ptrace tests: Fix a signed/unsigned integer comparison

Reported by: Jenkins
Fixes: 43b4da44118e ("ptrace tests: Add a test using PROC_REAP_KILL to kill a traced debuggee")

ptrace tests: Add a test using PROC_REAP_KILL to kill a traced debuggee

This exercises the bug fix in commit 9241ebc796c1
("thread_single(9): decline external requests for traced or debugger-stopped procs").

Reviewed by: kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D44564

tests: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/

Sponsored by: Netflix

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

tests: Fix format strings

Reported by: Jenkins
Fixes: 844942888f7d ("tests: Add a simple regression test for ptrace(PT_SC_REMOTE)")

tests: Add a simple regression test for ptrace(PT_SC_REMOTE)

MFC after: 1 week

ptrace_test: Remove another MIPS remnant.

tests: also remove sparc64 case

Followup to commit d6273acf5625, which removed MIPS.

Reported by: mhorne

tests: retire now-unused MIPS case

Add NT_ARM_ADDR_MASK

This can be used by debuggers to find which bits in a virtual address
should be masked off to get a canonical address. This is currently used
by the Pointer Authentication Code support to get its mask. It could also
be used if we support Top Byte Ignore for the same purpose.

Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34302

Add PT_GETREGSET

This adds the PT_GETREGSET and PT_SETREGSET ptrace types. These can be
used to access all the registers from a specified core dump note type.
The NT_PRSTATUS and NT_FPREGSET notes are initially supported. Other
machine-dependant types are expected to be added in the future.

The ptrace addr points to a struct iovec pointing at memory to hold the
registers along with its length. On success the length in the iovec is
updated to tell userspace the actual length the kernel wrote or, if the
base address is NULL, the length the kernel would have written.

Because the data field is an int the arguments are backwards when
compared to the Linux PTRACE_GETREGSET call.

Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D19831

Fix GCC build of ptrace_test after 96a9e50e63bfc

It seems like GCC's -Wsign-compare is stricter and also warns for
constants. Appease GCC by adding the required casts.

Fixes: 96a9e50e63bfc ("ptrace_test: Add more debug output on test failures")
Reported by: Jenkins CI

Fix ptrace_test:ptrace__syscall_args after ATF upgrade

ATF now opens the results file (without CLOEXEC), so the child actually
has a valid file descriptor 3. To fix this simply use a large number that
will definitely not be a valid file descriptor.

Reviewed by: jhb, cem, lwhsu
Differential Revision: https://reviews.freebsd.org/D28889

Remove atf_tc_skip calls from ptrace_test

I've run these tests many times in a loop on multiple architectures and
it works reliably for me, maybe it's time to retire these skips?
This also adds an additional waitpid to one of the tests to avoid
a potential race condition (suggested by markj@).

PR: 239397, 244056, 239425, 240510, 220841, 243605
Reviewed By: markj
Differential Revision: https://reviews.freebsd.org/D28888

ptrace_test: Add more debug output on test failures

Mostly automatic, using
`CHILD_REQUIRE\(([^|&\n]*) ==` -> `CHILD_REQUIRE_EQ_INT($1,`
`ATF_REQUIRE\(([^|&\n]*) ==` -> `REQUIRE_EQ_INT($1,` followed by
git-clang-format -f and then manually checking ones that contain ||/&&.

Test Plan:
Still getting the same failure but now it prints
`psr.sr_error (0) == EBADF (9) not met` instead of just failing
without printing the values.

PR: 243605
Reviewed By: jhb
Differential Revision: https://reviews.freebsd.org/D28887

Temporarily skip flakey test case sys.kern.ptrace_test.ptrace__parent_exits_before_child

PR: 244056
Sponsored by: The FreeBSD Foundation

Temporarily skip failing test case sys.kern/ptrace_test/ptrace__parent_wait_after_attach

PR: 244055
Sponsored by: The FreeBSD Foundation

Temporarily skip flakey test case sys.kern.ptrace_test.ptrace__procdesc_reparent_wait_child

PR: 243605
Sponsored by: The FreeBSD Foundation

procdesc: allow to collect status through wait(1) if process is traced

The debugger like truss(1) depends on the wait(2) syscall. This syscall
waits for ALL children. When it is waiting for ALL child's the children
created by process descriptors are not returned. This behavior was
introduced because we want to implement libraries which may pdfork(1).

The behavior of process descriptor brakes truss(1) because it will
not be able to collect the status of processes with process descriptors.

To address this problem the status is returned to parent when the
child is traced. While the process is traced the debugger is the new parent.
In case the original parent and debugger are the same process it means the
debugger explicitly used pdfork() to create the child. In that case the debugger
should be using kqueue()/pdwait() instead of wait().

Add test case to verify that. The test case was implemented by markj@.

Reviewed by: kib, markj
Discussed with: jhb
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D20362

Temporarily skip flakey test case sys.kern.ptrace_test.ptrace__getppid

PR: 240510
Sponsored by: The FreeBSD Foundation

mips: hide regnum definitions behind _KERNEL/_WANT_MIPS_REGNUM

machine/regnum.h ends up being included by sys/procfs.h and sys/ptrace.h via
machine/reg.h. Many of the regnum definitions are too short and too generic
to be exposing to any userland application including one of these two
headers. Moreover, these actively cause build failures in googletest
(template <typename T1 ...> expanding to template <typename 9 ...>).

Hide the definitions behind _KERNEL or _WANT_MIPS_REGNUM, and patch all of
the userland consumers to define as needed.

Discussed with: imp, jhb
Reviewed by: imp, jhb
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D21330

Get configuration variable with default value for not breaking default setting

Reported by: markj
Sponsored by: The FreeBSD Foundation

procdesc: fix reparenting when the debugger is attached

The process is reparented to the debugger while it is attached.
B B
/ ----> |
A A D

Every time when the process is reparented, it is added to the orphan list
of the previous parent:

A->orphan = B
D->orphan = NULL

When the A process will close the process descriptor to the B process,
the B process will be reparented to the init process.
B B - init
| ---->
A D A D

A->orphan = B
D->orphan = B

In this scenario, the B process is in the orphan list of A and D.

When the last process descriptor is closed instead of reparenting
it to the reaper let it stay with the debugger process and set
our previews parent to the reaper.

Add test case for this situation.
Notice that without this patch the kernel will crash with this test case:
panic: orphan 0xfffff8000e990530 of 0xfffff8000e990000 has unexpected oppid 1

Reviewed by: markj, kib
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D20361

Only skip test cases sometimes failing in CI when they are running in CI

Suggested by: jhb
Sponsored by: The FreeBSD Foundation

Temporarily skip flakey test case
sys.kern.ptrace_test.ptrace__follow_fork_parent_detached_unrelated_debugger

PR: 239425
Sponsored by: The FreeBSD Foundation

Temporarily skip flakey test case
sys.kern.ptrace_test.ptrace__parent_sees_exit_after_child_debugger

PR: 239399
Sponsored by: The FreeBSD Foundation

Temporarily skip flakey test case
sys.kern.ptrace_test.ptrace__follow_fork_both_attached_unrelated_debugger

PR: 239397
Sponsored by: The FreeBSD Foundation

Temporarily skip flakey test case
sys.kern.ptrace_test.ptrace__PT_KILL_competing_stop

PR: 220841
Sponsored by: The FreeBSD Foundation

Fix URL.

Sponsored by: The FreeBSD Foundation

Temporarily skip flakey test case
sys.kern.ptrace_test.ptrace__follow_fork_child_detached_unrelated_debugger

PR: 239292
Sponsored by: The FreeBSD Foundation

Add ptrace op PT_GET_SC_RET.

This ptrace operation returns a structure containing the error and
return values from the current system call. It is only valid when a
thread is stopped during a system call exit (PL_FLAG_SCX is set).

The sr_error member holds the error value from the system call. Note
that this error value is the native FreeBSD error value that has _not_
been translated to an ABI-specific error value similar to the values
logged to ktrace.

If sr_error is zero, then the return values of the system call will be
set in sr_retval[0] and sr_retval[1].

Reviewed by: kib
MFC after: 1 month
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D20901

Add a test for PT_GET_SC_ARGS.

Reviewed by: kib
MFC after: 1 month
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D20899

Set the p_oppid field of orphans when exiting.

Such processes will be reparented to the reaper when the current
parent is done with them (i.e., ptrace detached), so p_oppid must be
updated accordingly.

Add a regression test to exercise this code path. Previously it
would not be possible to reap an orphan with a stale oppid.

Reviewed by: kib, mjg
Tested by: pho
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D19825

Drop "All rights reserved" from my copyright statements.

Reviewed by: rgrimes
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D19485

Don't report stale signal information for non-signal events in ptrace_lwpinfo.

Once a signal's siginfo was copied to 'td_si' as part of the signal
exchange in issignal(), it was never cleared. This caused future
thread events that are reported as SIGTRAP events without signal
information to report the stale siginfo in 'td_si'. For example, if a
debugger created a new process and used SIGSTOP to stop it after
PT_ATTACH, future system call entry / exit events would set PL_FLAG_SI
with the SIGSTOP siginfo in pl_siginfo. This broke 'catch syscall' in
current versions of gdb as it assumed PL_FLAG_SI with SIGTRAP
indicates a breakpoint or single step trap.

Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D18487

Revert r337929

FreeBSD's mkstemp sets the temporary file's permissions to 600, and has ever
since mkstemp was added in 1987. Coverity's warning is still relevant for
portable programs since OpenGroup does not require that behavior, and POSIX
didn't until 2008. But none of these programs are portable.

Fix Coverity warnings about mkstemp in tests

umask(2) should always be used prior to mkstemp(3) so the temporary file
won't be created with insecure permissions.

Reported by: Coverity
CID: 1331605 1347173 1375366 1339800 1331604 1296056 1296060
CID: 1296057 1296062
MFC after: 2 weeks

Export a breakpoint() function to userland for arm and arm64.

Enable ptrace() tests using breakpoint() on these architectures.

Reviewed by: andrew
Differential Revision: https://reviews.freebsd.org/D15191

Export a breakpoint() function to userland for riscv.

As a result, enable tests using breakpoint() on riscv.

Reviewed by: br
Differential Revision: https://reviews.freebsd.org/D15191

Shorten some recently-added lines that are an extra indent over 80 columns.

Add two tests for TRAP_* signal codes for SIGTRAP.

- ptrace__breakpoint_siginfo tests that a SIGTRAP for a software breakpoint
in userland triggers a SIGTRAP with a signal code of TRAP_BRKPT.
- ptrace__step_siginfo tests that a SIGTRAP reported for a step after
stepping via PT_STEP or PT_SETSTEP has a signal code of TRAP_TRACE.

Expose breakpoint() to userland from <machine/cpufunc.h> on MIPS.

Enable ptrace() tests using breakpoint on MIPS as well.

Tested on: mips64
MFC after: 1 month

Extend support for ptrace() tests using breakpoints.

- Use a single list of platforms to define HAVE_BREAKPOINT for platforms
that expose a functional breakpoint() inline to userland. Replace
existing lists of platform tests with HAVE_BREAKPOINT instead.
- Add support for advancing PC past a breakpoint inserted via breakpoint()
to support the existing ptrace__PT_CONTINUE_different_thread test on
non-x86 platforms (x86 advances the PC past the breakpoint instruction,
but other platforms do not). This is implemented by defining a new
SKIP_BREAK macro which accepts a pointer to a 'struct reg' as its sole
argument and modifies the contents to advance the PC. The intention is
to use it in between PT_GETREGS and PT_SETREGS.

Tested on: amd64, i386, mips (after adding a breakpoint() to mips)
MFC after: 1 month

Mark the unused argument to continue_thread() as such.

clang in HEAD and 11 does not warn about this, but clang in 10 does.

other: Fix several typos and minor errors

- duplicate words
- typos
- references to old versions of FreeBSD

Reviewed by: imp, benno

Catch up to r325719 which makes the kern.proc.pid sysctl "work" for zombies.

Some of the ptrace tests need to wait for a child process to become a
zombie before preceding. The parent process polls the child process
via the kern.proc.pid sysctl to wait for it to become a zombie.
Previously the code polled until the sysctl failed with ESRCH. Now it
will poll until either the sysctl fails with ESRCH (for compatiblity
with older kernels) or returns a kinfo_proc structure with the ki_stat
field set to SZOMB.

Reported by: Jenkins
Tested by: markj
Discussed with: mjg
MFC after: 1 week

Discard the correct thread event reported for a ptrace stop.

When multiple threads wish to report a tracing event to a debugger,
both threads call ptracestop() and one thread will win the race to be
the reporting thread (p->p_xthread). The debugger uses PT_LWPINFO
with the process ID to determine which thread / LWP is reporting an
event and the details of that event. This event is cleared as a side
effect of the subsequent ptrace event that resumed the process
(PT_CONTINUE, PT_STEP, etc.). However, ptrace() was clearing the
event identified by the LWP ID passed to the resume request even if
that wasn't the 'p_xthread'. This could result in clearing an event
that had not yet been observed by the debugger and leaving the
existing event for 'p_thread' pending so that it was reported a second
time.

Specifically, if the debugger stopped due to a software breakpoint in
one thread, but then switched to another thread that was used to
resume (e.g. if the user switched to a different thread and issued a
step), the resume request (PT_STEP) cleared a pending event (if any)
for the thread being stepped. However, the process immediately
stopped and the first thread reported it's breakpoint event a second
time. The debugger decremented the PC for "both" breakpoint events
which resulted in the PC now pointing into the middle of an
instruction (on x86) and a SIGILL fault when the process was resumed a
second time.

To fix, always clear the pending event for 'p_xthread' when resuming a
process. ptrace() still honors the requested LWP ID when enabling
single-stepping (PT_STEP) or setting a different PC (PT_CONTINUE).

Reported by: GDB testsuite (gdb.threads/continue-pending-status.exp)
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D12794

Add a test for sending a signal while stepping a thread via PT_STEP.

MFC after: 1 week

Add a test for r324671 along with some other masked tests.

MFC after: 1 week
Sponsored by: Dell EMC Isilon

This child is expected to exit on SIGTRAP, don't leave a core behind.

MFC after: 1 week
Sponsored by: Dell EMC Isilon

Fix shadowed variable hidden by WARNS changing to 3 in r313006.

Sponsored by: Dell EMC Isilon
MFC after: 1 week

Annotate tests that require root privileges appropriately

This unbreaks running the tests with unprivileged users.

MFC after: 1 week

Add a regression test for r318191.

Reviewed by: badger
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D10684

ptrace_test: eliminate assumption about thread scheduling

A couple of the ptrace tests make assumptions about which thread in a
multithreaded process will run after a halt. This makes the tests less
portable across branches, and susceptible to future breakage. Instead,
twiddle thread scheduling and priorities to match the tests'
expectation.

X-MFC with: r313992
Sponsored by: Dell EMC

Don't clear p_ptevents on normal SIGKILL delivery

The ptrace() user has the option of discarding the signal. In such a
case, p_ptevents should not be modified. If the ptrace() user decides to
send a SIGKILL, ptevents will be cleared in ptracestop(). procfs events
do not have the capability to discard the signal, so continue to clear
the mask in that case.

Reviewed by: jhb (initial revision)
MFC after: 1 week
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D9939

don't stop in issignal() if P_SINGLE_EXIT is set

Suppose a traced process is stopped in ptracestop() due to receipt of a
SIGSTOP signal, and is awaiting orders from the tracing process on how
to handle the signal. Before sending any such orders, the tracing
process exits. This should kill the traced process. But suppose a second
thread handles the SIGKILL and proceeds to exit1(), calling
thread_single(). The first thread will now awaken and will have a chance
to check once more if it should go to sleep due to the SIGSTOP. It must
not sleep after P_SINGLE_EXIT has been set; this would prevent the
SIGKILL from taking effect, leaving a stopped orphan behind after the
tracing process dies.

Also add new tests for this condition.

Reviewed by: kib
MFC after: 2 weeks
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D9890

Actually fix buildworlds other than i386/amd64/sparc64 after r313992

Disable offending test for platforms without a userspace visible
breakpoint().

Reported by: rpokala
Approved by: vangyzen (mentor)

Fix world build for archs where __builtin_debugtrap() does not work.

The offending code was introduced in r313992.

Reported by: rpokala
Approved by: kib (mentor)

Defer ptracestop() signals that cannot be delivered immediately

When a thread is stopped in ptracestop(), the ptrace(2) user may request
a signal be delivered upon resumption of the thread. Heretofore, those signals
were discarded unless ptracestop()'s caller was issignal(). Fix this by
modifying ptracestop() to queue up signals requested by the ptrace user that
will be delivered when possible. Take special care when the signal is SIGKILL
(usually generated from a PT_KILL request); no new stop events should be
triggered after a PT_KILL.

Add a number of tests for the new functionality. Several tests were authored
by jhb.

PR: 212607
Reviewed by: kib
Approved by: kib (mentor)
MFC after: 2 weeks
Sponsored by: Dell EMC
In collaboration with: jhb
Differential Revision: https://reviews.freebsd.org/D9260

Add PTRACE_VFORK to trace vfork events.

First, PL_FLAG_FORKED events now also set a PL_FLAG_VFORKED flag when
the new child was created via vfork() rather than fork(). Second, a
new PL_FLAG_VFORK_DONE event can now be enabled via the PTRACE_VFORK
event mask. This new stop is reported after the vfork parent resumes
due to the child calling exit or exec. Debuggers can use this stop to
reinsert breakpoints in the vfork parent process before it resumes.

Reviewed by: kib
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D7045

Add a mask of optional ptrace() events.

ptrace() now stores a mask of optional events in p_ptevents. Currently
this mask is a single integer, but it can be expanded into an array of
integers in the future.

Two new ptrace requests can be used to manipulate the event mask:
PT_GET_EVENT_MASK fetches the current event mask and PT_SET_EVENT_MASK
sets the current event mask.

The current set of events include:
- PTRACE_EXEC: trace calls to execve().
- PTRACE_SCE: trace system call entries.
- PTRACE_SCX: trace syscam call exits.
- PTRACE_FORK: trace forks and auto-attach to new child processes.
- PTRACE_LWP: trace LWP events.

The S_PT_SCX and S_PT_SCE events in the procfs p_stops flags have
been replaced by PTRACE_SCE and PTRACE_SCX. PTRACE_FORK replaces
P_FOLLOW_FORK and PTRACE_LWP replaces P2_LWP_EVENTS.

The PT_FOLLOW_FORK and PT_LWP_EVENTS ptrace requests remain for
compatibility but now simply toggle corresponding flags in the
event mask.

While here, document that PT_SYSCALL, PT_TO_SCE, and PT_TO_SCX both
modify the event mask and continue the traced process.

Reviewed by: kib
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D7044

Add a test for user signal delivery.

This test verifies we get the correct ptrace event details when a signal
is posted to a traced process from userland.

Reviewed by: kib (part of D7044)

Add ptrace(2) reporting for LWP events.

Add two new LWPINFO flags: PL_FLAG_BORN and PL_FLAG_EXITED for reporting
thread creation and destruction. Newly created threads will stop to report
PL_FLAG_BORN before returning to userland and exiting threads will stop to
report PL_FLAG_EXIT before exiting completely. Both of these events are
only enabled and reported if PT_LWP_EVENTS is enabled on a process.

Tweak: use 'mainlwp' instead of 'mainpid' since this is a thread (LWP)
identifier, not a pid.

Fix build with older GCC which, doesn't like 'main' being a variable name.

Fix various edge cases related to system call tracing.
- Always set td_dbg_sc_* when P_TRACED is set on system call entry
even if the debugger is not tracing system call entries. This
ensures the fields are valid when reporting other stops that
occur at system call boundaries such as for PT_FOLLOW_FORKS or
when only tracing system call exits.
- Set TDB_SCX when reporting the stop for a new child process in
fork_return(). This causes the event to be reported as a system
call exit.
- Report a system call exit event in fork_return() for new threads in
a traced process.
- Copy td_dbg_sc_* to new threads instead of zeroing. This ensures
that td_dbg_sc_code in particular will report the system call that
created the new thread or process when it reports a system call
exit event in fork_return().
- Add new ptrace tests to verify that new child processes and threads
report system call exit events with a valid pl_syscall_code via
PT_LWPINFO.

Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D3822

Use _exit() instead of exit() in child processes created during tests.

Suggested by: kib

Add a test to verify that a traced process sees its original parent via
getppid() after a debugger process that is not the parent has attached.

Reviewed by: kib (earlier version)
Differential Revision: https://reviews.freebsd.org/D3615

Properly size the children[] arrays in the follow fork tests.

Clear P_TRACED before reparenting a detached process back to its
original parent. Otherwise the debugee will be set as an orphan of
the debugger.

Add tests for tracing forks via PT_FOLLOW_FORK.

Reviewed by: kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D2809

Add a CHILD_REQUIRE macro similar to ATF_REQUIRE for use in child processes
of the main test process.

Differential Revision: https://reviews.freebsd.org/D2664
Reviewed by: ngie (previous version)

Consistently only use one end of the pipe in the parent and debugger
processes and do not rely on EOF due to a close() in the debugger.

PR: 200489
Differential Revision: https://reviews.freebsd.org/D2674
Reviewed by: kib, ngie, rodrigc

Tweak the description of when waitpid() doesn't return any status for a
non-blocking wait to avoid the word "empty".

Requested by: ngie

Do not allow a process to reap an orphan (a child currently being
traced by another process such as a debugger). The parent process does
need to check for matching orphan pids to avoid returning ECHILD if an
orphan has exited, but it should not return the exited status for the
child until after the debugger has detached from the orphan process
either explicitly or implicitly via wait().

Add two tests for for this case: one where the debugger is the direct
child (thus the parent has a non-empty children list) and one where
the debugger is not a direct child (so the only "child" of the parent
is the orphan).

Differential Revision: https://reviews.freebsd.org/D2644
Reviewed by: kib
MFC after: 2 weeks

Only reparent a traced process to its old parent if the tracing process is
not the old parent. Otherwise, proc_reap() will leave the zombie in place
resulting in the process' status being returned twice to its parent.

Add test cases for PT_TRACE_ME and PT_ATTACH which are fixed by
this change.

Differential Revision: https://reviews.freebsd.org/D2594
Reviewed by: kib
MFC after: 2 weeks