1
/*-
2
 * SPDX-License-Identifier: BSD-3-Clause
3
 *
4
 * Copyright (c) 1982, 1986, 1989, 1991, 1993
5
 *	The Regents of the University of California.  All rights reserved.
6
 * (c) UNIX System Laboratories, Inc.
7
 * All or some portions of this file are derived from material licensed
8
 * to the University of California by American Telephone and Telegraph
9
 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10
 * the permission of UNIX System Laboratories, Inc.
11
 *
12
 * Redistribution and use in source and binary forms, with or without
13
 * modification, are permitted provided that the following conditions
14
 * are met:
15
 * 1. Redistributions of source code must retain the above copyright
16
 *    notice, this list of conditions and the following disclaimer.
17
 * 2. Redistributions in binary form must reproduce the above copyright
18
 *    notice, this list of conditions and the following disclaimer in the
19
 *    documentation and/or other materials provided with the distribution.
20
 * 3. Neither the name of the University nor the names of its contributors
21
 *    may be used to endorse or promote products derived from this software
22
 *    without specific prior written permission.
23
 *
24
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34
 * SUCH DAMAGE.
35
 */
36

37
#include "opt_ddb.h"
38
#include "opt_ktrace.h"
39

40
#define EXTERR_CATEGORY	EXTERR_CAT_PROCEXIT
41
#include <sys/systm.h>
42
#include <sys/acct.h>		/* for acct_process() function prototype */
43
#include <sys/capsicum.h>
44
#include <sys/eventhandler.h>
45
#include <sys/exterrvar.h>
46
#include <sys/filedesc.h>
47
#include <sys/jail.h>
48
#include <sys/kernel.h>
49
#include <sys/ktr.h>
50
#include <sys/lock.h>
51
#include <sys/malloc.h>
52
#include <sys/mutex.h>
53
#include <sys/proc.h>
54
#include <sys/procdesc.h>
55
#include <sys/ptrace.h>
56
#include <sys/racct.h>
57
#include <sys/resourcevar.h>
58
#include <sys/sbuf.h>
59
#include <sys/sched.h>
60
#include <sys/sdt.h>
61
#include <sys/sem.h>
62
#include <sys/shm.h>
63
#include <sys/signalvar.h>
64
#include <sys/sx.h>
65
#include <sys/syscallsubr.h>
66
#include <sys/sysctl.h>
67
#include <sys/sysent.h>
68
#include <sys/syslog.h>
69
#include <sys/sysproto.h>
70
#include <sys/timers.h>
71
#include <sys/tty.h>
72
#include <sys/umtxvar.h>
73
#include <sys/vmmeter.h>
74
#include <sys/vnode.h>
75
#include <sys/wait.h>
76
#ifdef KTRACE
77
#include <sys/ktrace.h>
78
#endif
79

80
#include <security/audit/audit.h>
81
#include <security/mac/mac_framework.h>
82

83
#include <vm/vm.h>
84
#include <vm/vm_extern.h>
85
#include <vm/vm_param.h>
86
#include <vm/pmap.h>
87
#include <vm/vm_map.h>
88
#include <vm/vm_page.h>
89
#include <vm/uma.h>
90

91
#ifdef KDTRACE_HOOKS
92
#include <sys/dtrace_bsd.h>
93
dtrace_execexit_func_t	dtrace_fasttrap_exit;
94
#endif
95

96
SDT_PROVIDER_DECLARE(proc);
97
SDT_PROBE_DEFINE1(proc, , , exit, "int");
98

99
static int kern_kill_on_dbg_exit = 1;
100
SYSCTL_INT(_kern, OID_AUTO, kill_on_debugger_exit, CTLFLAG_RWTUN,
101
    &kern_kill_on_dbg_exit, 0,
102
    "Kill ptraced processes when debugger exits");
103

104
static bool kern_wait_dequeue_sigchld = 1;
105
SYSCTL_BOOL(_kern, OID_AUTO, wait_dequeue_sigchld, CTLFLAG_RWTUN,
106
    &kern_wait_dequeue_sigchld, 0,
107
    "Dequeue SIGCHLD on wait(2) for live process");
108

109
struct proc *
110
proc_realparent(struct proc *child)
111
{
112
	struct proc *p, *parent;
113

114
	sx_assert(&proctree_lock, SX_LOCKED);
115
	if ((child->p_treeflag & P_TREE_ORPHANED) == 0)
116
		return (child->p_pptr->p_pid == child->p_oppid ?
117
		    child->p_pptr : child->p_reaper);
118
	for (p = child; (p->p_treeflag & P_TREE_FIRST_ORPHAN) == 0;) {
119
		/* Cannot use LIST_PREV(), since the list head is not known. */
120
		p = __containerof(p->p_orphan.le_prev, struct proc,
121
		    p_orphan.le_next);
122
		KASSERT((p->p_treeflag & P_TREE_ORPHANED) != 0,
123
		    ("missing P_ORPHAN %p", p));
124
	}
125
	parent = __containerof(p->p_orphan.le_prev, struct proc,
126
	    p_orphans.lh_first);
127
	return (parent);
128
}
129

130
static void
131
reaper_clear(struct proc *p, struct proc *rp)
132
{
133
	struct proc *p1;
134
	bool clear;
135

136
	sx_assert(&proctree_lock, SX_XLOCKED);
137
	LIST_REMOVE(p, p_reapsibling);
138
	if (p->p_reapsubtree == 1)
139
		return;
140
	clear = true;
141
	LIST_FOREACH(p1, &rp->p_reaplist, p_reapsibling) {
142
		if (p1->p_reapsubtree == p->p_reapsubtree) {
143
			clear = false;
144
			break;
145
		}
146
	}
147
	if (clear)
148
		proc_id_clear(PROC_ID_REAP, p->p_reapsubtree);
149
}
150

151
void
152
reaper_abandon_children(struct proc *p, bool exiting)
153
{
154
	struct proc *p1, *p2, *ptmp;
155

156
	sx_assert(&proctree_lock, SX_XLOCKED);
157
	KASSERT(p != initproc, ("reaper_abandon_children for initproc"));
158
	if ((p->p_treeflag & P_TREE_REAPER) == 0)
159
		return;
160
	p1 = p->p_reaper;
161
	LIST_FOREACH_SAFE(p2, &p->p_reaplist, p_reapsibling, ptmp) {
162
		reaper_clear(p2, p);
163
		p2->p_reaper = p1;
164
		p2->p_reapsubtree = p->p_reapsubtree;
165
		LIST_INSERT_HEAD(&p1->p_reaplist, p2, p_reapsibling);
166
		if (exiting && p2->p_pptr == p) {
167
			PROC_LOCK(p2);
168
			proc_reparent(p2, p1, true);
169
			PROC_UNLOCK(p2);
170
		}
171
	}
172
	KASSERT(LIST_EMPTY(&p->p_reaplist), ("p_reaplist not empty"));
173
	p->p_treeflag &= ~P_TREE_REAPER;
174
}
175

176
void
177
proc_clear_orphan(struct proc *p)
178
{
179
	struct proc *p1;
180

181
	sx_assert(&proctree_lock, SA_XLOCKED);
182
	if ((p->p_treeflag & P_TREE_ORPHANED) == 0)
183
		return;
184
	if ((p->p_treeflag & P_TREE_FIRST_ORPHAN) != 0) {
185
		p1 = LIST_NEXT(p, p_orphan);
186
		if (p1 != NULL)
187
			p1->p_treeflag |= P_TREE_FIRST_ORPHAN;
188
		p->p_treeflag &= ~P_TREE_FIRST_ORPHAN;
189
	}
190
	LIST_REMOVE(p, p_orphan);
191
	p->p_treeflag &= ~P_TREE_ORPHANED;
192
}
193

194
void
195
exit_onexit(struct proc *p)
196
{
197
	MPASS(p->p_numthreads == 1);
198
	umtx_thread_exit(FIRST_THREAD_IN_PROC(p));
199
}
200

201
/*
202
 * exit -- death of process.
203
 */
204
int
205
sys__exit(struct thread *td, struct _exit_args *uap)
206
{
207

208
	exit1(td, uap->rval, 0);
209
	__unreachable();
210
}
211

212
void
213
proc_set_p2_wexit(struct proc *p)
214
{
215
	PROC_LOCK_ASSERT(p, MA_OWNED);
216
	p->p_flag2 |= P2_WEXIT;
217
}
218

219
/*
220
 * Exit: deallocate address space and other resources, change proc state to
221
 * zombie, and unlink proc from allproc and parent's lists.  Save exit status
222
 * and rusage for wait().  Check for child processes and orphan them.
223
 */
224
void
225
exit1(struct thread *td, int rval, int signo)
226
{
227
	struct proc *p, *nq, *q, *t;
228
	struct thread *tdt;
229
	ksiginfo_t *ksi, *ksi1;
230
	int signal_parent;
231

232
	mtx_assert(&Giant, MA_NOTOWNED);
233
	KASSERT(rval == 0 || signo == 0, ("exit1 rv %d sig %d", rval, signo));
234
	TSPROCEXIT(td->td_proc->p_pid);
235

236
	p = td->td_proc;
237
	/*
238
	 * In case we're rebooting we just let init die in order to
239
	 * work around an issues where pid 1 might get a fatal signal.
240
	 * For instance, if network interface serving NFS root is
241
	 * going down due to reboot, page-in requests for text are
242
	 * failing.
243
	 */
244
	if (p == initproc && rebooting == 0) {
245
		printf("init died (signal %d, exit %d)\n", signo, rval);
246
		panic("Going nowhere without my init!");
247
	}
248

249
	/*
250
	 * Process deferred operations, designated with ASTF_KCLEAR.
251
	 * For instance, we need to deref SU mp, since the thread does
252
	 * not return to userspace, and wait for geom to stabilize.
253
	 */
254
	ast_kclear(td);
255

256
	/*
257
	 * MUST abort all other threads before proceeding past here.
258
	 */
259
	PROC_LOCK(p);
260
	proc_set_p2_wexit(p);
261

262
	/*
263
	 * First check if some other thread or external request got
264
	 * here before us.  If so, act appropriately: exit or suspend.
265
	 * We must ensure that stop requests are handled before we set
266
	 * P_WEXIT.
267
	 */
268
	thread_suspend_check(0);
269
	while (p->p_flag & P_HADTHREADS) {
270
		/*
271
		 * Kill off the other threads. This requires
272
		 * some co-operation from other parts of the kernel
273
		 * so it may not be instantaneous.  With this state set
274
		 * any thread attempting to interruptibly
275
		 * sleep will return immediately with EINTR or EWOULDBLOCK
276
		 * which will hopefully force them to back out to userland
277
		 * freeing resources as they go.  Any thread attempting
278
		 * to return to userland will thread_exit() from ast().
279
		 * thread_exit() will unsuspend us when the last of the
280
		 * other threads exits.
281
		 * If there is already a thread singler after resumption,
282
		 * calling thread_single() will fail; in that case, we just
283
		 * re-check all suspension request, the thread should
284
		 * either be suspended there or exit.
285
		 */
286
		if (!thread_single(p, SINGLE_EXIT))
287
			/*
288
			 * All other activity in this process is now
289
			 * stopped.  Threading support has been turned
290
			 * off.
291
			 */
292
			break;
293
		/*
294
		 * Recheck for new stop or suspend requests which
295
		 * might appear while process lock was dropped in
296
		 * thread_single().
297
		 */
298
		thread_suspend_check(0);
299
	}
300
	KASSERT(p->p_numthreads == 1,
301
	    ("exit1: proc %p exiting with %d threads", p, p->p_numthreads));
302
	racct_sub(p, RACCT_NTHR, 1);
303

304
	/* Let event handler change exit status */
305
	p->p_xexit = rval;
306
	p->p_xsig = signo;
307

308
	/*
309
	 * Ignore any pending request to stop due to a stop signal.
310
	 * Once P_WEXIT is set, future requests will be ignored as
311
	 * well.
312
	 */
313
	p->p_flag &= ~P_STOPPED_SIG;
314
	KASSERT(!P_SHOULDSTOP(p), ("exiting process is stopped"));
315

316
	/* Note that we are exiting. */
317
	p->p_flag |= P_WEXIT;
318

319
	/*
320
	 * Wait for any processes that have a hold on our vmspace to
321
	 * release their reference.
322
	 */
323
	while (p->p_lock > 0)
324
		msleep(&p->p_lock, &p->p_mtx, PWAIT, "exithold", 0);
325

326
	PROC_UNLOCK(p);
327
	/* Drain the limit callout while we don't have the proc locked */
328
	callout_drain(&p->p_limco);
329

330
#ifdef AUDIT
331
	/*
332
	 * The Sun BSM exit token contains two components: an exit status as
333
	 * passed to exit(), and a return value to indicate what sort of exit
334
	 * it was.  The exit status is WEXITSTATUS(rv), but it's not clear
335
	 * what the return value is.
336
	 */
337
	AUDIT_ARG_EXIT(rval, 0);
338
	AUDIT_SYSCALL_EXIT(0, td);
339
#endif
340

341
	/* Are we a task leader with peers? */
342
	if (p->p_peers != NULL && p == p->p_leader) {
343
		mtx_lock(&ppeers_lock);
344
		q = p->p_peers;
345
		while (q != NULL) {
346
			PROC_LOCK(q);
347
			kern_psignal(q, SIGKILL);
348
			PROC_UNLOCK(q);
349
			q = q->p_peers;
350
		}
351
		while (p->p_peers != NULL)
352
			msleep(p, &ppeers_lock, PWAIT, "exit1", 0);
353
		mtx_unlock(&ppeers_lock);
354
	}
355

356
	itimers_exit(p);
357

358
	/*
359
	 * Check if any loadable modules need anything done at process exit.
360
	 * E.g. SYSV IPC stuff.
361
	 * Event handler could change exit status.
362
	 * XXX what if one of these generates an error?
363
	 */
364
	EVENTHANDLER_DIRECT_INVOKE(process_exit, p);
365

366
	/*
367
	 * If parent is waiting for us to exit or exec,
368
	 * P_PPWAIT is set; we will wakeup the parent below.
369
	 */
370
	PROC_LOCK(p);
371
	stopprofclock(p);
372
	p->p_ptevents = 0;
373

374
	/*
375
	 * Stop the real interval timer.  If the handler is currently
376
	 * executing, prevent it from rearming itself and let it finish.
377
	 */
378
	p->p_flag2 &= ~P2_ITSTOPPED;
379
	if (timevalisset(&p->p_realtimer.it_value) &&
380
	    callout_stop(&p->p_itcallout) == 0) {
381
		timevalclear(&p->p_realtimer.it_interval);
382
		PROC_UNLOCK(p);
383
		callout_drain(&p->p_itcallout);
384
	} else {
385
		PROC_UNLOCK(p);
386
	}
387

388
	if (p->p_sysent->sv_onexit != NULL)
389
		p->p_sysent->sv_onexit(p);
390
	seltdfini(td);
391

392
	/*
393
	 * Reset any sigio structures pointing to us as a result of
394
	 * F_SETOWN with our pid.  The P_WEXIT flag interlocks with fsetown().
395
	 */
396
	funsetownlst(&p->p_sigiolst);
397

398
	/*
399
	 * Close open files and release open-file table.
400
	 * This may block!
401
	 */
402
	pdescfree(td);
403
	fdescfree(td);
404

405
	/*
406
	 * Remove ourself from our leader's peer list and wake our leader.
407
	 */
408
	if (p->p_leader->p_peers != NULL) {
409
		mtx_lock(&ppeers_lock);
410
		if (p->p_leader->p_peers != NULL) {
411
			q = p->p_leader;
412
			while (q->p_peers != p)
413
				q = q->p_peers;
414
			q->p_peers = p->p_peers;
415
			wakeup(p->p_leader);
416
		}
417
		mtx_unlock(&ppeers_lock);
418
	}
419

420
	exec_free_abi_mappings(p);
421
	vmspace_exit(td);
422
	(void)acct_process(td);
423

424
#ifdef KTRACE
425
	ktrprocexit(td);
426
#endif
427
	/*
428
	 * Release reference to text vnode etc
429
	 */
430
	if (p->p_textvp != NULL) {
431
		vrele(p->p_textvp);
432
		p->p_textvp = NULL;
433
	}
434
	if (p->p_textdvp != NULL) {
435
		vrele(p->p_textdvp);
436
		p->p_textdvp = NULL;
437
	}
438
	if (p->p_binname != NULL) {
439
		free(p->p_binname, M_PARGS);
440
		p->p_binname = NULL;
441
	}
442

443
	/*
444
	 * Release our limits structure.
445
	 */
446
	lim_free(p->p_limit);
447
	p->p_limit = NULL;
448

449
	tidhash_remove(td);
450

451
	/*
452
	 * Call machine-dependent code to release any
453
	 * machine-dependent resources other than the address space.
454
	 * The address space is released by "vmspace_exitfree(p)" in
455
	 * vm_waitproc().
456
	 */
457
	cpu_exit(td);
458

459
	WITNESS_WARN(WARN_PANIC, NULL, "process (pid %d) exiting", p->p_pid);
460

461
	/*
462
	 * Remove from allproc. It still sits in the hash.
463
	 */
464
	sx_xlock(&allproc_lock);
465
	LIST_REMOVE(p, p_list);
466

467
#ifdef DDB
468
	/*
469
	 * Used by ddb's 'ps' command to find this process via the
470
	 * pidhash.
471
	 */
472
	p->p_list.le_prev = NULL;
473
#endif
474
	prison_proc_unlink(p->p_ucred->cr_prison, p);
475
	sx_xunlock(&allproc_lock);
476

477
	sx_xlock(&proctree_lock);
478
	if ((p->p_flag & (P_TRACED | P_PPWAIT | P_PPTRACE)) != 0) {
479
		PROC_LOCK(p);
480
		p->p_flag &= ~(P_TRACED | P_PPWAIT | P_PPTRACE);
481
		PROC_UNLOCK(p);
482
	}
483

484
	/*
485
	 * killjobc() might drop and re-acquire proctree_lock to
486
	 * revoke control tty if exiting process was a session leader.
487
	 */
488
	killjobc();
489

490
	/*
491
	 * Reparent all children processes:
492
	 * - traced ones to the original parent (or init if we are that parent)
493
	 * - the rest to init
494
	 */
495
	q = LIST_FIRST(&p->p_children);
496
	if (q != NULL)		/* only need this if any child is S_ZOMB */
497
		wakeup(q->p_reaper);
498
	for (; q != NULL; q = nq) {
499
		nq = LIST_NEXT(q, p_sibling);
500
		ksi = ksiginfo_alloc(M_WAITOK);
501
		PROC_LOCK(q);
502
		q->p_sigparent = SIGCHLD;
503

504
		if ((q->p_flag & P_TRACED) == 0) {
505
			proc_reparent(q, q->p_reaper, true);
506
			if (q->p_state == PRS_ZOMBIE) {
507
				/*
508
				 * Inform reaper about the reparented
509
				 * zombie, since wait(2) has something
510
				 * new to report.  Guarantee queueing
511
				 * of the SIGCHLD signal, similar to
512
				 * the _exit() behaviour, by providing
513
				 * our ksiginfo.  Ksi is freed by the
514
				 * signal delivery.
515
				 */
516
				if (q->p_ksi == NULL) {
517
					ksi1 = NULL;
518
				} else {
519
					ksiginfo_copy(q->p_ksi, ksi);
520
					ksi->ksi_flags |= KSI_INS;
521
					ksi1 = ksi;
522
					ksi = NULL;
523
				}
524
				PROC_LOCK(q->p_reaper);
525
				pksignal(q->p_reaper, SIGCHLD, ksi1);
526
				PROC_UNLOCK(q->p_reaper);
527
			} else if (q->p_pdeathsig > 0) {
528
				/*
529
				 * The child asked to received a signal
530
				 * when we exit.
531
				 */
532
				kern_psignal(q, q->p_pdeathsig);
533
			}
534
		} else {
535
			/*
536
			 * Traced processes are killed by default
537
			 * since their existence means someone is
538
			 * screwing up.
539
			 */
540
			t = proc_realparent(q);
541
			if (t == p) {
542
				proc_reparent(q, q->p_reaper, true);
543
			} else {
544
				PROC_LOCK(t);
545
				proc_reparent(q, t, true);
546
				PROC_UNLOCK(t);
547
			}
548
			/*
549
			 * Since q was found on our children list, the
550
			 * proc_reparent() call moved q to the orphan
551
			 * list due to present P_TRACED flag. Clear
552
			 * orphan link for q now while q is locked.
553
			 */
554
			proc_clear_orphan(q);
555
			q->p_flag &= ~P_TRACED;
556
			q->p_flag2 &= ~P2_PTRACE_FSTP;
557
			q->p_ptevents = 0;
558
			p->p_xthread = NULL;
559
			FOREACH_THREAD_IN_PROC(q, tdt) {
560
				tdt->td_dbgflags &= ~(TDB_SUSPEND | TDB_XSIG |
561
				    TDB_FSTP);
562
				tdt->td_xsig = 0;
563
			}
564
			if (kern_kill_on_dbg_exit) {
565
				q->p_flag &= ~P_STOPPED_TRACE;
566
				kern_psignal(q, SIGKILL);
567
			} else if ((q->p_flag & (P_STOPPED_TRACE |
568
			    P_STOPPED_SIG)) != 0) {
569
				sigqueue_delete_proc(q, SIGTRAP);
570
				ptrace_unsuspend(q);
571
			}
572
		}
573
		PROC_UNLOCK(q);
574
		if (ksi != NULL)
575
			ksiginfo_free(ksi);
576
	}
577

578
	/*
579
	 * Also get rid of our orphans.
580
	 */
581
	while ((q = LIST_FIRST(&p->p_orphans)) != NULL) {
582
		PROC_LOCK(q);
583
		KASSERT(q->p_oppid == p->p_pid,
584
		    ("orphan %p of %p has unexpected oppid %d", q, p,
585
		    q->p_oppid));
586
		q->p_oppid = q->p_reaper->p_pid;
587

588
		/*
589
		 * If we are the real parent of this process
590
		 * but it has been reparented to a debugger, then
591
		 * check if it asked for a signal when we exit.
592
		 */
593
		if (q->p_pdeathsig > 0)
594
			kern_psignal(q, q->p_pdeathsig);
595
		CTR2(KTR_PTRACE, "exit: pid %d, clearing orphan %d", p->p_pid,
596
		    q->p_pid);
597
		proc_clear_orphan(q);
598
		PROC_UNLOCK(q);
599
	}
600

601
#ifdef KDTRACE_HOOKS
602
	if (SDT_PROBES_ENABLED()) {
603
		int reason = CLD_EXITED;
604
		if (WCOREDUMP(signo))
605
			reason = CLD_DUMPED;
606
		else if (WIFSIGNALED(signo))
607
			reason = CLD_KILLED;
608
		SDT_PROBE1(proc, , , exit, reason);
609
	}
610
#endif
611

612
	/* Save exit status. */
613
	PROC_LOCK(p);
614
	p->p_xthread = td;
615

616
	if (p->p_sysent->sv_ontdexit != NULL)
617
		p->p_sysent->sv_ontdexit(td);
618

619
#ifdef KDTRACE_HOOKS
620
	/*
621
	 * Tell the DTrace fasttrap provider about the exit if it
622
	 * has declared an interest.
623
	 */
624
	if (dtrace_fasttrap_exit)
625
		dtrace_fasttrap_exit(p);
626
#endif
627

628
	/*
629
	 * Notify interested parties of our demise.
630
	 */
631
	KNOTE_LOCKED(p->p_klist, NOTE_EXIT);
632

633
	/*
634
	 * If this is a process with a descriptor, we may not need to deliver
635
	 * a signal to the parent.  proctree_lock is held over
636
	 * procdesc_exit() to serialize concurrent calls to close() and
637
	 * exit().
638
	 */
639
	signal_parent = 0;
640
	if (p->p_procdesc == NULL || procdesc_exit(p)) {
641
		/*
642
		 * Notify parent that we're gone.  If parent has the
643
		 * PS_NOCLDWAIT flag set, or if the handler is set to SIG_IGN,
644
		 * notify process 1 instead (and hope it will handle this
645
		 * situation).
646
		 */
647
		PROC_LOCK(p->p_pptr);
648
		mtx_lock(&p->p_pptr->p_sigacts->ps_mtx);
649
		if (p->p_pptr->p_sigacts->ps_flag &
650
		    (PS_NOCLDWAIT | PS_CLDSIGIGN)) {
651
			struct proc *pp;
652

653
			mtx_unlock(&p->p_pptr->p_sigacts->ps_mtx);
654
			pp = p->p_pptr;
655
			PROC_UNLOCK(pp);
656
			proc_reparent(p, p->p_reaper, true);
657
			p->p_sigparent = SIGCHLD;
658
			PROC_LOCK(p->p_pptr);
659

660
			/*
661
			 * Notify parent, so in case he was wait(2)ing or
662
			 * executing waitpid(2) with our pid, he will
663
			 * continue.
664
			 */
665
			wakeup(pp);
666
		} else
667
			mtx_unlock(&p->p_pptr->p_sigacts->ps_mtx);
668

669
		if (p->p_pptr == p->p_reaper || p->p_pptr == initproc) {
670
			signal_parent = 1;
671
		} else if (p->p_sigparent != 0) {
672
			if (p->p_sigparent == SIGCHLD) {
673
				signal_parent = 1;
674
			} else { /* LINUX thread */
675
				signal_parent = 2;
676
			}
677
		}
678
	} else
679
		PROC_LOCK(p->p_pptr);
680
	sx_xunlock(&proctree_lock);
681

682
	if (signal_parent == 1) {
683
		childproc_exited(p);
684
	} else if (signal_parent == 2) {
685
		kern_psignal(p->p_pptr, p->p_sigparent);
686
	}
687

688
	/* Tell the prison that we are gone. */
689
	prison_proc_free(p->p_ucred->cr_prison);
690

691
	/*
692
	 * The state PRS_ZOMBIE prevents other processes from sending
693
	 * signal to the process, to avoid memory leak, we free memory
694
	 * for signal queue at the time when the state is set.
695
	 */
696
	sigqueue_flush(&p->p_sigqueue);
697
	sigqueue_flush(&td->td_sigqueue);
698

699
	/*
700
	 * We have to wait until after acquiring all locks before
701
	 * changing p_state.  We need to avoid all possible context
702
	 * switches (including ones from blocking on a mutex) while
703
	 * marked as a zombie.  We also have to set the zombie state
704
	 * before we release the parent process' proc lock to avoid
705
	 * a lost wakeup.  So, we first call wakeup, then we grab the
706
	 * sched lock, update the state, and release the parent process'
707
	 * proc lock.
708
	 */
709
	wakeup(p->p_pptr);
710
	cv_broadcast(&p->p_pwait);
711
	sched_exit(p->p_pptr, td);
712
	PROC_SLOCK(p);
713
	p->p_state = PRS_ZOMBIE;
714
	PROC_UNLOCK(p->p_pptr);
715

716
	/*
717
	 * Save our children's rusage information in our exit rusage.
718
	 */
719
	PROC_STATLOCK(p);
720
	ruadd(&p->p_ru, &p->p_rux, &p->p_stats->p_cru, &p->p_crux);
721
	PROC_STATUNLOCK(p);
722

723
	/*
724
	 * Make sure the scheduler takes this thread out of its tables etc.
725
	 * This will also release this thread's reference to the ucred.
726
	 * Other thread parts to release include pcb bits and such.
727
	 */
728
	thread_exit();
729
}
730

731
#ifndef _SYS_SYSPROTO_H_
732
struct abort2_args {
733
	char *why;
734
	int nargs;
735
	void **args;
736
};
737
#endif
738

739
int
740
sys_abort2(struct thread *td, struct abort2_args *uap)
741
{
742
	void *uargs[16];
743
	void **uargsp;
744
	int error, nargs;
745

746
	nargs = uap->nargs;
747
	if (nargs < 0 || nargs > nitems(uargs))
748
		nargs = -1;
749
	uargsp = NULL;
750
	if (nargs > 0) {
751
		if (uap->args != NULL) {
752
			error = copyin(uap->args, uargs,
753
			    nargs * sizeof(void *));
754
			if (error != 0)
755
				nargs = -1;
756
			else
757
				uargsp = uargs;
758
		} else
759
			nargs = -1;
760
	}
761
	return (kern_abort2(td, uap->why, nargs, uargsp));
762
}
763

764
/*
765
 * kern_abort2()
766
 * Arguments:
767
 *  why - user pointer to why
768
 *  nargs - number of arguments copied or -1 if an error occurred in copying
769
 *  args - pointer to an array of pointers in kernel format
770
 */
771
int
772
kern_abort2(struct thread *td, const char *why, int nargs, void **uargs)
773
{
774
	struct proc *p = td->td_proc;
775
	struct sbuf *sb;
776
	int error, i, sig;
777

778
	/*
779
	 * Do it right now so we can log either proper call of abort2(), or
780
	 * note, that invalid argument was passed. 512 is big enough to
781
	 * handle 16 arguments' descriptions with additional comments.
782
	 */
783
	sb = sbuf_new(NULL, NULL, 512, SBUF_FIXEDLEN);
784
	sbuf_clear(sb);
785
	sbuf_printf(sb, "%s(pid %d uid %d) aborted: ",
786
	    p->p_comm, p->p_pid, td->td_ucred->cr_uid);
787
	/*
788
	 * Since we can't return from abort2(), send SIGKILL in cases, where
789
	 * abort2() was called improperly
790
	 */
791
	sig = SIGKILL;
792
	/* Prevent from DoSes from user-space. */
793
	if (nargs == -1)
794
		goto out;
795
	KASSERT(nargs >= 0 && nargs <= 16, ("called with too many args (%d)",
796
	    nargs));
797
	/*
798
	 * Limit size of 'reason' string to 128. Will fit even when
799
	 * maximal number of arguments was chosen to be logged.
800
	 */
801
	if (why != NULL) {
802
		error = sbuf_copyin(sb, why, 128);
803
		if (error < 0)
804
			goto out;
805
	} else {
806
		sbuf_cat(sb, "(null)");
807
	}
808
	if (nargs > 0) {
809
		sbuf_putc(sb, '(');
810
		for (i = 0; i < nargs; i++)
811
			sbuf_printf(sb, "%s%p", i == 0 ? "" : ", ", uargs[i]);
812
		sbuf_putc(sb, ')');
813
	}
814
	/*
815
	 * Final stage: arguments were proper, string has been
816
	 * successfully copied from userspace, and copying pointers
817
	 * from user-space succeed.
818
	 */
819
	sig = SIGABRT;
820
out:
821
	if (sig == SIGKILL) {
822
		sbuf_trim(sb);
823
		sbuf_cat(sb, " (Reason text inaccessible)");
824
	}
825
	sbuf_cat(sb, "\n");
826
	sbuf_finish(sb);
827
	log(LOG_INFO, "%s", sbuf_data(sb));
828
	sbuf_delete(sb);
829
	PROC_LOCK(p);
830
	sigexit(td, sig);
831
	/* NOTREACHED */
832
}
833

834
#ifdef COMPAT_43
835
/*
836
 * The dirty work is handled by kern_wait().
837
 */
838
int
839
owait(struct thread *td, struct owait_args *uap __unused)
840
{
841
	int error, status;
842

843
	error = kern_wait(td, WAIT_ANY, &status, 0, NULL);
844
	if (error == 0)
845
		td->td_retval[1] = status;
846
	return (error);
847
}
848
#endif /* COMPAT_43 */
849

850
/*
851
 * The dirty work is handled by kern_wait().
852
 */
853
int
854
sys_wait4(struct thread *td, struct wait4_args *uap)
855
{
856
	struct rusage ru, *rup;
857
	int error, status;
858

859
	if (uap->rusage != NULL)
860
		rup = &ru;
861
	else
862
		rup = NULL;
863
	error = kern_wait(td, uap->pid, &status, uap->options, rup);
864
	if (uap->status != NULL && error == 0 && td->td_retval[0] != 0)
865
		error = copyout(&status, uap->status, sizeof(status));
866
	if (uap->rusage != NULL && error == 0 && td->td_retval[0] != 0)
867
		error = copyout(&ru, uap->rusage, sizeof(struct rusage));
868
	return (error);
869
}
870

871
int
872
sys_wait6(struct thread *td, struct wait6_args *uap)
873
{
874
	struct __wrusage wru, *wrup;
875
	siginfo_t si, *sip;
876
	idtype_t idtype;
877
	id_t id;
878
	int error, status;
879

880
	idtype = uap->idtype;
881
	id = uap->id;
882

883
	if (uap->wrusage != NULL)
884
		wrup = &wru;
885
	else
886
		wrup = NULL;
887

888
	if (uap->info != NULL) {
889
		sip = &si;
890
		bzero(sip, sizeof(*sip));
891
	} else
892
		sip = NULL;
893

894
	/*
895
	 *  We expect all callers of wait6() to know about WEXITED and
896
	 *  WTRAPPED.
897
	 */
898
	error = kern_wait6(td, idtype, id, &status, uap->options, wrup, sip);
899

900
	if (uap->status != NULL && error == 0 && td->td_retval[0] != 0)
901
		error = copyout(&status, uap->status, sizeof(status));
902
	if (uap->wrusage != NULL && error == 0 && td->td_retval[0] != 0)
903
		error = copyout(&wru, uap->wrusage, sizeof(wru));
904
	if (uap->info != NULL && error == 0)
905
		error = copyout(&si, uap->info, sizeof(si));
906
	return (error);
907
}
908

909
int
910
sys_pdwait(struct thread *td, struct pdwait_args *uap)
911
{
912
	struct __wrusage wru, *wrup;
913
	siginfo_t si, *sip;
914
	int error, status;
915

916
	wrup = uap->wrusage != NULL ? &wru : NULL;
917

918
	if (uap->info != NULL) {
919
		sip = &si;
920
		bzero(sip, sizeof(*sip));
921
	} else {
922
		sip = NULL;
923
	}
924

925
	error = kern_pdwait(td, uap->fd, &status, uap->options, wrup, sip);
926

927
	if (uap->status != NULL && error == 0)
928
		error = copyout(&status, uap->status, sizeof(status));
929
	if (uap->wrusage != NULL && error == 0)
930
		error = copyout(&wru, uap->wrusage, sizeof(wru));
931
	if (uap->info != NULL && error == 0)
932
		error = copyout(&si, uap->info, sizeof(si));
933
	return (error);
934
}
935

936
/*
937
 * Reap the remains of a zombie process and optionally return status and
938
 * rusage.  Asserts and will release both the proctree_lock and the process
939
 * lock as part of its work.
940
 */
941
void
942
proc_reap(struct thread *td, struct proc *p, int *status, int options)
943
{
944
	struct proc *q, *t;
945

946
	sx_assert(&proctree_lock, SA_XLOCKED);
947
	PROC_LOCK_ASSERT(p, MA_OWNED);
948
	KASSERT(p->p_state == PRS_ZOMBIE, ("proc_reap: !PRS_ZOMBIE"));
949

950
	mtx_spin_wait_unlocked(&p->p_slock);
951

952
	q = td->td_proc;
953

954
	if (status != NULL)
955
		*status = KW_EXITCODE(p->p_xexit, p->p_xsig);
956
	if ((options & WNOWAIT) != 0) {
957
		/*
958
		 *  Only poll, returning the status.  Caller does not wish to
959
		 * release the proc struct just yet.
960
		 */
961
		PROC_UNLOCK(p);
962
		sx_xunlock(&proctree_lock);
963
		return;
964
	}
965

966
	PROC_LOCK(q);
967
	sigqueue_take(p->p_ksi);
968
	PROC_UNLOCK(q);
969

970
	/*
971
	 * If we got the child via a ptrace 'attach', we need to give it back
972
	 * to the old parent.
973
	 */
974
	if (p->p_oppid != p->p_pptr->p_pid) {
975
		PROC_UNLOCK(p);
976
		t = proc_realparent(p);
977
		PROC_LOCK(t);
978
		PROC_LOCK(p);
979
		CTR2(KTR_PTRACE,
980
		    "wait: traced child %d moved back to parent %d", p->p_pid,
981
		    t->p_pid);
982
		proc_reparent(p, t, false);
983
		PROC_UNLOCK(p);
984
		pksignal(t, SIGCHLD, p->p_ksi);
985
		wakeup(t);
986
		cv_broadcast(&p->p_pwait);
987
		PROC_UNLOCK(t);
988
		sx_xunlock(&proctree_lock);
989
		return;
990
	}
991
	PROC_UNLOCK(p);
992

993
	/*
994
	 * Remove other references to this process to ensure we have an
995
	 * exclusive reference.
996
	 */
997
	sx_xlock(PIDHASHLOCK(p->p_pid));
998
	LIST_REMOVE(p, p_hash);
999
	sx_xunlock(PIDHASHLOCK(p->p_pid));
1000
	LIST_REMOVE(p, p_sibling);
1001
	reaper_abandon_children(p, true);
1002
	reaper_clear(p, p->p_reaper);
1003
	PROC_LOCK(p);
1004
	proc_clear_orphan(p);
1005
	PROC_UNLOCK(p);
1006
	leavepgrp(p);
1007
	if (p->p_procdesc != NULL)
1008
		procdesc_reap(p);
1009
	else
1010
		proc_id_clear(PROC_ID_PID, p->p_pid);
1011
	sx_xunlock(&proctree_lock);
1012

1013
	PROC_LOCK(p);
1014
	knlist_detach(p->p_klist);
1015
	p->p_klist = NULL;
1016
	PROC_UNLOCK(p);
1017

1018
	/*
1019
	 * Removal from allproc list and process group list paired with
1020
	 * PROC_LOCK which was executed during that time should guarantee
1021
	 * nothing can reach this process anymore. As such further locking
1022
	 * is unnecessary.
1023
	 */
1024
	p->p_xexit = p->p_xsig = 0;		/* XXX: why? */
1025

1026
	PROC_LOCK(q);
1027
	ruadd(&q->p_stats->p_cru, &q->p_crux, &p->p_ru, &p->p_rux);
1028
	PROC_UNLOCK(q);
1029

1030
	/*
1031
	 * Destroy resource accounting information associated with the process.
1032
	 */
1033
#ifdef RACCT
1034
	if (racct_enable) {
1035
		PROC_LOCK(p);
1036
		racct_sub(p, RACCT_NPROC, 1);
1037
		PROC_UNLOCK(p);
1038
	}
1039
#endif
1040
	racct_proc_exit(p);
1041

1042
	/*
1043
	 * Free credentials, arguments, and sigacts, and decrement the count of
1044
	 * processes running with this uid.
1045
	 */
1046
	proc_unset_cred(p, true);
1047
	pargs_drop(p->p_args);
1048
	p->p_args = NULL;
1049
	sigacts_free(p->p_sigacts);
1050
	p->p_sigacts = NULL;
1051

1052
	/*
1053
	 * Do any thread-system specific cleanups.
1054
	 */
1055
	thread_wait(p);
1056

1057
	/*
1058
	 * Give vm and machine-dependent layer a chance to free anything that
1059
	 * cpu_exit couldn't release while still running in process context.
1060
	 */
1061
	vm_waitproc(p);
1062
#ifdef MAC
1063
	mac_proc_destroy(p);
1064
#endif
1065

1066
	KASSERT(FIRST_THREAD_IN_PROC(p),
1067
	    ("proc_reap: no residual thread!"));
1068
	uma_zfree(proc_zone, p);
1069
	atomic_add_int(&nprocs, -1);
1070
}
1071

1072
static void
1073
wait_fill_siginfo(struct proc *p, siginfo_t *siginfo)
1074
{
1075
	PROC_LOCK_ASSERT(p, MA_OWNED);
1076

1077
	if (siginfo == NULL)
1078
		return;
1079

1080
	bzero(siginfo, sizeof(*siginfo));
1081
	siginfo->si_errno = 0;
1082

1083
	/*
1084
	 * SUSv4 requires that the si_signo value is always
1085
	 * SIGCHLD. Obey it despite the rfork(2) interface allows to
1086
	 * request other signal for child exit notification.
1087
	 */
1088
	siginfo->si_signo = SIGCHLD;
1089

1090
	/*
1091
	 *  This is still a rough estimate.  We will fix the cases
1092
	 *  TRAPPED, STOPPED, and CONTINUED later.
1093
	 */
1094
	if (WCOREDUMP(p->p_xsig)) {
1095
		siginfo->si_code = CLD_DUMPED;
1096
		siginfo->si_status = WTERMSIG(p->p_xsig);
1097
	} else if (WIFSIGNALED(p->p_xsig)) {
1098
		siginfo->si_code = CLD_KILLED;
1099
		siginfo->si_status = WTERMSIG(p->p_xsig);
1100
	} else {
1101
		siginfo->si_code = CLD_EXITED;
1102
		siginfo->si_status = p->p_xexit;
1103
	}
1104

1105
	siginfo->si_pid = p->p_pid;
1106
	siginfo->si_uid = p->p_ucred->cr_uid;
1107

1108
	/*
1109
	 * The si_addr field would be useful additional detail, but
1110
	 * apparently the PC value may be lost when we reach this
1111
	 * point.  bzero() above sets siginfo->si_addr to NULL.
1112
	 */
1113
}
1114

1115
static void
1116
wait_fill_wrusage(struct proc *p, struct __wrusage *wrusage)
1117
{
1118
	struct rusage *rup;
1119

1120
	PROC_LOCK_ASSERT(p, MA_OWNED);
1121

1122
	if (wrusage == NULL)
1123
		return;
1124

1125
	rup = &wrusage->wru_self;
1126
	*rup = p->p_ru;
1127
	PROC_STATLOCK(p);
1128
	calcru(p, &rup->ru_utime, &rup->ru_stime);
1129
	PROC_STATUNLOCK(p);
1130

1131
	rup = &wrusage->wru_children;
1132
	*rup = p->p_stats->p_cru;
1133
	calccru(p, &rup->ru_utime, &rup->ru_stime);
1134
}
1135

1136
static int
1137
proc_to_reap(struct thread *td, struct proc *p, idtype_t idtype, id_t id,
1138
    int *status, int options, struct __wrusage *wrusage, siginfo_t *siginfo,
1139
    int check_only)
1140
{
1141
	sx_assert(&proctree_lock, SA_XLOCKED);
1142

1143
	PROC_LOCK(p);
1144

1145
	switch (idtype) {
1146
	case P_ALL:
1147
		if (p->p_procdesc == NULL ||
1148
		   (p->p_pptr == td->td_proc &&
1149
		   (p->p_flag & P_TRACED) != 0)) {
1150
			break;
1151
		}
1152

1153
		PROC_UNLOCK(p);
1154
		return (0);
1155
	case P_PID:
1156
		if (p->p_pid != (pid_t)id) {
1157
			PROC_UNLOCK(p);
1158
			return (0);
1159
		}
1160
		break;
1161
	case P_PGID:
1162
		if (p->p_pgid != (pid_t)id) {
1163
			PROC_UNLOCK(p);
1164
			return (0);
1165
		}
1166
		break;
1167
	case P_SID:
1168
		if (p->p_session->s_sid != (pid_t)id) {
1169
			PROC_UNLOCK(p);
1170
			return (0);
1171
		}
1172
		break;
1173
	case P_UID:
1174
		if (p->p_ucred->cr_uid != (uid_t)id) {
1175
			PROC_UNLOCK(p);
1176
			return (0);
1177
		}
1178
		break;
1179
	case P_GID:
1180
		if (p->p_ucred->cr_gid != (gid_t)id) {
1181
			PROC_UNLOCK(p);
1182
			return (0);
1183
		}
1184
		break;
1185
	case P_JAILID:
1186
		if (p->p_ucred->cr_prison->pr_id != (int)id) {
1187
			PROC_UNLOCK(p);
1188
			return (0);
1189
		}
1190
		break;
1191
	/*
1192
	 * It seems that the thread structures get zeroed out
1193
	 * at process exit.  This makes it impossible to
1194
	 * support P_SETID, P_CID or P_CPUID.
1195
	 */
1196
	default:
1197
		PROC_UNLOCK(p);
1198
		return (0);
1199
	}
1200

1201
	if (p_canwait(td, p)) {
1202
		PROC_UNLOCK(p);
1203
		return (0);
1204
	}
1205

1206
	if ((options & WEXITED) == 0 && p->p_state == PRS_ZOMBIE) {
1207
		PROC_UNLOCK(p);
1208
		return (0);
1209
	}
1210

1211
	/*
1212
	 * This special case handles a kthread spawned by linux_clone
1213
	 * (see linux_misc.c).  The linux_wait4 and linux_waitpid
1214
	 * functions need to be able to distinguish between waiting
1215
	 * on a process and waiting on a thread.  It is a thread if
1216
	 * p_sigparent is not SIGCHLD, and the WLINUXCLONE option
1217
	 * signifies we want to wait for threads and not processes.
1218
	 */
1219
	if ((p->p_sigparent != SIGCHLD) ^
1220
	    ((options & WLINUXCLONE) != 0)) {
1221
		PROC_UNLOCK(p);
1222
		return (0);
1223
	}
1224

1225
	wait_fill_siginfo(p, siginfo);
1226

1227
	/*
1228
	 * There should be no reason to limit resources usage info to
1229
	 * exited processes only.  A snapshot about any resources used
1230
	 * by a stopped process may be exactly what is needed.
1231
	 */
1232
	wait_fill_wrusage(p, wrusage);
1233

1234
	if (p->p_state == PRS_ZOMBIE && !check_only) {
1235
		proc_reap(td, p, status, options);
1236
		return (-1);
1237
	}
1238
	return (1);
1239
}
1240

1241
int
1242
kern_wait(struct thread *td, pid_t pid, int *status, int options,
1243
    struct rusage *rusage)
1244
{
1245
	struct __wrusage wru, *wrup;
1246
	idtype_t idtype;
1247
	id_t id;
1248
	int ret;
1249

1250
	/*
1251
	 * Translate the special pid values into the (idtype, pid)
1252
	 * pair for kern_wait6.  The WAIT_MYPGRP case is handled by
1253
	 * kern_wait6() on its own.
1254
	 */
1255
	if (pid == WAIT_ANY) {
1256
		idtype = P_ALL;
1257
		id = 0;
1258
	} else if (pid < 0) {
1259
		idtype = P_PGID;
1260
		id = (id_t)-pid;
1261
	} else {
1262
		idtype = P_PID;
1263
		id = (id_t)pid;
1264
	}
1265

1266
	if (rusage != NULL)
1267
		wrup = &wru;
1268
	else
1269
		wrup = NULL;
1270

1271
	/*
1272
	 * For backward compatibility we implicitly add flags WEXITED
1273
	 * and WTRAPPED here.
1274
	 */
1275
	options |= WEXITED | WTRAPPED;
1276
	ret = kern_wait6(td, idtype, id, status, options, wrup, NULL);
1277
	if (rusage != NULL)
1278
		*rusage = wru.wru_self;
1279
	return (ret);
1280
}
1281

1282
static void
1283
report_alive_proc(struct thread *td, struct proc *p, siginfo_t *siginfo,
1284
    int *status, int options, int si_code)
1285
{
1286
	bool cont;
1287

1288
	PROC_LOCK_ASSERT(p, MA_OWNED);
1289
	sx_assert(&proctree_lock, SA_XLOCKED);
1290
	MPASS(si_code == CLD_TRAPPED || si_code == CLD_STOPPED ||
1291
	    si_code == CLD_CONTINUED);
1292

1293
	cont = si_code == CLD_CONTINUED;
1294
	if ((options & WNOWAIT) == 0) {
1295
		if (cont)
1296
			p->p_flag &= ~P_CONTINUED;
1297
		else
1298
			p->p_flag |= P_WAITED;
1299
		if (kern_wait_dequeue_sigchld &&
1300
		    (td->td_proc->p_sysent->sv_flags & SV_SIG_WAITNDQ) == 0) {
1301
			PROC_LOCK(td->td_proc);
1302
			sigqueue_take(p->p_ksi);
1303
			PROC_UNLOCK(td->td_proc);
1304
		}
1305
	}
1306
	sx_xunlock(&proctree_lock);
1307
	if (siginfo != NULL) {
1308
		siginfo->si_code = si_code;
1309
		siginfo->si_status = cont ? SIGCONT : p->p_xsig;
1310
	}
1311
	if (status != NULL)
1312
		*status = cont ? SIGCONT : W_STOPCODE(p->p_xsig);
1313
	PROC_UNLOCK(p);
1314
}
1315

1316
static int
1317
wait6_checkopt(int options)
1318
{
1319
	/* If we don't know the option, just return. */
1320
	if ((options & ~(WUNTRACED | WNOHANG | WCONTINUED | WNOWAIT |
1321
	    WEXITED | WTRAPPED | WLINUXCLONE)) != 0)
1322
		return (EXTERROR(EINVAL, "Unknown options %#jx", options));
1323
	if ((options & (WEXITED | WUNTRACED | WCONTINUED | WTRAPPED)) == 0) {
1324
		/*
1325
		 * We will be unable to find any matching processes,
1326
		 * because there are no known events to look for.
1327
		 * Prefer to return error instead of blocking
1328
		 * indefinitely.
1329
		 */
1330
		return (EXTERROR(EINVAL,
1331
		    "Cannot match processes %#jx", options));
1332
	}
1333
	return (0);
1334
}
1335

1336
/*
1337
 * Checks and reports status for alive process, according to the
1338
 * options.  Returns true if the process fits one of the requested
1339
 * options and its status was updated in siginfo.
1340
 *
1341
 * If the process was reported (the function result is true), both the
1342
 * process and proctree locks are unlocked.
1343
 */
1344
static bool
1345
wait6_check_alive(struct thread *td, int options, struct proc *p, int *status,
1346
    siginfo_t *siginfo)
1347
{
1348
	bool report;
1349

1350
	PROC_LOCK_ASSERT(p, MA_OWNED);
1351
	sx_assert(&proctree_lock, SA_XLOCKED);
1352

1353
	if ((options & WTRAPPED) != 0 && (p->p_flag & P_TRACED) != 0) {
1354
		PROC_SLOCK(p);
1355
		report = (p->p_flag & (P_STOPPED_TRACE | P_STOPPED_SIG)) &&
1356
		    p->p_suspcount == p->p_numthreads &&
1357
		    (p->p_flag & P_WAITED) == 0;
1358
		PROC_SUNLOCK(p);
1359
		if (report) {
1360
			CTR4(KTR_PTRACE,
1361
	    "wait: returning trapped pid %d status %#x (xstat %d) xthread %d",
1362
			    p->p_pid, W_STOPCODE(p->p_xsig), p->p_xsig,
1363
			    p->p_xthread != NULL ?
1364
			    p->p_xthread->td_tid : -1);
1365
			report_alive_proc(td, p, siginfo, status,
1366
			    options, CLD_TRAPPED);
1367
			return (true);
1368
		}
1369
	}
1370

1371
	if ((options & WUNTRACED) != 0 && (p->p_flag & P_STOPPED_SIG) != 0) {
1372
		PROC_SLOCK(p);
1373
		report = p->p_suspcount == p->p_numthreads &&
1374
		    (p->p_flag & P_WAITED) == 0;
1375
		PROC_SUNLOCK(p);
1376
		if (report) {
1377
			report_alive_proc(td, p, siginfo, status, options,
1378
			    CLD_STOPPED);
1379
			return (true);
1380
		}
1381
	}
1382

1383
	if ((options & WCONTINUED) != 0 && (p->p_flag & P_CONTINUED) != 0) {
1384
		report_alive_proc(td, p, siginfo, status, options,
1385
		    CLD_CONTINUED);
1386
		return (true);
1387
	}
1388

1389
	return (false);
1390
}
1391

1392
int
1393
kern_wait6(struct thread *td, idtype_t idtype, id_t id, int *status,
1394
    int options, struct __wrusage *wrusage, siginfo_t *siginfo)
1395
{
1396
	struct proc *p, *q;
1397
	pid_t pid;
1398
	int error, nfound, ret;
1399

1400
	AUDIT_ARG_VALUE((int)idtype);	/* XXX - This is likely wrong! */
1401
	AUDIT_ARG_PID((pid_t)id);	/* XXX - This may be wrong! */
1402
	AUDIT_ARG_VALUE(options);
1403

1404
	q = td->td_proc;
1405

1406
	if ((pid_t)id == WAIT_MYPGRP && (idtype == P_PID || idtype == P_PGID)) {
1407
		PROC_LOCK(q);
1408
		id = (id_t)q->p_pgid;
1409
		PROC_UNLOCK(q);
1410
		idtype = P_PGID;
1411
	}
1412

1413
	error = wait6_checkopt(options);
1414
	if (error != 0)
1415
		return (error);
1416
loop:
1417
	if (q->p_flag & P_STATCHILD) {
1418
		PROC_LOCK(q);
1419
		q->p_flag &= ~P_STATCHILD;
1420
		PROC_UNLOCK(q);
1421
	}
1422
	sx_xlock(&proctree_lock);
1423
loop_locked:
1424
	nfound = 0;
1425
	LIST_FOREACH(p, &q->p_children, p_sibling) {
1426
		pid = p->p_pid;
1427
		ret = proc_to_reap(td, p, idtype, id, status, options,
1428
		    wrusage, siginfo, 0);
1429
		if (ret == 0)
1430
			continue;
1431
		else if (ret != 1) {
1432
			td->td_retval[0] = pid;
1433
			return (0);
1434
		}
1435

1436
		/*
1437
		 * When running in capsicum(4) mode, make wait(2) ignore
1438
		 * processes created with pdfork(2).  This is because one can
1439
		 * disown them - by passing their process descriptor to another
1440
		 * process - which means it needs to be prevented from touching
1441
		 * them afterwards.
1442
		 */
1443
		if (IN_CAPABILITY_MODE(td) && p->p_procdesc != NULL) {
1444
			PROC_UNLOCK(p);
1445
			continue;
1446
		}
1447

1448
		nfound++;
1449
		PROC_LOCK_ASSERT(p, MA_OWNED);
1450

1451
		if (wait6_check_alive(td, options, p, status, siginfo)) {
1452
			td->td_retval[0] = pid;
1453
			return (0);
1454
		}
1455

1456
		PROC_UNLOCK(p);
1457
	}
1458

1459
	/*
1460
	 * Look in the orphans list too, to allow the parent to
1461
	 * collect it's child exit status even if child is being
1462
	 * debugged.
1463
	 *
1464
	 * Debugger detaches from the parent upon successful
1465
	 * switch-over from parent to child.  At this point due to
1466
	 * re-parenting the parent loses the child to debugger and a
1467
	 * wait4(2) call would report that it has no children to wait
1468
	 * for.  By maintaining a list of orphans we allow the parent
1469
	 * to successfully wait until the child becomes a zombie.
1470
	 */
1471
	if (nfound == 0) {
1472
		LIST_FOREACH(p, &q->p_orphans, p_orphan) {
1473
			ret = proc_to_reap(td, p, idtype, id, NULL, options,
1474
			    NULL, NULL, 1);
1475
			if (ret != 0) {
1476
				KASSERT(ret != -1, ("reaped an orphan (pid %d)",
1477
				    (int)td->td_retval[0]));
1478
				PROC_UNLOCK(p);
1479
				nfound++;
1480
				break;
1481
			}
1482
		}
1483
	}
1484
	if (nfound == 0) {
1485
		sx_xunlock(&proctree_lock);
1486
		return (ECHILD);
1487
	}
1488
	if ((options & WNOHANG) != 0) {
1489
		sx_xunlock(&proctree_lock);
1490
		td->td_retval[0] = 0;
1491
		return (0);
1492
	}
1493
	PROC_LOCK(q);
1494
	if ((q->p_flag & P_STATCHILD) != 0) {
1495
		q->p_flag &= ~P_STATCHILD;
1496
		PROC_UNLOCK(q);
1497
		goto loop_locked;
1498
	}
1499
	sx_xunlock(&proctree_lock);
1500
	error = msleep(q, &q->p_mtx, PWAIT | PCATCH | PDROP, "wait", 0);
1501
	if (error != 0)
1502
		return (error);
1503
	goto loop;
1504
}
1505

1506
int
1507
kern_pdwait(struct thread *td, int fd, int *status,
1508
    int options, struct __wrusage *wrusage, siginfo_t *siginfo)
1509
{
1510
	struct proc *p;
1511
	struct file *fp;
1512
	struct procdesc *pd;
1513
	int error;
1514

1515
	AUDIT_ARG_FD(fd);
1516
	AUDIT_ARG_VALUE(options);
1517

1518
	error = wait6_checkopt(options);
1519
	if (error != 0)
1520
		return (error);
1521

1522
	error = fget(td, fd, &cap_pdwait_rights, &fp);
1523
	if (error != 0)
1524
		return (error);
1525
	if (fp->f_type != DTYPE_PROCDESC) {
1526
		error = EINVAL;
1527
		goto exit_unlocked;
1528
	}
1529
	pd = fp->f_data;
1530

1531
	for (;;) {
1532
		/* We own a reference on the procdesc file. */
1533
		KASSERT((pd->pd_flags & PDF_CLOSED) == 0,
1534
		    ("PDF_CLOSED proc %p procdesc %p pd flags %#x",
1535
		    p, pd, pd->pd_flags));
1536

1537
		sx_xlock(&proctree_lock);
1538
		p = pd->pd_proc;
1539
		if (p == NULL) {
1540
			error = ESRCH;
1541
			goto exit_tree_locked;
1542
		}
1543
		PROC_LOCK(p);
1544

1545
		error = p_canwait(td, p);
1546
		if (error != 0)
1547
			break;
1548
		if ((options & WEXITED) == 0 && p->p_state == PRS_ZOMBIE) {
1549
			error = ESRCH;
1550
			break;
1551
		}
1552

1553
		wait_fill_siginfo(p, siginfo);
1554
		wait_fill_wrusage(p, wrusage);
1555

1556
		if (p->p_state == PRS_ZOMBIE) {
1557
			proc_reap(td, p, status, options);
1558
			goto exit_unlocked;
1559
		}
1560

1561
		if (wait6_check_alive(td, options, p, status, siginfo))
1562
			goto exit_unlocked;
1563

1564
		if ((options & WNOHANG) != 0) {
1565
			error = EWOULDBLOCK;
1566
			break;
1567
		}
1568

1569
		PROC_UNLOCK(p);
1570
		error = sx_sleep(&p->p_procdesc, &proctree_lock,
1571
		    PWAIT | PCATCH | PDROP, "pdwait", 0);
1572
		if (error != 0)
1573
			goto exit_unlocked;
1574
	}
1575

1576
	PROC_UNLOCK(p);
1577
exit_tree_locked:
1578
	sx_xunlock(&proctree_lock);
1579
exit_unlocked:
1580
	fdrop(fp, td);
1581
	return (error);
1582
}
1583

1584
void
1585
proc_add_orphan(struct proc *child, struct proc *parent)
1586
{
1587

1588
	sx_assert(&proctree_lock, SX_XLOCKED);
1589
	KASSERT((child->p_flag & P_TRACED) != 0,
1590
	    ("proc_add_orphan: not traced"));
1591

1592
	if (LIST_EMPTY(&parent->p_orphans)) {
1593
		child->p_treeflag |= P_TREE_FIRST_ORPHAN;
1594
		LIST_INSERT_HEAD(&parent->p_orphans, child, p_orphan);
1595
	} else {
1596
		LIST_INSERT_AFTER(LIST_FIRST(&parent->p_orphans),
1597
		    child, p_orphan);
1598
	}
1599
	child->p_treeflag |= P_TREE_ORPHANED;
1600
}
1601

1602
/*
1603
 * Make process 'parent' the new parent of process 'child'.
1604
 * Must be called with an exclusive hold of proctree lock.
1605
 */
1606
void
1607
proc_reparent(struct proc *child, struct proc *parent, bool set_oppid)
1608
{
1609

1610
	sx_assert(&proctree_lock, SX_XLOCKED);
1611
	PROC_LOCK_ASSERT(child, MA_OWNED);
1612
	if (child->p_pptr == parent)
1613
		return;
1614

1615
	PROC_LOCK(child->p_pptr);
1616
	sigqueue_take(child->p_ksi);
1617
	PROC_UNLOCK(child->p_pptr);
1618
	LIST_REMOVE(child, p_sibling);
1619
	LIST_INSERT_HEAD(&parent->p_children, child, p_sibling);
1620

1621
	proc_clear_orphan(child);
1622
	if ((child->p_flag & P_TRACED) != 0) {
1623
		proc_add_orphan(child, child->p_pptr);
1624
	}
1625

1626
	child->p_pptr = parent;
1627
	if (set_oppid)
1628
		child->p_oppid = parent->p_pid;
1629
}
1630

1631