ptrace_test.c revision 293270
1/*- 2 * Copyright (c) 2015 John Baldwin <jhb@FreeBSD.org> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> 28__FBSDID("$FreeBSD: stable/10/tests/sys/kern/ptrace_test.c 293270 2016-01-06 20:27:55Z ngie $"); 29 30#include <sys/types.h> 31#include <sys/ptrace.h> 32#include <sys/syscall.h> 33#include <sys/sysctl.h> 34#include <sys/user.h> 35#include <sys/wait.h> 36#include <errno.h> 37#include <pthread.h> 38#include <signal.h> 39#include <stdio.h> 40#include <stdlib.h> 41#include <unistd.h> 42#include <atf-c.h> 43 44/* 45 * A variant of ATF_REQUIRE that is suitable for use in child 46 * processes. This only works if the parent process is tripped up by 47 * the early exit and fails some requirement itself. 48 */ 49#define CHILD_REQUIRE(exp) do { \ 50 if (!(exp)) \ 51 child_fail_require(__FILE__, __LINE__, \ 52 #exp " not met"); \ 53 } while (0) 54 55static __dead2 void 56child_fail_require(const char *file, int line, const char *str) 57{ 58 char buf[128]; 59 60 snprintf(buf, sizeof(buf), "%s:%d: %s\n", file, line, str); 61 write(2, buf, strlen(buf)); 62 _exit(32); 63} 64 65static void 66trace_me(void) 67{ 68 69 /* Attach the parent process as a tracer of this process. */ 70 CHILD_REQUIRE(ptrace(PT_TRACE_ME, 0, NULL, 0) != -1); 71 72 /* Trigger a stop. */ 73 raise(SIGSTOP); 74} 75 76static void 77attach_child(pid_t pid) 78{ 79 pid_t wpid; 80 int status; 81 82 ATF_REQUIRE(ptrace(PT_ATTACH, pid, NULL, 0) == 0); 83 84 wpid = waitpid(pid, &status, 0); 85 ATF_REQUIRE(wpid == pid); 86 ATF_REQUIRE(WIFSTOPPED(status)); 87 ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP); 88} 89 90static void 91wait_for_zombie(pid_t pid) 92{ 93 94 /* 95 * Wait for a process to exit. This is kind of gross, but 96 * there is not a better way. 97 */ 98 for (;;) { 99 struct kinfo_proc kp; 100 size_t len; 101 int mib[4]; 102 103 mib[0] = CTL_KERN; 104 mib[1] = KERN_PROC; 105 mib[2] = KERN_PROC_PID; 106 mib[3] = pid; 107 len = sizeof(kp); 108 if (sysctl(mib, nitems(mib), &kp, &len, NULL, 0) == -1) { 109 /* The KERN_PROC_PID sysctl fails for zombies. */ 110 ATF_REQUIRE(errno == ESRCH); 111 break; 112 } 113 usleep(5000); 114 } 115} 116 117/* 118 * Verify that a parent debugger process "sees" the exit of a debugged 119 * process exactly once when attached via PT_TRACE_ME. 120 */ 121ATF_TC_WITHOUT_HEAD(ptrace__parent_wait_after_trace_me); 122ATF_TC_BODY(ptrace__parent_wait_after_trace_me, tc) 123{ 124 pid_t child, wpid; 125 int status; 126 127 ATF_REQUIRE((child = fork()) != -1); 128 if (child == 0) { 129 /* Child process. */ 130 trace_me(); 131 132 exit(1); 133 } 134 135 /* Parent process. */ 136 137 /* The first wait() should report the stop from SIGSTOP. */ 138 wpid = waitpid(child, &status, 0); 139 ATF_REQUIRE(wpid == child); 140 ATF_REQUIRE(WIFSTOPPED(status)); 141 ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP); 142 143 /* Continue the child ignoring the SIGSTOP. */ 144 ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1); 145 146 /* The second wait() should report the exit status. */ 147 wpid = waitpid(child, &status, 0); 148 ATF_REQUIRE(wpid == child); 149 ATF_REQUIRE(WIFEXITED(status)); 150 ATF_REQUIRE(WEXITSTATUS(status) == 1); 151 152 /* The child should no longer exist. */ 153 wpid = waitpid(child, &status, 0); 154 ATF_REQUIRE(wpid == -1); 155 ATF_REQUIRE(errno == ECHILD); 156} 157 158/* 159 * Verify that a parent debugger process "sees" the exit of a debugged 160 * process exactly once when attached via PT_ATTACH. 161 */ 162ATF_TC_WITHOUT_HEAD(ptrace__parent_wait_after_attach); 163ATF_TC_BODY(ptrace__parent_wait_after_attach, tc) 164{ 165 pid_t child, wpid; 166 int cpipe[2], status; 167 char c; 168 169 ATF_REQUIRE(pipe(cpipe) == 0); 170 ATF_REQUIRE((child = fork()) != -1); 171 if (child == 0) { 172 /* Child process. */ 173 close(cpipe[0]); 174 175 /* Wait for the parent to attach. */ 176 CHILD_REQUIRE(read(cpipe[1], &c, sizeof(c)) == 0); 177 178 exit(1); 179 } 180 close(cpipe[1]); 181 182 /* Parent process. */ 183 184 /* Attach to the child process. */ 185 attach_child(child); 186 187 /* Continue the child ignoring the SIGSTOP. */ 188 ATF_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1); 189 190 /* Signal the child to exit. */ 191 close(cpipe[0]); 192 193 /* The second wait() should report the exit status. */ 194 wpid = waitpid(child, &status, 0); 195 ATF_REQUIRE(wpid == child); 196 ATF_REQUIRE(WIFEXITED(status)); 197 ATF_REQUIRE(WEXITSTATUS(status) == 1); 198 199 /* The child should no longer exist. */ 200 wpid = waitpid(child, &status, 0); 201 ATF_REQUIRE(wpid == -1); 202 ATF_REQUIRE(errno == ECHILD); 203} 204 205/* 206 * Verify that a parent process "sees" the exit of a debugged process only 207 * after the debugger has seen it. 208 */ 209ATF_TC_WITHOUT_HEAD(ptrace__parent_sees_exit_after_child_debugger); 210ATF_TC_BODY(ptrace__parent_sees_exit_after_child_debugger, tc) 211{ 212 pid_t child, debugger, wpid; 213 int cpipe[2], dpipe[2], status; 214 char c; 215 216 ATF_REQUIRE(pipe(cpipe) == 0); 217 ATF_REQUIRE((child = fork()) != -1); 218 219 if (child == 0) { 220 /* Child process. */ 221 close(cpipe[0]); 222 223 /* Wait for parent to be ready. */ 224 CHILD_REQUIRE(read(cpipe[1], &c, sizeof(c)) == sizeof(c)); 225 226 exit(1); 227 } 228 close(cpipe[1]); 229 230 ATF_REQUIRE(pipe(dpipe) == 0); 231 ATF_REQUIRE((debugger = fork()) != -1); 232 233 if (debugger == 0) { 234 /* Debugger process. */ 235 close(dpipe[0]); 236 237 CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1); 238 239 wpid = waitpid(child, &status, 0); 240 CHILD_REQUIRE(wpid == child); 241 CHILD_REQUIRE(WIFSTOPPED(status)); 242 CHILD_REQUIRE(WSTOPSIG(status) == SIGSTOP); 243 244 CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1); 245 246 /* Signal parent that debugger is attached. */ 247 CHILD_REQUIRE(write(dpipe[1], &c, sizeof(c)) == sizeof(c)); 248 249 /* Wait for parent's failed wait. */ 250 CHILD_REQUIRE(read(dpipe[1], &c, sizeof(c)) == 0); 251 252 wpid = waitpid(child, &status, 0); 253 CHILD_REQUIRE(wpid == child); 254 CHILD_REQUIRE(WIFEXITED(status)); 255 CHILD_REQUIRE(WEXITSTATUS(status) == 1); 256 257 exit(0); 258 } 259 close(dpipe[1]); 260 261 /* Parent process. */ 262 263 /* Wait for the debugger to attach to the child. */ 264 ATF_REQUIRE(read(dpipe[0], &c, sizeof(c)) == sizeof(c)); 265 266 /* Release the child. */ 267 ATF_REQUIRE(write(cpipe[0], &c, sizeof(c)) == sizeof(c)); 268 ATF_REQUIRE(read(cpipe[0], &c, sizeof(c)) == 0); 269 close(cpipe[0]); 270 271 wait_for_zombie(child); 272 273 /* 274 * This wait should return a pid of 0 to indicate no status to 275 * report. The parent should see the child as non-exited 276 * until the debugger sees the exit. 277 */ 278 wpid = waitpid(child, &status, WNOHANG); 279 ATF_REQUIRE(wpid == 0); 280 281 /* Signal the debugger to wait for the child. */ 282 close(dpipe[0]); 283 284 /* Wait for the debugger. */ 285 wpid = waitpid(debugger, &status, 0); 286 ATF_REQUIRE(wpid == debugger); 287 ATF_REQUIRE(WIFEXITED(status)); 288 ATF_REQUIRE(WEXITSTATUS(status) == 0); 289 290 /* The child process should now be ready. */ 291 wpid = waitpid(child, &status, WNOHANG); 292 ATF_REQUIRE(wpid == child); 293 ATF_REQUIRE(WIFEXITED(status)); 294 ATF_REQUIRE(WEXITSTATUS(status) == 1); 295} 296 297/* 298 * Verify that a parent process "sees" the exit of a debugged process 299 * only after a non-direct-child debugger has seen it. In particular, 300 * various wait() calls in the parent must avoid failing with ESRCH by 301 * checking the parent's orphan list for the debugee. 302 */ 303ATF_TC_WITHOUT_HEAD(ptrace__parent_sees_exit_after_unrelated_debugger); 304ATF_TC_BODY(ptrace__parent_sees_exit_after_unrelated_debugger, tc) 305{ 306 pid_t child, debugger, fpid, wpid; 307 int cpipe[2], dpipe[2], status; 308 char c; 309 310 ATF_REQUIRE(pipe(cpipe) == 0); 311 ATF_REQUIRE((child = fork()) != -1); 312 313 if (child == 0) { 314 /* Child process. */ 315 close(cpipe[0]); 316 317 /* Wait for parent to be ready. */ 318 CHILD_REQUIRE(read(cpipe[1], &c, sizeof(c)) == sizeof(c)); 319 320 exit(1); 321 } 322 close(cpipe[1]); 323 324 ATF_REQUIRE(pipe(dpipe) == 0); 325 ATF_REQUIRE((debugger = fork()) != -1); 326 327 if (debugger == 0) { 328 /* Debugger parent. */ 329 330 /* 331 * Fork again and drop the debugger parent so that the 332 * debugger is not a child of the main parent. 333 */ 334 CHILD_REQUIRE((fpid = fork()) != -1); 335 if (fpid != 0) 336 exit(2); 337 338 /* Debugger process. */ 339 close(dpipe[0]); 340 341 CHILD_REQUIRE(ptrace(PT_ATTACH, child, NULL, 0) != -1); 342 343 wpid = waitpid(child, &status, 0); 344 CHILD_REQUIRE(wpid == child); 345 CHILD_REQUIRE(WIFSTOPPED(status)); 346 CHILD_REQUIRE(WSTOPSIG(status) == SIGSTOP); 347 348 CHILD_REQUIRE(ptrace(PT_CONTINUE, child, (caddr_t)1, 0) != -1); 349 350 /* Signal parent that debugger is attached. */ 351 CHILD_REQUIRE(write(dpipe[1], &c, sizeof(c)) == sizeof(c)); 352 353 /* Wait for parent's failed wait. */ 354 CHILD_REQUIRE(read(dpipe[1], &c, sizeof(c)) == sizeof(c)); 355 356 wpid = waitpid(child, &status, 0); 357 CHILD_REQUIRE(wpid == child); 358 CHILD_REQUIRE(WIFEXITED(status)); 359 CHILD_REQUIRE(WEXITSTATUS(status) == 1); 360 361 exit(0); 362 } 363 close(dpipe[1]); 364 365 /* Parent process. */ 366 367 /* Wait for the debugger parent process to exit. */ 368 wpid = waitpid(debugger, &status, 0); 369 ATF_REQUIRE(wpid == debugger); 370 ATF_REQUIRE(WIFEXITED(status)); 371 ATF_REQUIRE(WEXITSTATUS(status) == 2); 372 373 /* A WNOHANG wait here should see the non-exited child. */ 374 wpid = waitpid(child, &status, WNOHANG); 375 ATF_REQUIRE(wpid == 0); 376 377 /* Wait for the debugger to attach to the child. */ 378 ATF_REQUIRE(read(dpipe[0], &c, sizeof(c)) == sizeof(c)); 379 380 /* Release the child. */ 381 ATF_REQUIRE(write(cpipe[0], &c, sizeof(c)) == sizeof(c)); 382 ATF_REQUIRE(read(cpipe[0], &c, sizeof(c)) == 0); 383 close(cpipe[0]); 384 385 wait_for_zombie(child); 386 387 /* 388 * This wait should return a pid of 0 to indicate no status to 389 * report. The parent should see the child as non-exited 390 * until the debugger sees the exit. 391 */ 392 wpid = waitpid(child, &status, WNOHANG); 393 ATF_REQUIRE(wpid == 0); 394 395 /* Signal the debugger to wait for the child. */ 396 ATF_REQUIRE(write(dpipe[0], &c, sizeof(c)) == sizeof(c)); 397 398 /* Wait for the debugger. */ 399 ATF_REQUIRE(read(dpipe[0], &c, sizeof(c)) == 0); 400 close(dpipe[0]); 401 402 /* The child process should now be ready. */ 403 wpid = waitpid(child, &status, WNOHANG); 404 ATF_REQUIRE(wpid == child); 405 ATF_REQUIRE(WIFEXITED(status)); 406 ATF_REQUIRE(WEXITSTATUS(status) == 1); 407} 408 409/* 410 * The parent process should always act the same regardless of how the 411 * debugger is attached to it. 412 */ 413static __dead2 void 414follow_fork_parent(bool use_vfork) 415{ 416 pid_t fpid, wpid; 417 int status; 418 419 if (use_vfork) 420 CHILD_REQUIRE((fpid = vfork()) != -1); 421 else 422 CHILD_REQUIRE((fpid = fork()) != -1); 423 424 if (fpid == 0) 425 /* Child */ 426 exit(2); 427 428 wpid = waitpid(fpid, &status, 0); 429 CHILD_REQUIRE(wpid == fpid); 430 CHILD_REQUIRE(WIFEXITED(status)); 431 CHILD_REQUIRE(WEXITSTATUS(status) == 2); 432 433 exit(1); 434} 435 436/* 437 * Helper routine for follow fork tests. This waits for two stops 438 * that report both "sides" of a fork. It returns the pid of the new 439 * child process. 440 */ 441static pid_t 442handle_fork_events(pid_t parent, struct ptrace_lwpinfo *ppl) 443{ 444 struct ptrace_lwpinfo pl; 445 bool fork_reported[2]; 446 pid_t child, wpid; 447 int i, status; 448 449 fork_reported[0] = false; 450 fork_reported[1] = false; 451 child = -1; 452 453 /* 454 * Each process should report a fork event. The parent should 455 * report a PL_FLAG_FORKED event, and the child should report 456 * a PL_FLAG_CHILD event. 457 */ 458 for (i = 0; i < 2; i++) { 459 wpid = wait(&status); 460 ATF_REQUIRE(wpid > 0); 461 ATF_REQUIRE(WIFSTOPPED(status)); 462 463 ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, 464 sizeof(pl)) != -1); 465 ATF_REQUIRE((pl.pl_flags & (PL_FLAG_FORKED | PL_FLAG_CHILD)) != 466 0); 467 ATF_REQUIRE((pl.pl_flags & (PL_FLAG_FORKED | PL_FLAG_CHILD)) != 468 (PL_FLAG_FORKED | PL_FLAG_CHILD)); 469 if (pl.pl_flags & PL_FLAG_CHILD) { 470 ATF_REQUIRE(wpid != parent); 471 ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP); 472 ATF_REQUIRE(!fork_reported[1]); 473 if (child == -1) 474 child = wpid; 475 else 476 ATF_REQUIRE(child == wpid); 477 if (ppl != NULL) 478 ppl[1] = pl; 479 fork_reported[1] = true; 480 } else { 481 ATF_REQUIRE(wpid == parent); 482 ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP); 483 ATF_REQUIRE(!fork_reported[0]); 484 if (child == -1) 485 child = pl.pl_child_pid; 486 else 487 ATF_REQUIRE(child == pl.pl_child_pid); 488 if (ppl != NULL) 489 ppl[0] = pl; 490 fork_reported[0] = true; 491 } 492 } 493 494 return (child); 495} 496 497/* 498 * Verify that a new child process is stopped after a followed fork and 499 * that the traced parent sees the exit of the child after the debugger 500 * when both processes remain attached to the debugger. 501 */ 502ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_both_attached); 503ATF_TC_BODY(ptrace__follow_fork_both_attached, tc) 504{ 505 pid_t children[0], fpid, wpid; 506 int status; 507 508 ATF_REQUIRE((fpid = fork()) != -1); 509 if (fpid == 0) { 510 trace_me(); 511 follow_fork_parent(false); 512 } 513 514 /* Parent process. */ 515 children[0] = fpid; 516 517 /* The first wait() should report the stop from SIGSTOP. */ 518 wpid = waitpid(children[0], &status, 0); 519 ATF_REQUIRE(wpid == children[0]); 520 ATF_REQUIRE(WIFSTOPPED(status)); 521 ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP); 522 523 ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1); 524 525 /* Continue the child ignoring the SIGSTOP. */ 526 ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1); 527 528 children[1] = handle_fork_events(children[0], NULL); 529 ATF_REQUIRE(children[1] > 0); 530 531 ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1); 532 ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1); 533 534 /* 535 * The child can't exit until the grandchild reports status, so the 536 * grandchild should report its exit first to the debugger. 537 */ 538 wpid = wait(&status); 539 ATF_REQUIRE(wpid == children[1]); 540 ATF_REQUIRE(WIFEXITED(status)); 541 ATF_REQUIRE(WEXITSTATUS(status) == 2); 542 543 wpid = wait(&status); 544 ATF_REQUIRE(wpid == children[0]); 545 ATF_REQUIRE(WIFEXITED(status)); 546 ATF_REQUIRE(WEXITSTATUS(status) == 1); 547 548 wpid = wait(&status); 549 ATF_REQUIRE(wpid == -1); 550 ATF_REQUIRE(errno == ECHILD); 551} 552 553/* 554 * Verify that a new child process is stopped after a followed fork 555 * and that the traced parent sees the exit of the child when the new 556 * child process is detached after it reports its fork. 557 */ 558ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_child_detached); 559ATF_TC_BODY(ptrace__follow_fork_child_detached, tc) 560{ 561 pid_t children[0], fpid, wpid; 562 int status; 563 564 ATF_REQUIRE((fpid = fork()) != -1); 565 if (fpid == 0) { 566 trace_me(); 567 follow_fork_parent(false); 568 } 569 570 /* Parent process. */ 571 children[0] = fpid; 572 573 /* The first wait() should report the stop from SIGSTOP. */ 574 wpid = waitpid(children[0], &status, 0); 575 ATF_REQUIRE(wpid == children[0]); 576 ATF_REQUIRE(WIFSTOPPED(status)); 577 ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP); 578 579 ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1); 580 581 /* Continue the child ignoring the SIGSTOP. */ 582 ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1); 583 584 children[1] = handle_fork_events(children[0], NULL); 585 ATF_REQUIRE(children[1] > 0); 586 587 ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1); 588 ATF_REQUIRE(ptrace(PT_DETACH, children[1], (caddr_t)1, 0) != -1); 589 590 /* 591 * Should not see any status from the grandchild now, only the 592 * child. 593 */ 594 wpid = wait(&status); 595 ATF_REQUIRE(wpid == children[0]); 596 ATF_REQUIRE(WIFEXITED(status)); 597 ATF_REQUIRE(WEXITSTATUS(status) == 1); 598 599 wpid = wait(&status); 600 ATF_REQUIRE(wpid == -1); 601 ATF_REQUIRE(errno == ECHILD); 602} 603 604/* 605 * Verify that a new child process is stopped after a followed fork 606 * and that the traced parent sees the exit of the child when the 607 * traced parent is detached after the fork. 608 */ 609ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_parent_detached); 610ATF_TC_BODY(ptrace__follow_fork_parent_detached, tc) 611{ 612 pid_t children[0], fpid, wpid; 613 int status; 614 615 ATF_REQUIRE((fpid = fork()) != -1); 616 if (fpid == 0) { 617 trace_me(); 618 follow_fork_parent(false); 619 } 620 621 /* Parent process. */ 622 children[0] = fpid; 623 624 /* The first wait() should report the stop from SIGSTOP. */ 625 wpid = waitpid(children[0], &status, 0); 626 ATF_REQUIRE(wpid == children[0]); 627 ATF_REQUIRE(WIFSTOPPED(status)); 628 ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP); 629 630 ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1); 631 632 /* Continue the child ignoring the SIGSTOP. */ 633 ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1); 634 635 children[1] = handle_fork_events(children[0], NULL); 636 ATF_REQUIRE(children[1] > 0); 637 638 ATF_REQUIRE(ptrace(PT_DETACH, children[0], (caddr_t)1, 0) != -1); 639 ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1); 640 641 /* 642 * The child can't exit until the grandchild reports status, so the 643 * grandchild should report its exit first to the debugger. 644 * 645 * Even though the child process is detached, it is still a 646 * child of the debugger, so it will still report it's exit 647 * after the grandchild. 648 */ 649 wpid = wait(&status); 650 ATF_REQUIRE(wpid == children[1]); 651 ATF_REQUIRE(WIFEXITED(status)); 652 ATF_REQUIRE(WEXITSTATUS(status) == 2); 653 654 wpid = wait(&status); 655 ATF_REQUIRE(wpid == children[0]); 656 ATF_REQUIRE(WIFEXITED(status)); 657 ATF_REQUIRE(WEXITSTATUS(status) == 1); 658 659 wpid = wait(&status); 660 ATF_REQUIRE(wpid == -1); 661 ATF_REQUIRE(errno == ECHILD); 662} 663 664static void 665attach_fork_parent(int cpipe[2]) 666{ 667 pid_t fpid; 668 669 close(cpipe[0]); 670 671 /* Double-fork to disassociate from the debugger. */ 672 CHILD_REQUIRE((fpid = fork()) != -1); 673 if (fpid != 0) 674 exit(3); 675 676 /* Send the pid of the disassociated child to the debugger. */ 677 fpid = getpid(); 678 CHILD_REQUIRE(write(cpipe[1], &fpid, sizeof(fpid)) == sizeof(fpid)); 679 680 /* Wait for the debugger to attach. */ 681 CHILD_REQUIRE(read(cpipe[1], &fpid, sizeof(fpid)) == 0); 682} 683 684/* 685 * Verify that a new child process is stopped after a followed fork and 686 * that the traced parent sees the exit of the child after the debugger 687 * when both processes remain attached to the debugger. In this test 688 * the parent that forks is not a direct child of the debugger. 689 */ 690ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_both_attached_unrelated_debugger); 691ATF_TC_BODY(ptrace__follow_fork_both_attached_unrelated_debugger, tc) 692{ 693 pid_t children[0], fpid, wpid; 694 int cpipe[2], status; 695 696 ATF_REQUIRE(pipe(cpipe) == 0); 697 ATF_REQUIRE((fpid = fork()) != -1); 698 if (fpid == 0) { 699 attach_fork_parent(cpipe); 700 follow_fork_parent(false); 701 } 702 703 /* Parent process. */ 704 close(cpipe[1]); 705 706 /* Wait for the direct child to exit. */ 707 wpid = waitpid(fpid, &status, 0); 708 ATF_REQUIRE(wpid == fpid); 709 ATF_REQUIRE(WIFEXITED(status)); 710 ATF_REQUIRE(WEXITSTATUS(status) == 3); 711 712 /* Read the pid of the fork parent. */ 713 ATF_REQUIRE(read(cpipe[0], &children[0], sizeof(children[0])) == 714 sizeof(children[0])); 715 716 /* Attach to the fork parent. */ 717 attach_child(children[0]); 718 719 ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1); 720 721 /* Continue the fork parent ignoring the SIGSTOP. */ 722 ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1); 723 724 /* Signal the fork parent to continue. */ 725 close(cpipe[0]); 726 727 children[1] = handle_fork_events(children[0], NULL); 728 ATF_REQUIRE(children[1] > 0); 729 730 ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1); 731 ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1); 732 733 /* 734 * The fork parent can't exit until the child reports status, 735 * so the child should report its exit first to the debugger. 736 */ 737 wpid = wait(&status); 738 ATF_REQUIRE(wpid == children[1]); 739 ATF_REQUIRE(WIFEXITED(status)); 740 ATF_REQUIRE(WEXITSTATUS(status) == 2); 741 742 wpid = wait(&status); 743 ATF_REQUIRE(wpid == children[0]); 744 ATF_REQUIRE(WIFEXITED(status)); 745 ATF_REQUIRE(WEXITSTATUS(status) == 1); 746 747 wpid = wait(&status); 748 ATF_REQUIRE(wpid == -1); 749 ATF_REQUIRE(errno == ECHILD); 750} 751 752/* 753 * Verify that a new child process is stopped after a followed fork 754 * and that the traced parent sees the exit of the child when the new 755 * child process is detached after it reports its fork. In this test 756 * the parent that forks is not a direct child of the debugger. 757 */ 758ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_child_detached_unrelated_debugger); 759ATF_TC_BODY(ptrace__follow_fork_child_detached_unrelated_debugger, tc) 760{ 761 pid_t children[0], fpid, wpid; 762 int cpipe[2], status; 763 764 ATF_REQUIRE(pipe(cpipe) == 0); 765 ATF_REQUIRE((fpid = fork()) != -1); 766 if (fpid == 0) { 767 attach_fork_parent(cpipe); 768 follow_fork_parent(false); 769 } 770 771 /* Parent process. */ 772 close(cpipe[1]); 773 774 /* Wait for the direct child to exit. */ 775 wpid = waitpid(fpid, &status, 0); 776 ATF_REQUIRE(wpid == fpid); 777 ATF_REQUIRE(WIFEXITED(status)); 778 ATF_REQUIRE(WEXITSTATUS(status) == 3); 779 780 /* Read the pid of the fork parent. */ 781 ATF_REQUIRE(read(cpipe[0], &children[0], sizeof(children[0])) == 782 sizeof(children[0])); 783 784 /* Attach to the fork parent. */ 785 attach_child(children[0]); 786 787 ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1); 788 789 /* Continue the fork parent ignoring the SIGSTOP. */ 790 ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1); 791 792 /* Signal the fork parent to continue. */ 793 close(cpipe[0]); 794 795 children[1] = handle_fork_events(children[0], NULL); 796 ATF_REQUIRE(children[1] > 0); 797 798 ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1); 799 ATF_REQUIRE(ptrace(PT_DETACH, children[1], (caddr_t)1, 0) != -1); 800 801 /* 802 * Should not see any status from the child now, only the fork 803 * parent. 804 */ 805 wpid = wait(&status); 806 ATF_REQUIRE(wpid == children[0]); 807 ATF_REQUIRE(WIFEXITED(status)); 808 ATF_REQUIRE(WEXITSTATUS(status) == 1); 809 810 wpid = wait(&status); 811 ATF_REQUIRE(wpid == -1); 812 ATF_REQUIRE(errno == ECHILD); 813} 814 815/* 816 * Verify that a new child process is stopped after a followed fork 817 * and that the traced parent sees the exit of the child when the 818 * traced parent is detached after the fork. In this test the parent 819 * that forks is not a direct child of the debugger. 820 */ 821ATF_TC_WITHOUT_HEAD(ptrace__follow_fork_parent_detached_unrelated_debugger); 822ATF_TC_BODY(ptrace__follow_fork_parent_detached_unrelated_debugger, tc) 823{ 824 pid_t children[0], fpid, wpid; 825 int cpipe[2], status; 826 827 ATF_REQUIRE(pipe(cpipe) == 0); 828 ATF_REQUIRE((fpid = fork()) != -1); 829 if (fpid == 0) { 830 attach_fork_parent(cpipe); 831 follow_fork_parent(false); 832 } 833 834 /* Parent process. */ 835 close(cpipe[1]); 836 837 /* Wait for the direct child to exit. */ 838 wpid = waitpid(fpid, &status, 0); 839 ATF_REQUIRE(wpid == fpid); 840 ATF_REQUIRE(WIFEXITED(status)); 841 ATF_REQUIRE(WEXITSTATUS(status) == 3); 842 843 /* Read the pid of the fork parent. */ 844 ATF_REQUIRE(read(cpipe[0], &children[0], sizeof(children[0])) == 845 sizeof(children[0])); 846 847 /* Attach to the fork parent. */ 848 attach_child(children[0]); 849 850 ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1); 851 852 /* Continue the fork parent ignoring the SIGSTOP. */ 853 ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1); 854 855 /* Signal the fork parent to continue. */ 856 close(cpipe[0]); 857 858 children[1] = handle_fork_events(children[0], NULL); 859 ATF_REQUIRE(children[1] > 0); 860 861 ATF_REQUIRE(ptrace(PT_DETACH, children[0], (caddr_t)1, 0) != -1); 862 ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1); 863 864 /* 865 * Should not see any status from the fork parent now, only 866 * the child. 867 */ 868 wpid = wait(&status); 869 ATF_REQUIRE(wpid == children[1]); 870 ATF_REQUIRE(WIFEXITED(status)); 871 ATF_REQUIRE(WEXITSTATUS(status) == 2); 872 873 wpid = wait(&status); 874 ATF_REQUIRE(wpid == -1); 875 ATF_REQUIRE(errno == ECHILD); 876} 877 878/* 879 * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new 880 * child process created via fork() reports the correct value. 881 */ 882ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_fork); 883ATF_TC_BODY(ptrace__new_child_pl_syscall_code_fork, tc) 884{ 885 struct ptrace_lwpinfo pl[2]; 886 pid_t children[2], fpid, wpid; 887 int status; 888 889 ATF_REQUIRE((fpid = fork()) != -1); 890 if (fpid == 0) { 891 trace_me(); 892 follow_fork_parent(false); 893 } 894 895 /* Parent process. */ 896 children[0] = fpid; 897 898 /* The first wait() should report the stop from SIGSTOP. */ 899 wpid = waitpid(children[0], &status, 0); 900 ATF_REQUIRE(wpid == children[0]); 901 ATF_REQUIRE(WIFSTOPPED(status)); 902 ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP); 903 904 ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1); 905 906 /* Continue the child ignoring the SIGSTOP. */ 907 ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1); 908 909 /* Wait for both halves of the fork event to get reported. */ 910 children[1] = handle_fork_events(children[0], pl); 911 ATF_REQUIRE(children[1] > 0); 912 913 ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_SCX) != 0); 914 ATF_REQUIRE((pl[1].pl_flags & PL_FLAG_SCX) != 0); 915 ATF_REQUIRE(pl[0].pl_syscall_code == SYS_fork); 916 ATF_REQUIRE(pl[0].pl_syscall_code == pl[1].pl_syscall_code); 917 ATF_REQUIRE(pl[0].pl_syscall_narg == pl[1].pl_syscall_narg); 918 919 ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1); 920 ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1); 921 922 /* 923 * The child can't exit until the grandchild reports status, so the 924 * grandchild should report its exit first to the debugger. 925 */ 926 wpid = wait(&status); 927 ATF_REQUIRE(wpid == children[1]); 928 ATF_REQUIRE(WIFEXITED(status)); 929 ATF_REQUIRE(WEXITSTATUS(status) == 2); 930 931 wpid = wait(&status); 932 ATF_REQUIRE(wpid == children[0]); 933 ATF_REQUIRE(WIFEXITED(status)); 934 ATF_REQUIRE(WEXITSTATUS(status) == 1); 935 936 wpid = wait(&status); 937 ATF_REQUIRE(wpid == -1); 938 ATF_REQUIRE(errno == ECHILD); 939} 940 941/* 942 * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new 943 * child process created via vfork() reports the correct value. 944 */ 945ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_vfork); 946ATF_TC_BODY(ptrace__new_child_pl_syscall_code_vfork, tc) 947{ 948 struct ptrace_lwpinfo pl[2]; 949 pid_t children[2], fpid, wpid; 950 int status; 951 952 ATF_REQUIRE((fpid = fork()) != -1); 953 if (fpid == 0) { 954 trace_me(); 955 follow_fork_parent(true); 956 } 957 958 /* Parent process. */ 959 children[0] = fpid; 960 961 /* The first wait() should report the stop from SIGSTOP. */ 962 wpid = waitpid(children[0], &status, 0); 963 ATF_REQUIRE(wpid == children[0]); 964 ATF_REQUIRE(WIFSTOPPED(status)); 965 ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP); 966 967 ATF_REQUIRE(ptrace(PT_FOLLOW_FORK, children[0], NULL, 1) != -1); 968 969 /* Continue the child ignoring the SIGSTOP. */ 970 ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1); 971 972 /* Wait for both halves of the fork event to get reported. */ 973 children[1] = handle_fork_events(children[0], pl); 974 ATF_REQUIRE(children[1] > 0); 975 976 ATF_REQUIRE((pl[0].pl_flags & PL_FLAG_SCX) != 0); 977 ATF_REQUIRE((pl[1].pl_flags & PL_FLAG_SCX) != 0); 978 ATF_REQUIRE(pl[0].pl_syscall_code == SYS_vfork); 979 ATF_REQUIRE(pl[0].pl_syscall_code == pl[1].pl_syscall_code); 980 ATF_REQUIRE(pl[0].pl_syscall_narg == pl[1].pl_syscall_narg); 981 982 ATF_REQUIRE(ptrace(PT_CONTINUE, children[0], (caddr_t)1, 0) != -1); 983 ATF_REQUIRE(ptrace(PT_CONTINUE, children[1], (caddr_t)1, 0) != -1); 984 985 /* 986 * The child can't exit until the grandchild reports status, so the 987 * grandchild should report its exit first to the debugger. 988 */ 989 wpid = wait(&status); 990 ATF_REQUIRE(wpid == children[1]); 991 ATF_REQUIRE(WIFEXITED(status)); 992 ATF_REQUIRE(WEXITSTATUS(status) == 2); 993 994 wpid = wait(&status); 995 ATF_REQUIRE(wpid == children[0]); 996 ATF_REQUIRE(WIFEXITED(status)); 997 ATF_REQUIRE(WEXITSTATUS(status) == 1); 998 999 wpid = wait(&status); 1000 ATF_REQUIRE(wpid == -1); 1001 ATF_REQUIRE(errno == ECHILD); 1002} 1003 1004static void * 1005simple_thread(void *arg __unused) 1006{ 1007 1008 pthread_exit(NULL); 1009} 1010 1011/* 1012 * Verify that pl_syscall_code in struct ptrace_lwpinfo for a new 1013 * thread reports the correct value. 1014 */ 1015ATF_TC_WITHOUT_HEAD(ptrace__new_child_pl_syscall_code_thread); 1016ATF_TC_BODY(ptrace__new_child_pl_syscall_code_thread, tc) 1017{ 1018 struct ptrace_lwpinfo pl; 1019 pid_t fpid, wpid; 1020 lwpid_t mainlwp; 1021 int status; 1022 1023 ATF_REQUIRE((fpid = fork()) != -1); 1024 if (fpid == 0) { 1025 pthread_t thread; 1026 1027 trace_me(); 1028 1029 CHILD_REQUIRE(pthread_create(&thread, NULL, simple_thread, 1030 NULL) == 0); 1031 CHILD_REQUIRE(pthread_join(thread, NULL) == 0); 1032 exit(1); 1033 } 1034 1035 /* The first wait() should report the stop from SIGSTOP. */ 1036 wpid = waitpid(fpid, &status, 0); 1037 ATF_REQUIRE(wpid == fpid); 1038 ATF_REQUIRE(WIFSTOPPED(status)); 1039 ATF_REQUIRE(WSTOPSIG(status) == SIGSTOP); 1040 1041 ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, 1042 sizeof(pl)) != -1); 1043 mainlwp = pl.pl_lwpid; 1044 1045 /* 1046 * Continue the child ignoring the SIGSTOP and tracing all 1047 * system call exits. 1048 */ 1049 ATF_REQUIRE(ptrace(PT_TO_SCX, fpid, (caddr_t)1, 0) != -1); 1050 1051 /* 1052 * Wait for the new thread to arrive. pthread_create() might 1053 * invoke any number of system calls. For now we just wait 1054 * for the new thread to arrive and make sure it reports a 1055 * valid system call code. If ptrace grows thread event 1056 * reporting then this test can be made more precise. 1057 */ 1058 for (;;) { 1059 wpid = waitpid(fpid, &status, 0); 1060 ATF_REQUIRE(wpid == fpid); 1061 ATF_REQUIRE(WIFSTOPPED(status)); 1062 ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP); 1063 1064 ATF_REQUIRE(ptrace(PT_LWPINFO, wpid, (caddr_t)&pl, 1065 sizeof(pl)) != -1); 1066 ATF_REQUIRE((pl.pl_flags & PL_FLAG_SCX) != 0); 1067 ATF_REQUIRE(pl.pl_syscall_code != 0); 1068 if (pl.pl_lwpid != mainlwp) 1069 /* New thread seen. */ 1070 break; 1071 1072 ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0); 1073 } 1074 1075 /* Wait for the child to exit. */ 1076 ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0); 1077 for (;;) { 1078 wpid = waitpid(fpid, &status, 0); 1079 ATF_REQUIRE(wpid == fpid); 1080 if (WIFEXITED(status)) 1081 break; 1082 1083 ATF_REQUIRE(WIFSTOPPED(status)); 1084 ATF_REQUIRE(WSTOPSIG(status) == SIGTRAP); 1085 ATF_REQUIRE(ptrace(PT_CONTINUE, fpid, (caddr_t)1, 0) == 0); 1086 } 1087 1088 ATF_REQUIRE(WEXITSTATUS(status) == 1); 1089 1090 wpid = wait(&status); 1091 ATF_REQUIRE(wpid == -1); 1092 ATF_REQUIRE(errno == ECHILD); 1093} 1094 1095ATF_TP_ADD_TCS(tp) 1096{ 1097 1098 ATF_TP_ADD_TC(tp, ptrace__parent_wait_after_trace_me); 1099 ATF_TP_ADD_TC(tp, ptrace__parent_wait_after_attach); 1100 ATF_TP_ADD_TC(tp, ptrace__parent_sees_exit_after_child_debugger); 1101 ATF_TP_ADD_TC(tp, ptrace__parent_sees_exit_after_unrelated_debugger); 1102 ATF_TP_ADD_TC(tp, ptrace__follow_fork_both_attached); 1103 ATF_TP_ADD_TC(tp, ptrace__follow_fork_child_detached); 1104 ATF_TP_ADD_TC(tp, ptrace__follow_fork_parent_detached); 1105 ATF_TP_ADD_TC(tp, ptrace__follow_fork_both_attached_unrelated_debugger); 1106 ATF_TP_ADD_TC(tp, 1107 ptrace__follow_fork_child_detached_unrelated_debugger); 1108 ATF_TP_ADD_TC(tp, 1109 ptrace__follow_fork_parent_detached_unrelated_debugger); 1110 ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_fork); 1111 ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_vfork); 1112 ATF_TP_ADD_TC(tp, ptrace__new_child_pl_syscall_code_thread); 1113 1114 return (atf_no_error()); 1115} 1116