 if (uap->nargs < 0 || uap->nargs > 16) 578 goto out; 579 if (uap->nargs > 0) { 580 if (uap->args == NULL) 581 goto out; 582 error = copyin(uap->args, uargs, uap->nargs * sizeof(void *)); 583 if (error != 0) 584 goto out; 585 } 586 /* 587 * Limit size of 'reason' string to 128. Will fit even when 588 * maximal number of arguments was chosen to be logged. 589 */ 590 if (uap->why != NULL) { 591 error = sbuf_copyin(sb, uap->why, 128); 592 if (error < 0) 593 goto out; 594 } else { 595 sbuf_printf(sb, "(null)"); 596 } 597 if (uap->nargs > 0) { 598 sbuf_printf(sb, "("); 599 for (i = 0;i < uap->nargs; i++) 600 sbuf_printf(sb, "%s%p", i == 0 ? "" : ", ", uargs[i]); 601 sbuf_printf(sb, ")"); 602 } 603 /* 604 * Final stage: arguments were proper, string has been 605 * successfully copied from userspace, and copying pointers 606 * from user-space succeed. 607 */ 608 sig = SIGABRT; 609out: 610 if (sig == SIGKILL) { 611 sbuf_trim(sb); 612 sbuf_printf(sb, " (Reason text inaccessible)"); 613 } 614 sbuf_cat(sb, "\n"); 615 sbuf_finish(sb); 616 log(LOG_INFO, "%s", sbuf_data(sb)); 617 sbuf_delete(sb); 618 exit1(td, W_EXITCODE(0, sig)); 619 return (0); 620} 621 622 623#ifdef COMPAT_43 624/* 625 * The dirty work is handled by kern_wait(). 626 */ 627int 628owait(struct thread *td, struct owait_args *uap __unused) 629{ 630 int error, status; 631 632 error = kern_wait(td, WAIT_ANY, &status, 0, NULL); 633 if (error == 0) 634 td->td_retval[1] = status; 635 return (error); 636} 637#endif /* COMPAT_43 */ 638 639/* 640 * The dirty work is handled by kern_wait(). 641 */ 642int 643wait4(struct thread *td, struct wait_args *uap) 644{ 645 struct rusage ru, *rup; 646 int error, status; 647 648 if (uap->rusage != NULL) 649 rup = &ru; 650 else 651 rup = NULL; 652 error = kern_wait(td, uap->pid, &status, uap->options, rup); 653 if (uap->status != NULL && error == 0) 654 error = copyout(&status, uap->status, sizeof(status)); 655 if (uap->rusage != NULL && error == 0) 656 error = copyout(&ru, uap->rusage, sizeof(struct rusage)); 657 return (error); 658} 659 660/* 661 * Reap the remains of a zombie process and optionally return status and 662 * rusage. Asserts and will release both the proctree_lock and the process 663 * lock as part of its work. 664 */ 665static void 666proc_reap(struct thread *td, struct proc *p, int *status, int options, 667 struct rusage *rusage) 668{ 669 struct proc *q, *t; 670 671 sx_assert(&proctree_lock, SA_XLOCKED); 672 PROC_LOCK_ASSERT(p, MA_OWNED); 673 PROC_SLOCK_ASSERT(p, MA_OWNED); 674 KASSERT(p->p_state == PRS_ZOMBIE, ("proc_reap: !PRS_ZOMBIE")); 675 676 q = td->td_proc; 677 if (rusage) { 678 *rusage = p->p_ru; 679 calcru(p, &rusage->ru_utime, &rusage->ru_stime); 680 } 681 PROC_SUNLOCK(p); 682 td->td_retval[0] = p->p_pid; 683 if (status) 684 *status = p->p_xstat; /* convert to int */ 685 if (options & WNOWAIT) { 686 /* 687 * Only poll, returning the status. Caller does not wish to 688 * release the proc struct just yet. 689 */ 690 PROC_UNLOCK(p); 691 sx_xunlock(&proctree_lock); 692 return; 693 } 694 695 PROC_LOCK(q); 696 sigqueue_take(p->p_ksi); 697 PROC_UNLOCK(q); 698 PROC_UNLOCK(p); 699 700 /* 701 * If we got the child via a ptrace 'attach', we need to give it back 702 * to the old parent. 703 */ 704 if (p->p_oppid && (t = pfind(p->p_oppid)) != NULL) { 705 PROC_LOCK(p); 706 p->p_oppid = 0; 707 proc_reparent(p, t); 708 PROC_UNLOCK(p); 709 pksignal(t, SIGCHLD, p->p_ksi); 710 wakeup(t); 711 cv_broadcast(&p->p_pwait); 712 PROC_UNLOCK(t); 713 sx_xunlock(&proctree_lock); 714 return; 715 } 716 717 /* 718 * Remove other references to this process to ensure we have an 719 * exclusive reference. 720 */ 721 sx_xlock(&allproc_lock); 722 LIST_REMOVE(p, p_list); /* off zombproc */ 723 sx_xunlock(&allproc_lock); 724 LIST_REMOVE(p, p_sibling); 725 leavepgrp(p); 726 sx_xunlock(&proctree_lock); 727 728 /* 729 * As a side effect of this lock, we know that all other writes to 730 * this proc are visible now, so no more locking is needed for p. 731 */ 732 PROC_LOCK(p); 733 p->p_xstat = 0; /* XXX: why? */ 734 PROC_UNLOCK(p); 735 PROC_LOCK(q); 736 ruadd(&q->p_stats->p_cru, &q->p_crux, &p->p_ru, &p->p_rux); 737 PROC_UNLOCK(q); 738 739 /* 740 * Decrement the count of procs running with this uid. 741 */ 742 (void)chgproccnt(p->p_ucred->cr_ruidinfo, -1, 0); 743 744 /*
|