1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1982, 1986, 1989, 1991, 1993
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 *
36 * @(#)kern_sig.c 8.7 (Berkeley) 4/18/94
37 */
38
39 #include "opt_capsicum.h"
40 #include "opt_ktrace.h"
41
42 #include <sys/param.h>
43 #include <sys/capsicum.h>
44 #include <sys/ctype.h>
45 #include <sys/systm.h>
46 #include <sys/signalvar.h>
47 #include <sys/vnode.h>
48 #include <sys/acct.h>
49 #include <sys/capsicum.h>
50 #include <sys/compressor.h>
51 #include <sys/condvar.h>
52 #include <sys/devctl.h>
53 #include <sys/event.h>
54 #include <sys/fcntl.h>
55 #include <sys/imgact.h>
56 #include <sys/jail.h>
57 #include <sys/kernel.h>
58 #include <sys/ktr.h>
59 #include <sys/ktrace.h>
60 #include <sys/limits.h>
61 #include <sys/lock.h>
62 #include <sys/malloc.h>
63 #include <sys/mutex.h>
64 #include <sys/refcount.h>
65 #include <sys/namei.h>
66 #include <sys/proc.h>
67 #include <sys/procdesc.h>
68 #include <sys/ptrace.h>
69 #include <sys/posix4.h>
70 #include <sys/racct.h>
71 #include <sys/resourcevar.h>
72 #include <sys/sdt.h>
73 #include <sys/sbuf.h>
74 #include <sys/sleepqueue.h>
75 #include <sys/smp.h>
76 #include <sys/stat.h>
77 #include <sys/sx.h>
78 #include <sys/syscall.h>
79 #include <sys/syscallsubr.h>
80 #include <sys/sysctl.h>
81 #include <sys/sysent.h>
82 #include <sys/syslog.h>
83 #include <sys/sysproto.h>
84 #include <sys/timers.h>
85 #include <sys/unistd.h>
86 #include <sys/vmmeter.h>
87 #include <sys/wait.h>
88 #include <vm/vm.h>
89 #include <vm/vm_extern.h>
90 #include <vm/uma.h>
91
92 #include <machine/cpu.h>
93
94 #include <security/audit/audit.h>
95
96 #define ONSIG 32 /* NSIG for osig* syscalls. XXX. */
97
98 SDT_PROVIDER_DECLARE(proc);
99 SDT_PROBE_DEFINE3(proc, , , signal__send,
100 "struct thread *", "struct proc *", "int");
101 SDT_PROBE_DEFINE2(proc, , , signal__clear,
102 "int", "ksiginfo_t *");
103 SDT_PROBE_DEFINE3(proc, , , signal__discard,
104 "struct thread *", "struct proc *", "int");
105
106 static int coredump(struct thread *);
107 static int killpg1(struct thread *td, int sig, int pgid, int all,
108 ksiginfo_t *ksi);
109 static int issignal(struct thread *td);
110 static void reschedule_signals(struct proc *p, sigset_t block, int flags);
111 static int sigprop(int sig);
112 static void tdsigwakeup(struct thread *, int, sig_t, int);
113 static int sig_suspend_threads(struct thread *, struct proc *, bool *);
114 static int filt_sigattach(struct knote *kn);
115 static void filt_sigdetach(struct knote *kn);
116 static int filt_signal(struct knote *kn, long hint);
117 static struct thread *sigtd(struct proc *p, int sig, bool fast_sigblock);
118 static void sigqueue_start(void);
119 static void sigfastblock_setpend(struct thread *td, bool resched);
120 static void sig_handle_first_stop(struct thread *td, struct proc *p,
121 int sig);
122
123 static uma_zone_t ksiginfo_zone = NULL;
124 const struct filterops sig_filtops = {
125 .f_isfd = 0,
126 .f_attach = filt_sigattach,
127 .f_detach = filt_sigdetach,
128 .f_event = filt_signal,
129 };
130
131 static int kern_logsigexit = 1;
132 SYSCTL_INT(_kern, KERN_LOGSIGEXIT, logsigexit, CTLFLAG_RW,
133 &kern_logsigexit, 0,
134 "Log processes quitting on abnormal signals to syslog(3)");
135
136 static int kern_forcesigexit = 1;
137 SYSCTL_INT(_kern, OID_AUTO, forcesigexit, CTLFLAG_RW,
138 &kern_forcesigexit, 0, "Force trap signal to be handled");
139
140 static SYSCTL_NODE(_kern, OID_AUTO, sigqueue, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
141 "POSIX real time signal");
142
143 static int max_pending_per_proc = 128;
144 SYSCTL_INT(_kern_sigqueue, OID_AUTO, max_pending_per_proc, CTLFLAG_RW,
145 &max_pending_per_proc, 0, "Max pending signals per proc");
146
147 static int preallocate_siginfo = 1024;
148 SYSCTL_INT(_kern_sigqueue, OID_AUTO, preallocate, CTLFLAG_RDTUN,
149 &preallocate_siginfo, 0, "Preallocated signal memory size");
150
151 static int signal_overflow = 0;
152 SYSCTL_INT(_kern_sigqueue, OID_AUTO, overflow, CTLFLAG_RD,
153 &signal_overflow, 0, "Number of signals overflew");
154
155 static int signal_alloc_fail = 0;
156 SYSCTL_INT(_kern_sigqueue, OID_AUTO, alloc_fail, CTLFLAG_RD,
157 &signal_alloc_fail, 0, "signals failed to be allocated");
158
159 static int kern_lognosys = 0;
160 SYSCTL_INT(_kern, OID_AUTO, lognosys, CTLFLAG_RWTUN, &kern_lognosys, 0,
161 "Log invalid syscalls");
162
163 static int kern_signosys = 1;
164 SYSCTL_INT(_kern, OID_AUTO, signosys, CTLFLAG_RWTUN, &kern_signosys, 0,
165 "Send SIGSYS on return from invalid syscall");
166
167 __read_frequently bool sigfastblock_fetch_always = false;
168 SYSCTL_BOOL(_kern, OID_AUTO, sigfastblock_fetch_always, CTLFLAG_RWTUN,
169 &sigfastblock_fetch_always, 0,
170 "Fetch sigfastblock word on each syscall entry for proper "
171 "blocking semantic");
172
173 static bool kern_sig_discard_ign = true;
174 SYSCTL_BOOL(_kern, OID_AUTO, sig_discard_ign, CTLFLAG_RWTUN,
175 &kern_sig_discard_ign, 0,
176 "Discard ignored signals on delivery, otherwise queue them to "
177 "the target queue");
178
179 static bool pt_attach_transparent = true;
180 SYSCTL_BOOL(_debug, OID_AUTO, ptrace_attach_transparent, CTLFLAG_RWTUN,
181 &pt_attach_transparent, 0,
182 "Hide wakes from PT_ATTACH on interruptible sleeps");
183
184 SYSINIT(signal, SI_SUB_P1003_1B, SI_ORDER_FIRST+3, sigqueue_start, NULL);
185
186 /*
187 * Policy -- Can ucred cr1 send SIGIO to process cr2?
188 * Should use cr_cansignal() once cr_cansignal() allows SIGIO and SIGURG
189 * in the right situations.
190 */
191 #define CANSIGIO(cr1, cr2) \
192 ((cr1)->cr_uid == 0 || \
193 (cr1)->cr_ruid == (cr2)->cr_ruid || \
194 (cr1)->cr_uid == (cr2)->cr_ruid || \
195 (cr1)->cr_ruid == (cr2)->cr_uid || \
196 (cr1)->cr_uid == (cr2)->cr_uid)
197
198 static int sugid_coredump;
199 SYSCTL_INT(_kern, OID_AUTO, sugid_coredump, CTLFLAG_RWTUN,
200 &sugid_coredump, 0, "Allow setuid and setgid processes to dump core");
201
202 static int capmode_coredump;
203 SYSCTL_INT(_kern, OID_AUTO, capmode_coredump, CTLFLAG_RWTUN,
204 &capmode_coredump, 0, "Allow processes in capability mode to dump core");
205
206 static int do_coredump = 1;
207 SYSCTL_INT(_kern, OID_AUTO, coredump, CTLFLAG_RW,
208 &do_coredump, 0, "Enable/Disable coredumps");
209
210 static int set_core_nodump_flag = 0;
211 SYSCTL_INT(_kern, OID_AUTO, nodump_coredump, CTLFLAG_RW, &set_core_nodump_flag,
212 0, "Enable setting the NODUMP flag on coredump files");
213
214 static int coredump_devctl = 0;
215 SYSCTL_INT(_kern, OID_AUTO, coredump_devctl, CTLFLAG_RW, &coredump_devctl,
216 0, "Generate a devctl notification when processes coredump");
217
218 /*
219 * Signal properties and actions.
220 * The array below categorizes the signals and their default actions
221 * according to the following properties:
222 */
223 #define SIGPROP_KILL 0x01 /* terminates process by default */
224 #define SIGPROP_CORE 0x02 /* ditto and coredumps */
225 #define SIGPROP_STOP 0x04 /* suspend process */
226 #define SIGPROP_TTYSTOP 0x08 /* ditto, from tty */
227 #define SIGPROP_IGNORE 0x10 /* ignore by default */
228 #define SIGPROP_CONT 0x20 /* continue if suspended */
229
230 static const int sigproptbl[NSIG] = {
231 [SIGHUP] = SIGPROP_KILL,
232 [SIGINT] = SIGPROP_KILL,
233 [SIGQUIT] = SIGPROP_KILL | SIGPROP_CORE,
234 [SIGILL] = SIGPROP_KILL | SIGPROP_CORE,
235 [SIGTRAP] = SIGPROP_KILL | SIGPROP_CORE,
236 [SIGABRT] = SIGPROP_KILL | SIGPROP_CORE,
237 [SIGEMT] = SIGPROP_KILL | SIGPROP_CORE,
238 [SIGFPE] = SIGPROP_KILL | SIGPROP_CORE,
239 [SIGKILL] = SIGPROP_KILL,
240 [SIGBUS] = SIGPROP_KILL | SIGPROP_CORE,
241 [SIGSEGV] = SIGPROP_KILL | SIGPROP_CORE,
242 [SIGSYS] = SIGPROP_KILL | SIGPROP_CORE,
243 [SIGPIPE] = SIGPROP_KILL,
244 [SIGALRM] = SIGPROP_KILL,
245 [SIGTERM] = SIGPROP_KILL,
246 [SIGURG] = SIGPROP_IGNORE,
247 [SIGSTOP] = SIGPROP_STOP,
248 [SIGTSTP] = SIGPROP_STOP | SIGPROP_TTYSTOP,
249 [SIGCONT] = SIGPROP_IGNORE | SIGPROP_CONT,
250 [SIGCHLD] = SIGPROP_IGNORE,
251 [SIGTTIN] = SIGPROP_STOP | SIGPROP_TTYSTOP,
252 [SIGTTOU] = SIGPROP_STOP | SIGPROP_TTYSTOP,
253 [SIGIO] = SIGPROP_IGNORE,
254 [SIGXCPU] = SIGPROP_KILL,
255 [SIGXFSZ] = SIGPROP_KILL,
256 [SIGVTALRM] = SIGPROP_KILL,
257 [SIGPROF] = SIGPROP_KILL,
258 [SIGWINCH] = SIGPROP_IGNORE,
259 [SIGINFO] = SIGPROP_IGNORE,
260 [SIGUSR1] = SIGPROP_KILL,
261 [SIGUSR2] = SIGPROP_KILL,
262 };
263
264 #define _SIG_FOREACH_ADVANCE(i, set) ({ \
265 int __found; \
266 for (;;) { \
267 if (__bits != 0) { \
268 int __sig = ffs(__bits); \
269 __bits &= ~(1u << (__sig - 1)); \
270 sig = __i * sizeof((set)->__bits[0]) * NBBY + __sig; \
271 __found = 1; \
272 break; \
273 } \
274 if (++__i == _SIG_WORDS) { \
275 __found = 0; \
276 break; \
277 } \
278 __bits = (set)->__bits[__i]; \
279 } \
280 __found != 0; \
281 })
282
283 #define SIG_FOREACH(i, set) \
284 for (int32_t __i = -1, __bits = 0; \
285 _SIG_FOREACH_ADVANCE(i, set); ) \
286
287 static sigset_t fastblock_mask;
288
289 static void
ast_sig(struct thread * td,int tda)290 ast_sig(struct thread *td, int tda)
291 {
292 struct proc *p;
293 int old_boundary, sig;
294 bool resched_sigs;
295
296 p = td->td_proc;
297
298 #ifdef DIAGNOSTIC
299 if (p->p_numthreads == 1 && (tda & (TDAI(TDA_SIG) |
300 TDAI(TDA_AST))) == 0) {
301 PROC_LOCK(p);
302 thread_lock(td);
303 /*
304 * Note that TDA_SIG should be re-read from
305 * td_ast, since signal might have been delivered
306 * after we cleared td_flags above. This is one of
307 * the reason for looping check for AST condition.
308 * See comment in userret() about P_PPWAIT.
309 */
310 if ((p->p_flag & P_PPWAIT) == 0 &&
311 (td->td_pflags & TDP_SIGFASTBLOCK) == 0) {
312 if (SIGPENDING(td) && ((tda | td->td_ast) &
313 (TDAI(TDA_SIG) | TDAI(TDA_AST))) == 0) {
314 thread_unlock(td); /* fix dumps */
315 panic(
316 "failed2 to set signal flags for ast p %p "
317 "td %p tda %#x td_ast %#x fl %#x",
318 p, td, tda, td->td_ast, td->td_flags);
319 }
320 }
321 thread_unlock(td);
322 PROC_UNLOCK(p);
323 }
324 #endif
325
326 /*
327 * Check for signals. Unlocked reads of p_pendingcnt or
328 * p_siglist might cause process-directed signal to be handled
329 * later.
330 */
331 if ((tda & TDAI(TDA_SIG)) != 0 || p->p_pendingcnt > 0 ||
332 !SIGISEMPTY(p->p_siglist)) {
333 sigfastblock_fetch(td);
334 PROC_LOCK(p);
335 old_boundary = ~TDB_BOUNDARY | (td->td_dbgflags & TDB_BOUNDARY);
336 td->td_dbgflags |= TDB_BOUNDARY;
337 mtx_lock(&p->p_sigacts->ps_mtx);
338 while ((sig = cursig(td)) != 0) {
339 KASSERT(sig >= 0, ("sig %d", sig));
340 postsig(sig);
341 }
342 mtx_unlock(&p->p_sigacts->ps_mtx);
343 td->td_dbgflags &= old_boundary;
344 PROC_UNLOCK(p);
345 resched_sigs = true;
346 } else {
347 resched_sigs = false;
348 }
349
350 /*
351 * Handle deferred update of the fast sigblock value, after
352 * the postsig() loop was performed.
353 */
354 sigfastblock_setpend(td, resched_sigs);
355
356 /*
357 * Clear td_sa.code: signal to ptrace that syscall arguments
358 * are unavailable after this point. This AST handler is the
359 * last chance for ptracestop() to signal the tracer before
360 * the tracee returns to userspace.
361 */
362 td->td_sa.code = 0;
363 }
364
365 static void
ast_sigsuspend(struct thread * td,int tda __unused)366 ast_sigsuspend(struct thread *td, int tda __unused)
367 {
368 MPASS((td->td_pflags & TDP_OLDMASK) != 0);
369 td->td_pflags &= ~TDP_OLDMASK;
370 kern_sigprocmask(td, SIG_SETMASK, &td->td_oldsigmask, NULL, 0);
371 }
372
373 static void
sigqueue_start(void)374 sigqueue_start(void)
375 {
376 ksiginfo_zone = uma_zcreate("ksiginfo", sizeof(ksiginfo_t),
377 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
378 uma_prealloc(ksiginfo_zone, preallocate_siginfo);
379 p31b_setcfg(CTL_P1003_1B_REALTIME_SIGNALS, _POSIX_REALTIME_SIGNALS);
380 p31b_setcfg(CTL_P1003_1B_RTSIG_MAX, SIGRTMAX - SIGRTMIN + 1);
381 p31b_setcfg(CTL_P1003_1B_SIGQUEUE_MAX, max_pending_per_proc);
382 SIGFILLSET(fastblock_mask);
383 SIG_CANTMASK(fastblock_mask);
384 ast_register(TDA_SIG, ASTR_UNCOND, 0, ast_sig);
385 ast_register(TDA_SIGSUSPEND, ASTR_ASTF_REQUIRED | ASTR_TDP,
386 TDP_OLDMASK, ast_sigsuspend);
387 }
388
389 ksiginfo_t *
ksiginfo_alloc(int mwait)390 ksiginfo_alloc(int mwait)
391 {
392 MPASS(mwait == M_WAITOK || mwait == M_NOWAIT);
393
394 if (ksiginfo_zone == NULL)
395 return (NULL);
396 return (uma_zalloc(ksiginfo_zone, mwait | M_ZERO));
397 }
398
399 void
ksiginfo_free(ksiginfo_t * ksi)400 ksiginfo_free(ksiginfo_t *ksi)
401 {
402 uma_zfree(ksiginfo_zone, ksi);
403 }
404
405 static __inline bool
ksiginfo_tryfree(ksiginfo_t * ksi)406 ksiginfo_tryfree(ksiginfo_t *ksi)
407 {
408 if ((ksi->ksi_flags & KSI_EXT) == 0) {
409 uma_zfree(ksiginfo_zone, ksi);
410 return (true);
411 }
412 return (false);
413 }
414
415 void
sigqueue_init(sigqueue_t * list,struct proc * p)416 sigqueue_init(sigqueue_t *list, struct proc *p)
417 {
418 SIGEMPTYSET(list->sq_signals);
419 SIGEMPTYSET(list->sq_kill);
420 SIGEMPTYSET(list->sq_ptrace);
421 TAILQ_INIT(&list->sq_list);
422 list->sq_proc = p;
423 list->sq_flags = SQ_INIT;
424 }
425
426 /*
427 * Get a signal's ksiginfo.
428 * Return:
429 * 0 - signal not found
430 * others - signal number
431 */
432 static int
sigqueue_get(sigqueue_t * sq,int signo,ksiginfo_t * si)433 sigqueue_get(sigqueue_t *sq, int signo, ksiginfo_t *si)
434 {
435 struct proc *p = sq->sq_proc;
436 struct ksiginfo *ksi, *next;
437 int count = 0;
438
439 KASSERT(sq->sq_flags & SQ_INIT, ("sigqueue not inited"));
440
441 if (!SIGISMEMBER(sq->sq_signals, signo))
442 return (0);
443
444 if (SIGISMEMBER(sq->sq_ptrace, signo)) {
445 count++;
446 SIGDELSET(sq->sq_ptrace, signo);
447 si->ksi_flags |= KSI_PTRACE;
448 }
449 if (SIGISMEMBER(sq->sq_kill, signo)) {
450 count++;
451 if (count == 1)
452 SIGDELSET(sq->sq_kill, signo);
453 }
454
455 TAILQ_FOREACH_SAFE(ksi, &sq->sq_list, ksi_link, next) {
456 if (ksi->ksi_signo == signo) {
457 if (count == 0) {
458 TAILQ_REMOVE(&sq->sq_list, ksi, ksi_link);
459 ksi->ksi_sigq = NULL;
460 ksiginfo_copy(ksi, si);
461 if (ksiginfo_tryfree(ksi) && p != NULL)
462 p->p_pendingcnt--;
463 }
464 if (++count > 1)
465 break;
466 }
467 }
468
469 if (count <= 1)
470 SIGDELSET(sq->sq_signals, signo);
471 si->ksi_signo = signo;
472 return (signo);
473 }
474
475 void
sigqueue_take(ksiginfo_t * ksi)476 sigqueue_take(ksiginfo_t *ksi)
477 {
478 struct ksiginfo *kp;
479 struct proc *p;
480 sigqueue_t *sq;
481
482 if (ksi == NULL || (sq = ksi->ksi_sigq) == NULL)
483 return;
484
485 p = sq->sq_proc;
486 TAILQ_REMOVE(&sq->sq_list, ksi, ksi_link);
487 ksi->ksi_sigq = NULL;
488 if (!(ksi->ksi_flags & KSI_EXT) && p != NULL)
489 p->p_pendingcnt--;
490
491 for (kp = TAILQ_FIRST(&sq->sq_list); kp != NULL;
492 kp = TAILQ_NEXT(kp, ksi_link)) {
493 if (kp->ksi_signo == ksi->ksi_signo)
494 break;
495 }
496 if (kp == NULL && !SIGISMEMBER(sq->sq_kill, ksi->ksi_signo) &&
497 !SIGISMEMBER(sq->sq_ptrace, ksi->ksi_signo))
498 SIGDELSET(sq->sq_signals, ksi->ksi_signo);
499 }
500
501 static int
sigqueue_add(sigqueue_t * sq,int signo,ksiginfo_t * si)502 sigqueue_add(sigqueue_t *sq, int signo, ksiginfo_t *si)
503 {
504 struct proc *p = sq->sq_proc;
505 struct ksiginfo *ksi;
506 int ret = 0;
507
508 KASSERT(sq->sq_flags & SQ_INIT, ("sigqueue not inited"));
509
510 /*
511 * SIGKILL/SIGSTOP cannot be caught or masked, so take the fast path
512 * for these signals.
513 */
514 if (signo == SIGKILL || signo == SIGSTOP || si == NULL) {
515 SIGADDSET(sq->sq_kill, signo);
516 goto out_set_bit;
517 }
518
519 /* directly insert the ksi, don't copy it */
520 if (si->ksi_flags & KSI_INS) {
521 if (si->ksi_flags & KSI_HEAD)
522 TAILQ_INSERT_HEAD(&sq->sq_list, si, ksi_link);
523 else
524 TAILQ_INSERT_TAIL(&sq->sq_list, si, ksi_link);
525 si->ksi_sigq = sq;
526 goto out_set_bit;
527 }
528
529 if (__predict_false(ksiginfo_zone == NULL)) {
530 SIGADDSET(sq->sq_kill, signo);
531 goto out_set_bit;
532 }
533
534 if (p != NULL && p->p_pendingcnt >= max_pending_per_proc) {
535 signal_overflow++;
536 ret = EAGAIN;
537 } else if ((ksi = ksiginfo_alloc(M_NOWAIT)) == NULL) {
538 signal_alloc_fail++;
539 ret = EAGAIN;
540 } else {
541 if (p != NULL)
542 p->p_pendingcnt++;
543 ksiginfo_copy(si, ksi);
544 ksi->ksi_signo = signo;
545 if (si->ksi_flags & KSI_HEAD)
546 TAILQ_INSERT_HEAD(&sq->sq_list, ksi, ksi_link);
547 else
548 TAILQ_INSERT_TAIL(&sq->sq_list, ksi, ksi_link);
549 ksi->ksi_sigq = sq;
550 }
551
552 if (ret != 0) {
553 if ((si->ksi_flags & KSI_PTRACE) != 0) {
554 SIGADDSET(sq->sq_ptrace, signo);
555 ret = 0;
556 goto out_set_bit;
557 } else if ((si->ksi_flags & KSI_TRAP) != 0 ||
558 (si->ksi_flags & KSI_SIGQ) == 0) {
559 SIGADDSET(sq->sq_kill, signo);
560 ret = 0;
561 goto out_set_bit;
562 }
563 return (ret);
564 }
565
566 out_set_bit:
567 SIGADDSET(sq->sq_signals, signo);
568 return (ret);
569 }
570
571 void
sigqueue_flush(sigqueue_t * sq)572 sigqueue_flush(sigqueue_t *sq)
573 {
574 struct proc *p = sq->sq_proc;
575 ksiginfo_t *ksi;
576
577 KASSERT(sq->sq_flags & SQ_INIT, ("sigqueue not inited"));
578
579 if (p != NULL)
580 PROC_LOCK_ASSERT(p, MA_OWNED);
581
582 while ((ksi = TAILQ_FIRST(&sq->sq_list)) != NULL) {
583 TAILQ_REMOVE(&sq->sq_list, ksi, ksi_link);
584 ksi->ksi_sigq = NULL;
585 if (ksiginfo_tryfree(ksi) && p != NULL)
586 p->p_pendingcnt--;
587 }
588
589 SIGEMPTYSET(sq->sq_signals);
590 SIGEMPTYSET(sq->sq_kill);
591 SIGEMPTYSET(sq->sq_ptrace);
592 }
593
594 static void
sigqueue_move_set(sigqueue_t * src,sigqueue_t * dst,const sigset_t * set)595 sigqueue_move_set(sigqueue_t *src, sigqueue_t *dst, const sigset_t *set)
596 {
597 sigset_t tmp;
598 struct proc *p1, *p2;
599 ksiginfo_t *ksi, *next;
600
601 KASSERT(src->sq_flags & SQ_INIT, ("src sigqueue not inited"));
602 KASSERT(dst->sq_flags & SQ_INIT, ("dst sigqueue not inited"));
603 p1 = src->sq_proc;
604 p2 = dst->sq_proc;
605 /* Move siginfo to target list */
606 TAILQ_FOREACH_SAFE(ksi, &src->sq_list, ksi_link, next) {
607 if (SIGISMEMBER(*set, ksi->ksi_signo)) {
608 TAILQ_REMOVE(&src->sq_list, ksi, ksi_link);
609 if (p1 != NULL)
610 p1->p_pendingcnt--;
611 TAILQ_INSERT_TAIL(&dst->sq_list, ksi, ksi_link);
612 ksi->ksi_sigq = dst;
613 if (p2 != NULL)
614 p2->p_pendingcnt++;
615 }
616 }
617
618 /* Move pending bits to target list */
619 tmp = src->sq_kill;
620 SIGSETAND(tmp, *set);
621 SIGSETOR(dst->sq_kill, tmp);
622 SIGSETNAND(src->sq_kill, tmp);
623
624 tmp = src->sq_ptrace;
625 SIGSETAND(tmp, *set);
626 SIGSETOR(dst->sq_ptrace, tmp);
627 SIGSETNAND(src->sq_ptrace, tmp);
628
629 tmp = src->sq_signals;
630 SIGSETAND(tmp, *set);
631 SIGSETOR(dst->sq_signals, tmp);
632 SIGSETNAND(src->sq_signals, tmp);
633 }
634
635 #if 0
636 static void
637 sigqueue_move(sigqueue_t *src, sigqueue_t *dst, int signo)
638 {
639 sigset_t set;
640
641 SIGEMPTYSET(set);
642 SIGADDSET(set, signo);
643 sigqueue_move_set(src, dst, &set);
644 }
645 #endif
646
647 static void
sigqueue_delete_set(sigqueue_t * sq,const sigset_t * set)648 sigqueue_delete_set(sigqueue_t *sq, const sigset_t *set)
649 {
650 struct proc *p = sq->sq_proc;
651 ksiginfo_t *ksi, *next;
652
653 KASSERT(sq->sq_flags & SQ_INIT, ("src sigqueue not inited"));
654
655 /* Remove siginfo queue */
656 TAILQ_FOREACH_SAFE(ksi, &sq->sq_list, ksi_link, next) {
657 if (SIGISMEMBER(*set, ksi->ksi_signo)) {
658 TAILQ_REMOVE(&sq->sq_list, ksi, ksi_link);
659 ksi->ksi_sigq = NULL;
660 if (ksiginfo_tryfree(ksi) && p != NULL)
661 p->p_pendingcnt--;
662 }
663 }
664 SIGSETNAND(sq->sq_kill, *set);
665 SIGSETNAND(sq->sq_ptrace, *set);
666 SIGSETNAND(sq->sq_signals, *set);
667 }
668
669 void
sigqueue_delete(sigqueue_t * sq,int signo)670 sigqueue_delete(sigqueue_t *sq, int signo)
671 {
672 sigset_t set;
673
674 SIGEMPTYSET(set);
675 SIGADDSET(set, signo);
676 sigqueue_delete_set(sq, &set);
677 }
678
679 /* Remove a set of signals for a process */
680 static void
sigqueue_delete_set_proc(struct proc * p,const sigset_t * set)681 sigqueue_delete_set_proc(struct proc *p, const sigset_t *set)
682 {
683 sigqueue_t worklist;
684 struct thread *td0;
685
686 PROC_LOCK_ASSERT(p, MA_OWNED);
687
688 sigqueue_init(&worklist, NULL);
689 sigqueue_move_set(&p->p_sigqueue, &worklist, set);
690
691 FOREACH_THREAD_IN_PROC(p, td0)
692 sigqueue_move_set(&td0->td_sigqueue, &worklist, set);
693
694 sigqueue_flush(&worklist);
695 }
696
697 void
sigqueue_delete_proc(struct proc * p,int signo)698 sigqueue_delete_proc(struct proc *p, int signo)
699 {
700 sigset_t set;
701
702 SIGEMPTYSET(set);
703 SIGADDSET(set, signo);
704 sigqueue_delete_set_proc(p, &set);
705 }
706
707 static void
sigqueue_delete_stopmask_proc(struct proc * p)708 sigqueue_delete_stopmask_proc(struct proc *p)
709 {
710 sigset_t set;
711
712 SIGEMPTYSET(set);
713 SIGADDSET(set, SIGSTOP);
714 SIGADDSET(set, SIGTSTP);
715 SIGADDSET(set, SIGTTIN);
716 SIGADDSET(set, SIGTTOU);
717 sigqueue_delete_set_proc(p, &set);
718 }
719
720 /*
721 * Determine signal that should be delivered to thread td, the current
722 * thread, 0 if none. If there is a pending stop signal with default
723 * action, the process stops in issignal().
724 */
725 int
cursig(struct thread * td)726 cursig(struct thread *td)
727 {
728 PROC_LOCK_ASSERT(td->td_proc, MA_OWNED);
729 mtx_assert(&td->td_proc->p_sigacts->ps_mtx, MA_OWNED);
730 THREAD_LOCK_ASSERT(td, MA_NOTOWNED);
731 return (SIGPENDING(td) ? issignal(td) : 0);
732 }
733
734 /*
735 * Arrange for ast() to handle unmasked pending signals on return to user
736 * mode. This must be called whenever a signal is added to td_sigqueue or
737 * unmasked in td_sigmask.
738 */
739 void
signotify(struct thread * td)740 signotify(struct thread *td)
741 {
742
743 PROC_LOCK_ASSERT(td->td_proc, MA_OWNED);
744
745 if (SIGPENDING(td))
746 ast_sched(td, TDA_SIG);
747 }
748
749 /*
750 * Returns 1 (true) if altstack is configured for the thread, and the
751 * passed stack bottom address falls into the altstack range. Handles
752 * the 43 compat special case where the alt stack size is zero.
753 */
754 int
sigonstack(size_t sp)755 sigonstack(size_t sp)
756 {
757 struct thread *td;
758
759 td = curthread;
760 if ((td->td_pflags & TDP_ALTSTACK) == 0)
761 return (0);
762 #if defined(COMPAT_43)
763 if (SV_PROC_FLAG(td->td_proc, SV_AOUT) && td->td_sigstk.ss_size == 0)
764 return ((td->td_sigstk.ss_flags & SS_ONSTACK) != 0);
765 #endif
766 return (sp >= (size_t)td->td_sigstk.ss_sp &&
767 sp < td->td_sigstk.ss_size + (size_t)td->td_sigstk.ss_sp);
768 }
769
770 static __inline int
sigprop(int sig)771 sigprop(int sig)
772 {
773
774 if (sig > 0 && sig < nitems(sigproptbl))
775 return (sigproptbl[sig]);
776 return (0);
777 }
778
779 static bool
sigact_flag_test(const struct sigaction * act,int flag)780 sigact_flag_test(const struct sigaction *act, int flag)
781 {
782
783 /*
784 * SA_SIGINFO is reset when signal disposition is set to
785 * ignore or default. Other flags are kept according to user
786 * settings.
787 */
788 return ((act->sa_flags & flag) != 0 && (flag != SA_SIGINFO ||
789 ((__sighandler_t *)act->sa_sigaction != SIG_IGN &&
790 (__sighandler_t *)act->sa_sigaction != SIG_DFL)));
791 }
792
793 /*
794 * kern_sigaction
795 * sigaction
796 * freebsd4_sigaction
797 * osigaction
798 */
799 int
kern_sigaction(struct thread * td,int sig,const struct sigaction * act,struct sigaction * oact,int flags)800 kern_sigaction(struct thread *td, int sig, const struct sigaction *act,
801 struct sigaction *oact, int flags)
802 {
803 struct sigacts *ps;
804 struct proc *p = td->td_proc;
805
806 if (!_SIG_VALID(sig))
807 return (EINVAL);
808 if (act != NULL && act->sa_handler != SIG_DFL &&
809 act->sa_handler != SIG_IGN && (act->sa_flags & ~(SA_ONSTACK |
810 SA_RESTART | SA_RESETHAND | SA_NOCLDSTOP | SA_NODEFER |
811 SA_NOCLDWAIT | SA_SIGINFO)) != 0)
812 return (EINVAL);
813
814 PROC_LOCK(p);
815 ps = p->p_sigacts;
816 mtx_lock(&ps->ps_mtx);
817 if (oact) {
818 memset(oact, 0, sizeof(*oact));
819 oact->sa_mask = ps->ps_catchmask[_SIG_IDX(sig)];
820 if (SIGISMEMBER(ps->ps_sigonstack, sig))
821 oact->sa_flags |= SA_ONSTACK;
822 if (!SIGISMEMBER(ps->ps_sigintr, sig))
823 oact->sa_flags |= SA_RESTART;
824 if (SIGISMEMBER(ps->ps_sigreset, sig))
825 oact->sa_flags |= SA_RESETHAND;
826 if (SIGISMEMBER(ps->ps_signodefer, sig))
827 oact->sa_flags |= SA_NODEFER;
828 if (SIGISMEMBER(ps->ps_siginfo, sig)) {
829 oact->sa_flags |= SA_SIGINFO;
830 oact->sa_sigaction =
831 (__siginfohandler_t *)ps->ps_sigact[_SIG_IDX(sig)];
832 } else
833 oact->sa_handler = ps->ps_sigact[_SIG_IDX(sig)];
834 if (sig == SIGCHLD && ps->ps_flag & PS_NOCLDSTOP)
835 oact->sa_flags |= SA_NOCLDSTOP;
836 if (sig == SIGCHLD && ps->ps_flag & PS_NOCLDWAIT)
837 oact->sa_flags |= SA_NOCLDWAIT;
838 }
839 if (act) {
840 if ((sig == SIGKILL || sig == SIGSTOP) &&
841 act->sa_handler != SIG_DFL) {
842 mtx_unlock(&ps->ps_mtx);
843 PROC_UNLOCK(p);
844 return (EINVAL);
845 }
846
847 /*
848 * Change setting atomically.
849 */
850
851 ps->ps_catchmask[_SIG_IDX(sig)] = act->sa_mask;
852 SIG_CANTMASK(ps->ps_catchmask[_SIG_IDX(sig)]);
853 if (sigact_flag_test(act, SA_SIGINFO)) {
854 ps->ps_sigact[_SIG_IDX(sig)] =
855 (__sighandler_t *)act->sa_sigaction;
856 SIGADDSET(ps->ps_siginfo, sig);
857 } else {
858 ps->ps_sigact[_SIG_IDX(sig)] = act->sa_handler;
859 SIGDELSET(ps->ps_siginfo, sig);
860 }
861 if (!sigact_flag_test(act, SA_RESTART))
862 SIGADDSET(ps->ps_sigintr, sig);
863 else
864 SIGDELSET(ps->ps_sigintr, sig);
865 if (sigact_flag_test(act, SA_ONSTACK))
866 SIGADDSET(ps->ps_sigonstack, sig);
867 else
868 SIGDELSET(ps->ps_sigonstack, sig);
869 if (sigact_flag_test(act, SA_RESETHAND))
870 SIGADDSET(ps->ps_sigreset, sig);
871 else
872 SIGDELSET(ps->ps_sigreset, sig);
873 if (sigact_flag_test(act, SA_NODEFER))
874 SIGADDSET(ps->ps_signodefer, sig);
875 else
876 SIGDELSET(ps->ps_signodefer, sig);
877 if (sig == SIGCHLD) {
878 if (act->sa_flags & SA_NOCLDSTOP)
879 ps->ps_flag |= PS_NOCLDSTOP;
880 else
881 ps->ps_flag &= ~PS_NOCLDSTOP;
882 if (act->sa_flags & SA_NOCLDWAIT) {
883 /*
884 * Paranoia: since SA_NOCLDWAIT is implemented
885 * by reparenting the dying child to PID 1 (and
886 * trust it to reap the zombie), PID 1 itself
887 * is forbidden to set SA_NOCLDWAIT.
888 */
889 if (p->p_pid == 1)
890 ps->ps_flag &= ~PS_NOCLDWAIT;
891 else
892 ps->ps_flag |= PS_NOCLDWAIT;
893 } else
894 ps->ps_flag &= ~PS_NOCLDWAIT;
895 if (ps->ps_sigact[_SIG_IDX(SIGCHLD)] == SIG_IGN)
896 ps->ps_flag |= PS_CLDSIGIGN;
897 else
898 ps->ps_flag &= ~PS_CLDSIGIGN;
899 }
900 /*
901 * Set bit in ps_sigignore for signals that are set to SIG_IGN,
902 * and for signals set to SIG_DFL where the default is to
903 * ignore. However, don't put SIGCONT in ps_sigignore, as we
904 * have to restart the process.
905 */
906 if (ps->ps_sigact[_SIG_IDX(sig)] == SIG_IGN ||
907 (sigprop(sig) & SIGPROP_IGNORE &&
908 ps->ps_sigact[_SIG_IDX(sig)] == SIG_DFL)) {
909 /* never to be seen again */
910 sigqueue_delete_proc(p, sig);
911 if (sig != SIGCONT)
912 /* easier in psignal */
913 SIGADDSET(ps->ps_sigignore, sig);
914 SIGDELSET(ps->ps_sigcatch, sig);
915 } else {
916 SIGDELSET(ps->ps_sigignore, sig);
917 if (ps->ps_sigact[_SIG_IDX(sig)] == SIG_DFL)
918 SIGDELSET(ps->ps_sigcatch, sig);
919 else
920 SIGADDSET(ps->ps_sigcatch, sig);
921 }
922 #ifdef COMPAT_FREEBSD4
923 if (ps->ps_sigact[_SIG_IDX(sig)] == SIG_IGN ||
924 ps->ps_sigact[_SIG_IDX(sig)] == SIG_DFL ||
925 (flags & KSA_FREEBSD4) == 0)
926 SIGDELSET(ps->ps_freebsd4, sig);
927 else
928 SIGADDSET(ps->ps_freebsd4, sig);
929 #endif
930 #ifdef COMPAT_43
931 if (ps->ps_sigact[_SIG_IDX(sig)] == SIG_IGN ||
932 ps->ps_sigact[_SIG_IDX(sig)] == SIG_DFL ||
933 (flags & KSA_OSIGSET) == 0)
934 SIGDELSET(ps->ps_osigset, sig);
935 else
936 SIGADDSET(ps->ps_osigset, sig);
937 #endif
938 }
939 mtx_unlock(&ps->ps_mtx);
940 PROC_UNLOCK(p);
941 return (0);
942 }
943
944 #ifndef _SYS_SYSPROTO_H_
945 struct sigaction_args {
946 int sig;
947 struct sigaction *act;
948 struct sigaction *oact;
949 };
950 #endif
951 int
sys_sigaction(struct thread * td,struct sigaction_args * uap)952 sys_sigaction(struct thread *td, struct sigaction_args *uap)
953 {
954 struct sigaction act, oact;
955 struct sigaction *actp, *oactp;
956 int error;
957
958 actp = (uap->act != NULL) ? &act : NULL;
959 oactp = (uap->oact != NULL) ? &oact : NULL;
960 if (actp) {
961 error = copyin(uap->act, actp, sizeof(act));
962 if (error)
963 return (error);
964 }
965 error = kern_sigaction(td, uap->sig, actp, oactp, 0);
966 if (oactp && !error)
967 error = copyout(oactp, uap->oact, sizeof(oact));
968 return (error);
969 }
970
971 #ifdef COMPAT_FREEBSD4
972 #ifndef _SYS_SYSPROTO_H_
973 struct freebsd4_sigaction_args {
974 int sig;
975 struct sigaction *act;
976 struct sigaction *oact;
977 };
978 #endif
979 int
freebsd4_sigaction(struct thread * td,struct freebsd4_sigaction_args * uap)980 freebsd4_sigaction(struct thread *td, struct freebsd4_sigaction_args *uap)
981 {
982 struct sigaction act, oact;
983 struct sigaction *actp, *oactp;
984 int error;
985
986 actp = (uap->act != NULL) ? &act : NULL;
987 oactp = (uap->oact != NULL) ? &oact : NULL;
988 if (actp) {
989 error = copyin(uap->act, actp, sizeof(act));
990 if (error)
991 return (error);
992 }
993 error = kern_sigaction(td, uap->sig, actp, oactp, KSA_FREEBSD4);
994 if (oactp && !error)
995 error = copyout(oactp, uap->oact, sizeof(oact));
996 return (error);
997 }
998 #endif /* COMAPT_FREEBSD4 */
999
1000 #ifdef COMPAT_43 /* XXX - COMPAT_FBSD3 */
1001 #ifndef _SYS_SYSPROTO_H_
1002 struct osigaction_args {
1003 int signum;
1004 struct osigaction *nsa;
1005 struct osigaction *osa;
1006 };
1007 #endif
1008 int
osigaction(struct thread * td,struct osigaction_args * uap)1009 osigaction(struct thread *td, struct osigaction_args *uap)
1010 {
1011 struct osigaction sa;
1012 struct sigaction nsa, osa;
1013 struct sigaction *nsap, *osap;
1014 int error;
1015
1016 if (uap->signum <= 0 || uap->signum >= ONSIG)
1017 return (EINVAL);
1018
1019 nsap = (uap->nsa != NULL) ? &nsa : NULL;
1020 osap = (uap->osa != NULL) ? &osa : NULL;
1021
1022 if (nsap) {
1023 error = copyin(uap->nsa, &sa, sizeof(sa));
1024 if (error)
1025 return (error);
1026 nsap->sa_handler = sa.sa_handler;
1027 nsap->sa_flags = sa.sa_flags;
1028 OSIG2SIG(sa.sa_mask, nsap->sa_mask);
1029 }
1030 error = kern_sigaction(td, uap->signum, nsap, osap, KSA_OSIGSET);
1031 if (osap && !error) {
1032 sa.sa_handler = osap->sa_handler;
1033 sa.sa_flags = osap->sa_flags;
1034 SIG2OSIG(osap->sa_mask, sa.sa_mask);
1035 error = copyout(&sa, uap->osa, sizeof(sa));
1036 }
1037 return (error);
1038 }
1039
1040 #if !defined(__i386__)
1041 /* Avoid replicating the same stub everywhere */
1042 int
osigreturn(struct thread * td,struct osigreturn_args * uap)1043 osigreturn(struct thread *td, struct osigreturn_args *uap)
1044 {
1045
1046 return (nosys(td, (struct nosys_args *)uap));
1047 }
1048 #endif
1049 #endif /* COMPAT_43 */
1050
1051 /*
1052 * Initialize signal state for process 0;
1053 * set to ignore signals that are ignored by default.
1054 */
1055 void
siginit(struct proc * p)1056 siginit(struct proc *p)
1057 {
1058 int i;
1059 struct sigacts *ps;
1060
1061 PROC_LOCK(p);
1062 ps = p->p_sigacts;
1063 mtx_lock(&ps->ps_mtx);
1064 for (i = 1; i <= NSIG; i++) {
1065 if (sigprop(i) & SIGPROP_IGNORE && i != SIGCONT) {
1066 SIGADDSET(ps->ps_sigignore, i);
1067 }
1068 }
1069 mtx_unlock(&ps->ps_mtx);
1070 PROC_UNLOCK(p);
1071 }
1072
1073 /*
1074 * Reset specified signal to the default disposition.
1075 */
1076 static void
sigdflt(struct sigacts * ps,int sig)1077 sigdflt(struct sigacts *ps, int sig)
1078 {
1079
1080 mtx_assert(&ps->ps_mtx, MA_OWNED);
1081 SIGDELSET(ps->ps_sigcatch, sig);
1082 if ((sigprop(sig) & SIGPROP_IGNORE) != 0 && sig != SIGCONT)
1083 SIGADDSET(ps->ps_sigignore, sig);
1084 ps->ps_sigact[_SIG_IDX(sig)] = SIG_DFL;
1085 SIGDELSET(ps->ps_siginfo, sig);
1086 }
1087
1088 /*
1089 * Reset signals for an exec of the specified process.
1090 */
1091 void
execsigs(struct proc * p)1092 execsigs(struct proc *p)
1093 {
1094 struct sigacts *ps;
1095 struct thread *td;
1096
1097 /*
1098 * Reset caught signals. Held signals remain held
1099 * through td_sigmask (unless they were caught,
1100 * and are now ignored by default).
1101 */
1102 PROC_LOCK_ASSERT(p, MA_OWNED);
1103 ps = p->p_sigacts;
1104 mtx_lock(&ps->ps_mtx);
1105 sig_drop_caught(p);
1106
1107 /*
1108 * Reset stack state to the user stack.
1109 * Clear set of signals caught on the signal stack.
1110 */
1111 td = curthread;
1112 MPASS(td->td_proc == p);
1113 td->td_sigstk.ss_flags = SS_DISABLE;
1114 td->td_sigstk.ss_size = 0;
1115 td->td_sigstk.ss_sp = 0;
1116 td->td_pflags &= ~TDP_ALTSTACK;
1117 /*
1118 * Reset no zombies if child dies flag as Solaris does.
1119 */
1120 ps->ps_flag &= ~(PS_NOCLDWAIT | PS_CLDSIGIGN);
1121 if (ps->ps_sigact[_SIG_IDX(SIGCHLD)] == SIG_IGN)
1122 ps->ps_sigact[_SIG_IDX(SIGCHLD)] = SIG_DFL;
1123 mtx_unlock(&ps->ps_mtx);
1124 }
1125
1126 /*
1127 * kern_sigprocmask()
1128 *
1129 * Manipulate signal mask.
1130 */
1131 int
kern_sigprocmask(struct thread * td,int how,sigset_t * set,sigset_t * oset,int flags)1132 kern_sigprocmask(struct thread *td, int how, sigset_t *set, sigset_t *oset,
1133 int flags)
1134 {
1135 sigset_t new_block, oset1;
1136 struct proc *p;
1137 int error;
1138
1139 p = td->td_proc;
1140 if ((flags & SIGPROCMASK_PROC_LOCKED) != 0)
1141 PROC_LOCK_ASSERT(p, MA_OWNED);
1142 else
1143 PROC_LOCK(p);
1144 mtx_assert(&p->p_sigacts->ps_mtx, (flags & SIGPROCMASK_PS_LOCKED) != 0
1145 ? MA_OWNED : MA_NOTOWNED);
1146 if (oset != NULL)
1147 *oset = td->td_sigmask;
1148
1149 error = 0;
1150 if (set != NULL) {
1151 switch (how) {
1152 case SIG_BLOCK:
1153 SIG_CANTMASK(*set);
1154 oset1 = td->td_sigmask;
1155 SIGSETOR(td->td_sigmask, *set);
1156 new_block = td->td_sigmask;
1157 SIGSETNAND(new_block, oset1);
1158 break;
1159 case SIG_UNBLOCK:
1160 SIGSETNAND(td->td_sigmask, *set);
1161 signotify(td);
1162 goto out;
1163 case SIG_SETMASK:
1164 SIG_CANTMASK(*set);
1165 oset1 = td->td_sigmask;
1166 if (flags & SIGPROCMASK_OLD)
1167 SIGSETLO(td->td_sigmask, *set);
1168 else
1169 td->td_sigmask = *set;
1170 new_block = td->td_sigmask;
1171 SIGSETNAND(new_block, oset1);
1172 signotify(td);
1173 break;
1174 default:
1175 error = EINVAL;
1176 goto out;
1177 }
1178
1179 /*
1180 * The new_block set contains signals that were not previously
1181 * blocked, but are blocked now.
1182 *
1183 * In case we block any signal that was not previously blocked
1184 * for td, and process has the signal pending, try to schedule
1185 * signal delivery to some thread that does not block the
1186 * signal, possibly waking it up.
1187 */
1188 if (p->p_numthreads != 1)
1189 reschedule_signals(p, new_block, flags);
1190 }
1191
1192 out:
1193 if (!(flags & SIGPROCMASK_PROC_LOCKED))
1194 PROC_UNLOCK(p);
1195 return (error);
1196 }
1197
1198 #ifndef _SYS_SYSPROTO_H_
1199 struct sigprocmask_args {
1200 int how;
1201 const sigset_t *set;
1202 sigset_t *oset;
1203 };
1204 #endif
1205 int
sys_sigprocmask(struct thread * td,struct sigprocmask_args * uap)1206 sys_sigprocmask(struct thread *td, struct sigprocmask_args *uap)
1207 {
1208 sigset_t set, oset;
1209 sigset_t *setp, *osetp;
1210 int error;
1211
1212 setp = (uap->set != NULL) ? &set : NULL;
1213 osetp = (uap->oset != NULL) ? &oset : NULL;
1214 if (setp) {
1215 error = copyin(uap->set, setp, sizeof(set));
1216 if (error)
1217 return (error);
1218 }
1219 error = kern_sigprocmask(td, uap->how, setp, osetp, 0);
1220 if (osetp && !error) {
1221 error = copyout(osetp, uap->oset, sizeof(oset));
1222 }
1223 return (error);
1224 }
1225
1226 #ifdef COMPAT_43 /* XXX - COMPAT_FBSD3 */
1227 #ifndef _SYS_SYSPROTO_H_
1228 struct osigprocmask_args {
1229 int how;
1230 osigset_t mask;
1231 };
1232 #endif
1233 int
osigprocmask(struct thread * td,struct osigprocmask_args * uap)1234 osigprocmask(struct thread *td, struct osigprocmask_args *uap)
1235 {
1236 sigset_t set, oset;
1237 int error;
1238
1239 OSIG2SIG(uap->mask, set);
1240 error = kern_sigprocmask(td, uap->how, &set, &oset, 1);
1241 SIG2OSIG(oset, td->td_retval[0]);
1242 return (error);
1243 }
1244 #endif /* COMPAT_43 */
1245
1246 int
sys_sigwait(struct thread * td,struct sigwait_args * uap)1247 sys_sigwait(struct thread *td, struct sigwait_args *uap)
1248 {
1249 ksiginfo_t ksi;
1250 sigset_t set;
1251 int error;
1252
1253 error = copyin(uap->set, &set, sizeof(set));
1254 if (error) {
1255 td->td_retval[0] = error;
1256 return (0);
1257 }
1258
1259 error = kern_sigtimedwait(td, set, &ksi, NULL);
1260 if (error) {
1261 /*
1262 * sigwait() function shall not return EINTR, but
1263 * the syscall does. Non-ancient libc provides the
1264 * wrapper which hides EINTR. Otherwise, EINTR return
1265 * is used by libthr to handle required cancellation
1266 * point in the sigwait().
1267 */
1268 if (error == EINTR && td->td_proc->p_osrel < P_OSREL_SIGWAIT)
1269 return (ERESTART);
1270 td->td_retval[0] = error;
1271 return (0);
1272 }
1273
1274 error = copyout(&ksi.ksi_signo, uap->sig, sizeof(ksi.ksi_signo));
1275 td->td_retval[0] = error;
1276 return (0);
1277 }
1278
1279 int
sys_sigtimedwait(struct thread * td,struct sigtimedwait_args * uap)1280 sys_sigtimedwait(struct thread *td, struct sigtimedwait_args *uap)
1281 {
1282 struct timespec ts;
1283 struct timespec *timeout;
1284 sigset_t set;
1285 ksiginfo_t ksi;
1286 int error;
1287
1288 if (uap->timeout) {
1289 error = copyin(uap->timeout, &ts, sizeof(ts));
1290 if (error)
1291 return (error);
1292
1293 timeout = &ts;
1294 } else
1295 timeout = NULL;
1296
1297 error = copyin(uap->set, &set, sizeof(set));
1298 if (error)
1299 return (error);
1300
1301 error = kern_sigtimedwait(td, set, &ksi, timeout);
1302 if (error)
1303 return (error);
1304
1305 if (uap->info)
1306 error = copyout(&ksi.ksi_info, uap->info, sizeof(siginfo_t));
1307
1308 if (error == 0)
1309 td->td_retval[0] = ksi.ksi_signo;
1310 return (error);
1311 }
1312
1313 int
sys_sigwaitinfo(struct thread * td,struct sigwaitinfo_args * uap)1314 sys_sigwaitinfo(struct thread *td, struct sigwaitinfo_args *uap)
1315 {
1316 ksiginfo_t ksi;
1317 sigset_t set;
1318 int error;
1319
1320 error = copyin(uap->set, &set, sizeof(set));
1321 if (error)
1322 return (error);
1323
1324 error = kern_sigtimedwait(td, set, &ksi, NULL);
1325 if (error)
1326 return (error);
1327
1328 if (uap->info)
1329 error = copyout(&ksi.ksi_info, uap->info, sizeof(siginfo_t));
1330
1331 if (error == 0)
1332 td->td_retval[0] = ksi.ksi_signo;
1333 return (error);
1334 }
1335
1336 static void
proc_td_siginfo_capture(struct thread * td,siginfo_t * si)1337 proc_td_siginfo_capture(struct thread *td, siginfo_t *si)
1338 {
1339 struct thread *thr;
1340
1341 FOREACH_THREAD_IN_PROC(td->td_proc, thr) {
1342 if (thr == td)
1343 thr->td_si = *si;
1344 else
1345 thr->td_si.si_signo = 0;
1346 }
1347 }
1348
1349 int
kern_sigtimedwait(struct thread * td,sigset_t waitset,ksiginfo_t * ksi,struct timespec * timeout)1350 kern_sigtimedwait(struct thread *td, sigset_t waitset, ksiginfo_t *ksi,
1351 struct timespec *timeout)
1352 {
1353 struct sigacts *ps;
1354 sigset_t saved_mask, new_block;
1355 struct proc *p;
1356 int error, sig, timevalid = 0;
1357 sbintime_t sbt, precision, tsbt;
1358 struct timespec ts;
1359 bool traced;
1360
1361 p = td->td_proc;
1362 error = 0;
1363 traced = false;
1364
1365 /* Ensure the sigfastblock value is up to date. */
1366 sigfastblock_fetch(td);
1367
1368 if (timeout != NULL) {
1369 if (timeout->tv_nsec >= 0 && timeout->tv_nsec < 1000000000) {
1370 timevalid = 1;
1371 ts = *timeout;
1372 if (ts.tv_sec < INT32_MAX / 2) {
1373 tsbt = tstosbt(ts);
1374 precision = tsbt;
1375 precision >>= tc_precexp;
1376 if (TIMESEL(&sbt, tsbt))
1377 sbt += tc_tick_sbt;
1378 sbt += tsbt;
1379 } else
1380 precision = sbt = 0;
1381 }
1382 } else
1383 precision = sbt = 0;
1384 ksiginfo_init(ksi);
1385 /* Some signals can not be waited for. */
1386 SIG_CANTMASK(waitset);
1387 ps = p->p_sigacts;
1388 PROC_LOCK(p);
1389 saved_mask = td->td_sigmask;
1390 SIGSETNAND(td->td_sigmask, waitset);
1391 if ((p->p_sysent->sv_flags & SV_SIG_DISCIGN) != 0 ||
1392 !kern_sig_discard_ign) {
1393 thread_lock(td);
1394 td->td_flags |= TDF_SIGWAIT;
1395 thread_unlock(td);
1396 }
1397 for (;;) {
1398 mtx_lock(&ps->ps_mtx);
1399 sig = cursig(td);
1400 mtx_unlock(&ps->ps_mtx);
1401 KASSERT(sig >= 0, ("sig %d", sig));
1402 if (sig != 0 && SIGISMEMBER(waitset, sig)) {
1403 if (sigqueue_get(&td->td_sigqueue, sig, ksi) != 0 ||
1404 sigqueue_get(&p->p_sigqueue, sig, ksi) != 0) {
1405 error = 0;
1406 break;
1407 }
1408 }
1409
1410 if (error != 0)
1411 break;
1412
1413 /*
1414 * POSIX says this must be checked after looking for pending
1415 * signals.
1416 */
1417 if (timeout != NULL && !timevalid) {
1418 error = EINVAL;
1419 break;
1420 }
1421
1422 if (traced) {
1423 error = EINTR;
1424 break;
1425 }
1426
1427 error = msleep_sbt(&p->p_sigacts, &p->p_mtx, PPAUSE | PCATCH,
1428 "sigwait", sbt, precision, C_ABSOLUTE);
1429
1430 /* The syscalls can not be restarted. */
1431 if (error == ERESTART)
1432 error = EINTR;
1433
1434 /*
1435 * If PTRACE_SCE or PTRACE_SCX were set after
1436 * userspace entered the syscall, return spurious
1437 * EINTR after wait was done. Only do this as last
1438 * resort after rechecking for possible queued signals
1439 * and expired timeouts.
1440 */
1441 if (error == 0 && (p->p_ptevents & PTRACE_SYSCALL) != 0)
1442 traced = true;
1443 }
1444 thread_lock(td);
1445 td->td_flags &= ~TDF_SIGWAIT;
1446 thread_unlock(td);
1447
1448 new_block = saved_mask;
1449 SIGSETNAND(new_block, td->td_sigmask);
1450 td->td_sigmask = saved_mask;
1451 /*
1452 * Fewer signals can be delivered to us, reschedule signal
1453 * notification.
1454 */
1455 if (p->p_numthreads != 1)
1456 reschedule_signals(p, new_block, 0);
1457
1458 if (error == 0) {
1459 SDT_PROBE2(proc, , , signal__clear, sig, ksi);
1460
1461 if (ksi->ksi_code == SI_TIMER)
1462 itimer_accept(p, ksi->ksi_timerid, ksi);
1463
1464 #ifdef KTRACE
1465 if (KTRPOINT(td, KTR_PSIG)) {
1466 sig_t action;
1467
1468 mtx_lock(&ps->ps_mtx);
1469 action = ps->ps_sigact[_SIG_IDX(sig)];
1470 mtx_unlock(&ps->ps_mtx);
1471 ktrpsig(sig, action, &td->td_sigmask, ksi->ksi_code);
1472 }
1473 #endif
1474 if (sig == SIGKILL) {
1475 proc_td_siginfo_capture(td, &ksi->ksi_info);
1476 sigexit(td, sig);
1477 }
1478 }
1479 PROC_UNLOCK(p);
1480 return (error);
1481 }
1482
1483 #ifndef _SYS_SYSPROTO_H_
1484 struct sigpending_args {
1485 sigset_t *set;
1486 };
1487 #endif
1488 int
sys_sigpending(struct thread * td,struct sigpending_args * uap)1489 sys_sigpending(struct thread *td, struct sigpending_args *uap)
1490 {
1491 struct proc *p = td->td_proc;
1492 sigset_t pending;
1493
1494 PROC_LOCK(p);
1495 pending = p->p_sigqueue.sq_signals;
1496 SIGSETOR(pending, td->td_sigqueue.sq_signals);
1497 PROC_UNLOCK(p);
1498 return (copyout(&pending, uap->set, sizeof(sigset_t)));
1499 }
1500
1501 #ifdef COMPAT_43 /* XXX - COMPAT_FBSD3 */
1502 #ifndef _SYS_SYSPROTO_H_
1503 struct osigpending_args {
1504 int dummy;
1505 };
1506 #endif
1507 int
osigpending(struct thread * td,struct osigpending_args * uap)1508 osigpending(struct thread *td, struct osigpending_args *uap)
1509 {
1510 struct proc *p = td->td_proc;
1511 sigset_t pending;
1512
1513 PROC_LOCK(p);
1514 pending = p->p_sigqueue.sq_signals;
1515 SIGSETOR(pending, td->td_sigqueue.sq_signals);
1516 PROC_UNLOCK(p);
1517 SIG2OSIG(pending, td->td_retval[0]);
1518 return (0);
1519 }
1520 #endif /* COMPAT_43 */
1521
1522 #if defined(COMPAT_43)
1523 /*
1524 * Generalized interface signal handler, 4.3-compatible.
1525 */
1526 #ifndef _SYS_SYSPROTO_H_
1527 struct osigvec_args {
1528 int signum;
1529 struct sigvec *nsv;
1530 struct sigvec *osv;
1531 };
1532 #endif
1533 /* ARGSUSED */
1534 int
osigvec(struct thread * td,struct osigvec_args * uap)1535 osigvec(struct thread *td, struct osigvec_args *uap)
1536 {
1537 struct sigvec vec;
1538 struct sigaction nsa, osa;
1539 struct sigaction *nsap, *osap;
1540 int error;
1541
1542 if (uap->signum <= 0 || uap->signum >= ONSIG)
1543 return (EINVAL);
1544 nsap = (uap->nsv != NULL) ? &nsa : NULL;
1545 osap = (uap->osv != NULL) ? &osa : NULL;
1546 if (nsap) {
1547 error = copyin(uap->nsv, &vec, sizeof(vec));
1548 if (error)
1549 return (error);
1550 nsap->sa_handler = vec.sv_handler;
1551 OSIG2SIG(vec.sv_mask, nsap->sa_mask);
1552 nsap->sa_flags = vec.sv_flags;
1553 nsap->sa_flags ^= SA_RESTART; /* opposite of SV_INTERRUPT */
1554 }
1555 error = kern_sigaction(td, uap->signum, nsap, osap, KSA_OSIGSET);
1556 if (osap && !error) {
1557 vec.sv_handler = osap->sa_handler;
1558 SIG2OSIG(osap->sa_mask, vec.sv_mask);
1559 vec.sv_flags = osap->sa_flags;
1560 vec.sv_flags &= ~SA_NOCLDWAIT;
1561 vec.sv_flags ^= SA_RESTART;
1562 error = copyout(&vec, uap->osv, sizeof(vec));
1563 }
1564 return (error);
1565 }
1566
1567 #ifndef _SYS_SYSPROTO_H_
1568 struct osigblock_args {
1569 int mask;
1570 };
1571 #endif
1572 int
osigblock(struct thread * td,struct osigblock_args * uap)1573 osigblock(struct thread *td, struct osigblock_args *uap)
1574 {
1575 sigset_t set, oset;
1576
1577 OSIG2SIG(uap->mask, set);
1578 kern_sigprocmask(td, SIG_BLOCK, &set, &oset, 0);
1579 SIG2OSIG(oset, td->td_retval[0]);
1580 return (0);
1581 }
1582
1583 #ifndef _SYS_SYSPROTO_H_
1584 struct osigsetmask_args {
1585 int mask;
1586 };
1587 #endif
1588 int
osigsetmask(struct thread * td,struct osigsetmask_args * uap)1589 osigsetmask(struct thread *td, struct osigsetmask_args *uap)
1590 {
1591 sigset_t set, oset;
1592
1593 OSIG2SIG(uap->mask, set);
1594 kern_sigprocmask(td, SIG_SETMASK, &set, &oset, 0);
1595 SIG2OSIG(oset, td->td_retval[0]);
1596 return (0);
1597 }
1598 #endif /* COMPAT_43 */
1599
1600 /*
1601 * Suspend calling thread until signal, providing mask to be set in the
1602 * meantime.
1603 */
1604 #ifndef _SYS_SYSPROTO_H_
1605 struct sigsuspend_args {
1606 const sigset_t *sigmask;
1607 };
1608 #endif
1609 /* ARGSUSED */
1610 int
sys_sigsuspend(struct thread * td,struct sigsuspend_args * uap)1611 sys_sigsuspend(struct thread *td, struct sigsuspend_args *uap)
1612 {
1613 sigset_t mask;
1614 int error;
1615
1616 error = copyin(uap->sigmask, &mask, sizeof(mask));
1617 if (error)
1618 return (error);
1619 return (kern_sigsuspend(td, mask));
1620 }
1621
1622 int
kern_sigsuspend(struct thread * td,sigset_t mask)1623 kern_sigsuspend(struct thread *td, sigset_t mask)
1624 {
1625 struct proc *p = td->td_proc;
1626 int has_sig, sig;
1627
1628 /* Ensure the sigfastblock value is up to date. */
1629 sigfastblock_fetch(td);
1630
1631 /*
1632 * When returning from sigsuspend, we want
1633 * the old mask to be restored after the
1634 * signal handler has finished. Thus, we
1635 * save it here and mark the sigacts structure
1636 * to indicate this.
1637 */
1638 PROC_LOCK(p);
1639 kern_sigprocmask(td, SIG_SETMASK, &mask, &td->td_oldsigmask,
1640 SIGPROCMASK_PROC_LOCKED);
1641 td->td_pflags |= TDP_OLDMASK;
1642 ast_sched(td, TDA_SIGSUSPEND);
1643
1644 /*
1645 * Process signals now. Otherwise, we can get spurious wakeup
1646 * due to signal entered process queue, but delivered to other
1647 * thread. But sigsuspend should return only on signal
1648 * delivery.
1649 */
1650 (p->p_sysent->sv_set_syscall_retval)(td, EINTR);
1651 for (has_sig = 0; !has_sig;) {
1652 while (msleep(&p->p_sigacts, &p->p_mtx, PPAUSE|PCATCH, "pause",
1653 0) == 0)
1654 /* void */;
1655 thread_suspend_check(0);
1656 mtx_lock(&p->p_sigacts->ps_mtx);
1657 while ((sig = cursig(td)) != 0) {
1658 KASSERT(sig >= 0, ("sig %d", sig));
1659 has_sig += postsig(sig);
1660 }
1661 mtx_unlock(&p->p_sigacts->ps_mtx);
1662
1663 /*
1664 * If PTRACE_SCE or PTRACE_SCX were set after
1665 * userspace entered the syscall, return spurious
1666 * EINTR.
1667 */
1668 if ((p->p_ptevents & PTRACE_SYSCALL) != 0)
1669 has_sig += 1;
1670 }
1671 PROC_UNLOCK(p);
1672 td->td_errno = EINTR;
1673 td->td_pflags |= TDP_NERRNO;
1674 return (EJUSTRETURN);
1675 }
1676
1677 #ifdef COMPAT_43 /* XXX - COMPAT_FBSD3 */
1678 /*
1679 * Compatibility sigsuspend call for old binaries. Note nonstandard calling
1680 * convention: libc stub passes mask, not pointer, to save a copyin.
1681 */
1682 #ifndef _SYS_SYSPROTO_H_
1683 struct osigsuspend_args {
1684 osigset_t mask;
1685 };
1686 #endif
1687 /* ARGSUSED */
1688 int
osigsuspend(struct thread * td,struct osigsuspend_args * uap)1689 osigsuspend(struct thread *td, struct osigsuspend_args *uap)
1690 {
1691 sigset_t mask;
1692
1693 OSIG2SIG(uap->mask, mask);
1694 return (kern_sigsuspend(td, mask));
1695 }
1696 #endif /* COMPAT_43 */
1697
1698 #if defined(COMPAT_43)
1699 #ifndef _SYS_SYSPROTO_H_
1700 struct osigstack_args {
1701 struct sigstack *nss;
1702 struct sigstack *oss;
1703 };
1704 #endif
1705 /* ARGSUSED */
1706 int
osigstack(struct thread * td,struct osigstack_args * uap)1707 osigstack(struct thread *td, struct osigstack_args *uap)
1708 {
1709 struct sigstack nss, oss;
1710 int error = 0;
1711
1712 if (uap->nss != NULL) {
1713 error = copyin(uap->nss, &nss, sizeof(nss));
1714 if (error)
1715 return (error);
1716 }
1717 oss.ss_sp = td->td_sigstk.ss_sp;
1718 oss.ss_onstack = sigonstack(cpu_getstack(td));
1719 if (uap->nss != NULL) {
1720 td->td_sigstk.ss_sp = nss.ss_sp;
1721 td->td_sigstk.ss_size = 0;
1722 td->td_sigstk.ss_flags |= nss.ss_onstack & SS_ONSTACK;
1723 td->td_pflags |= TDP_ALTSTACK;
1724 }
1725 if (uap->oss != NULL)
1726 error = copyout(&oss, uap->oss, sizeof(oss));
1727
1728 return (error);
1729 }
1730 #endif /* COMPAT_43 */
1731
1732 #ifndef _SYS_SYSPROTO_H_
1733 struct sigaltstack_args {
1734 stack_t *ss;
1735 stack_t *oss;
1736 };
1737 #endif
1738 /* ARGSUSED */
1739 int
sys_sigaltstack(struct thread * td,struct sigaltstack_args * uap)1740 sys_sigaltstack(struct thread *td, struct sigaltstack_args *uap)
1741 {
1742 stack_t ss, oss;
1743 int error;
1744
1745 if (uap->ss != NULL) {
1746 error = copyin(uap->ss, &ss, sizeof(ss));
1747 if (error)
1748 return (error);
1749 }
1750 error = kern_sigaltstack(td, (uap->ss != NULL) ? &ss : NULL,
1751 (uap->oss != NULL) ? &oss : NULL);
1752 if (error)
1753 return (error);
1754 if (uap->oss != NULL)
1755 error = copyout(&oss, uap->oss, sizeof(stack_t));
1756 return (error);
1757 }
1758
1759 int
kern_sigaltstack(struct thread * td,stack_t * ss,stack_t * oss)1760 kern_sigaltstack(struct thread *td, stack_t *ss, stack_t *oss)
1761 {
1762 struct proc *p = td->td_proc;
1763 int oonstack;
1764
1765 oonstack = sigonstack(cpu_getstack(td));
1766
1767 if (oss != NULL) {
1768 *oss = td->td_sigstk;
1769 oss->ss_flags = (td->td_pflags & TDP_ALTSTACK)
1770 ? ((oonstack) ? SS_ONSTACK : 0) : SS_DISABLE;
1771 }
1772
1773 if (ss != NULL) {
1774 if (oonstack)
1775 return (EPERM);
1776 if ((ss->ss_flags & ~SS_DISABLE) != 0)
1777 return (EINVAL);
1778 if (!(ss->ss_flags & SS_DISABLE)) {
1779 if (ss->ss_size < p->p_sysent->sv_minsigstksz)
1780 return (ENOMEM);
1781
1782 td->td_sigstk = *ss;
1783 td->td_pflags |= TDP_ALTSTACK;
1784 } else {
1785 td->td_pflags &= ~TDP_ALTSTACK;
1786 }
1787 }
1788 return (0);
1789 }
1790
1791 struct killpg1_ctx {
1792 struct thread *td;
1793 ksiginfo_t *ksi;
1794 int sig;
1795 bool sent;
1796 bool found;
1797 int ret;
1798 };
1799
1800 static void
killpg1_sendsig_locked(struct proc * p,struct killpg1_ctx * arg)1801 killpg1_sendsig_locked(struct proc *p, struct killpg1_ctx *arg)
1802 {
1803 int err;
1804
1805 err = p_cansignal(arg->td, p, arg->sig);
1806 if (err == 0 && arg->sig != 0)
1807 pksignal(p, arg->sig, arg->ksi);
1808 if (err != ESRCH)
1809 arg->found = true;
1810 if (err == 0)
1811 arg->sent = true;
1812 else if (arg->ret == 0 && err != ESRCH && err != EPERM)
1813 arg->ret = err;
1814 }
1815
1816 static void
killpg1_sendsig(struct proc * p,bool notself,struct killpg1_ctx * arg)1817 killpg1_sendsig(struct proc *p, bool notself, struct killpg1_ctx *arg)
1818 {
1819
1820 if (p->p_pid <= 1 || (p->p_flag & P_SYSTEM) != 0 ||
1821 (notself && p == arg->td->td_proc) || p->p_state == PRS_NEW)
1822 return;
1823
1824 PROC_LOCK(p);
1825 killpg1_sendsig_locked(p, arg);
1826 PROC_UNLOCK(p);
1827 }
1828
1829 static void
kill_processes_prison_cb(struct proc * p,void * arg)1830 kill_processes_prison_cb(struct proc *p, void *arg)
1831 {
1832 struct killpg1_ctx *ctx = arg;
1833
1834 if (p->p_pid <= 1 || (p->p_flag & P_SYSTEM) != 0 ||
1835 (p == ctx->td->td_proc) || p->p_state == PRS_NEW)
1836 return;
1837
1838 killpg1_sendsig_locked(p, ctx);
1839 }
1840
1841 /*
1842 * Common code for kill process group/broadcast kill.
1843 * td is the calling thread, as usual.
1844 */
1845 static int
killpg1(struct thread * td,int sig,int pgid,int all,ksiginfo_t * ksi)1846 killpg1(struct thread *td, int sig, int pgid, int all, ksiginfo_t *ksi)
1847 {
1848 struct proc *p;
1849 struct pgrp *pgrp;
1850 struct killpg1_ctx arg;
1851
1852 arg.td = td;
1853 arg.ksi = ksi;
1854 arg.sig = sig;
1855 arg.sent = false;
1856 arg.found = false;
1857 arg.ret = 0;
1858 if (all) {
1859 /*
1860 * broadcast
1861 */
1862 prison_proc_iterate(td->td_ucred->cr_prison,
1863 kill_processes_prison_cb, &arg);
1864 } else {
1865 again:
1866 sx_slock(&proctree_lock);
1867 if (pgid == 0) {
1868 /*
1869 * zero pgid means send to my process group.
1870 */
1871 pgrp = td->td_proc->p_pgrp;
1872 PGRP_LOCK(pgrp);
1873 } else {
1874 pgrp = pgfind(pgid);
1875 if (pgrp == NULL) {
1876 sx_sunlock(&proctree_lock);
1877 return (ESRCH);
1878 }
1879 }
1880 sx_sunlock(&proctree_lock);
1881 if (!sx_try_xlock(&pgrp->pg_killsx)) {
1882 PGRP_UNLOCK(pgrp);
1883 sx_xlock(&pgrp->pg_killsx);
1884 sx_xunlock(&pgrp->pg_killsx);
1885 goto again;
1886 }
1887 LIST_FOREACH(p, &pgrp->pg_members, p_pglist) {
1888 killpg1_sendsig(p, false, &arg);
1889 }
1890 PGRP_UNLOCK(pgrp);
1891 sx_xunlock(&pgrp->pg_killsx);
1892 }
1893 MPASS(arg.ret != 0 || arg.found || !arg.sent);
1894 if (arg.ret == 0 && !arg.sent)
1895 arg.ret = arg.found ? EPERM : ESRCH;
1896 return (arg.ret);
1897 }
1898
1899 #ifndef _SYS_SYSPROTO_H_
1900 struct kill_args {
1901 int pid;
1902 int signum;
1903 };
1904 #endif
1905 /* ARGSUSED */
1906 int
sys_kill(struct thread * td,struct kill_args * uap)1907 sys_kill(struct thread *td, struct kill_args *uap)
1908 {
1909
1910 return (kern_kill(td, uap->pid, uap->signum));
1911 }
1912
1913 int
kern_kill(struct thread * td,pid_t pid,int signum)1914 kern_kill(struct thread *td, pid_t pid, int signum)
1915 {
1916 ksiginfo_t ksi;
1917 struct proc *p;
1918 int error;
1919
1920 /*
1921 * A process in capability mode can send signals only to himself.
1922 * The main rationale behind this is that abort(3) is implemented as
1923 * kill(getpid(), SIGABRT).
1924 */
1925 if (pid != td->td_proc->p_pid) {
1926 if (CAP_TRACING(td))
1927 ktrcapfail(CAPFAIL_SIGNAL, &signum);
1928 if (IN_CAPABILITY_MODE(td))
1929 return (ECAPMODE);
1930 }
1931
1932 AUDIT_ARG_SIGNUM(signum);
1933 AUDIT_ARG_PID(pid);
1934 if ((u_int)signum > _SIG_MAXSIG)
1935 return (EINVAL);
1936
1937 ksiginfo_init(&ksi);
1938 ksi.ksi_signo = signum;
1939 ksi.ksi_code = SI_USER;
1940 ksi.ksi_pid = td->td_proc->p_pid;
1941 ksi.ksi_uid = td->td_ucred->cr_ruid;
1942
1943 if (pid > 0) {
1944 /* kill single process */
1945 if ((p = pfind_any(pid)) == NULL)
1946 return (ESRCH);
1947 AUDIT_ARG_PROCESS(p);
1948 error = p_cansignal(td, p, signum);
1949 if (error == 0 && signum)
1950 pksignal(p, signum, &ksi);
1951 PROC_UNLOCK(p);
1952 return (error);
1953 }
1954 switch (pid) {
1955 case -1: /* broadcast signal */
1956 return (killpg1(td, signum, 0, 1, &ksi));
1957 case 0: /* signal own process group */
1958 return (killpg1(td, signum, 0, 0, &ksi));
1959 default: /* negative explicit process group */
1960 return (killpg1(td, signum, -pid, 0, &ksi));
1961 }
1962 /* NOTREACHED */
1963 }
1964
1965 int
sys_pdkill(struct thread * td,struct pdkill_args * uap)1966 sys_pdkill(struct thread *td, struct pdkill_args *uap)
1967 {
1968 struct proc *p;
1969 int error;
1970
1971 AUDIT_ARG_SIGNUM(uap->signum);
1972 AUDIT_ARG_FD(uap->fd);
1973 if ((u_int)uap->signum > _SIG_MAXSIG)
1974 return (EINVAL);
1975
1976 error = procdesc_find(td, uap->fd, &cap_pdkill_rights, &p);
1977 if (error)
1978 return (error);
1979 AUDIT_ARG_PROCESS(p);
1980 error = p_cansignal(td, p, uap->signum);
1981 if (error == 0 && uap->signum)
1982 kern_psignal(p, uap->signum);
1983 PROC_UNLOCK(p);
1984 return (error);
1985 }
1986
1987 #if defined(COMPAT_43)
1988 #ifndef _SYS_SYSPROTO_H_
1989 struct okillpg_args {
1990 int pgid;
1991 int signum;
1992 };
1993 #endif
1994 /* ARGSUSED */
1995 int
okillpg(struct thread * td,struct okillpg_args * uap)1996 okillpg(struct thread *td, struct okillpg_args *uap)
1997 {
1998 ksiginfo_t ksi;
1999
2000 AUDIT_ARG_SIGNUM(uap->signum);
2001 AUDIT_ARG_PID(uap->pgid);
2002 if ((u_int)uap->signum > _SIG_MAXSIG)
2003 return (EINVAL);
2004
2005 ksiginfo_init(&ksi);
2006 ksi.ksi_signo = uap->signum;
2007 ksi.ksi_code = SI_USER;
2008 ksi.ksi_pid = td->td_proc->p_pid;
2009 ksi.ksi_uid = td->td_ucred->cr_ruid;
2010 return (killpg1(td, uap->signum, uap->pgid, 0, &ksi));
2011 }
2012 #endif /* COMPAT_43 */
2013
2014 #ifndef _SYS_SYSPROTO_H_
2015 struct sigqueue_args {
2016 pid_t pid;
2017 int signum;
2018 /* union sigval */ void *value;
2019 };
2020 #endif
2021 int
sys_sigqueue(struct thread * td,struct sigqueue_args * uap)2022 sys_sigqueue(struct thread *td, struct sigqueue_args *uap)
2023 {
2024 union sigval sv;
2025
2026 sv.sival_ptr = uap->value;
2027
2028 return (kern_sigqueue(td, uap->pid, uap->signum, &sv));
2029 }
2030
2031 int
kern_sigqueue(struct thread * td,pid_t pid,int signumf,union sigval * value)2032 kern_sigqueue(struct thread *td, pid_t pid, int signumf, union sigval *value)
2033 {
2034 ksiginfo_t ksi;
2035 struct proc *p;
2036 struct thread *td2;
2037 u_int signum;
2038 int error;
2039
2040 signum = signumf & ~__SIGQUEUE_TID;
2041 if (signum > _SIG_MAXSIG)
2042 return (EINVAL);
2043
2044 /*
2045 * Specification says sigqueue can only send signal to
2046 * single process.
2047 */
2048 if (pid <= 0)
2049 return (EINVAL);
2050
2051 if ((signumf & __SIGQUEUE_TID) == 0) {
2052 if ((p = pfind_any(pid)) == NULL)
2053 return (ESRCH);
2054 td2 = NULL;
2055 } else {
2056 p = td->td_proc;
2057 td2 = tdfind((lwpid_t)pid, p->p_pid);
2058 if (td2 == NULL)
2059 return (ESRCH);
2060 }
2061
2062 error = p_cansignal(td, p, signum);
2063 if (error == 0 && signum != 0) {
2064 ksiginfo_init(&ksi);
2065 ksi.ksi_flags = KSI_SIGQ;
2066 ksi.ksi_signo = signum;
2067 ksi.ksi_code = SI_QUEUE;
2068 ksi.ksi_pid = td->td_proc->p_pid;
2069 ksi.ksi_uid = td->td_ucred->cr_ruid;
2070 ksi.ksi_value = *value;
2071 error = tdsendsignal(p, td2, ksi.ksi_signo, &ksi);
2072 }
2073 PROC_UNLOCK(p);
2074 return (error);
2075 }
2076
2077 /*
2078 * Send a signal to a process group. If checktty is 1,
2079 * limit to members which have a controlling terminal.
2080 */
2081 void
pgsignal(struct pgrp * pgrp,int sig,int checkctty,ksiginfo_t * ksi)2082 pgsignal(struct pgrp *pgrp, int sig, int checkctty, ksiginfo_t *ksi)
2083 {
2084 struct proc *p;
2085
2086 if (pgrp) {
2087 PGRP_LOCK_ASSERT(pgrp, MA_OWNED);
2088 LIST_FOREACH(p, &pgrp->pg_members, p_pglist) {
2089 PROC_LOCK(p);
2090 if (p->p_state == PRS_NORMAL &&
2091 (checkctty == 0 || p->p_flag & P_CONTROLT))
2092 pksignal(p, sig, ksi);
2093 PROC_UNLOCK(p);
2094 }
2095 }
2096 }
2097
2098 /*
2099 * Recalculate the signal mask and reset the signal disposition after
2100 * usermode frame for delivery is formed. Should be called after
2101 * mach-specific routine, because sysent->sv_sendsig() needs correct
2102 * ps_siginfo and signal mask.
2103 */
2104 static void
postsig_done(int sig,struct thread * td,struct sigacts * ps)2105 postsig_done(int sig, struct thread *td, struct sigacts *ps)
2106 {
2107 sigset_t mask;
2108
2109 mtx_assert(&ps->ps_mtx, MA_OWNED);
2110 td->td_ru.ru_nsignals++;
2111 mask = ps->ps_catchmask[_SIG_IDX(sig)];
2112 if (!SIGISMEMBER(ps->ps_signodefer, sig))
2113 SIGADDSET(mask, sig);
2114 kern_sigprocmask(td, SIG_BLOCK, &mask, NULL,
2115 SIGPROCMASK_PROC_LOCKED | SIGPROCMASK_PS_LOCKED);
2116 if (SIGISMEMBER(ps->ps_sigreset, sig))
2117 sigdflt(ps, sig);
2118 }
2119
2120 /*
2121 * Send a signal caused by a trap to the current thread. If it will be
2122 * caught immediately, deliver it with correct code. Otherwise, post it
2123 * normally.
2124 */
2125 void
trapsignal(struct thread * td,ksiginfo_t * ksi)2126 trapsignal(struct thread *td, ksiginfo_t *ksi)
2127 {
2128 struct sigacts *ps;
2129 struct proc *p;
2130 sigset_t sigmask;
2131 int sig;
2132
2133 p = td->td_proc;
2134 sig = ksi->ksi_signo;
2135 KASSERT(_SIG_VALID(sig), ("invalid signal"));
2136
2137 sigfastblock_fetch(td);
2138 PROC_LOCK(p);
2139 ps = p->p_sigacts;
2140 mtx_lock(&ps->ps_mtx);
2141 sigmask = td->td_sigmask;
2142 if (td->td_sigblock_val != 0)
2143 SIGSETOR(sigmask, fastblock_mask);
2144 if ((p->p_flag & P_TRACED) == 0 && SIGISMEMBER(ps->ps_sigcatch, sig) &&
2145 !SIGISMEMBER(sigmask, sig)) {
2146 #ifdef KTRACE
2147 if (KTRPOINT(curthread, KTR_PSIG))
2148 ktrpsig(sig, ps->ps_sigact[_SIG_IDX(sig)],
2149 &td->td_sigmask, ksi->ksi_code);
2150 #endif
2151 (*p->p_sysent->sv_sendsig)(ps->ps_sigact[_SIG_IDX(sig)],
2152 ksi, &td->td_sigmask);
2153 postsig_done(sig, td, ps);
2154 mtx_unlock(&ps->ps_mtx);
2155 } else {
2156 /*
2157 * Avoid a possible infinite loop if the thread
2158 * masking the signal or process is ignoring the
2159 * signal.
2160 */
2161 if (kern_forcesigexit && (SIGISMEMBER(sigmask, sig) ||
2162 ps->ps_sigact[_SIG_IDX(sig)] == SIG_IGN)) {
2163 SIGDELSET(td->td_sigmask, sig);
2164 SIGDELSET(ps->ps_sigcatch, sig);
2165 SIGDELSET(ps->ps_sigignore, sig);
2166 ps->ps_sigact[_SIG_IDX(sig)] = SIG_DFL;
2167 td->td_pflags &= ~TDP_SIGFASTBLOCK;
2168 td->td_sigblock_val = 0;
2169 }
2170 mtx_unlock(&ps->ps_mtx);
2171 p->p_sig = sig; /* XXX to verify code */
2172 tdsendsignal(p, td, sig, ksi);
2173 }
2174 PROC_UNLOCK(p);
2175 }
2176
2177 static struct thread *
sigtd(struct proc * p,int sig,bool fast_sigblock)2178 sigtd(struct proc *p, int sig, bool fast_sigblock)
2179 {
2180 struct thread *td, *signal_td;
2181
2182 PROC_LOCK_ASSERT(p, MA_OWNED);
2183 MPASS(!fast_sigblock || p == curproc);
2184
2185 /*
2186 * Check if current thread can handle the signal without
2187 * switching context to another thread.
2188 */
2189 if (curproc == p && !SIGISMEMBER(curthread->td_sigmask, sig) &&
2190 (!fast_sigblock || curthread->td_sigblock_val == 0))
2191 return (curthread);
2192
2193 /* Find a non-stopped thread that does not mask the signal. */
2194 signal_td = NULL;
2195 FOREACH_THREAD_IN_PROC(p, td) {
2196 if (!SIGISMEMBER(td->td_sigmask, sig) && (!fast_sigblock ||
2197 td != curthread || td->td_sigblock_val == 0) &&
2198 (td->td_flags & TDF_BOUNDARY) == 0) {
2199 signal_td = td;
2200 break;
2201 }
2202 }
2203 /* Select random (first) thread if no better match was found. */
2204 if (signal_td == NULL)
2205 signal_td = FIRST_THREAD_IN_PROC(p);
2206 return (signal_td);
2207 }
2208
2209 /*
2210 * Send the signal to the process. If the signal has an action, the action
2211 * is usually performed by the target process rather than the caller; we add
2212 * the signal to the set of pending signals for the process.
2213 *
2214 * Exceptions:
2215 * o When a stop signal is sent to a sleeping process that takes the
2216 * default action, the process is stopped without awakening it.
2217 * o SIGCONT restarts stopped processes (or puts them back to sleep)
2218 * regardless of the signal action (eg, blocked or ignored).
2219 *
2220 * Other ignored signals are discarded immediately.
2221 *
2222 * NB: This function may be entered from the debugger via the "kill" DDB
2223 * command. There is little that can be done to mitigate the possibly messy
2224 * side effects of this unwise possibility.
2225 */
2226 void
kern_psignal(struct proc * p,int sig)2227 kern_psignal(struct proc *p, int sig)
2228 {
2229 ksiginfo_t ksi;
2230
2231 ksiginfo_init(&ksi);
2232 ksi.ksi_signo = sig;
2233 ksi.ksi_code = SI_KERNEL;
2234 (void) tdsendsignal(p, NULL, sig, &ksi);
2235 }
2236
2237 int
pksignal(struct proc * p,int sig,ksiginfo_t * ksi)2238 pksignal(struct proc *p, int sig, ksiginfo_t *ksi)
2239 {
2240
2241 return (tdsendsignal(p, NULL, sig, ksi));
2242 }
2243
2244 /* Utility function for finding a thread to send signal event to. */
2245 int
sigev_findtd(struct proc * p,struct sigevent * sigev,struct thread ** ttd)2246 sigev_findtd(struct proc *p, struct sigevent *sigev, struct thread **ttd)
2247 {
2248 struct thread *td;
2249
2250 if (sigev->sigev_notify == SIGEV_THREAD_ID) {
2251 td = tdfind(sigev->sigev_notify_thread_id, p->p_pid);
2252 if (td == NULL)
2253 return (ESRCH);
2254 *ttd = td;
2255 } else {
2256 *ttd = NULL;
2257 PROC_LOCK(p);
2258 }
2259 return (0);
2260 }
2261
2262 void
tdsignal(struct thread * td,int sig)2263 tdsignal(struct thread *td, int sig)
2264 {
2265 ksiginfo_t ksi;
2266
2267 ksiginfo_init(&ksi);
2268 ksi.ksi_signo = sig;
2269 ksi.ksi_code = SI_KERNEL;
2270 (void) tdsendsignal(td->td_proc, td, sig, &ksi);
2271 }
2272
2273 void
tdksignal(struct thread * td,int sig,ksiginfo_t * ksi)2274 tdksignal(struct thread *td, int sig, ksiginfo_t *ksi)
2275 {
2276
2277 (void) tdsendsignal(td->td_proc, td, sig, ksi);
2278 }
2279
2280 static int
sig_sleepq_abort(struct thread * td,int intrval)2281 sig_sleepq_abort(struct thread *td, int intrval)
2282 {
2283 THREAD_LOCK_ASSERT(td, MA_OWNED);
2284
2285 if (intrval == 0 && (td->td_flags & TDF_SIGWAIT) == 0) {
2286 thread_unlock(td);
2287 return (0);
2288 }
2289 return (sleepq_abort(td, intrval));
2290 }
2291
2292 int
tdsendsignal(struct proc * p,struct thread * td,int sig,ksiginfo_t * ksi)2293 tdsendsignal(struct proc *p, struct thread *td, int sig, ksiginfo_t *ksi)
2294 {
2295 sig_t action;
2296 sigqueue_t *sigqueue;
2297 int prop;
2298 struct sigacts *ps;
2299 int intrval;
2300 int ret = 0;
2301 int wakeup_swapper;
2302
2303 MPASS(td == NULL || p == td->td_proc);
2304 PROC_LOCK_ASSERT(p, MA_OWNED);
2305
2306 if (!_SIG_VALID(sig))
2307 panic("%s(): invalid signal %d", __func__, sig);
2308
2309 KASSERT(ksi == NULL || !KSI_ONQ(ksi), ("%s: ksi on queue", __func__));
2310
2311 /*
2312 * IEEE Std 1003.1-2001: return success when killing a zombie.
2313 */
2314 if (p->p_state == PRS_ZOMBIE) {
2315 if (ksi != NULL && (ksi->ksi_flags & KSI_INS) != 0)
2316 ksiginfo_tryfree(ksi);
2317 return (ret);
2318 }
2319
2320 ps = p->p_sigacts;
2321 KNOTE_LOCKED(p->p_klist, NOTE_SIGNAL | sig);
2322 prop = sigprop(sig);
2323
2324 if (td == NULL) {
2325 td = sigtd(p, sig, false);
2326 sigqueue = &p->p_sigqueue;
2327 } else
2328 sigqueue = &td->td_sigqueue;
2329
2330 SDT_PROBE3(proc, , , signal__send, td, p, sig);
2331
2332 /*
2333 * If the signal is being ignored, then we forget about it
2334 * immediately, except when the target process executes
2335 * sigwait(). (Note: we don't set SIGCONT in ps_sigignore,
2336 * and if it is set to SIG_IGN, action will be SIG_DFL here.)
2337 */
2338 mtx_lock(&ps->ps_mtx);
2339 if (SIGISMEMBER(ps->ps_sigignore, sig)) {
2340 if (kern_sig_discard_ign &&
2341 (p->p_sysent->sv_flags & SV_SIG_DISCIGN) == 0) {
2342 SDT_PROBE3(proc, , , signal__discard, td, p, sig);
2343
2344 mtx_unlock(&ps->ps_mtx);
2345 if (ksi != NULL && (ksi->ksi_flags & KSI_INS) != 0)
2346 ksiginfo_tryfree(ksi);
2347 return (ret);
2348 } else {
2349 action = SIG_CATCH;
2350 intrval = 0;
2351 }
2352 } else {
2353 if (SIGISMEMBER(td->td_sigmask, sig))
2354 action = SIG_HOLD;
2355 else if (SIGISMEMBER(ps->ps_sigcatch, sig))
2356 action = SIG_CATCH;
2357 else
2358 action = SIG_DFL;
2359 if (SIGISMEMBER(ps->ps_sigintr, sig))
2360 intrval = EINTR;
2361 else
2362 intrval = ERESTART;
2363 }
2364 mtx_unlock(&ps->ps_mtx);
2365
2366 if (prop & SIGPROP_CONT)
2367 sigqueue_delete_stopmask_proc(p);
2368 else if (prop & SIGPROP_STOP) {
2369 if (pt_attach_transparent &&
2370 (p->p_flag & P_TRACED) != 0 &&
2371 (p->p_flag2 & P2_PTRACE_FSTP) != 0) {
2372 PROC_SLOCK(p);
2373 sig_handle_first_stop(NULL, p, sig);
2374 PROC_SUNLOCK(p);
2375 return (0);
2376 }
2377
2378 /*
2379 * If sending a tty stop signal to a member of an orphaned
2380 * process group, discard the signal here if the action
2381 * is default; don't stop the process below if sleeping,
2382 * and don't clear any pending SIGCONT.
2383 */
2384 if ((prop & SIGPROP_TTYSTOP) != 0 &&
2385 (p->p_pgrp->pg_flags & PGRP_ORPHANED) != 0 &&
2386 action == SIG_DFL) {
2387 if (ksi != NULL && (ksi->ksi_flags & KSI_INS) != 0)
2388 ksiginfo_tryfree(ksi);
2389 return (ret);
2390 }
2391 sigqueue_delete_proc(p, SIGCONT);
2392 if (p->p_flag & P_CONTINUED) {
2393 p->p_flag &= ~P_CONTINUED;
2394 PROC_LOCK(p->p_pptr);
2395 sigqueue_take(p->p_ksi);
2396 PROC_UNLOCK(p->p_pptr);
2397 }
2398 }
2399
2400 ret = sigqueue_add(sigqueue, sig, ksi);
2401 if (ret != 0)
2402 return (ret);
2403 signotify(td);
2404 /*
2405 * Defer further processing for signals which are held,
2406 * except that stopped processes must be continued by SIGCONT.
2407 */
2408 if (action == SIG_HOLD &&
2409 !((prop & SIGPROP_CONT) && (p->p_flag & P_STOPPED_SIG)))
2410 return (ret);
2411
2412 wakeup_swapper = 0;
2413
2414 /*
2415 * Some signals have a process-wide effect and a per-thread
2416 * component. Most processing occurs when the process next
2417 * tries to cross the user boundary, however there are some
2418 * times when processing needs to be done immediately, such as
2419 * waking up threads so that they can cross the user boundary.
2420 * We try to do the per-process part here.
2421 */
2422 if (P_SHOULDSTOP(p)) {
2423 KASSERT(!(p->p_flag & P_WEXIT),
2424 ("signal to stopped but exiting process"));
2425 if (sig == SIGKILL) {
2426 /*
2427 * If traced process is already stopped,
2428 * then no further action is necessary.
2429 */
2430 if (p->p_flag & P_TRACED)
2431 goto out;
2432 /*
2433 * SIGKILL sets process running.
2434 * It will die elsewhere.
2435 * All threads must be restarted.
2436 */
2437 p->p_flag &= ~P_STOPPED_SIG;
2438 goto runfast;
2439 }
2440
2441 if (prop & SIGPROP_CONT) {
2442 /*
2443 * If traced process is already stopped,
2444 * then no further action is necessary.
2445 */
2446 if (p->p_flag & P_TRACED)
2447 goto out;
2448 /*
2449 * If SIGCONT is default (or ignored), we continue the
2450 * process but don't leave the signal in sigqueue as
2451 * it has no further action. If SIGCONT is held, we
2452 * continue the process and leave the signal in
2453 * sigqueue. If the process catches SIGCONT, let it
2454 * handle the signal itself. If it isn't waiting on
2455 * an event, it goes back to run state.
2456 * Otherwise, process goes back to sleep state.
2457 */
2458 p->p_flag &= ~P_STOPPED_SIG;
2459 PROC_SLOCK(p);
2460 if (p->p_numthreads == p->p_suspcount) {
2461 PROC_SUNLOCK(p);
2462 p->p_flag |= P_CONTINUED;
2463 p->p_xsig = SIGCONT;
2464 PROC_LOCK(p->p_pptr);
2465 childproc_continued(p);
2466 PROC_UNLOCK(p->p_pptr);
2467 PROC_SLOCK(p);
2468 }
2469 if (action == SIG_DFL) {
2470 thread_unsuspend(p);
2471 PROC_SUNLOCK(p);
2472 sigqueue_delete(sigqueue, sig);
2473 goto out_cont;
2474 }
2475 if (action == SIG_CATCH) {
2476 /*
2477 * The process wants to catch it so it needs
2478 * to run at least one thread, but which one?
2479 */
2480 PROC_SUNLOCK(p);
2481 goto runfast;
2482 }
2483 /*
2484 * The signal is not ignored or caught.
2485 */
2486 thread_unsuspend(p);
2487 PROC_SUNLOCK(p);
2488 goto out_cont;
2489 }
2490
2491 if (prop & SIGPROP_STOP) {
2492 /*
2493 * If traced process is already stopped,
2494 * then no further action is necessary.
2495 */
2496 if (p->p_flag & P_TRACED)
2497 goto out;
2498 /*
2499 * Already stopped, don't need to stop again
2500 * (If we did the shell could get confused).
2501 * Just make sure the signal STOP bit set.
2502 */
2503 p->p_flag |= P_STOPPED_SIG;
2504 sigqueue_delete(sigqueue, sig);
2505 goto out;
2506 }
2507
2508 /*
2509 * All other kinds of signals:
2510 * If a thread is sleeping interruptibly, simulate a
2511 * wakeup so that when it is continued it will be made
2512 * runnable and can look at the signal. However, don't make
2513 * the PROCESS runnable, leave it stopped.
2514 * It may run a bit until it hits a thread_suspend_check().
2515 */
2516 PROC_SLOCK(p);
2517 thread_lock(td);
2518 if (TD_CAN_ABORT(td))
2519 wakeup_swapper = sig_sleepq_abort(td, intrval);
2520 else
2521 thread_unlock(td);
2522 PROC_SUNLOCK(p);
2523 goto out;
2524 /*
2525 * Mutexes are short lived. Threads waiting on them will
2526 * hit thread_suspend_check() soon.
2527 */
2528 } else if (p->p_state == PRS_NORMAL) {
2529 if (p->p_flag & P_TRACED || action == SIG_CATCH) {
2530 tdsigwakeup(td, sig, action, intrval);
2531 goto out;
2532 }
2533
2534 MPASS(action == SIG_DFL);
2535
2536 if (prop & SIGPROP_STOP) {
2537 bool res;
2538
2539 if (p->p_flag & (P_PPWAIT|P_WEXIT))
2540 goto out;
2541 p->p_flag |= P_STOPPED_SIG;
2542 p->p_xsig = sig;
2543 PROC_SLOCK(p);
2544 wakeup_swapper = sig_suspend_threads(td, p, &res);
2545 if (p->p_numthreads == p->p_suspcount) {
2546 /*
2547 * only thread sending signal to another
2548 * process can reach here, if thread is sending
2549 * signal to its process, because thread does
2550 * not suspend itself here, p_numthreads
2551 * should never be equal to p_suspcount.
2552 */
2553 thread_stopped(p);
2554 PROC_SUNLOCK(p);
2555 sigqueue_delete_proc(p, p->p_xsig);
2556 } else
2557 PROC_SUNLOCK(p);
2558 goto out;
2559 }
2560 } else {
2561 /* Not in "NORMAL" state. discard the signal. */
2562 sigqueue_delete(sigqueue, sig);
2563 goto out;
2564 }
2565
2566 /*
2567 * The process is not stopped so we need to apply the signal to all the
2568 * running threads.
2569 */
2570 runfast:
2571 tdsigwakeup(td, sig, action, intrval);
2572 PROC_SLOCK(p);
2573 thread_unsuspend(p);
2574 PROC_SUNLOCK(p);
2575 out_cont:
2576 itimer_proc_continue(p);
2577 kqtimer_proc_continue(p);
2578 out:
2579 /* If we jump here, proc slock should not be owned. */
2580 PROC_SLOCK_ASSERT(p, MA_NOTOWNED);
2581 if (wakeup_swapper)
2582 kick_proc0();
2583
2584 return (ret);
2585 }
2586
2587 /*
2588 * The force of a signal has been directed against a single
2589 * thread. We need to see what we can do about knocking it
2590 * out of any sleep it may be in etc.
2591 */
2592 static void
tdsigwakeup(struct thread * td,int sig,sig_t action,int intrval)2593 tdsigwakeup(struct thread *td, int sig, sig_t action, int intrval)
2594 {
2595 struct proc *p = td->td_proc;
2596 int prop, wakeup_swapper;
2597
2598 PROC_LOCK_ASSERT(p, MA_OWNED);
2599 prop = sigprop(sig);
2600
2601 PROC_SLOCK(p);
2602 thread_lock(td);
2603 /*
2604 * Bring the priority of a thread up if we want it to get
2605 * killed in this lifetime. Be careful to avoid bumping the
2606 * priority of the idle thread, since we still allow to signal
2607 * kernel processes.
2608 */
2609 if (action == SIG_DFL && (prop & SIGPROP_KILL) != 0 &&
2610 td->td_priority > PUSER && !TD_IS_IDLETHREAD(td))
2611 sched_prio(td, PUSER);
2612 if (TD_ON_SLEEPQ(td)) {
2613 /*
2614 * If thread is sleeping uninterruptibly
2615 * we can't interrupt the sleep... the signal will
2616 * be noticed when the process returns through
2617 * trap() or syscall().
2618 */
2619 if ((td->td_flags & TDF_SINTR) == 0)
2620 goto out;
2621 /*
2622 * If SIGCONT is default (or ignored) and process is
2623 * asleep, we are finished; the process should not
2624 * be awakened.
2625 */
2626 if ((prop & SIGPROP_CONT) && action == SIG_DFL) {
2627 thread_unlock(td);
2628 PROC_SUNLOCK(p);
2629 sigqueue_delete(&p->p_sigqueue, sig);
2630 /*
2631 * It may be on either list in this state.
2632 * Remove from both for now.
2633 */
2634 sigqueue_delete(&td->td_sigqueue, sig);
2635 return;
2636 }
2637
2638 /*
2639 * Don't awaken a sleeping thread for SIGSTOP if the
2640 * STOP signal is deferred.
2641 */
2642 if ((prop & SIGPROP_STOP) != 0 && (td->td_flags & (TDF_SBDRY |
2643 TDF_SERESTART | TDF_SEINTR)) == TDF_SBDRY)
2644 goto out;
2645
2646 /*
2647 * Give low priority threads a better chance to run.
2648 */
2649 if (td->td_priority > PUSER && !TD_IS_IDLETHREAD(td))
2650 sched_prio(td, PUSER);
2651
2652 wakeup_swapper = sig_sleepq_abort(td, intrval);
2653 PROC_SUNLOCK(p);
2654 if (wakeup_swapper)
2655 kick_proc0();
2656 return;
2657 }
2658
2659 /*
2660 * Other states do nothing with the signal immediately,
2661 * other than kicking ourselves if we are running.
2662 * It will either never be noticed, or noticed very soon.
2663 */
2664 #ifdef SMP
2665 if (TD_IS_RUNNING(td) && td != curthread)
2666 forward_signal(td);
2667 #endif
2668
2669 out:
2670 PROC_SUNLOCK(p);
2671 thread_unlock(td);
2672 }
2673
2674 static void
ptrace_coredumpreq(struct thread * td,struct proc * p,struct thr_coredump_req * tcq)2675 ptrace_coredumpreq(struct thread *td, struct proc *p,
2676 struct thr_coredump_req *tcq)
2677 {
2678 void *rl_cookie;
2679
2680 if (p->p_sysent->sv_coredump == NULL) {
2681 tcq->tc_error = ENOSYS;
2682 return;
2683 }
2684
2685 rl_cookie = vn_rangelock_wlock(tcq->tc_vp, 0, OFF_MAX);
2686 tcq->tc_error = p->p_sysent->sv_coredump(td, tcq->tc_vp,
2687 tcq->tc_limit, tcq->tc_flags);
2688 vn_rangelock_unlock(tcq->tc_vp, rl_cookie);
2689 }
2690
2691 static void
ptrace_syscallreq(struct thread * td,struct proc * p,struct thr_syscall_req * tsr)2692 ptrace_syscallreq(struct thread *td, struct proc *p,
2693 struct thr_syscall_req *tsr)
2694 {
2695 struct sysentvec *sv;
2696 struct sysent *se;
2697 register_t rv_saved[2];
2698 int error, nerror;
2699 int sc;
2700 bool audited, sy_thr_static;
2701
2702 sv = p->p_sysent;
2703 if (sv->sv_table == NULL || sv->sv_size < tsr->ts_sa.code) {
2704 tsr->ts_ret.sr_error = ENOSYS;
2705 return;
2706 }
2707
2708 sc = tsr->ts_sa.code;
2709 if (sc == SYS_syscall || sc == SYS___syscall) {
2710 sc = tsr->ts_sa.args[0];
2711 memmove(&tsr->ts_sa.args[0], &tsr->ts_sa.args[1],
2712 sizeof(register_t) * (tsr->ts_nargs - 1));
2713 }
2714
2715 tsr->ts_sa.callp = se = &sv->sv_table[sc];
2716
2717 VM_CNT_INC(v_syscall);
2718 td->td_pticks = 0;
2719 if (__predict_false(td->td_cowgen != atomic_load_int(
2720 &td->td_proc->p_cowgen)))
2721 thread_cow_update(td);
2722
2723 td->td_sa = tsr->ts_sa;
2724
2725 #ifdef CAPABILITY_MODE
2726 if ((se->sy_flags & SYF_CAPENABLED) == 0) {
2727 if (CAP_TRACING(td))
2728 ktrcapfail(CAPFAIL_SYSCALL, NULL);
2729 if (IN_CAPABILITY_MODE(td)) {
2730 tsr->ts_ret.sr_error = ECAPMODE;
2731 return;
2732 }
2733 }
2734 #endif
2735
2736 sy_thr_static = (se->sy_thrcnt & SY_THR_STATIC) != 0;
2737 audited = AUDIT_SYSCALL_ENTER(sc, td) != 0;
2738
2739 if (!sy_thr_static) {
2740 error = syscall_thread_enter(td, &se);
2741 sy_thr_static = (se->sy_thrcnt & SY_THR_STATIC) != 0;
2742 if (error != 0) {
2743 tsr->ts_ret.sr_error = error;
2744 return;
2745 }
2746 }
2747
2748 rv_saved[0] = td->td_retval[0];
2749 rv_saved[1] = td->td_retval[1];
2750 nerror = td->td_errno;
2751 td->td_retval[0] = 0;
2752 td->td_retval[1] = 0;
2753
2754 #ifdef KDTRACE_HOOKS
2755 if (se->sy_entry != 0)
2756 (*systrace_probe_func)(&tsr->ts_sa, SYSTRACE_ENTRY, 0);
2757 #endif
2758 tsr->ts_ret.sr_error = se->sy_call(td, tsr->ts_sa.args);
2759 #ifdef KDTRACE_HOOKS
2760 if (se->sy_return != 0)
2761 (*systrace_probe_func)(&tsr->ts_sa, SYSTRACE_RETURN,
2762 tsr->ts_ret.sr_error != 0 ? -1 : td->td_retval[0]);
2763 #endif
2764
2765 tsr->ts_ret.sr_retval[0] = td->td_retval[0];
2766 tsr->ts_ret.sr_retval[1] = td->td_retval[1];
2767 td->td_retval[0] = rv_saved[0];
2768 td->td_retval[1] = rv_saved[1];
2769 td->td_errno = nerror;
2770
2771 if (audited)
2772 AUDIT_SYSCALL_EXIT(error, td);
2773 if (!sy_thr_static)
2774 syscall_thread_exit(td, se);
2775 }
2776
2777 static void
ptrace_remotereq(struct thread * td,int flag)2778 ptrace_remotereq(struct thread *td, int flag)
2779 {
2780 struct proc *p;
2781
2782 MPASS(td == curthread);
2783 p = td->td_proc;
2784 PROC_LOCK_ASSERT(p, MA_OWNED);
2785 if ((td->td_dbgflags & flag) == 0)
2786 return;
2787 KASSERT((p->p_flag & P_STOPPED_TRACE) != 0, ("not stopped"));
2788 KASSERT(td->td_remotereq != NULL, ("td_remotereq is NULL"));
2789
2790 PROC_UNLOCK(p);
2791 switch (flag) {
2792 case TDB_COREDUMPREQ:
2793 ptrace_coredumpreq(td, p, td->td_remotereq);
2794 break;
2795 case TDB_SCREMOTEREQ:
2796 ptrace_syscallreq(td, p, td->td_remotereq);
2797 break;
2798 default:
2799 __unreachable();
2800 }
2801 PROC_LOCK(p);
2802
2803 MPASS((td->td_dbgflags & flag) != 0);
2804 td->td_dbgflags &= ~flag;
2805 td->td_remotereq = NULL;
2806 wakeup(p);
2807 }
2808
2809 /*
2810 * Suspend threads of the process p, either by directly setting the
2811 * inhibitor for the thread sleeping interruptibly, or by making the
2812 * thread suspend at the userspace boundary by scheduling a suspend AST.
2813 *
2814 * *resp returns true if some threads were suspended directly from the
2815 * sleeping state, and false if all threads are forced to process AST.
2816 */
2817 static int
sig_suspend_threads(struct thread * td,struct proc * p,bool * resp)2818 sig_suspend_threads(struct thread *td, struct proc *p, bool *resp)
2819 {
2820 struct thread *td2;
2821 int wakeup_swapper;
2822 bool res;
2823
2824 PROC_LOCK_ASSERT(p, MA_OWNED);
2825 PROC_SLOCK_ASSERT(p, MA_OWNED);
2826
2827 wakeup_swapper = 0;
2828 res = false;
2829 FOREACH_THREAD_IN_PROC(p, td2) {
2830 thread_lock(td2);
2831 ast_sched_locked(td2, TDA_SUSPEND);
2832 if ((TD_IS_SLEEPING(td2) || TD_IS_SWAPPED(td2)) &&
2833 (td2->td_flags & TDF_SINTR)) {
2834 if (td2->td_flags & TDF_SBDRY) {
2835 /*
2836 * Once a thread is asleep with
2837 * TDF_SBDRY and without TDF_SERESTART
2838 * or TDF_SEINTR set, it should never
2839 * become suspended due to this check.
2840 */
2841 KASSERT(!TD_IS_SUSPENDED(td2),
2842 ("thread with deferred stops suspended"));
2843 if (TD_SBDRY_INTR(td2)) {
2844 wakeup_swapper |= sleepq_abort(td2,
2845 TD_SBDRY_ERRNO(td2));
2846 continue;
2847 }
2848 } else if (!TD_IS_SUSPENDED(td2)) {
2849 thread_suspend_one(td2);
2850 res = true;
2851 }
2852 } else if (!TD_IS_SUSPENDED(td2)) {
2853 #ifdef SMP
2854 if (TD_IS_RUNNING(td2) && td2 != td)
2855 forward_signal(td2);
2856 #endif
2857 }
2858 thread_unlock(td2);
2859 }
2860 *resp = res;
2861 return (wakeup_swapper);
2862 }
2863
2864 static void
sig_handle_first_stop(struct thread * td,struct proc * p,int sig)2865 sig_handle_first_stop(struct thread *td, struct proc *p, int sig)
2866 {
2867 bool res;
2868
2869 if (td != NULL && (td->td_dbgflags & TDB_FSTP) == 0 &&
2870 ((p->p_flag2 & P2_PTRACE_FSTP) != 0 || p->p_xthread != NULL))
2871 return;
2872
2873 p->p_xsig = sig;
2874 p->p_xthread = td;
2875
2876 /*
2877 * If we are on sleepqueue already, let sleepqueue
2878 * code decide if it needs to go sleep after attach.
2879 */
2880 if (td != NULL && td->td_wchan == NULL)
2881 td->td_dbgflags &= ~TDB_FSTP;
2882
2883 p->p_flag2 &= ~P2_PTRACE_FSTP;
2884 p->p_flag |= P_STOPPED_SIG | P_STOPPED_TRACE;
2885 sig_suspend_threads(td, p, &res);
2886 if (res && td == NULL)
2887 thread_stopped(p);
2888 }
2889
2890 /*
2891 * Stop the process for an event deemed interesting to the debugger. If si is
2892 * non-NULL, this is a signal exchange; the new signal requested by the
2893 * debugger will be returned for handling. If si is NULL, this is some other
2894 * type of interesting event. The debugger may request a signal be delivered in
2895 * that case as well, however it will be deferred until it can be handled.
2896 */
2897 int
ptracestop(struct thread * td,int sig,ksiginfo_t * si)2898 ptracestop(struct thread *td, int sig, ksiginfo_t *si)
2899 {
2900 struct proc *p = td->td_proc;
2901 struct thread *td2;
2902 ksiginfo_t ksi;
2903
2904 PROC_LOCK_ASSERT(p, MA_OWNED);
2905 KASSERT(!(p->p_flag & P_WEXIT), ("Stopping exiting process"));
2906 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK,
2907 &p->p_mtx.lock_object, "Stopping for traced signal");
2908
2909 td->td_xsig = sig;
2910
2911 if (si == NULL || (si->ksi_flags & KSI_PTRACE) == 0) {
2912 td->td_dbgflags |= TDB_XSIG;
2913 CTR4(KTR_PTRACE, "ptracestop: tid %d (pid %d) flags %#x sig %d",
2914 td->td_tid, p->p_pid, td->td_dbgflags, sig);
2915 PROC_SLOCK(p);
2916 while ((p->p_flag & P_TRACED) && (td->td_dbgflags & TDB_XSIG)) {
2917 if (P_KILLED(p)) {
2918 /*
2919 * Ensure that, if we've been PT_KILLed, the
2920 * exit status reflects that. Another thread
2921 * may also be in ptracestop(), having just
2922 * received the SIGKILL, but this thread was
2923 * unsuspended first.
2924 */
2925 td->td_dbgflags &= ~TDB_XSIG;
2926 td->td_xsig = SIGKILL;
2927 p->p_ptevents = 0;
2928 break;
2929 }
2930 if (p->p_flag & P_SINGLE_EXIT &&
2931 !(td->td_dbgflags & TDB_EXIT)) {
2932 /*
2933 * Ignore ptrace stops except for thread exit
2934 * events when the process exits.
2935 */
2936 td->td_dbgflags &= ~TDB_XSIG;
2937 PROC_SUNLOCK(p);
2938 return (0);
2939 }
2940
2941 /*
2942 * Make wait(2) work. Ensure that right after the
2943 * attach, the thread which was decided to become the
2944 * leader of attach gets reported to the waiter.
2945 * Otherwise, just avoid overwriting another thread's
2946 * assignment to p_xthread. If another thread has
2947 * already set p_xthread, the current thread will get
2948 * a chance to report itself upon the next iteration.
2949 */
2950 sig_handle_first_stop(td, p, sig);
2951
2952 if ((td->td_dbgflags & TDB_STOPATFORK) != 0) {
2953 td->td_dbgflags &= ~TDB_STOPATFORK;
2954 }
2955 stopme:
2956 td->td_dbgflags |= TDB_SSWITCH;
2957 thread_suspend_switch(td, p);
2958 td->td_dbgflags &= ~TDB_SSWITCH;
2959 if ((td->td_dbgflags & (TDB_COREDUMPREQ |
2960 TDB_SCREMOTEREQ)) != 0) {
2961 MPASS((td->td_dbgflags & (TDB_COREDUMPREQ |
2962 TDB_SCREMOTEREQ)) !=
2963 (TDB_COREDUMPREQ | TDB_SCREMOTEREQ));
2964 PROC_SUNLOCK(p);
2965 ptrace_remotereq(td, td->td_dbgflags &
2966 (TDB_COREDUMPREQ | TDB_SCREMOTEREQ));
2967 PROC_SLOCK(p);
2968 goto stopme;
2969 }
2970 if (p->p_xthread == td)
2971 p->p_xthread = NULL;
2972 if (!(p->p_flag & P_TRACED))
2973 break;
2974 if (td->td_dbgflags & TDB_SUSPEND) {
2975 if (p->p_flag & P_SINGLE_EXIT)
2976 break;
2977 goto stopme;
2978 }
2979 }
2980 PROC_SUNLOCK(p);
2981 }
2982
2983 if (si != NULL && sig == td->td_xsig) {
2984 /* Parent wants us to take the original signal unchanged. */
2985 si->ksi_flags |= KSI_HEAD;
2986 if (sigqueue_add(&td->td_sigqueue, sig, si) != 0)
2987 si->ksi_signo = 0;
2988 } else if (td->td_xsig != 0) {
2989 /*
2990 * If parent wants us to take a new signal, then it will leave
2991 * it in td->td_xsig; otherwise we just look for signals again.
2992 */
2993 ksiginfo_init(&ksi);
2994 ksi.ksi_signo = td->td_xsig;
2995 ksi.ksi_flags |= KSI_PTRACE;
2996 td2 = sigtd(p, td->td_xsig, false);
2997 tdsendsignal(p, td2, td->td_xsig, &ksi);
2998 if (td != td2)
2999 return (0);
3000 }
3001
3002 return (td->td_xsig);
3003 }
3004
3005 static void
reschedule_signals(struct proc * p,sigset_t block,int flags)3006 reschedule_signals(struct proc *p, sigset_t block, int flags)
3007 {
3008 struct sigacts *ps;
3009 struct thread *td;
3010 int sig;
3011 bool fastblk, pslocked;
3012
3013 PROC_LOCK_ASSERT(p, MA_OWNED);
3014 ps = p->p_sigacts;
3015 pslocked = (flags & SIGPROCMASK_PS_LOCKED) != 0;
3016 mtx_assert(&ps->ps_mtx, pslocked ? MA_OWNED : MA_NOTOWNED);
3017 if (SIGISEMPTY(p->p_siglist))
3018 return;
3019 SIGSETAND(block, p->p_siglist);
3020 fastblk = (flags & SIGPROCMASK_FASTBLK) != 0;
3021 SIG_FOREACH(sig, &block) {
3022 td = sigtd(p, sig, fastblk);
3023
3024 /*
3025 * If sigtd() selected us despite sigfastblock is
3026 * blocking, do not activate AST or wake us, to avoid
3027 * loop in AST handler.
3028 */
3029 if (fastblk && td == curthread)
3030 continue;
3031
3032 signotify(td);
3033 if (!pslocked)
3034 mtx_lock(&ps->ps_mtx);
3035 if (p->p_flag & P_TRACED ||
3036 (SIGISMEMBER(ps->ps_sigcatch, sig) &&
3037 !SIGISMEMBER(td->td_sigmask, sig))) {
3038 tdsigwakeup(td, sig, SIG_CATCH,
3039 (SIGISMEMBER(ps->ps_sigintr, sig) ? EINTR :
3040 ERESTART));
3041 }
3042 if (!pslocked)
3043 mtx_unlock(&ps->ps_mtx);
3044 }
3045 }
3046
3047 void
tdsigcleanup(struct thread * td)3048 tdsigcleanup(struct thread *td)
3049 {
3050 struct proc *p;
3051 sigset_t unblocked;
3052
3053 p = td->td_proc;
3054 PROC_LOCK_ASSERT(p, MA_OWNED);
3055
3056 sigqueue_flush(&td->td_sigqueue);
3057 if (p->p_numthreads == 1)
3058 return;
3059
3060 /*
3061 * Since we cannot handle signals, notify signal post code
3062 * about this by filling the sigmask.
3063 *
3064 * Also, if needed, wake up thread(s) that do not block the
3065 * same signals as the exiting thread, since the thread might
3066 * have been selected for delivery and woken up.
3067 */
3068 SIGFILLSET(unblocked);
3069 SIGSETNAND(unblocked, td->td_sigmask);
3070 SIGFILLSET(td->td_sigmask);
3071 reschedule_signals(p, unblocked, 0);
3072
3073 }
3074
3075 static int
sigdeferstop_curr_flags(int cflags)3076 sigdeferstop_curr_flags(int cflags)
3077 {
3078
3079 MPASS((cflags & (TDF_SEINTR | TDF_SERESTART)) == 0 ||
3080 (cflags & TDF_SBDRY) != 0);
3081 return (cflags & (TDF_SBDRY | TDF_SEINTR | TDF_SERESTART));
3082 }
3083
3084 /*
3085 * Defer the delivery of SIGSTOP for the current thread, according to
3086 * the requested mode. Returns previous flags, which must be restored
3087 * by sigallowstop().
3088 *
3089 * TDF_SBDRY, TDF_SEINTR, and TDF_SERESTART flags are only set and
3090 * cleared by the current thread, which allow the lock-less read-only
3091 * accesses below.
3092 */
3093 int
sigdeferstop_impl(int mode)3094 sigdeferstop_impl(int mode)
3095 {
3096 struct thread *td;
3097 int cflags, nflags;
3098
3099 td = curthread;
3100 cflags = sigdeferstop_curr_flags(td->td_flags);
3101 switch (mode) {
3102 case SIGDEFERSTOP_NOP:
3103 nflags = cflags;
3104 break;
3105 case SIGDEFERSTOP_OFF:
3106 nflags = 0;
3107 break;
3108 case SIGDEFERSTOP_SILENT:
3109 nflags = (cflags | TDF_SBDRY) & ~(TDF_SEINTR | TDF_SERESTART);
3110 break;
3111 case SIGDEFERSTOP_EINTR:
3112 nflags = (cflags | TDF_SBDRY | TDF_SEINTR) & ~TDF_SERESTART;
3113 break;
3114 case SIGDEFERSTOP_ERESTART:
3115 nflags = (cflags | TDF_SBDRY | TDF_SERESTART) & ~TDF_SEINTR;
3116 break;
3117 default:
3118 panic("sigdeferstop: invalid mode %x", mode);
3119 break;
3120 }
3121 if (cflags == nflags)
3122 return (SIGDEFERSTOP_VAL_NCHG);
3123 thread_lock(td);
3124 td->td_flags = (td->td_flags & ~cflags) | nflags;
3125 thread_unlock(td);
3126 return (cflags);
3127 }
3128
3129 /*
3130 * Restores the STOP handling mode, typically permitting the delivery
3131 * of SIGSTOP for the current thread. This does not immediately
3132 * suspend if a stop was posted. Instead, the thread will suspend
3133 * either via ast() or a subsequent interruptible sleep.
3134 */
3135 void
sigallowstop_impl(int prev)3136 sigallowstop_impl(int prev)
3137 {
3138 struct thread *td;
3139 int cflags;
3140
3141 KASSERT(prev != SIGDEFERSTOP_VAL_NCHG, ("failed sigallowstop"));
3142 KASSERT((prev & ~(TDF_SBDRY | TDF_SEINTR | TDF_SERESTART)) == 0,
3143 ("sigallowstop: incorrect previous mode %x", prev));
3144 td = curthread;
3145 cflags = sigdeferstop_curr_flags(td->td_flags);
3146 if (cflags != prev) {
3147 thread_lock(td);
3148 td->td_flags = (td->td_flags & ~cflags) | prev;
3149 thread_unlock(td);
3150 }
3151 }
3152
3153 enum sigstatus {
3154 SIGSTATUS_HANDLE,
3155 SIGSTATUS_HANDLED,
3156 SIGSTATUS_IGNORE,
3157 SIGSTATUS_SBDRY_STOP,
3158 };
3159
3160 /*
3161 * The thread has signal "sig" pending. Figure out what to do with it:
3162 *
3163 * _HANDLE -> the caller should handle the signal
3164 * _HANDLED -> handled internally, reload pending signal set
3165 * _IGNORE -> ignored, remove from the set of pending signals and try the
3166 * next pending signal
3167 * _SBDRY_STOP -> the signal should stop the thread but this is not
3168 * permitted in the current context
3169 */
3170 static enum sigstatus
sigprocess(struct thread * td,int sig)3171 sigprocess(struct thread *td, int sig)
3172 {
3173 struct proc *p;
3174 struct sigacts *ps;
3175 struct sigqueue *queue;
3176 ksiginfo_t ksi;
3177 int prop;
3178
3179 KASSERT(_SIG_VALID(sig), ("%s: invalid signal %d", __func__, sig));
3180
3181 p = td->td_proc;
3182 ps = p->p_sigacts;
3183 mtx_assert(&ps->ps_mtx, MA_OWNED);
3184 PROC_LOCK_ASSERT(p, MA_OWNED);
3185
3186 /*
3187 * We should allow pending but ignored signals below
3188 * if there is sigwait() active, or P_TRACED was
3189 * on when they were posted.
3190 */
3191 if (SIGISMEMBER(ps->ps_sigignore, sig) &&
3192 (p->p_flag & P_TRACED) == 0 &&
3193 (td->td_flags & TDF_SIGWAIT) == 0) {
3194 return (SIGSTATUS_IGNORE);
3195 }
3196
3197 /*
3198 * If the process is going to single-thread mode to prepare
3199 * for exit, there is no sense in delivering any signal
3200 * to usermode. Another important consequence is that
3201 * msleep(..., PCATCH, ...) now is only interruptible by a
3202 * suspend request.
3203 */
3204 if ((p->p_flag2 & P2_WEXIT) != 0)
3205 return (SIGSTATUS_IGNORE);
3206
3207 if ((p->p_flag & (P_TRACED | P_PPTRACE)) == P_TRACED) {
3208 /*
3209 * If traced, always stop.
3210 * Remove old signal from queue before the stop.
3211 * XXX shrug off debugger, it causes siginfo to
3212 * be thrown away.
3213 */
3214 queue = &td->td_sigqueue;
3215 ksiginfo_init(&ksi);
3216 if (sigqueue_get(queue, sig, &ksi) == 0) {
3217 queue = &p->p_sigqueue;
3218 sigqueue_get(queue, sig, &ksi);
3219 }
3220 td->td_si = ksi.ksi_info;
3221
3222 mtx_unlock(&ps->ps_mtx);
3223 sig = ptracestop(td, sig, &ksi);
3224 mtx_lock(&ps->ps_mtx);
3225
3226 td->td_si.si_signo = 0;
3227
3228 /*
3229 * Keep looking if the debugger discarded or
3230 * replaced the signal.
3231 */
3232 if (sig == 0)
3233 return (SIGSTATUS_HANDLED);
3234
3235 /*
3236 * If the signal became masked, re-queue it.
3237 */
3238 if (SIGISMEMBER(td->td_sigmask, sig)) {
3239 ksi.ksi_flags |= KSI_HEAD;
3240 sigqueue_add(&p->p_sigqueue, sig, &ksi);
3241 return (SIGSTATUS_HANDLED);
3242 }
3243
3244 /*
3245 * If the traced bit got turned off, requeue the signal and
3246 * reload the set of pending signals. This ensures that p_sig*
3247 * and p_sigact are consistent.
3248 */
3249 if ((p->p_flag & P_TRACED) == 0) {
3250 if ((ksi.ksi_flags & KSI_PTRACE) == 0) {
3251 ksi.ksi_flags |= KSI_HEAD;
3252 sigqueue_add(queue, sig, &ksi);
3253 }
3254 return (SIGSTATUS_HANDLED);
3255 }
3256 }
3257
3258 /*
3259 * Decide whether the signal should be returned.
3260 * Return the signal's number, or fall through
3261 * to clear it from the pending mask.
3262 */
3263 switch ((intptr_t)p->p_sigacts->ps_sigact[_SIG_IDX(sig)]) {
3264 case (intptr_t)SIG_DFL:
3265 /*
3266 * Don't take default actions on system processes.
3267 */
3268 if (p->p_pid <= 1) {
3269 #ifdef DIAGNOSTIC
3270 /*
3271 * Are you sure you want to ignore SIGSEGV
3272 * in init? XXX
3273 */
3274 printf("Process (pid %lu) got signal %d\n",
3275 (u_long)p->p_pid, sig);
3276 #endif
3277 return (SIGSTATUS_IGNORE);
3278 }
3279
3280 /*
3281 * If there is a pending stop signal to process with
3282 * default action, stop here, then clear the signal.
3283 * Traced or exiting processes should ignore stops.
3284 * Additionally, a member of an orphaned process group
3285 * should ignore tty stops.
3286 */
3287 prop = sigprop(sig);
3288 if (prop & SIGPROP_STOP) {
3289 bool res;
3290
3291 mtx_unlock(&ps->ps_mtx);
3292 if ((p->p_flag & (P_TRACED | P_WEXIT |
3293 P_SINGLE_EXIT)) != 0 || ((p->p_pgrp->
3294 pg_flags & PGRP_ORPHANED) != 0 &&
3295 (prop & SIGPROP_TTYSTOP) != 0)) {
3296 mtx_lock(&ps->ps_mtx);
3297 return (SIGSTATUS_IGNORE);
3298 }
3299 if (TD_SBDRY_INTR(td)) {
3300 KASSERT((td->td_flags & TDF_SBDRY) != 0,
3301 ("lost TDF_SBDRY"));
3302 mtx_lock(&ps->ps_mtx);
3303 return (SIGSTATUS_SBDRY_STOP);
3304 }
3305 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK,
3306 &p->p_mtx.lock_object, "Catching SIGSTOP");
3307 sigqueue_delete(&td->td_sigqueue, sig);
3308 sigqueue_delete(&p->p_sigqueue, sig);
3309 p->p_flag |= P_STOPPED_SIG;
3310 p->p_xsig = sig;
3311 PROC_SLOCK(p);
3312 sig_suspend_threads(td, p, &res);
3313 thread_suspend_switch(td, p);
3314 PROC_SUNLOCK(p);
3315 mtx_lock(&ps->ps_mtx);
3316 return (SIGSTATUS_HANDLED);
3317 } else if ((prop & SIGPROP_IGNORE) != 0 &&
3318 (td->td_flags & TDF_SIGWAIT) == 0) {
3319 /*
3320 * Default action is to ignore; drop it if
3321 * not in kern_sigtimedwait().
3322 */
3323 return (SIGSTATUS_IGNORE);
3324 } else {
3325 return (SIGSTATUS_HANDLE);
3326 }
3327
3328 case (intptr_t)SIG_IGN:
3329 if ((td->td_flags & TDF_SIGWAIT) == 0)
3330 return (SIGSTATUS_IGNORE);
3331 else
3332 return (SIGSTATUS_HANDLE);
3333
3334 default:
3335 /*
3336 * This signal has an action, let postsig() process it.
3337 */
3338 return (SIGSTATUS_HANDLE);
3339 }
3340 }
3341
3342 /*
3343 * If the current process has received a signal (should be caught or cause
3344 * termination, should interrupt current syscall), return the signal number.
3345 * Stop signals with default action are processed immediately, then cleared;
3346 * they aren't returned. This is checked after each entry to the system for
3347 * a syscall or trap (though this can usually be done without calling
3348 * issignal by checking the pending signal masks in cursig.) The normal call
3349 * sequence is
3350 *
3351 * while (sig = cursig(curthread))
3352 * postsig(sig);
3353 */
3354 static int
issignal(struct thread * td)3355 issignal(struct thread *td)
3356 {
3357 struct proc *p;
3358 sigset_t sigpending;
3359 int sig;
3360
3361 p = td->td_proc;
3362 PROC_LOCK_ASSERT(p, MA_OWNED);
3363
3364 for (;;) {
3365 sigpending = td->td_sigqueue.sq_signals;
3366 SIGSETOR(sigpending, p->p_sigqueue.sq_signals);
3367 SIGSETNAND(sigpending, td->td_sigmask);
3368
3369 if ((p->p_flag & P_PPWAIT) != 0 || (td->td_flags &
3370 (TDF_SBDRY | TDF_SERESTART | TDF_SEINTR)) == TDF_SBDRY)
3371 SIG_STOPSIGMASK(sigpending);
3372 if (SIGISEMPTY(sigpending)) /* no signal to send */
3373 return (0);
3374
3375 /*
3376 * Do fast sigblock if requested by usermode. Since
3377 * we do know that there was a signal pending at this
3378 * point, set the FAST_SIGBLOCK_PEND as indicator for
3379 * usermode to perform a dummy call to
3380 * FAST_SIGBLOCK_UNBLOCK, which causes immediate
3381 * delivery of postponed pending signal.
3382 */
3383 if ((td->td_pflags & TDP_SIGFASTBLOCK) != 0) {
3384 if (td->td_sigblock_val != 0)
3385 SIGSETNAND(sigpending, fastblock_mask);
3386 if (SIGISEMPTY(sigpending)) {
3387 td->td_pflags |= TDP_SIGFASTPENDING;
3388 return (0);
3389 }
3390 }
3391
3392 if (!pt_attach_transparent &&
3393 (p->p_flag & (P_TRACED | P_PPTRACE)) == P_TRACED &&
3394 (p->p_flag2 & P2_PTRACE_FSTP) != 0 &&
3395 SIGISMEMBER(sigpending, SIGSTOP)) {
3396 /*
3397 * If debugger just attached, always consume
3398 * SIGSTOP from ptrace(PT_ATTACH) first, to
3399 * execute the debugger attach ritual in
3400 * order.
3401 */
3402 td->td_dbgflags |= TDB_FSTP;
3403 SIGEMPTYSET(sigpending);
3404 SIGADDSET(sigpending, SIGSTOP);
3405 }
3406
3407 SIG_FOREACH(sig, &sigpending) {
3408 switch (sigprocess(td, sig)) {
3409 case SIGSTATUS_HANDLE:
3410 return (sig);
3411 case SIGSTATUS_HANDLED:
3412 goto next;
3413 case SIGSTATUS_IGNORE:
3414 sigqueue_delete(&td->td_sigqueue, sig);
3415 sigqueue_delete(&p->p_sigqueue, sig);
3416 break;
3417 case SIGSTATUS_SBDRY_STOP:
3418 return (-1);
3419 }
3420 }
3421 next:;
3422 }
3423 }
3424
3425 void
thread_stopped(struct proc * p)3426 thread_stopped(struct proc *p)
3427 {
3428 int n;
3429
3430 PROC_LOCK_ASSERT(p, MA_OWNED);
3431 PROC_SLOCK_ASSERT(p, MA_OWNED);
3432 n = p->p_suspcount;
3433 if (p == curproc)
3434 n++;
3435 if ((p->p_flag & P_STOPPED_SIG) && (n == p->p_numthreads)) {
3436 PROC_SUNLOCK(p);
3437 p->p_flag &= ~P_WAITED;
3438 PROC_LOCK(p->p_pptr);
3439 childproc_stopped(p, (p->p_flag & P_TRACED) ?
3440 CLD_TRAPPED : CLD_STOPPED);
3441 PROC_UNLOCK(p->p_pptr);
3442 PROC_SLOCK(p);
3443 }
3444 }
3445
3446 /*
3447 * Take the action for the specified signal
3448 * from the current set of pending signals.
3449 */
3450 int
postsig(int sig)3451 postsig(int sig)
3452 {
3453 struct thread *td;
3454 struct proc *p;
3455 struct sigacts *ps;
3456 sig_t action;
3457 ksiginfo_t ksi;
3458 sigset_t returnmask;
3459
3460 KASSERT(sig != 0, ("postsig"));
3461
3462 td = curthread;
3463 p = td->td_proc;
3464 PROC_LOCK_ASSERT(p, MA_OWNED);
3465 ps = p->p_sigacts;
3466 mtx_assert(&ps->ps_mtx, MA_OWNED);
3467 ksiginfo_init(&ksi);
3468 if (sigqueue_get(&td->td_sigqueue, sig, &ksi) == 0 &&
3469 sigqueue_get(&p->p_sigqueue, sig, &ksi) == 0)
3470 return (0);
3471 ksi.ksi_signo = sig;
3472 if (ksi.ksi_code == SI_TIMER)
3473 itimer_accept(p, ksi.ksi_timerid, &ksi);
3474 action = ps->ps_sigact[_SIG_IDX(sig)];
3475 #ifdef KTRACE
3476 if (KTRPOINT(td, KTR_PSIG))
3477 ktrpsig(sig, action, td->td_pflags & TDP_OLDMASK ?
3478 &td->td_oldsigmask : &td->td_sigmask, ksi.ksi_code);
3479 #endif
3480
3481 if (action == SIG_DFL) {
3482 /*
3483 * Default action, where the default is to kill
3484 * the process. (Other cases were ignored above.)
3485 */
3486 mtx_unlock(&ps->ps_mtx);
3487 proc_td_siginfo_capture(td, &ksi.ksi_info);
3488 sigexit(td, sig);
3489 /* NOTREACHED */
3490 } else {
3491 /*
3492 * If we get here, the signal must be caught.
3493 */
3494 KASSERT(action != SIG_IGN, ("postsig action %p", action));
3495 KASSERT(!SIGISMEMBER(td->td_sigmask, sig),
3496 ("postsig action: blocked sig %d", sig));
3497
3498 /*
3499 * Set the new mask value and also defer further
3500 * occurrences of this signal.
3501 *
3502 * Special case: user has done a sigsuspend. Here the
3503 * current mask is not of interest, but rather the
3504 * mask from before the sigsuspend is what we want
3505 * restored after the signal processing is completed.
3506 */
3507 if (td->td_pflags & TDP_OLDMASK) {
3508 returnmask = td->td_oldsigmask;
3509 td->td_pflags &= ~TDP_OLDMASK;
3510 } else
3511 returnmask = td->td_sigmask;
3512
3513 if (p->p_sig == sig) {
3514 p->p_sig = 0;
3515 }
3516 (*p->p_sysent->sv_sendsig)(action, &ksi, &returnmask);
3517 postsig_done(sig, td, ps);
3518 }
3519 return (1);
3520 }
3521
3522 int
sig_ast_checksusp(struct thread * td)3523 sig_ast_checksusp(struct thread *td)
3524 {
3525 struct proc *p __diagused;
3526 int ret;
3527
3528 p = td->td_proc;
3529 PROC_LOCK_ASSERT(p, MA_OWNED);
3530
3531 if (!td_ast_pending(td, TDA_SUSPEND))
3532 return (0);
3533
3534 ret = thread_suspend_check(1);
3535 MPASS(ret == 0 || ret == EINTR || ret == ERESTART);
3536 return (ret);
3537 }
3538
3539 int
sig_ast_needsigchk(struct thread * td)3540 sig_ast_needsigchk(struct thread *td)
3541 {
3542 struct proc *p;
3543 struct sigacts *ps;
3544 int ret, sig;
3545
3546 p = td->td_proc;
3547 PROC_LOCK_ASSERT(p, MA_OWNED);
3548
3549 if (!td_ast_pending(td, TDA_SIG))
3550 return (0);
3551
3552 ps = p->p_sigacts;
3553 mtx_lock(&ps->ps_mtx);
3554 sig = cursig(td);
3555 if (sig == -1) {
3556 mtx_unlock(&ps->ps_mtx);
3557 KASSERT((td->td_flags & TDF_SBDRY) != 0, ("lost TDF_SBDRY"));
3558 KASSERT(TD_SBDRY_INTR(td),
3559 ("lost TDF_SERESTART of TDF_SEINTR"));
3560 KASSERT((td->td_flags & (TDF_SEINTR | TDF_SERESTART)) !=
3561 (TDF_SEINTR | TDF_SERESTART),
3562 ("both TDF_SEINTR and TDF_SERESTART"));
3563 ret = TD_SBDRY_ERRNO(td);
3564 } else if (sig != 0) {
3565 ret = SIGISMEMBER(ps->ps_sigintr, sig) ? EINTR : ERESTART;
3566 mtx_unlock(&ps->ps_mtx);
3567 } else {
3568 mtx_unlock(&ps->ps_mtx);
3569 ret = 0;
3570 }
3571
3572 /*
3573 * Do not go into sleep if this thread was the ptrace(2)
3574 * attach leader. cursig() consumed SIGSTOP from PT_ATTACH,
3575 * but we usually act on the signal by interrupting sleep, and
3576 * should do that here as well.
3577 */
3578 if ((td->td_dbgflags & TDB_FSTP) != 0) {
3579 if (ret == 0)
3580 ret = EINTR;
3581 td->td_dbgflags &= ~TDB_FSTP;
3582 }
3583
3584 return (ret);
3585 }
3586
3587 int
sig_intr(void)3588 sig_intr(void)
3589 {
3590 struct thread *td;
3591 struct proc *p;
3592 int ret;
3593
3594 td = curthread;
3595 if (!td_ast_pending(td, TDA_SIG) && !td_ast_pending(td, TDA_SUSPEND))
3596 return (0);
3597
3598 p = td->td_proc;
3599
3600 PROC_LOCK(p);
3601 ret = sig_ast_checksusp(td);
3602 if (ret == 0)
3603 ret = sig_ast_needsigchk(td);
3604 PROC_UNLOCK(p);
3605 return (ret);
3606 }
3607
3608 bool
curproc_sigkilled(void)3609 curproc_sigkilled(void)
3610 {
3611 struct thread *td;
3612 struct proc *p;
3613 struct sigacts *ps;
3614 bool res;
3615
3616 td = curthread;
3617 if (!td_ast_pending(td, TDA_SIG))
3618 return (false);
3619
3620 p = td->td_proc;
3621 PROC_LOCK(p);
3622 ps = p->p_sigacts;
3623 mtx_lock(&ps->ps_mtx);
3624 res = SIGISMEMBER(td->td_sigqueue.sq_signals, SIGKILL) ||
3625 SIGISMEMBER(p->p_sigqueue.sq_signals, SIGKILL);
3626 mtx_unlock(&ps->ps_mtx);
3627 PROC_UNLOCK(p);
3628 return (res);
3629 }
3630
3631 void
proc_wkilled(struct proc * p)3632 proc_wkilled(struct proc *p)
3633 {
3634
3635 PROC_LOCK_ASSERT(p, MA_OWNED);
3636 if ((p->p_flag & P_WKILLED) == 0) {
3637 p->p_flag |= P_WKILLED;
3638 /*
3639 * Notify swapper that there is a process to swap in.
3640 * The notification is racy, at worst it would take 10
3641 * seconds for the swapper process to notice.
3642 */
3643 if ((p->p_flag & (P_INMEM | P_SWAPPINGIN)) == 0)
3644 wakeup(&proc0);
3645 }
3646 }
3647
3648 /*
3649 * Kill the current process for stated reason.
3650 */
3651 void
killproc(struct proc * p,const char * why)3652 killproc(struct proc *p, const char *why)
3653 {
3654
3655 PROC_LOCK_ASSERT(p, MA_OWNED);
3656 CTR3(KTR_PROC, "killproc: proc %p (pid %d, %s)", p, p->p_pid,
3657 p->p_comm);
3658 log(LOG_ERR, "pid %d (%s), jid %d, uid %d, was killed: %s\n",
3659 p->p_pid, p->p_comm, p->p_ucred->cr_prison->pr_id,
3660 p->p_ucred->cr_uid, why);
3661 proc_wkilled(p);
3662 kern_psignal(p, SIGKILL);
3663 }
3664
3665 /*
3666 * Force the current process to exit with the specified signal, dumping core
3667 * if appropriate. We bypass the normal tests for masked and caught signals,
3668 * allowing unrecoverable failures to terminate the process without changing
3669 * signal state. Mark the accounting record with the signal termination.
3670 * If dumping core, save the signal number for the debugger. Calls exit and
3671 * does not return.
3672 */
3673 void
sigexit(struct thread * td,int sig)3674 sigexit(struct thread *td, int sig)
3675 {
3676 struct proc *p = td->td_proc;
3677 const char *coreinfo;
3678 int rv;
3679
3680 PROC_LOCK_ASSERT(p, MA_OWNED);
3681 proc_set_p2_wexit(p);
3682
3683 p->p_acflag |= AXSIG;
3684 /*
3685 * We must be single-threading to generate a core dump. This
3686 * ensures that the registers in the core file are up-to-date.
3687 * Also, the ELF dump handler assumes that the thread list doesn't
3688 * change out from under it.
3689 *
3690 * XXX If another thread attempts to single-thread before us
3691 * (e.g. via fork()), we won't get a dump at all.
3692 */
3693 if ((sigprop(sig) & SIGPROP_CORE) &&
3694 thread_single(p, SINGLE_NO_EXIT) == 0) {
3695 p->p_sig = sig;
3696 /*
3697 * Log signals which would cause core dumps
3698 * (Log as LOG_INFO to appease those who don't want
3699 * these messages.)
3700 * XXX : Todo, as well as euid, write out ruid too
3701 * Note that coredump() drops proc lock.
3702 */
3703 rv = coredump(td);
3704 switch (rv) {
3705 case 0:
3706 sig |= WCOREFLAG;
3707 coreinfo = " (core dumped)";
3708 break;
3709 case EFAULT:
3710 coreinfo = " (no core dump - bad address)";
3711 break;
3712 case EINVAL:
3713 coreinfo = " (no core dump - invalid argument)";
3714 break;
3715 case EFBIG:
3716 coreinfo = " (no core dump - too large)";
3717 break;
3718 default:
3719 coreinfo = " (no core dump - other error)";
3720 break;
3721 }
3722 if (kern_logsigexit)
3723 log(LOG_INFO,
3724 "pid %d (%s), jid %d, uid %d: exited on "
3725 "signal %d%s\n", p->p_pid, p->p_comm,
3726 p->p_ucred->cr_prison->pr_id,
3727 td->td_ucred->cr_uid,
3728 sig &~ WCOREFLAG, coreinfo);
3729 } else
3730 PROC_UNLOCK(p);
3731 exit1(td, 0, sig);
3732 /* NOTREACHED */
3733 }
3734
3735 /*
3736 * Send queued SIGCHLD to parent when child process's state
3737 * is changed.
3738 */
3739 static void
sigparent(struct proc * p,int reason,int status)3740 sigparent(struct proc *p, int reason, int status)
3741 {
3742 PROC_LOCK_ASSERT(p, MA_OWNED);
3743 PROC_LOCK_ASSERT(p->p_pptr, MA_OWNED);
3744
3745 if (p->p_ksi != NULL) {
3746 p->p_ksi->ksi_signo = SIGCHLD;
3747 p->p_ksi->ksi_code = reason;
3748 p->p_ksi->ksi_status = status;
3749 p->p_ksi->ksi_pid = p->p_pid;
3750 p->p_ksi->ksi_uid = p->p_ucred->cr_ruid;
3751 if (KSI_ONQ(p->p_ksi))
3752 return;
3753 }
3754 pksignal(p->p_pptr, SIGCHLD, p->p_ksi);
3755 }
3756
3757 static void
childproc_jobstate(struct proc * p,int reason,int sig)3758 childproc_jobstate(struct proc *p, int reason, int sig)
3759 {
3760 struct sigacts *ps;
3761
3762 PROC_LOCK_ASSERT(p, MA_OWNED);
3763 PROC_LOCK_ASSERT(p->p_pptr, MA_OWNED);
3764
3765 /*
3766 * Wake up parent sleeping in kern_wait(), also send
3767 * SIGCHLD to parent, but SIGCHLD does not guarantee
3768 * that parent will awake, because parent may masked
3769 * the signal.
3770 */
3771 p->p_pptr->p_flag |= P_STATCHILD;
3772 wakeup(p->p_pptr);
3773
3774 ps = p->p_pptr->p_sigacts;
3775 mtx_lock(&ps->ps_mtx);
3776 if ((ps->ps_flag & PS_NOCLDSTOP) == 0) {
3777 mtx_unlock(&ps->ps_mtx);
3778 sigparent(p, reason, sig);
3779 } else
3780 mtx_unlock(&ps->ps_mtx);
3781 }
3782
3783 void
childproc_stopped(struct proc * p,int reason)3784 childproc_stopped(struct proc *p, int reason)
3785 {
3786
3787 childproc_jobstate(p, reason, p->p_xsig);
3788 }
3789
3790 void
childproc_continued(struct proc * p)3791 childproc_continued(struct proc *p)
3792 {
3793 childproc_jobstate(p, CLD_CONTINUED, SIGCONT);
3794 }
3795
3796 void
childproc_exited(struct proc * p)3797 childproc_exited(struct proc *p)
3798 {
3799 int reason, status;
3800
3801 if (WCOREDUMP(p->p_xsig)) {
3802 reason = CLD_DUMPED;
3803 status = WTERMSIG(p->p_xsig);
3804 } else if (WIFSIGNALED(p->p_xsig)) {
3805 reason = CLD_KILLED;
3806 status = WTERMSIG(p->p_xsig);
3807 } else {
3808 reason = CLD_EXITED;
3809 status = p->p_xexit;
3810 }
3811 /*
3812 * XXX avoid calling wakeup(p->p_pptr), the work is
3813 * done in exit1().
3814 */
3815 sigparent(p, reason, status);
3816 }
3817
3818 #define MAX_NUM_CORE_FILES 100000
3819 #ifndef NUM_CORE_FILES
3820 #define NUM_CORE_FILES 5
3821 #endif
3822 CTASSERT(NUM_CORE_FILES >= 0 && NUM_CORE_FILES <= MAX_NUM_CORE_FILES);
3823 static int num_cores = NUM_CORE_FILES;
3824
3825 static int
sysctl_debug_num_cores_check(SYSCTL_HANDLER_ARGS)3826 sysctl_debug_num_cores_check (SYSCTL_HANDLER_ARGS)
3827 {
3828 int error;
3829 int new_val;
3830
3831 new_val = num_cores;
3832 error = sysctl_handle_int(oidp, &new_val, 0, req);
3833 if (error != 0 || req->newptr == NULL)
3834 return (error);
3835 if (new_val > MAX_NUM_CORE_FILES)
3836 new_val = MAX_NUM_CORE_FILES;
3837 if (new_val < 0)
3838 new_val = 0;
3839 num_cores = new_val;
3840 return (0);
3841 }
3842 SYSCTL_PROC(_debug, OID_AUTO, ncores,
3843 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, 0, sizeof(int),
3844 sysctl_debug_num_cores_check, "I",
3845 "Maximum number of generated process corefiles while using index format");
3846
3847 #define GZIP_SUFFIX ".gz"
3848 #define ZSTD_SUFFIX ".zst"
3849
3850 int compress_user_cores = 0;
3851
3852 static int
sysctl_compress_user_cores(SYSCTL_HANDLER_ARGS)3853 sysctl_compress_user_cores(SYSCTL_HANDLER_ARGS)
3854 {
3855 int error, val;
3856
3857 val = compress_user_cores;
3858 error = sysctl_handle_int(oidp, &val, 0, req);
3859 if (error != 0 || req->newptr == NULL)
3860 return (error);
3861 if (val != 0 && !compressor_avail(val))
3862 return (EINVAL);
3863 compress_user_cores = val;
3864 return (error);
3865 }
3866 SYSCTL_PROC(_kern, OID_AUTO, compress_user_cores,
3867 CTLTYPE_INT | CTLFLAG_RWTUN | CTLFLAG_NEEDGIANT, 0, sizeof(int),
3868 sysctl_compress_user_cores, "I",
3869 "Enable compression of user corefiles ("
3870 __XSTRING(COMPRESS_GZIP) " = gzip, "
3871 __XSTRING(COMPRESS_ZSTD) " = zstd)");
3872
3873 int compress_user_cores_level = 6;
3874 SYSCTL_INT(_kern, OID_AUTO, compress_user_cores_level, CTLFLAG_RWTUN,
3875 &compress_user_cores_level, 0,
3876 "Corefile compression level");
3877
3878 /*
3879 * Protect the access to corefilename[] by allproc_lock.
3880 */
3881 #define corefilename_lock allproc_lock
3882
3883 static char corefilename[MAXPATHLEN] = {"%N.core"};
3884 TUNABLE_STR("kern.corefile", corefilename, sizeof(corefilename));
3885
3886 static int
sysctl_kern_corefile(SYSCTL_HANDLER_ARGS)3887 sysctl_kern_corefile(SYSCTL_HANDLER_ARGS)
3888 {
3889 int error;
3890
3891 sx_xlock(&corefilename_lock);
3892 error = sysctl_handle_string(oidp, corefilename, sizeof(corefilename),
3893 req);
3894 sx_xunlock(&corefilename_lock);
3895
3896 return (error);
3897 }
3898 SYSCTL_PROC(_kern, OID_AUTO, corefile, CTLTYPE_STRING | CTLFLAG_RW |
3899 CTLFLAG_MPSAFE, 0, 0, sysctl_kern_corefile, "A",
3900 "Process corefile name format string");
3901
3902 static void
vnode_close_locked(struct thread * td,struct vnode * vp)3903 vnode_close_locked(struct thread *td, struct vnode *vp)
3904 {
3905
3906 VOP_UNLOCK(vp);
3907 vn_close(vp, FWRITE, td->td_ucred, td);
3908 }
3909
3910 /*
3911 * If the core format has a %I in it, then we need to check
3912 * for existing corefiles before defining a name.
3913 * To do this we iterate over 0..ncores to find a
3914 * non-existing core file name to use. If all core files are
3915 * already used we choose the oldest one.
3916 */
3917 static int
corefile_open_last(struct thread * td,char * name,int indexpos,int indexlen,int ncores,struct vnode ** vpp)3918 corefile_open_last(struct thread *td, char *name, int indexpos,
3919 int indexlen, int ncores, struct vnode **vpp)
3920 {
3921 struct vnode *oldvp, *nextvp, *vp;
3922 struct vattr vattr;
3923 struct nameidata nd;
3924 int error, i, flags, oflags, cmode;
3925 char ch;
3926 struct timespec lasttime;
3927
3928 nextvp = oldvp = NULL;
3929 cmode = S_IRUSR | S_IWUSR;
3930 oflags = VN_OPEN_NOAUDIT | VN_OPEN_NAMECACHE |
3931 (capmode_coredump ? VN_OPEN_NOCAPCHECK : 0);
3932
3933 for (i = 0; i < ncores; i++) {
3934 flags = O_CREAT | FWRITE | O_NOFOLLOW;
3935
3936 ch = name[indexpos + indexlen];
3937 (void)snprintf(name + indexpos, indexlen + 1, "%.*u", indexlen,
3938 i);
3939 name[indexpos + indexlen] = ch;
3940
3941 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name);
3942 error = vn_open_cred(&nd, &flags, cmode, oflags, td->td_ucred,
3943 NULL);
3944 if (error != 0)
3945 break;
3946
3947 vp = nd.ni_vp;
3948 NDFREE_PNBUF(&nd);
3949 if ((flags & O_CREAT) == O_CREAT) {
3950 nextvp = vp;
3951 break;
3952 }
3953
3954 error = VOP_GETATTR(vp, &vattr, td->td_ucred);
3955 if (error != 0) {
3956 vnode_close_locked(td, vp);
3957 break;
3958 }
3959
3960 if (oldvp == NULL ||
3961 lasttime.tv_sec > vattr.va_mtime.tv_sec ||
3962 (lasttime.tv_sec == vattr.va_mtime.tv_sec &&
3963 lasttime.tv_nsec >= vattr.va_mtime.tv_nsec)) {
3964 if (oldvp != NULL)
3965 vn_close(oldvp, FWRITE, td->td_ucred, td);
3966 oldvp = vp;
3967 VOP_UNLOCK(oldvp);
3968 lasttime = vattr.va_mtime;
3969 } else {
3970 vnode_close_locked(td, vp);
3971 }
3972 }
3973
3974 if (oldvp != NULL) {
3975 if (nextvp == NULL) {
3976 if ((td->td_proc->p_flag & P_SUGID) != 0) {
3977 error = EFAULT;
3978 vn_close(oldvp, FWRITE, td->td_ucred, td);
3979 } else {
3980 nextvp = oldvp;
3981 error = vn_lock(nextvp, LK_EXCLUSIVE);
3982 if (error != 0) {
3983 vn_close(nextvp, FWRITE, td->td_ucred,
3984 td);
3985 nextvp = NULL;
3986 }
3987 }
3988 } else {
3989 vn_close(oldvp, FWRITE, td->td_ucred, td);
3990 }
3991 }
3992 if (error != 0) {
3993 if (nextvp != NULL)
3994 vnode_close_locked(td, oldvp);
3995 } else {
3996 *vpp = nextvp;
3997 }
3998
3999 return (error);
4000 }
4001
4002 /*
4003 * corefile_open(comm, uid, pid, td, compress, vpp, namep)
4004 * Expand the name described in corefilename, using name, uid, and pid
4005 * and open/create core file.
4006 * corefilename is a printf-like string, with three format specifiers:
4007 * %N name of process ("name")
4008 * %P process id (pid)
4009 * %U user id (uid)
4010 * For example, "%N.core" is the default; they can be disabled completely
4011 * by using "/dev/null", or all core files can be stored in "/cores/%U/%N-%P".
4012 * This is controlled by the sysctl variable kern.corefile (see above).
4013 */
4014 static int
corefile_open(const char * comm,uid_t uid,pid_t pid,struct thread * td,int compress,int signum,struct vnode ** vpp,char ** namep)4015 corefile_open(const char *comm, uid_t uid, pid_t pid, struct thread *td,
4016 int compress, int signum, struct vnode **vpp, char **namep)
4017 {
4018 struct sbuf sb;
4019 struct nameidata nd;
4020 const char *format;
4021 char *hostname, *name;
4022 int cmode, error, flags, i, indexpos, indexlen, oflags, ncores;
4023
4024 hostname = NULL;
4025 format = corefilename;
4026 name = malloc(MAXPATHLEN, M_TEMP, M_WAITOK | M_ZERO);
4027 indexlen = 0;
4028 indexpos = -1;
4029 ncores = num_cores;
4030 (void)sbuf_new(&sb, name, MAXPATHLEN, SBUF_FIXEDLEN);
4031 sx_slock(&corefilename_lock);
4032 for (i = 0; format[i] != '\0'; i++) {
4033 switch (format[i]) {
4034 case '%': /* Format character */
4035 i++;
4036 switch (format[i]) {
4037 case '%':
4038 sbuf_putc(&sb, '%');
4039 break;
4040 case 'H': /* hostname */
4041 if (hostname == NULL) {
4042 hostname = malloc(MAXHOSTNAMELEN,
4043 M_TEMP, M_WAITOK);
4044 }
4045 getcredhostname(td->td_ucred, hostname,
4046 MAXHOSTNAMELEN);
4047 sbuf_printf(&sb, "%s", hostname);
4048 break;
4049 case 'I': /* autoincrementing index */
4050 if (indexpos != -1) {
4051 sbuf_printf(&sb, "%%I");
4052 break;
4053 }
4054
4055 indexpos = sbuf_len(&sb);
4056 sbuf_printf(&sb, "%u", ncores - 1);
4057 indexlen = sbuf_len(&sb) - indexpos;
4058 break;
4059 case 'N': /* process name */
4060 sbuf_printf(&sb, "%s", comm);
4061 break;
4062 case 'P': /* process id */
4063 sbuf_printf(&sb, "%u", pid);
4064 break;
4065 case 'S': /* signal number */
4066 sbuf_printf(&sb, "%i", signum);
4067 break;
4068 case 'U': /* user id */
4069 sbuf_printf(&sb, "%u", uid);
4070 break;
4071 default:
4072 log(LOG_ERR,
4073 "Unknown format character %c in "
4074 "corename `%s'\n", format[i], format);
4075 break;
4076 }
4077 break;
4078 default:
4079 sbuf_putc(&sb, format[i]);
4080 break;
4081 }
4082 }
4083 sx_sunlock(&corefilename_lock);
4084 free(hostname, M_TEMP);
4085 if (compress == COMPRESS_GZIP)
4086 sbuf_printf(&sb, GZIP_SUFFIX);
4087 else if (compress == COMPRESS_ZSTD)
4088 sbuf_printf(&sb, ZSTD_SUFFIX);
4089 if (sbuf_error(&sb) != 0) {
4090 log(LOG_ERR, "pid %ld (%s), uid (%lu): corename is too "
4091 "long\n", (long)pid, comm, (u_long)uid);
4092 sbuf_delete(&sb);
4093 free(name, M_TEMP);
4094 return (ENOMEM);
4095 }
4096 sbuf_finish(&sb);
4097 sbuf_delete(&sb);
4098
4099 if (indexpos != -1) {
4100 error = corefile_open_last(td, name, indexpos, indexlen, ncores,
4101 vpp);
4102 if (error != 0) {
4103 log(LOG_ERR,
4104 "pid %d (%s), uid (%u): Path `%s' failed "
4105 "on initial open test, error = %d\n",
4106 pid, comm, uid, name, error);
4107 }
4108 } else {
4109 cmode = S_IRUSR | S_IWUSR;
4110 oflags = VN_OPEN_NOAUDIT | VN_OPEN_NAMECACHE |
4111 (capmode_coredump ? VN_OPEN_NOCAPCHECK : 0);
4112 flags = O_CREAT | FWRITE | O_NOFOLLOW;
4113 if ((td->td_proc->p_flag & P_SUGID) != 0)
4114 flags |= O_EXCL;
4115
4116 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name);
4117 error = vn_open_cred(&nd, &flags, cmode, oflags, td->td_ucred,
4118 NULL);
4119 if (error == 0) {
4120 *vpp = nd.ni_vp;
4121 NDFREE_PNBUF(&nd);
4122 }
4123 }
4124
4125 if (error != 0) {
4126 #ifdef AUDIT
4127 audit_proc_coredump(td, name, error);
4128 #endif
4129 free(name, M_TEMP);
4130 return (error);
4131 }
4132 *namep = name;
4133 return (0);
4134 }
4135
4136 /*
4137 * Dump a process' core. The main routine does some
4138 * policy checking, and creates the name of the coredump;
4139 * then it passes on a vnode and a size limit to the process-specific
4140 * coredump routine if there is one; if there _is not_ one, it returns
4141 * ENOSYS; otherwise it returns the error from the process-specific routine.
4142 */
4143
4144 static int
coredump(struct thread * td)4145 coredump(struct thread *td)
4146 {
4147 struct proc *p = td->td_proc;
4148 struct ucred *cred = td->td_ucred;
4149 struct vnode *vp;
4150 struct flock lf;
4151 struct vattr vattr;
4152 size_t fullpathsize;
4153 int error, error1, locked;
4154 char *name; /* name of corefile */
4155 void *rl_cookie;
4156 off_t limit;
4157 char *fullpath, *freepath = NULL;
4158 struct sbuf *sb;
4159
4160 PROC_LOCK_ASSERT(p, MA_OWNED);
4161 MPASS((p->p_flag & P_HADTHREADS) == 0 || p->p_singlethread == td);
4162
4163 if (!do_coredump || (!sugid_coredump && (p->p_flag & P_SUGID) != 0) ||
4164 (p->p_flag2 & P2_NOTRACE) != 0) {
4165 PROC_UNLOCK(p);
4166 return (EFAULT);
4167 }
4168
4169 /*
4170 * Note that the bulk of limit checking is done after
4171 * the corefile is created. The exception is if the limit
4172 * for corefiles is 0, in which case we don't bother
4173 * creating the corefile at all. This layout means that
4174 * a corefile is truncated instead of not being created,
4175 * if it is larger than the limit.
4176 */
4177 limit = (off_t)lim_cur(td, RLIMIT_CORE);
4178 if (limit == 0 || racct_get_available(p, RACCT_CORE) == 0) {
4179 PROC_UNLOCK(p);
4180 return (EFBIG);
4181 }
4182 PROC_UNLOCK(p);
4183
4184 error = corefile_open(p->p_comm, cred->cr_uid, p->p_pid, td,
4185 compress_user_cores, p->p_sig, &vp, &name);
4186 if (error != 0)
4187 return (error);
4188
4189 /*
4190 * Don't dump to non-regular files or files with links.
4191 * Do not dump into system files. Effective user must own the corefile.
4192 */
4193 if (vp->v_type != VREG || VOP_GETATTR(vp, &vattr, cred) != 0 ||
4194 vattr.va_nlink != 1 || (vp->v_vflag & VV_SYSTEM) != 0 ||
4195 vattr.va_uid != cred->cr_uid) {
4196 VOP_UNLOCK(vp);
4197 error = EFAULT;
4198 goto out;
4199 }
4200
4201 VOP_UNLOCK(vp);
4202
4203 /* Postpone other writers, including core dumps of other processes. */
4204 rl_cookie = vn_rangelock_wlock(vp, 0, OFF_MAX);
4205
4206 lf.l_whence = SEEK_SET;
4207 lf.l_start = 0;
4208 lf.l_len = 0;
4209 lf.l_type = F_WRLCK;
4210 locked = (VOP_ADVLOCK(vp, (caddr_t)p, F_SETLK, &lf, F_FLOCK) == 0);
4211
4212 VATTR_NULL(&vattr);
4213 vattr.va_size = 0;
4214 if (set_core_nodump_flag)
4215 vattr.va_flags = UF_NODUMP;
4216 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
4217 VOP_SETATTR(vp, &vattr, cred);
4218 VOP_UNLOCK(vp);
4219 PROC_LOCK(p);
4220 p->p_acflag |= ACORE;
4221 PROC_UNLOCK(p);
4222
4223 if (p->p_sysent->sv_coredump != NULL) {
4224 error = p->p_sysent->sv_coredump(td, vp, limit, 0);
4225 } else {
4226 error = ENOSYS;
4227 }
4228
4229 if (locked) {
4230 lf.l_type = F_UNLCK;
4231 VOP_ADVLOCK(vp, (caddr_t)p, F_UNLCK, &lf, F_FLOCK);
4232 }
4233 vn_rangelock_unlock(vp, rl_cookie);
4234
4235 /*
4236 * Notify the userland helper that a process triggered a core dump.
4237 * This allows the helper to run an automated debugging session.
4238 */
4239 if (error != 0 || coredump_devctl == 0)
4240 goto out;
4241 sb = sbuf_new_auto();
4242 if (vn_fullpath_global(p->p_textvp, &fullpath, &freepath) != 0)
4243 goto out2;
4244 sbuf_printf(sb, "comm=\"");
4245 devctl_safe_quote_sb(sb, fullpath);
4246 free(freepath, M_TEMP);
4247 sbuf_printf(sb, "\" core=\"");
4248
4249 /*
4250 * We can't lookup core file vp directly. When we're replacing a core, and
4251 * other random times, we flush the name cache, so it will fail. Instead,
4252 * if the path of the core is relative, add the current dir in front if it.
4253 */
4254 if (name[0] != '/') {
4255 fullpathsize = MAXPATHLEN;
4256 freepath = malloc(fullpathsize, M_TEMP, M_WAITOK);
4257 if (vn_getcwd(freepath, &fullpath, &fullpathsize) != 0) {
4258 free(freepath, M_TEMP);
4259 goto out2;
4260 }
4261 devctl_safe_quote_sb(sb, fullpath);
4262 free(freepath, M_TEMP);
4263 sbuf_putc(sb, '/');
4264 }
4265 devctl_safe_quote_sb(sb, name);
4266 sbuf_printf(sb, "\"");
4267 if (sbuf_finish(sb) == 0)
4268 devctl_notify("kernel", "signal", "coredump", sbuf_data(sb));
4269 out2:
4270 sbuf_delete(sb);
4271 out:
4272 error1 = vn_close(vp, FWRITE, cred, td);
4273 if (error == 0)
4274 error = error1;
4275 #ifdef AUDIT
4276 audit_proc_coredump(td, name, error);
4277 #endif
4278 free(name, M_TEMP);
4279 return (error);
4280 }
4281
4282 /*
4283 * Nonexistent system call-- signal process (may want to handle it). Flag
4284 * error in case process won't see signal immediately (blocked or ignored).
4285 */
4286 #ifndef _SYS_SYSPROTO_H_
4287 struct nosys_args {
4288 int dummy;
4289 };
4290 #endif
4291 /* ARGSUSED */
4292 int
nosys(struct thread * td,struct nosys_args * args)4293 nosys(struct thread *td, struct nosys_args *args)
4294 {
4295 struct proc *p;
4296
4297 p = td->td_proc;
4298
4299 if (SV_PROC_FLAG(p, SV_SIGSYS) != 0 && kern_signosys) {
4300 PROC_LOCK(p);
4301 tdsignal(td, SIGSYS);
4302 PROC_UNLOCK(p);
4303 }
4304 if (kern_lognosys == 1 || kern_lognosys == 3) {
4305 uprintf("pid %d comm %s: nosys %d\n", p->p_pid, p->p_comm,
4306 td->td_sa.code);
4307 }
4308 if (kern_lognosys == 2 || kern_lognosys == 3 ||
4309 (p->p_pid == 1 && (kern_lognosys & 3) == 0)) {
4310 printf("pid %d comm %s: nosys %d\n", p->p_pid, p->p_comm,
4311 td->td_sa.code);
4312 }
4313 return (ENOSYS);
4314 }
4315
4316 /*
4317 * Send a SIGIO or SIGURG signal to a process or process group using stored
4318 * credentials rather than those of the current process.
4319 */
4320 void
pgsigio(struct sigio ** sigiop,int sig,int checkctty)4321 pgsigio(struct sigio **sigiop, int sig, int checkctty)
4322 {
4323 ksiginfo_t ksi;
4324 struct sigio *sigio;
4325
4326 ksiginfo_init(&ksi);
4327 ksi.ksi_signo = sig;
4328 ksi.ksi_code = SI_KERNEL;
4329
4330 SIGIO_LOCK();
4331 sigio = *sigiop;
4332 if (sigio == NULL) {
4333 SIGIO_UNLOCK();
4334 return;
4335 }
4336 if (sigio->sio_pgid > 0) {
4337 PROC_LOCK(sigio->sio_proc);
4338 if (CANSIGIO(sigio->sio_ucred, sigio->sio_proc->p_ucred))
4339 kern_psignal(sigio->sio_proc, sig);
4340 PROC_UNLOCK(sigio->sio_proc);
4341 } else if (sigio->sio_pgid < 0) {
4342 struct proc *p;
4343
4344 PGRP_LOCK(sigio->sio_pgrp);
4345 LIST_FOREACH(p, &sigio->sio_pgrp->pg_members, p_pglist) {
4346 PROC_LOCK(p);
4347 if (p->p_state == PRS_NORMAL &&
4348 CANSIGIO(sigio->sio_ucred, p->p_ucred) &&
4349 (checkctty == 0 || (p->p_flag & P_CONTROLT)))
4350 kern_psignal(p, sig);
4351 PROC_UNLOCK(p);
4352 }
4353 PGRP_UNLOCK(sigio->sio_pgrp);
4354 }
4355 SIGIO_UNLOCK();
4356 }
4357
4358 static int
filt_sigattach(struct knote * kn)4359 filt_sigattach(struct knote *kn)
4360 {
4361 struct proc *p = curproc;
4362
4363 kn->kn_ptr.p_proc = p;
4364 kn->kn_flags |= EV_CLEAR; /* automatically set */
4365
4366 knlist_add(p->p_klist, kn, 0);
4367
4368 return (0);
4369 }
4370
4371 static void
filt_sigdetach(struct knote * kn)4372 filt_sigdetach(struct knote *kn)
4373 {
4374 knlist_remove(kn->kn_knlist, kn, 0);
4375 }
4376
4377 /*
4378 * signal knotes are shared with proc knotes, so we apply a mask to
4379 * the hint in order to differentiate them from process hints. This
4380 * could be avoided by using a signal-specific knote list, but probably
4381 * isn't worth the trouble.
4382 */
4383 static int
filt_signal(struct knote * kn,long hint)4384 filt_signal(struct knote *kn, long hint)
4385 {
4386
4387 if (hint & NOTE_SIGNAL) {
4388 hint &= ~NOTE_SIGNAL;
4389
4390 if (kn->kn_id == hint)
4391 kn->kn_data++;
4392 }
4393 return (kn->kn_data != 0);
4394 }
4395
4396 struct sigacts *
sigacts_alloc(void)4397 sigacts_alloc(void)
4398 {
4399 struct sigacts *ps;
4400
4401 ps = malloc(sizeof(struct sigacts), M_SUBPROC, M_WAITOK | M_ZERO);
4402 refcount_init(&ps->ps_refcnt, 1);
4403 mtx_init(&ps->ps_mtx, "sigacts", NULL, MTX_DEF);
4404 return (ps);
4405 }
4406
4407 void
sigacts_free(struct sigacts * ps)4408 sigacts_free(struct sigacts *ps)
4409 {
4410
4411 if (refcount_release(&ps->ps_refcnt) == 0)
4412 return;
4413 mtx_destroy(&ps->ps_mtx);
4414 free(ps, M_SUBPROC);
4415 }
4416
4417 struct sigacts *
sigacts_hold(struct sigacts * ps)4418 sigacts_hold(struct sigacts *ps)
4419 {
4420
4421 refcount_acquire(&ps->ps_refcnt);
4422 return (ps);
4423 }
4424
4425 void
sigacts_copy(struct sigacts * dest,struct sigacts * src)4426 sigacts_copy(struct sigacts *dest, struct sigacts *src)
4427 {
4428
4429 KASSERT(dest->ps_refcnt == 1, ("sigacts_copy to shared dest"));
4430 mtx_lock(&src->ps_mtx);
4431 bcopy(src, dest, offsetof(struct sigacts, ps_refcnt));
4432 mtx_unlock(&src->ps_mtx);
4433 }
4434
4435 int
sigacts_shared(struct sigacts * ps)4436 sigacts_shared(struct sigacts *ps)
4437 {
4438
4439 return (ps->ps_refcnt > 1);
4440 }
4441
4442 void
sig_drop_caught(struct proc * p)4443 sig_drop_caught(struct proc *p)
4444 {
4445 int sig;
4446 struct sigacts *ps;
4447
4448 ps = p->p_sigacts;
4449 PROC_LOCK_ASSERT(p, MA_OWNED);
4450 mtx_assert(&ps->ps_mtx, MA_OWNED);
4451 SIG_FOREACH(sig, &ps->ps_sigcatch) {
4452 sigdflt(ps, sig);
4453 if ((sigprop(sig) & SIGPROP_IGNORE) != 0)
4454 sigqueue_delete_proc(p, sig);
4455 }
4456 }
4457
4458 static void
sigfastblock_failed(struct thread * td,bool sendsig,bool write)4459 sigfastblock_failed(struct thread *td, bool sendsig, bool write)
4460 {
4461 ksiginfo_t ksi;
4462
4463 /*
4464 * Prevent further fetches and SIGSEGVs, allowing thread to
4465 * issue syscalls despite corruption.
4466 */
4467 sigfastblock_clear(td);
4468
4469 if (!sendsig)
4470 return;
4471 ksiginfo_init_trap(&ksi);
4472 ksi.ksi_signo = SIGSEGV;
4473 ksi.ksi_code = write ? SEGV_ACCERR : SEGV_MAPERR;
4474 ksi.ksi_addr = td->td_sigblock_ptr;
4475 trapsignal(td, &ksi);
4476 }
4477
4478 static bool
sigfastblock_fetch_sig(struct thread * td,bool sendsig,uint32_t * valp)4479 sigfastblock_fetch_sig(struct thread *td, bool sendsig, uint32_t *valp)
4480 {
4481 uint32_t res;
4482
4483 if ((td->td_pflags & TDP_SIGFASTBLOCK) == 0)
4484 return (true);
4485 if (fueword32((void *)td->td_sigblock_ptr, &res) == -1) {
4486 sigfastblock_failed(td, sendsig, false);
4487 return (false);
4488 }
4489 *valp = res;
4490 td->td_sigblock_val = res & ~SIGFASTBLOCK_FLAGS;
4491 return (true);
4492 }
4493
4494 static void
sigfastblock_resched(struct thread * td,bool resched)4495 sigfastblock_resched(struct thread *td, bool resched)
4496 {
4497 struct proc *p;
4498
4499 if (resched) {
4500 p = td->td_proc;
4501 PROC_LOCK(p);
4502 reschedule_signals(p, td->td_sigmask, 0);
4503 PROC_UNLOCK(p);
4504 }
4505 ast_sched(td, TDA_SIG);
4506 }
4507
4508 int
sys_sigfastblock(struct thread * td,struct sigfastblock_args * uap)4509 sys_sigfastblock(struct thread *td, struct sigfastblock_args *uap)
4510 {
4511 struct proc *p;
4512 int error, res;
4513 uint32_t oldval;
4514
4515 error = 0;
4516 p = td->td_proc;
4517 switch (uap->cmd) {
4518 case SIGFASTBLOCK_SETPTR:
4519 if ((td->td_pflags & TDP_SIGFASTBLOCK) != 0) {
4520 error = EBUSY;
4521 break;
4522 }
4523 if (((uintptr_t)(uap->ptr) & (sizeof(uint32_t) - 1)) != 0) {
4524 error = EINVAL;
4525 break;
4526 }
4527 td->td_pflags |= TDP_SIGFASTBLOCK;
4528 td->td_sigblock_ptr = uap->ptr;
4529 break;
4530
4531 case SIGFASTBLOCK_UNBLOCK:
4532 if ((td->td_pflags & TDP_SIGFASTBLOCK) == 0) {
4533 error = EINVAL;
4534 break;
4535 }
4536
4537 for (;;) {
4538 res = casueword32(td->td_sigblock_ptr,
4539 SIGFASTBLOCK_PEND, &oldval, 0);
4540 if (res == -1) {
4541 error = EFAULT;
4542 sigfastblock_failed(td, false, true);
4543 break;
4544 }
4545 if (res == 0)
4546 break;
4547 MPASS(res == 1);
4548 if (oldval != SIGFASTBLOCK_PEND) {
4549 error = EBUSY;
4550 break;
4551 }
4552 error = thread_check_susp(td, false);
4553 if (error != 0)
4554 break;
4555 }
4556 if (error != 0)
4557 break;
4558
4559 /*
4560 * td_sigblock_val is cleared there, but not on a
4561 * syscall exit. The end effect is that a single
4562 * interruptible sleep, while user sigblock word is
4563 * set, might return EINTR or ERESTART to usermode
4564 * without delivering signal. All further sleeps,
4565 * until userspace clears the word and does
4566 * sigfastblock(UNBLOCK), observe current word and no
4567 * longer get interrupted. It is slight
4568 * non-conformance, with alternative to have read the
4569 * sigblock word on each syscall entry.
4570 */
4571 td->td_sigblock_val = 0;
4572
4573 /*
4574 * Rely on normal ast mechanism to deliver pending
4575 * signals to current thread. But notify others about
4576 * fake unblock.
4577 */
4578 sigfastblock_resched(td, error == 0 && p->p_numthreads != 1);
4579
4580 break;
4581
4582 case SIGFASTBLOCK_UNSETPTR:
4583 if ((td->td_pflags & TDP_SIGFASTBLOCK) == 0) {
4584 error = EINVAL;
4585 break;
4586 }
4587 if (!sigfastblock_fetch_sig(td, false, &oldval)) {
4588 error = EFAULT;
4589 break;
4590 }
4591 if (oldval != 0 && oldval != SIGFASTBLOCK_PEND) {
4592 error = EBUSY;
4593 break;
4594 }
4595 sigfastblock_clear(td);
4596 break;
4597
4598 default:
4599 error = EINVAL;
4600 break;
4601 }
4602 return (error);
4603 }
4604
4605 void
sigfastblock_clear(struct thread * td)4606 sigfastblock_clear(struct thread *td)
4607 {
4608 bool resched;
4609
4610 if ((td->td_pflags & TDP_SIGFASTBLOCK) == 0)
4611 return;
4612 td->td_sigblock_val = 0;
4613 resched = (td->td_pflags & TDP_SIGFASTPENDING) != 0 ||
4614 SIGPENDING(td);
4615 td->td_pflags &= ~(TDP_SIGFASTBLOCK | TDP_SIGFASTPENDING);
4616 sigfastblock_resched(td, resched);
4617 }
4618
4619 void
sigfastblock_fetch(struct thread * td)4620 sigfastblock_fetch(struct thread *td)
4621 {
4622 uint32_t val;
4623
4624 (void)sigfastblock_fetch_sig(td, true, &val);
4625 }
4626
4627 static void
sigfastblock_setpend1(struct thread * td)4628 sigfastblock_setpend1(struct thread *td)
4629 {
4630 int res;
4631 uint32_t oldval;
4632
4633 if ((td->td_pflags & TDP_SIGFASTPENDING) == 0)
4634 return;
4635 res = fueword32((void *)td->td_sigblock_ptr, &oldval);
4636 if (res == -1) {
4637 sigfastblock_failed(td, true, false);
4638 return;
4639 }
4640 for (;;) {
4641 res = casueword32(td->td_sigblock_ptr, oldval, &oldval,
4642 oldval | SIGFASTBLOCK_PEND);
4643 if (res == -1) {
4644 sigfastblock_failed(td, true, true);
4645 return;
4646 }
4647 if (res == 0) {
4648 td->td_sigblock_val = oldval & ~SIGFASTBLOCK_FLAGS;
4649 td->td_pflags &= ~TDP_SIGFASTPENDING;
4650 break;
4651 }
4652 MPASS(res == 1);
4653 if (thread_check_susp(td, false) != 0)
4654 break;
4655 }
4656 }
4657
4658 static void
sigfastblock_setpend(struct thread * td,bool resched)4659 sigfastblock_setpend(struct thread *td, bool resched)
4660 {
4661 struct proc *p;
4662
4663 sigfastblock_setpend1(td);
4664 if (resched) {
4665 p = td->td_proc;
4666 PROC_LOCK(p);
4667 reschedule_signals(p, fastblock_mask, SIGPROCMASK_FASTBLK);
4668 PROC_UNLOCK(p);
4669 }
4670 }
4671