1 /* $OpenBSD: kern_sig.c,v 1.359 2025/01/25 19:21:40 claudio Exp $ */
2 /* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */
3
4 /*
5 * Copyright (c) 1997 Theo de Raadt. All rights reserved.
6 * Copyright (c) 1982, 1986, 1989, 1991, 1993
7 * The Regents of the University of California. All rights reserved.
8 * (c) UNIX System Laboratories, Inc.
9 * All or some portions of this file are derived from material licensed
10 * to the University of California by American Telephone and Telegraph
11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
12 * the permission of UNIX System Laboratories, Inc.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
16 * are met:
17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in the
21 * documentation and/or other materials provided with the distribution.
22 * 3. Neither the name of the University nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 *
38 * @(#)kern_sig.c 8.7 (Berkeley) 4/18/94
39 */
40
41 #include <sys/param.h>
42 #include <sys/signalvar.h>
43 #include <sys/queue.h>
44 #include <sys/namei.h>
45 #include <sys/vnode.h>
46 #include <sys/event.h>
47 #include <sys/proc.h>
48 #include <sys/systm.h>
49 #include <sys/acct.h>
50 #include <sys/fcntl.h>
51 #include <sys/filedesc.h>
52 #include <sys/wait.h>
53 #include <sys/ktrace.h>
54 #include <sys/stat.h>
55 #include <sys/malloc.h>
56 #include <sys/pool.h>
57 #include <sys/sched.h>
58 #include <sys/user.h>
59 #include <sys/syslog.h>
60 #include <sys/ttycom.h>
61 #include <sys/pledge.h>
62 #include <sys/witness.h>
63 #include <sys/exec_elf.h>
64
65 #include <sys/mount.h>
66 #include <sys/syscallargs.h>
67
68 #include <uvm/uvm_extern.h>
69 #include <machine/tcb.h>
70
71 /*
72 * Locks used to protect data:
73 * a atomic
74 */
75
76 int nosuidcoredump = 1; /* [a] */
77
78 /*
79 * The array below categorizes the signals and their default actions.
80 */
81 const int sigprop[NSIG] = {
82 0, /* unused */
83 SA_KILL, /* SIGHUP */
84 SA_KILL, /* SIGINT */
85 SA_KILL|SA_CORE, /* SIGQUIT */
86 SA_KILL|SA_CORE, /* SIGILL */
87 SA_KILL|SA_CORE, /* SIGTRAP */
88 SA_KILL|SA_CORE, /* SIGABRT */
89 SA_KILL|SA_CORE, /* SIGEMT */
90 SA_KILL|SA_CORE, /* SIGFPE */
91 SA_KILL, /* SIGKILL */
92 SA_KILL|SA_CORE, /* SIGBUS */
93 SA_KILL|SA_CORE, /* SIGSEGV */
94 SA_KILL|SA_CORE, /* SIGSYS */
95 SA_KILL, /* SIGPIPE */
96 SA_KILL, /* SIGALRM */
97 SA_KILL, /* SIGTERM */
98 SA_IGNORE, /* SIGURG */
99 SA_STOP, /* SIGSTOP */
100 SA_STOP|SA_TTYSTOP, /* SIGTSTP */
101 SA_IGNORE|SA_CONT, /* SIGCONT */
102 SA_IGNORE, /* SIGCHLD */
103 SA_STOP|SA_TTYSTOP, /* SIGTTIN */
104 SA_STOP|SA_TTYSTOP, /* SIGTTOU */
105 SA_IGNORE, /* SIGIO */
106 SA_KILL, /* SIGXCPU */
107 SA_KILL, /* SIGXFSZ */
108 SA_KILL, /* SIGVTALRM */
109 SA_KILL, /* SIGPROF */
110 SA_IGNORE, /* SIGWINCH */
111 SA_IGNORE, /* SIGINFO */
112 SA_KILL, /* SIGUSR1 */
113 SA_KILL, /* SIGUSR2 */
114 SA_IGNORE, /* SIGTHR */
115 };
116
117 #define CONTSIGMASK (sigmask(SIGCONT))
118 #define STOPSIGMASK (sigmask(SIGSTOP) | sigmask(SIGTSTP) | \
119 sigmask(SIGTTIN) | sigmask(SIGTTOU))
120
121 void setsigvec(struct proc *, int, struct sigaction *);
122
123 int proc_trap(struct proc *, int);
124 void proc_stop(struct proc *p, int);
125 void proc_stop_sweep(void *);
126 void *proc_stop_si;
127
128 void process_continue(struct process *, int);
129
130 void setsigctx(struct proc *, int, struct sigctx *);
131 void postsig_done(struct proc *, int, sigset_t, int);
132 void postsig(struct proc *, int, struct sigctx *);
133 int cansignal(struct proc *, struct process *, int);
134
135 void ptsignal_locked(struct proc *, int, enum signal_type);
136
137 struct pool sigacts_pool; /* memory pool for sigacts structures */
138
139 void sigio_del(struct sigiolst *);
140 void sigio_unlink(struct sigio_ref *, struct sigiolst *);
141 struct mutex sigio_lock = MUTEX_INITIALIZER(IPL_HIGH);
142
143 /*
144 * Can thread p, send the signal signum to process qr?
145 */
146 int
cansignal(struct proc * p,struct process * qr,int signum)147 cansignal(struct proc *p, struct process *qr, int signum)
148 {
149 struct process *pr = p->p_p;
150 struct ucred *uc = p->p_ucred;
151 struct ucred *quc = qr->ps_ucred;
152
153 if (uc->cr_uid == 0)
154 return (1); /* root can always signal */
155
156 if (pr == qr)
157 return (1); /* process can always signal itself */
158
159 /* optimization: if the same creds then the tests below will pass */
160 if (uc == quc)
161 return (1);
162
163 if (signum == SIGCONT && qr->ps_session == pr->ps_session)
164 return (1); /* SIGCONT in session */
165
166 /*
167 * Using kill(), only certain signals can be sent to setugid
168 * child processes
169 */
170 if (qr->ps_flags & PS_SUGID) {
171 switch (signum) {
172 case 0:
173 case SIGKILL:
174 case SIGINT:
175 case SIGTERM:
176 case SIGALRM:
177 case SIGSTOP:
178 case SIGTTIN:
179 case SIGTTOU:
180 case SIGTSTP:
181 case SIGHUP:
182 case SIGUSR1:
183 case SIGUSR2:
184 if (uc->cr_ruid == quc->cr_ruid ||
185 uc->cr_uid == quc->cr_ruid)
186 return (1);
187 }
188 return (0);
189 }
190
191 if (uc->cr_ruid == quc->cr_ruid ||
192 uc->cr_ruid == quc->cr_svuid ||
193 uc->cr_uid == quc->cr_ruid ||
194 uc->cr_uid == quc->cr_svuid)
195 return (1);
196 return (0);
197 }
198
199 /*
200 * Initialize signal-related data structures.
201 */
202 void
signal_init(void)203 signal_init(void)
204 {
205 proc_stop_si = softintr_establish(IPL_SOFTCLOCK, proc_stop_sweep,
206 NULL);
207 if (proc_stop_si == NULL)
208 panic("signal_init failed to register softintr");
209
210 pool_init(&sigacts_pool, sizeof(struct sigacts), 0, IPL_NONE,
211 PR_WAITOK, "sigapl", NULL);
212 }
213
214 /*
215 * Initialize a new sigaltstack structure.
216 */
217 void
sigstkinit(struct sigaltstack * ss)218 sigstkinit(struct sigaltstack *ss)
219 {
220 ss->ss_flags = SS_DISABLE;
221 ss->ss_size = 0;
222 ss->ss_sp = NULL;
223 }
224
225 /*
226 * Create an initial sigacts structure, using the same signal state
227 * as pr.
228 */
229 struct sigacts *
sigactsinit(struct process * pr)230 sigactsinit(struct process *pr)
231 {
232 struct sigacts *ps;
233
234 ps = pool_get(&sigacts_pool, PR_WAITOK);
235 memcpy(ps, pr->ps_sigacts, sizeof(struct sigacts));
236 return (ps);
237 }
238
239 /*
240 * Release a sigacts structure.
241 */
242 void
sigactsfree(struct sigacts * ps)243 sigactsfree(struct sigacts *ps)
244 {
245 pool_put(&sigacts_pool, ps);
246 }
247
248 int
sys_sigaction(struct proc * p,void * v,register_t * retval)249 sys_sigaction(struct proc *p, void *v, register_t *retval)
250 {
251 struct sys_sigaction_args /* {
252 syscallarg(int) signum;
253 syscallarg(const struct sigaction *) nsa;
254 syscallarg(struct sigaction *) osa;
255 } */ *uap = v;
256 struct sigaction vec;
257 #ifdef KTRACE
258 struct sigaction ovec;
259 #endif
260 struct sigaction *sa;
261 const struct sigaction *nsa;
262 struct sigaction *osa;
263 struct sigacts *ps = p->p_p->ps_sigacts;
264 int signum;
265 int bit, error;
266
267 signum = SCARG(uap, signum);
268 nsa = SCARG(uap, nsa);
269 osa = SCARG(uap, osa);
270
271 if (signum <= 0 || signum >= NSIG ||
272 (nsa && (signum == SIGKILL || signum == SIGSTOP)))
273 return (EINVAL);
274 sa = &vec;
275 if (osa) {
276 mtx_enter(&p->p_p->ps_mtx);
277 sa->sa_handler = ps->ps_sigact[signum];
278 sa->sa_mask = ps->ps_catchmask[signum];
279 bit = sigmask(signum);
280 sa->sa_flags = 0;
281 if ((ps->ps_sigonstack & bit) != 0)
282 sa->sa_flags |= SA_ONSTACK;
283 if ((ps->ps_sigintr & bit) == 0)
284 sa->sa_flags |= SA_RESTART;
285 if ((ps->ps_sigreset & bit) != 0)
286 sa->sa_flags |= SA_RESETHAND;
287 if ((ps->ps_siginfo & bit) != 0)
288 sa->sa_flags |= SA_SIGINFO;
289 if (signum == SIGCHLD) {
290 if ((ps->ps_sigflags & SAS_NOCLDSTOP) != 0)
291 sa->sa_flags |= SA_NOCLDSTOP;
292 if ((ps->ps_sigflags & SAS_NOCLDWAIT) != 0)
293 sa->sa_flags |= SA_NOCLDWAIT;
294 }
295 mtx_leave(&p->p_p->ps_mtx);
296 if ((sa->sa_mask & bit) == 0)
297 sa->sa_flags |= SA_NODEFER;
298 sa->sa_mask &= ~bit;
299 error = copyout(sa, osa, sizeof (vec));
300 if (error)
301 return (error);
302 #ifdef KTRACE
303 if (KTRPOINT(p, KTR_STRUCT))
304 ovec = vec;
305 #endif
306 }
307 if (nsa) {
308 error = copyin(nsa, sa, sizeof (vec));
309 if (error)
310 return (error);
311 #ifdef KTRACE
312 if (KTRPOINT(p, KTR_STRUCT))
313 ktrsigaction(p, sa);
314 #endif
315 setsigvec(p, signum, sa);
316 }
317 #ifdef KTRACE
318 if (osa && KTRPOINT(p, KTR_STRUCT))
319 ktrsigaction(p, &ovec);
320 #endif
321 return (0);
322 }
323
324 void
setsigvec(struct proc * p,int signum,struct sigaction * sa)325 setsigvec(struct proc *p, int signum, struct sigaction *sa)
326 {
327 struct sigacts *ps = p->p_p->ps_sigacts;
328 int bit;
329
330 bit = sigmask(signum);
331
332 mtx_enter(&p->p_p->ps_mtx);
333 ps->ps_sigact[signum] = sa->sa_handler;
334 if ((sa->sa_flags & SA_NODEFER) == 0)
335 sa->sa_mask |= sigmask(signum);
336 ps->ps_catchmask[signum] = sa->sa_mask &~ sigcantmask;
337 if (signum == SIGCHLD) {
338 if (sa->sa_flags & SA_NOCLDSTOP)
339 atomic_setbits_int(&ps->ps_sigflags, SAS_NOCLDSTOP);
340 else
341 atomic_clearbits_int(&ps->ps_sigflags, SAS_NOCLDSTOP);
342 /*
343 * If the SA_NOCLDWAIT flag is set or the handler
344 * is SIG_IGN we reparent the dying child to PID 1
345 * (init) which will reap the zombie. Because we use
346 * init to do our dirty work we never set SAS_NOCLDWAIT
347 * for PID 1.
348 * XXX exit1 rework means this is unnecessary?
349 */
350 if (initprocess->ps_sigacts != ps &&
351 ((sa->sa_flags & SA_NOCLDWAIT) ||
352 sa->sa_handler == SIG_IGN))
353 atomic_setbits_int(&ps->ps_sigflags, SAS_NOCLDWAIT);
354 else
355 atomic_clearbits_int(&ps->ps_sigflags, SAS_NOCLDWAIT);
356 }
357 if ((sa->sa_flags & SA_RESETHAND) != 0)
358 ps->ps_sigreset |= bit;
359 else
360 ps->ps_sigreset &= ~bit;
361 if ((sa->sa_flags & SA_SIGINFO) != 0)
362 ps->ps_siginfo |= bit;
363 else
364 ps->ps_siginfo &= ~bit;
365 if ((sa->sa_flags & SA_RESTART) == 0)
366 ps->ps_sigintr |= bit;
367 else
368 ps->ps_sigintr &= ~bit;
369 if ((sa->sa_flags & SA_ONSTACK) != 0)
370 ps->ps_sigonstack |= bit;
371 else
372 ps->ps_sigonstack &= ~bit;
373 /*
374 * Set bit in ps_sigignore for signals that are set to SIG_IGN,
375 * and for signals set to SIG_DFL where the default is to ignore.
376 * However, don't put SIGCONT in ps_sigignore,
377 * as we have to restart the process.
378 */
379 if (sa->sa_handler == SIG_IGN ||
380 (sigprop[signum] & SA_IGNORE && sa->sa_handler == SIG_DFL)) {
381 atomic_clearbits_int(&p->p_siglist, bit);
382 atomic_clearbits_int(&p->p_p->ps_siglist, bit);
383 if (signum != SIGCONT)
384 ps->ps_sigignore |= bit; /* easier in psignal */
385 ps->ps_sigcatch &= ~bit;
386 } else {
387 ps->ps_sigignore &= ~bit;
388 if (sa->sa_handler == SIG_DFL)
389 ps->ps_sigcatch &= ~bit;
390 else
391 ps->ps_sigcatch |= bit;
392 }
393 mtx_leave(&p->p_p->ps_mtx);
394 }
395
396 /*
397 * Initialize signal state for process 0;
398 * set to ignore signals that are ignored by default.
399 */
400 void
siginit(struct sigacts * ps)401 siginit(struct sigacts *ps)
402 {
403 int i;
404
405 for (i = 0; i < NSIG; i++)
406 if (sigprop[i] & SA_IGNORE && i != SIGCONT)
407 ps->ps_sigignore |= sigmask(i);
408 ps->ps_sigflags = SAS_NOCLDWAIT | SAS_NOCLDSTOP;
409 }
410
411 /*
412 * Reset signals for an exec by the specified thread.
413 */
414 void
execsigs(struct proc * p)415 execsigs(struct proc *p)
416 {
417 struct sigacts *ps;
418 int nc, mask;
419
420 ps = p->p_p->ps_sigacts;
421 mtx_enter(&p->p_p->ps_mtx);
422
423 /*
424 * Reset caught signals. Held signals remain held
425 * through p_sigmask (unless they were caught,
426 * and are now ignored by default).
427 */
428 while (ps->ps_sigcatch) {
429 nc = ffs((long)ps->ps_sigcatch);
430 mask = sigmask(nc);
431 ps->ps_sigcatch &= ~mask;
432 if (sigprop[nc] & SA_IGNORE) {
433 if (nc != SIGCONT)
434 ps->ps_sigignore |= mask;
435 atomic_clearbits_int(&p->p_siglist, mask);
436 atomic_clearbits_int(&p->p_p->ps_siglist, mask);
437 }
438 ps->ps_sigact[nc] = SIG_DFL;
439 }
440 /*
441 * Reset stack state to the user stack.
442 * Clear set of signals caught on the signal stack.
443 */
444 sigstkinit(&p->p_sigstk);
445 atomic_clearbits_int(&ps->ps_sigflags, SAS_NOCLDWAIT);
446 if (ps->ps_sigact[SIGCHLD] == SIG_IGN)
447 ps->ps_sigact[SIGCHLD] = SIG_DFL;
448 mtx_leave(&p->p_p->ps_mtx);
449 }
450
451 /*
452 * Manipulate signal mask.
453 * Note that we receive new mask, not pointer,
454 * and return old mask as return value;
455 * the library stub does the rest.
456 */
457 int
sys_sigprocmask(struct proc * p,void * v,register_t * retval)458 sys_sigprocmask(struct proc *p, void *v, register_t *retval)
459 {
460 struct sys_sigprocmask_args /* {
461 syscallarg(int) how;
462 syscallarg(sigset_t) mask;
463 } */ *uap = v;
464 int error = 0;
465 sigset_t mask;
466
467 KASSERT(p == curproc);
468
469 *retval = p->p_sigmask;
470 mask = SCARG(uap, mask) &~ sigcantmask;
471
472 switch (SCARG(uap, how)) {
473 case SIG_BLOCK:
474 SET(p->p_sigmask, mask);
475 break;
476 case SIG_UNBLOCK:
477 CLR(p->p_sigmask, mask);
478 break;
479 case SIG_SETMASK:
480 p->p_sigmask = mask;
481 break;
482 default:
483 error = EINVAL;
484 break;
485 }
486 return (error);
487 }
488
489 int
sys_sigpending(struct proc * p,void * v,register_t * retval)490 sys_sigpending(struct proc *p, void *v, register_t *retval)
491 {
492 *retval = p->p_siglist | p->p_p->ps_siglist;
493 return (0);
494 }
495
496 /*
497 * Temporarily replace calling proc's signal mask for the duration of a
498 * system call. Original signal mask will be restored by userret().
499 */
500 void
dosigsuspend(struct proc * p,sigset_t newmask)501 dosigsuspend(struct proc *p, sigset_t newmask)
502 {
503 KASSERT(p == curproc);
504
505 p->p_oldmask = p->p_sigmask;
506 p->p_sigmask = newmask;
507 atomic_setbits_int(&p->p_flag, P_SIGSUSPEND);
508 }
509
510 /*
511 * Suspend thread until signal, providing mask to be set
512 * in the meantime. Note nonstandard calling convention:
513 * libc stub passes mask, not pointer, to save a copyin.
514 */
515 int
sys_sigsuspend(struct proc * p,void * v,register_t * retval)516 sys_sigsuspend(struct proc *p, void *v, register_t *retval)
517 {
518 struct sys_sigsuspend_args /* {
519 syscallarg(int) mask;
520 } */ *uap = v;
521
522 dosigsuspend(p, SCARG(uap, mask) &~ sigcantmask);
523 while (tsleep_nsec(&nowake, PPAUSE|PCATCH, "sigsusp", INFSLP) == 0)
524 continue;
525 /* always return EINTR rather than ERESTART... */
526 return (EINTR);
527 }
528
529 int
sigonstack(size_t stack)530 sigonstack(size_t stack)
531 {
532 const struct sigaltstack *ss = &curproc->p_sigstk;
533
534 return (ss->ss_flags & SS_DISABLE ? 0 :
535 (stack - (size_t)ss->ss_sp < ss->ss_size));
536 }
537
538 int
sys_sigaltstack(struct proc * p,void * v,register_t * retval)539 sys_sigaltstack(struct proc *p, void *v, register_t *retval)
540 {
541 struct sys_sigaltstack_args /* {
542 syscallarg(const struct sigaltstack *) nss;
543 syscallarg(struct sigaltstack *) oss;
544 } */ *uap = v;
545 struct sigaltstack ss;
546 const struct sigaltstack *nss;
547 struct sigaltstack *oss;
548 int onstack = sigonstack(PROC_STACK(p));
549 int error;
550
551 nss = SCARG(uap, nss);
552 oss = SCARG(uap, oss);
553
554 if (oss != NULL) {
555 ss = p->p_sigstk;
556 if (onstack)
557 ss.ss_flags |= SS_ONSTACK;
558 if ((error = copyout(&ss, oss, sizeof(ss))))
559 return (error);
560 }
561 if (nss == NULL)
562 return (0);
563 error = copyin(nss, &ss, sizeof(ss));
564 if (error)
565 return (error);
566 if (onstack)
567 return (EPERM);
568 if (ss.ss_flags & ~SS_DISABLE)
569 return (EINVAL);
570 if (ss.ss_flags & SS_DISABLE) {
571 p->p_sigstk.ss_flags = ss.ss_flags;
572 return (0);
573 }
574 if (ss.ss_size < MINSIGSTKSZ)
575 return (ENOMEM);
576
577 error = uvm_map_remap_as_stack(p, (vaddr_t)ss.ss_sp, ss.ss_size);
578 if (error)
579 return (error);
580
581 p->p_sigstk = ss;
582 return (0);
583 }
584
585 int
sys_kill(struct proc * cp,void * v,register_t * retval)586 sys_kill(struct proc *cp, void *v, register_t *retval)
587 {
588 struct sys_kill_args /* {
589 syscallarg(int) pid;
590 syscallarg(int) signum;
591 } */ *uap = v;
592 struct process *pr;
593 int pid = SCARG(uap, pid);
594 int signum = SCARG(uap, signum);
595 int error;
596 int zombie = 0;
597
598 if ((error = pledge_kill(cp, pid)) != 0)
599 return (error);
600 if (((u_int)signum) >= NSIG)
601 return (EINVAL);
602 if (pid > 0) {
603 if ((pr = prfind(pid)) == NULL) {
604 if ((pr = zombiefind(pid)) == NULL)
605 return (ESRCH);
606 else
607 zombie = 1;
608 }
609 if (!cansignal(cp, pr, signum))
610 return (EPERM);
611
612 /* kill single process */
613 if (signum && !zombie)
614 prsignal(pr, signum);
615 return (0);
616 }
617 switch (pid) {
618 case -1: /* broadcast signal */
619 return (killpg1(cp, signum, 0, 1));
620 case 0: /* signal own process group */
621 return (killpg1(cp, signum, 0, 0));
622 default: /* negative explicit process group */
623 return (killpg1(cp, signum, -pid, 0));
624 }
625 }
626
627 int
sys_thrkill(struct proc * cp,void * v,register_t * retval)628 sys_thrkill(struct proc *cp, void *v, register_t *retval)
629 {
630 struct sys_thrkill_args /* {
631 syscallarg(pid_t) tid;
632 syscallarg(int) signum;
633 syscallarg(void *) tcb;
634 } */ *uap = v;
635 struct proc *p;
636 int tid = SCARG(uap, tid);
637 int signum = SCARG(uap, signum);
638 void *tcb;
639
640 if (((u_int)signum) >= NSIG)
641 return (EINVAL);
642
643 p = tid ? tfind_user(tid, cp->p_p) : cp;
644 if (p == NULL)
645 return (ESRCH);
646
647 /* optionally require the target thread to have the given tcb addr */
648 tcb = SCARG(uap, tcb);
649 if (tcb != NULL && tcb != TCB_GET(p))
650 return (ESRCH);
651
652 if (signum)
653 ptsignal(p, signum, STHREAD);
654 return (0);
655 }
656
657 /*
658 * Common code for kill process group/broadcast kill.
659 * cp is calling process.
660 */
661 int
killpg1(struct proc * cp,int signum,int pgid,int all)662 killpg1(struct proc *cp, int signum, int pgid, int all)
663 {
664 struct process *pr;
665 struct pgrp *pgrp;
666 int nfound = 0;
667
668 if (all) {
669 /*
670 * broadcast
671 */
672 LIST_FOREACH(pr, &allprocess, ps_list) {
673 if (pr->ps_pid <= 1 ||
674 pr->ps_flags & (PS_SYSTEM | PS_NOBROADCASTKILL) ||
675 pr == cp->p_p || !cansignal(cp, pr, signum))
676 continue;
677 nfound++;
678 if (signum)
679 prsignal(pr, signum);
680 }
681 } else {
682 if (pgid == 0)
683 /*
684 * zero pgid means send to my process group.
685 */
686 pgrp = cp->p_p->ps_pgrp;
687 else {
688 pgrp = pgfind(pgid);
689 if (pgrp == NULL)
690 return (ESRCH);
691 }
692 LIST_FOREACH(pr, &pgrp->pg_members, ps_pglist) {
693 if (pr->ps_pid <= 1 || pr->ps_flags & PS_SYSTEM ||
694 !cansignal(cp, pr, signum))
695 continue;
696 nfound++;
697 if (signum)
698 prsignal(pr, signum);
699 }
700 }
701 return (nfound ? 0 : ESRCH);
702 }
703
704 #define CANDELIVER(uid, euid, pr) \
705 (euid == 0 || \
706 (uid) == (pr)->ps_ucred->cr_ruid || \
707 (uid) == (pr)->ps_ucred->cr_svuid || \
708 (uid) == (pr)->ps_ucred->cr_uid || \
709 (euid) == (pr)->ps_ucred->cr_ruid || \
710 (euid) == (pr)->ps_ucred->cr_svuid || \
711 (euid) == (pr)->ps_ucred->cr_uid)
712
713 #define CANSIGIO(cr, pr) \
714 CANDELIVER((cr)->cr_ruid, (cr)->cr_uid, (pr))
715
716 /*
717 * Send a signal to a process group. If checktty is 1,
718 * limit to members which have a controlling terminal.
719 */
720 void
pgsignal(struct pgrp * pgrp,int signum,int checkctty)721 pgsignal(struct pgrp *pgrp, int signum, int checkctty)
722 {
723 struct process *pr;
724
725 if (pgrp)
726 LIST_FOREACH(pr, &pgrp->pg_members, ps_pglist)
727 if (checkctty == 0 || pr->ps_flags & PS_CONTROLT)
728 prsignal(pr, signum);
729 }
730
731 /*
732 * Send a SIGIO or SIGURG signal to a process or process group using stored
733 * credentials rather than those of the current process.
734 */
735 void
pgsigio(struct sigio_ref * sir,int sig,int checkctty)736 pgsigio(struct sigio_ref *sir, int sig, int checkctty)
737 {
738 struct process *pr;
739 struct sigio *sigio;
740
741 if (sir->sir_sigio == NULL)
742 return;
743
744 KERNEL_LOCK();
745 mtx_enter(&sigio_lock);
746 sigio = sir->sir_sigio;
747 if (sigio == NULL)
748 goto out;
749 if (sigio->sio_pgid > 0) {
750 if (CANSIGIO(sigio->sio_ucred, sigio->sio_proc))
751 prsignal(sigio->sio_proc, sig);
752 } else if (sigio->sio_pgid < 0) {
753 LIST_FOREACH(pr, &sigio->sio_pgrp->pg_members, ps_pglist) {
754 if (CANSIGIO(sigio->sio_ucred, pr) &&
755 (checkctty == 0 || (pr->ps_flags & PS_CONTROLT)))
756 prsignal(pr, sig);
757 }
758 }
759 out:
760 mtx_leave(&sigio_lock);
761 KERNEL_UNLOCK();
762 }
763
764 /*
765 * Recalculate the signal mask and reset the signal disposition after
766 * usermode frame for delivery is formed.
767 */
768 void
postsig_done(struct proc * p,int signum,sigset_t catchmask,int reset)769 postsig_done(struct proc *p, int signum, sigset_t catchmask, int reset)
770 {
771 p->p_ru.ru_nsignals++;
772 SET(p->p_sigmask, catchmask);
773 if (reset != 0) {
774 sigset_t mask = sigmask(signum);
775 struct sigacts *ps = p->p_p->ps_sigacts;
776
777 mtx_enter(&p->p_p->ps_mtx);
778 ps->ps_sigcatch &= ~mask;
779 if (signum != SIGCONT && sigprop[signum] & SA_IGNORE)
780 ps->ps_sigignore |= mask;
781 ps->ps_sigact[signum] = SIG_DFL;
782 mtx_leave(&p->p_p->ps_mtx);
783 }
784 }
785
786 /*
787 * Send a signal caused by a trap to the current thread
788 * If it will be caught immediately, deliver it with correct code.
789 * Otherwise, post it normally.
790 */
791 void
trapsignal(struct proc * p,int signum,u_long trapno,int code,union sigval sigval)792 trapsignal(struct proc *p, int signum, u_long trapno, int code,
793 union sigval sigval)
794 {
795 struct process *pr = p->p_p;
796 struct sigctx ctx;
797 int mask;
798
799 switch (signum) {
800 case SIGILL:
801 if (code == ILL_BTCFI) {
802 pr->ps_acflag |= ABTCFI;
803 break;
804 }
805 /* FALLTHROUGH */
806 case SIGBUS:
807 case SIGSEGV:
808 pr->ps_acflag |= ATRAP;
809 break;
810 }
811
812 mask = sigmask(signum);
813 setsigctx(p, signum, &ctx);
814 if ((pr->ps_flags & PS_TRACED) == 0 && ctx.sig_catch != 0 &&
815 (p->p_sigmask & mask) == 0) {
816 siginfo_t si;
817
818 initsiginfo(&si, signum, trapno, code, sigval);
819 #ifdef KTRACE
820 if (KTRPOINT(p, KTR_PSIG)) {
821 ktrpsig(p, signum, ctx.sig_action,
822 p->p_sigmask, code, &si);
823 }
824 #endif
825 if (sendsig(ctx.sig_action, signum, p->p_sigmask, &si,
826 ctx.sig_info, ctx.sig_onstack)) {
827 KERNEL_LOCK();
828 sigexit(p, SIGILL);
829 /* NOTREACHED */
830 }
831 postsig_done(p, signum, ctx.sig_catchmask, ctx.sig_reset);
832 } else {
833 p->p_sisig = signum;
834 p->p_sitrapno = trapno; /* XXX for core dump/debugger */
835 p->p_sicode = code;
836 p->p_sigval = sigval;
837
838 /*
839 * If traced, stop if signal is masked, and stay stopped
840 * until released by the debugger. If our parent process
841 * is waiting for us, don't hang as we could deadlock.
842 */
843 if (((pr->ps_flags & (PS_TRACED | PS_PPWAIT)) == PS_TRACED) &&
844 signum != SIGKILL && (p->p_sigmask & mask) != 0) {
845 signum = proc_trap(p, signum);
846
847 mask = sigmask(signum);
848 setsigctx(p, signum, &ctx);
849
850 /*
851 * If we are no longer being traced, or the parent
852 * didn't give us a signal, skip sending the signal.
853 */
854 if ((pr->ps_flags & PS_TRACED) == 0 || signum == 0)
855 return;
856
857 /* update signal info */
858 p->p_sisig = signum;
859 }
860
861 /*
862 * Signals like SIGBUS and SIGSEGV should not, when
863 * generated by the kernel, be ignorable or blockable.
864 * If it is and we're not being traced, then just kill
865 * the process.
866 * After vfs_shutdown(9), init(8) cannot receive signals
867 * because new code pages of the signal handler cannot be
868 * mapped from halted storage. init(8) may not die or the
869 * kernel panics. Better loop between signal handler and
870 * page fault trap until the machine is halted.
871 */
872 if ((pr->ps_flags & PS_TRACED) == 0 &&
873 (sigprop[signum] & SA_KILL) &&
874 ((p->p_sigmask & mask) || ctx.sig_ignore) &&
875 pr->ps_pid != 1) {
876 KERNEL_LOCK();
877 sigexit(p, signum);
878 /* NOTREACHED */
879 }
880 ptsignal(p, signum, STHREAD);
881 }
882 }
883
884 /*
885 * Send the signal to the process. If the signal has an action, the action
886 * is usually performed by the target process rather than the caller; we add
887 * the signal to the set of pending signals for the process.
888 *
889 * Exceptions:
890 * o When a stop signal is sent to a sleeping process that takes the
891 * default action, the process is stopped without awakening it.
892 * o SIGCONT restarts stopped processes (or puts them back to sleep)
893 * regardless of the signal action (eg, blocked or ignored).
894 *
895 * Other ignored signals are discarded immediately.
896 */
897 void
psignal(struct proc * p,int signum)898 psignal(struct proc *p, int signum)
899 {
900 ptsignal(p, signum, SPROCESS);
901 }
902
903 void
prsignal(struct process * pr,int signum)904 prsignal(struct process *pr, int signum)
905 {
906 mtx_enter(&pr->ps_mtx);
907 /* Ignore signal if the target process is exiting */
908 if (pr->ps_flags & PS_EXITING) {
909 mtx_leave(&pr->ps_mtx);
910 return;
911 }
912 ptsignal_locked(TAILQ_FIRST(&pr->ps_threads), signum, SPROCESS);
913 mtx_leave(&pr->ps_mtx);
914 }
915
916 /*
917 * type = SPROCESS process signal, can be diverted (sigwait())
918 * type = STHREAD thread signal, but should be propagated if unhandled
919 * type = SPROPAGATED propagated to this thread, so don't propagate again
920 */
921 void
ptsignal(struct proc * p,int signum,enum signal_type type)922 ptsignal(struct proc *p, int signum, enum signal_type type)
923 {
924 struct process *pr = p->p_p;
925
926 mtx_enter(&pr->ps_mtx);
927 ptsignal_locked(p, signum, type);
928 mtx_leave(&pr->ps_mtx);
929 }
930
931 void
ptsignal_locked(struct proc * p,int signum,enum signal_type type)932 ptsignal_locked(struct proc *p, int signum, enum signal_type type)
933 {
934 int prop;
935 sig_t action, altaction = SIG_DFL;
936 sigset_t mask, sigmask;
937 int *siglist;
938 struct process *pr = p->p_p;
939 struct proc *q;
940 int wakeparent = 0;
941
942 MUTEX_ASSERT_LOCKED(&pr->ps_mtx);
943
944 #ifdef DIAGNOSTIC
945 if ((u_int)signum >= NSIG || signum == 0)
946 panic("psignal signal number");
947 #endif
948
949 /* Ignore signal if the target process is exiting */
950 if (pr->ps_flags & PS_EXITING)
951 return;
952
953 mask = sigmask(signum);
954 sigmask = READ_ONCE(p->p_sigmask);
955
956 if (type == SPROCESS) {
957 sigset_t tmpmask;
958
959 /* Accept SIGKILL to coredumping processes */
960 if (pr->ps_flags & PS_COREDUMP && signum == SIGKILL) {
961 atomic_setbits_int(&pr->ps_siglist, mask);
962 return;
963 }
964
965 /*
966 * If the current thread can process the signal
967 * immediately (it's unblocked) then have it take it.
968 */
969 q = curproc;
970 tmpmask = READ_ONCE(q->p_sigmask);
971 if (q->p_p == pr && (q->p_flag & P_WEXIT) == 0 &&
972 (tmpmask & mask) == 0) {
973 p = q;
974 sigmask = tmpmask;
975 } else {
976 /*
977 * A process-wide signal can be diverted to a
978 * different thread that's in sigwait() for this
979 * signal. If there isn't such a thread, then
980 * pick a thread that doesn't have it blocked so
981 * that the stop/kill consideration isn't
982 * delayed. Otherwise, mark it pending on the
983 * main thread.
984 */
985 TAILQ_FOREACH(q, &pr->ps_threads, p_thr_link) {
986
987 /* ignore exiting threads */
988 if (q->p_flag & P_WEXIT)
989 continue;
990
991 /* skip threads that have the signal blocked */
992 tmpmask = READ_ONCE(q->p_sigmask);
993 if ((tmpmask & mask) != 0)
994 continue;
995
996 /* okay, could send to this thread */
997 p = q;
998 sigmask = tmpmask;
999
1000 /*
1001 * sigsuspend, sigwait, ppoll/pselect, etc?
1002 * Definitely go to this thread, as it's
1003 * already blocked in the kernel.
1004 */
1005 if (q->p_flag & P_SIGSUSPEND)
1006 break;
1007 }
1008 }
1009 }
1010
1011 if (type != SPROPAGATED)
1012 knote_locked(&pr->ps_klist, NOTE_SIGNAL | signum);
1013
1014 prop = sigprop[signum];
1015
1016 /*
1017 * If proc is traced, always give parent a chance.
1018 */
1019 if (pr->ps_flags & PS_TRACED) {
1020 action = SIG_DFL;
1021 } else {
1022 sigset_t sigcatch, sigignore;
1023
1024 /*
1025 * If the signal is being ignored,
1026 * then we forget about it immediately.
1027 * (Note: we don't set SIGCONT in ps_sigignore,
1028 * and if it is set to SIG_IGN,
1029 * action will be SIG_DFL here.)
1030 */
1031 sigignore = pr->ps_sigacts->ps_sigignore;
1032 sigcatch = pr->ps_sigacts->ps_sigcatch;
1033
1034 if (sigignore & mask)
1035 return;
1036 if (sigmask & mask) {
1037 action = SIG_HOLD;
1038 if (sigcatch & mask)
1039 altaction = SIG_CATCH;
1040 } else if (sigcatch & mask) {
1041 action = SIG_CATCH;
1042 } else {
1043 action = SIG_DFL;
1044
1045 if (prop & SA_KILL && pr->ps_nice > NZERO)
1046 pr->ps_nice = NZERO;
1047
1048 /*
1049 * If sending a tty stop signal to a member of an
1050 * orphaned process group, discard the signal here if
1051 * the action is default; don't stop the process below
1052 * if sleeping, and don't clear any pending SIGCONT.
1053 */
1054 if (prop & SA_TTYSTOP && pr->ps_pgrp->pg_jobc == 0)
1055 return;
1056 }
1057 }
1058 /*
1059 * If delivered to process, mark as pending there. Continue and stop
1060 * signals will be propagated to all threads. So they are always
1061 * marked at thread level.
1062 */
1063 siglist = (type == SPROCESS) ? &pr->ps_siglist : &p->p_siglist;
1064 if (prop & (SA_CONT | SA_STOP))
1065 siglist = &p->p_siglist;
1066
1067 /*
1068 * XXX delay processing of SA_STOP signals unless action == SIG_DFL?
1069 */
1070 if (prop & SA_STOP && type != SPROPAGATED)
1071 TAILQ_FOREACH(q, &pr->ps_threads, p_thr_link)
1072 if (q != p)
1073 ptsignal_locked(q, signum, SPROPAGATED);
1074
1075 SCHED_LOCK();
1076
1077 switch (p->p_stat) {
1078
1079 case SSTOP:
1080 /*
1081 * If traced process is already stopped,
1082 * then no further action is necessary.
1083 */
1084 if (pr->ps_flags & PS_TRACED)
1085 goto out;
1086
1087 /*
1088 * Kill signal always sets processes running.
1089 */
1090 if (signum == SIGKILL) {
1091 atomic_clearbits_int(&p->p_flag, P_SUSPSIG);
1092 /* Raise priority to at least PUSER. */
1093 if (p->p_usrpri > PUSER)
1094 p->p_usrpri = PUSER;
1095 unsleep(p);
1096 setrunnable(p);
1097 goto out;
1098 }
1099
1100 if (prop & SA_CONT) {
1101 /*
1102 * If SIGCONT is default (or ignored), we continue the
1103 * process but don't leave the signal in p_siglist, as
1104 * it has no further action. If SIGCONT is held, we
1105 * continue the process and leave the signal in
1106 * p_siglist. If the process catches SIGCONT, let it
1107 * handle the signal itself. At the end continue
1108 * the process.
1109 */
1110 atomic_setbits_int(&pr->ps_flags, PS_CONTINUED);
1111 atomic_clearbits_int(&pr->ps_flags,
1112 PS_WAITED | PS_STOPPED | PS_STOPPING | PS_TRAPPED);
1113 if (action == SIG_DFL)
1114 mask = 0;
1115 if (action == SIG_CATCH) {
1116 /* Raise priority to at least PUSER. */
1117 if (p->p_usrpri > PUSER)
1118 p->p_usrpri = PUSER;
1119 unsleep(p);
1120 }
1121
1122 process_continue(pr, P_SUSPSIG);
1123 wakeparent = 1;
1124 goto out;
1125 }
1126
1127 /*
1128 * Defer further processing for signals which are held,
1129 * except that stopped processes must be continued by SIGCONT.
1130 */
1131 if (action == SIG_HOLD)
1132 goto out;
1133
1134 if (prop & SA_STOP) {
1135 /*
1136 * Already stopped, don't need to stop again.
1137 * (If we did the shell could get confused.)
1138 */
1139 mask = 0;
1140 goto out;
1141 }
1142
1143 /*
1144 * If process is sleeping interruptibly, then simulate a
1145 * wakeup so that when it is continued, it will be made
1146 * runnable and can look at the signal. But don't make
1147 * the process runnable, leave it stopped.
1148 */
1149 if (p->p_flag & P_SINTR)
1150 unsleep(p);
1151 goto out;
1152
1153 case SSLEEP:
1154 /*
1155 * If process is sleeping uninterruptibly
1156 * we can't interrupt the sleep... the signal will
1157 * be noticed when the process returns through
1158 * trap() or syscall().
1159 */
1160 if ((p->p_flag & P_SINTR) == 0)
1161 goto out;
1162 /*
1163 * Process is sleeping and traced... make it runnable
1164 * so it can discover the signal in cursig() and stop
1165 * for the parent.
1166 */
1167 if (pr->ps_flags & PS_TRACED) {
1168 unsleep(p);
1169 setrunnable(p);
1170 goto out;
1171 }
1172
1173 /*
1174 * Recheck sigmask before waking up the process,
1175 * there is a chance that while sending the signal
1176 * the process changed sigmask and went to sleep.
1177 */
1178 sigmask = READ_ONCE(p->p_sigmask);
1179 if (sigmask & mask)
1180 goto out;
1181 else if (action == SIG_HOLD) {
1182 /* signal got unmasked, get proper action */
1183 action = altaction;
1184
1185 if (action == SIG_DFL) {
1186 if (prop & SA_KILL && pr->ps_nice > NZERO)
1187 pr->ps_nice = NZERO;
1188
1189 /*
1190 * Discard tty stop signals sent to an
1191 * orphaned process group, see above.
1192 */
1193 if (prop & SA_TTYSTOP &&
1194 pr->ps_pgrp->pg_jobc == 0) {
1195 mask = 0;
1196 prop = 0;
1197 goto out;
1198 }
1199 }
1200 }
1201
1202 /*
1203 * If SIGCONT is default (or ignored) and process is
1204 * asleep, we are finished; the process should not
1205 * be awakened.
1206 */
1207 if ((prop & SA_CONT) && action == SIG_DFL) {
1208 mask = 0;
1209 goto out;
1210 }
1211 /*
1212 * When a sleeping process receives a stop
1213 * signal, process immediately if possible.
1214 */
1215 if ((prop & SA_STOP) && action == SIG_DFL) {
1216 /*
1217 * If a child holding parent blocked,
1218 * stopping could cause deadlock.
1219 */
1220 if (pr->ps_flags & PS_PPWAIT)
1221 goto out;
1222 mask = 0;
1223 pr->ps_xsig = signum;
1224 proc_stop(p, 0);
1225 goto out;
1226 }
1227 /*
1228 * All other (caught or default) signals
1229 * cause the process to run.
1230 * Raise priority to at least PUSER.
1231 */
1232 if (p->p_usrpri > PUSER)
1233 p->p_usrpri = PUSER;
1234 unsleep(p);
1235 setrunnable(p);
1236 goto out;
1237 /* NOTREACHED */
1238
1239 case SONPROC:
1240 if (action == SIG_HOLD)
1241 goto out;
1242
1243 /* set siglist before issuing the ast */
1244 atomic_setbits_int(siglist, mask);
1245 mask = 0;
1246 signotify(p);
1247 /* FALLTHROUGH */
1248 default:
1249 /*
1250 * SRUN, SIDL, SDEAD do nothing with the signal,
1251 * other than kicking ourselves if we are running.
1252 * It will either never be noticed, or noticed very soon.
1253 */
1254 goto out;
1255 }
1256 /* NOTREACHED */
1257
1258 out:
1259 /* finally adjust siglist */
1260 if (mask)
1261 atomic_setbits_int(siglist, mask);
1262 if (prop & SA_CONT) {
1263 atomic_clearbits_int(siglist, STOPSIGMASK);
1264 }
1265 if (prop & SA_STOP) {
1266 atomic_clearbits_int(siglist, CONTSIGMASK);
1267 atomic_clearbits_int(&pr->ps_flags, PS_CONTINUED);
1268 }
1269
1270 SCHED_UNLOCK();
1271 if (wakeparent)
1272 wakeup(pr->ps_pptr);
1273 }
1274
1275 /* fill the signal context which should be used by postsig() and issignal() */
1276 void
setsigctx(struct proc * p,int signum,struct sigctx * sctx)1277 setsigctx(struct proc *p, int signum, struct sigctx *sctx)
1278 {
1279 struct process *pr = p->p_p;
1280 struct sigacts *ps = pr->ps_sigacts;
1281 sigset_t mask;
1282
1283 mtx_enter(&pr->ps_mtx);
1284 mask = sigmask(signum);
1285 sctx->sig_action = ps->ps_sigact[signum];
1286 sctx->sig_catchmask = ps->ps_catchmask[signum];
1287 sctx->sig_reset = (ps->ps_sigreset & mask) != 0;
1288 sctx->sig_info = (ps->ps_siginfo & mask) != 0;
1289 sctx->sig_intr = (ps->ps_sigintr & mask) != 0;
1290 sctx->sig_onstack = (ps->ps_sigonstack & mask) != 0;
1291 sctx->sig_ignore = (ps->ps_sigignore & mask) != 0;
1292 sctx->sig_catch = (ps->ps_sigcatch & mask) != 0;
1293 sctx->sig_stop = sigprop[signum] & SA_STOP &&
1294 (long)sctx->sig_action == (long)SIG_DFL;
1295 if (sctx->sig_stop) {
1296 /*
1297 * If the process is a member of an orphaned
1298 * process group, ignore tty stop signals.
1299 */
1300 if (pr->ps_flags & PS_TRACED ||
1301 (pr->ps_pgrp->pg_jobc == 0 &&
1302 sigprop[signum] & SA_TTYSTOP)) {
1303 sctx->sig_stop = 0;
1304 sctx->sig_ignore = 1;
1305 }
1306 }
1307 mtx_leave(&pr->ps_mtx);
1308 }
1309
1310 /*
1311 * Determine signal that should be delivered to process p, the current
1312 * process, 0 if none.
1313 *
1314 * If the current process has received a signal (should be caught or cause
1315 * termination, should interrupt current syscall), return the signal number.
1316 * Stop signals with default action are processed immediately, then cleared;
1317 * they aren't returned. This is checked after each entry to the system for
1318 * a syscall or trap. The normal call sequence is
1319 *
1320 * while (signum = cursig(curproc, &ctx, 0))
1321 * postsig(signum, &ctx);
1322 *
1323 * Assumes that if the P_SINTR flag is set, we're holding both the
1324 * kernel and scheduler locks.
1325 */
1326 int
cursig(struct proc * p,struct sigctx * sctx,int deep)1327 cursig(struct proc *p, struct sigctx *sctx, int deep)
1328 {
1329 struct process *pr = p->p_p;
1330 int signum, mask, keep = 0, prop;
1331 sigset_t ps_siglist;
1332
1333 KASSERT(p == curproc);
1334
1335 for (;;) {
1336 ps_siglist = READ_ONCE(pr->ps_siglist);
1337 membar_consumer();
1338 mask = SIGPENDING(p);
1339 if (pr->ps_flags & PS_PPWAIT)
1340 mask &= ~STOPSIGMASK;
1341 signum = ffs(mask);
1342 if (signum == 0) /* no signal to send */
1343 goto keep;
1344 mask = sigmask(signum);
1345
1346 /* take the signal! */
1347 if (atomic_cas_uint(&pr->ps_siglist, ps_siglist,
1348 ps_siglist & ~mask) != ps_siglist) {
1349 /* lost race taking the process signal, restart */
1350 continue;
1351 }
1352 atomic_clearbits_int(&p->p_siglist, mask);
1353 setsigctx(p, signum, sctx);
1354
1355 /*
1356 * We should see pending but ignored signals
1357 * only if PS_TRACED was on when they were posted.
1358 */
1359 if (sctx->sig_ignore && (pr->ps_flags & PS_TRACED) == 0)
1360 continue;
1361
1362 /*
1363 * If cursig is called while going to sleep, abort now
1364 * and stop the sleep. When the call unwinded to userret
1365 * cursig is called again and there the signal can be
1366 * handled cleanly.
1367 */
1368 if (deep) {
1369 /*
1370 * Do not stop the thread here if multiple
1371 * signals are pending and at least one of
1372 * them would force an unwind.
1373 *
1374 * ffs() favors low numbered signals and
1375 * so stop signals may be picked up before
1376 * other pending signals.
1377 */
1378 if (sctx->sig_stop && SIGPENDING(p)) {
1379 keep |= mask;
1380 continue;
1381 }
1382 goto keep;
1383 }
1384
1385 /*
1386 * If traced, always stop, and stay stopped until released
1387 * by the debugger. If our parent process is waiting for
1388 * us, don't hang as we could deadlock.
1389 */
1390 if (((pr->ps_flags & (PS_TRACED | PS_PPWAIT)) == PS_TRACED) &&
1391 signum != SIGKILL) {
1392 signum = proc_trap(p, signum);
1393
1394 mask = sigmask(signum);
1395 setsigctx(p, signum, sctx);
1396
1397 /*
1398 * If we are no longer being traced, or the parent
1399 * didn't give us a signal, or the signal is ignored,
1400 * look for more signals.
1401 */
1402 if ((pr->ps_flags & PS_TRACED) == 0 || signum == 0 ||
1403 sctx->sig_ignore)
1404 continue;
1405
1406 /*
1407 * If the new signal is being masked, look for other
1408 * signals but leave it for later.
1409 */
1410 if ((p->p_sigmask & mask) != 0) {
1411 atomic_setbits_int(&p->p_siglist, mask);
1412 continue;
1413 }
1414
1415 }
1416
1417 prop = sigprop[signum];
1418
1419 /*
1420 * Decide whether the signal should be returned.
1421 * Return the signal's number, or fall through
1422 * to clear it from the pending mask.
1423 */
1424 switch ((long)sctx->sig_action) {
1425 case (long)SIG_DFL:
1426 /*
1427 * Don't take default actions on system processes.
1428 */
1429 if (pr->ps_pid <= 1) {
1430 #ifdef DIAGNOSTIC
1431 /*
1432 * Are you sure you want to ignore SIGSEGV
1433 * in init? XXX
1434 */
1435 printf("Process (pid %d) got signal"
1436 " %d\n", pr->ps_pid, signum);
1437 #endif
1438 break; /* == ignore */
1439 }
1440 /*
1441 * If there is a pending stop signal to process
1442 * with default action, stop here,
1443 * then clear the signal.
1444 */
1445 if (sctx->sig_stop) {
1446 pr->ps_xsig = signum;
1447 SCHED_LOCK();
1448 proc_stop(p, 1);
1449 SCHED_UNLOCK();
1450 break;
1451 } else if (prop & SA_IGNORE) {
1452 /*
1453 * Except for SIGCONT, shouldn't get here.
1454 * Default action is to ignore; drop it.
1455 */
1456 break; /* == ignore */
1457 } else
1458 goto keep;
1459 /* NOTREACHED */
1460 case (long)SIG_IGN:
1461 /*
1462 * Masking above should prevent us ever trying
1463 * to take action on an ignored signal other
1464 * than SIGCONT, unless process is traced.
1465 */
1466 if ((prop & SA_CONT) == 0 &&
1467 (pr->ps_flags & PS_TRACED) == 0)
1468 printf("%s\n", __func__);
1469 break; /* == ignore */
1470 default:
1471 /*
1472 * This signal has an action, let
1473 * postsig() process it.
1474 */
1475 goto keep;
1476 }
1477 }
1478 /* NOTREACHED */
1479
1480 keep:
1481 /*
1482 * if we stashed a stop signal but no other signal is pending
1483 * anymore pick the stop signal up again.
1484 */
1485 if (keep != 0 && signum == 0) {
1486 signum = ffs(keep);
1487 setsigctx(p, signum, sctx);
1488 }
1489 /* move the signal to p_siglist for later */
1490 atomic_setbits_int(&p->p_siglist, mask | keep);
1491 return (signum);
1492 }
1493
1494 int
proc_trap(struct proc * p,int signum)1495 proc_trap(struct proc *p, int signum)
1496 {
1497 struct process *pr = p->p_p;
1498
1499 single_thread_set(p, SINGLE_SUSPEND | SINGLE_NOWAIT);
1500 pr->ps_xsig = signum;
1501
1502 SCHED_LOCK();
1503 atomic_setbits_int(&pr->ps_flags, PS_TRAPPED);
1504 proc_stop(p, 1);
1505 atomic_clearbits_int(&pr->ps_flags,
1506 PS_WAITED | PS_STOPPED | PS_TRAPPED);
1507 SCHED_UNLOCK();
1508
1509 signum = pr->ps_xsig;
1510 pr->ps_xsig = 0;
1511 if ((p->p_flag & P_TRACESINGLE) == 0)
1512 single_thread_clear(p);
1513 atomic_clearbits_int(&p->p_flag, P_TRACESINGLE);
1514
1515 return signum;
1516 }
1517
1518 /*
1519 * Continue all threads of a process that were stopped because of `flag'.
1520 */
1521 void
process_continue(struct process * pr,int flag)1522 process_continue(struct process *pr, int flag)
1523 {
1524 struct proc *q, *p = NULL;
1525
1526 MUTEX_ASSERT_LOCKED(&pr->ps_mtx);
1527
1528 /* skip curproc if it is part of pr */
1529 if (curproc->p_p == pr)
1530 p = curproc;
1531
1532 TAILQ_FOREACH(q, &pr->ps_threads, p_thr_link) {
1533 if (q == p)
1534 continue;
1535 if (!ISSET(q->p_flag, flag))
1536 continue;
1537 atomic_clearbits_int(&q->p_flag, flag);
1538
1539 /*
1540 * XXX in ptsignal the SCHED_LOCK is already held so we can't
1541 * grab it here until that is fixed.
1542 */
1543 /* XXX SCHED_LOCK(); */
1544 SCHED_ASSERT_LOCKED();
1545 /*
1546 * Stopping a process is not an atomic operation so
1547 * it is possible that some threads are not stopped
1548 * when process_continue is called. These threads
1549 * need to be skipped.
1550 *
1551 * Clearing either makes the thread runnable or puts
1552 * it back into some sleep queue.
1553 */
1554 if (q->p_stat == SSTOP) {
1555 if (q->p_wchan == NULL)
1556 setrunnable(q);
1557 else
1558 q->p_stat = SSLEEP;
1559 }
1560 /* XXX SCHED_UNLOCK(); */
1561 }
1562 }
1563
1564 /*
1565 * Put the argument process into the stopped state and notify the parent
1566 * via wakeup. Signals are handled elsewhere. The process must not be
1567 * on the run queue.
1568 */
1569 void
proc_stop(struct proc * p,int sw)1570 proc_stop(struct proc *p, int sw)
1571 {
1572 struct process *pr = p->p_p;
1573
1574 #ifdef MULTIPROCESSOR
1575 SCHED_ASSERT_LOCKED();
1576 #endif
1577 /* do not stop exiting procs */
1578 if (ISSET(p->p_flag, P_WEXIT))
1579 return;
1580
1581 p->p_stat = SSTOP;
1582 atomic_clearbits_int(&pr->ps_flags, PS_WAITED);
1583 atomic_setbits_int(&pr->ps_flags, PS_STOPPING);
1584 atomic_setbits_int(&p->p_flag, P_SUSPSIG);
1585 /*
1586 * We need this soft interrupt to be handled fast.
1587 * Extra calls to softclock don't hurt.
1588 */
1589 softintr_schedule(proc_stop_si);
1590 if (sw)
1591 mi_switch();
1592 }
1593
1594 /*
1595 * Called from a soft interrupt to send signals to the parents of stopped
1596 * processes.
1597 * We can't do this in proc_stop because it's called with nasty locks held
1598 * and we would need recursive scheduler lock to deal with that.
1599 */
1600 void
proc_stop_sweep(void * v)1601 proc_stop_sweep(void *v)
1602 {
1603 struct process *pr;
1604
1605 LIST_FOREACH(pr, &allprocess, ps_list) {
1606 if ((pr->ps_flags & PS_STOPPING) == 0)
1607 continue;
1608 atomic_setbits_int(&pr->ps_flags, PS_STOPPED);
1609 atomic_clearbits_int(&pr->ps_flags, PS_STOPPING);
1610
1611 if ((pr->ps_pptr->ps_sigacts->ps_sigflags & SAS_NOCLDSTOP) == 0)
1612 prsignal(pr->ps_pptr, SIGCHLD);
1613 wakeup(pr->ps_pptr);
1614 }
1615 }
1616
1617 /*
1618 * Take the action for the specified signal
1619 * from the current set of pending signals.
1620 */
1621 void
postsig(struct proc * p,int signum,struct sigctx * sctx)1622 postsig(struct proc *p, int signum, struct sigctx *sctx)
1623 {
1624 u_long trapno;
1625 int mask, returnmask;
1626 siginfo_t si;
1627 union sigval sigval;
1628 int code;
1629
1630 KASSERT(signum != 0);
1631
1632 mask = sigmask(signum);
1633 atomic_clearbits_int(&p->p_siglist, mask);
1634 sigval.sival_ptr = NULL;
1635
1636 if (p->p_sisig != signum) {
1637 trapno = 0;
1638 code = SI_USER;
1639 sigval.sival_ptr = NULL;
1640 } else {
1641 trapno = p->p_sitrapno;
1642 code = p->p_sicode;
1643 sigval = p->p_sigval;
1644 }
1645 initsiginfo(&si, signum, trapno, code, sigval);
1646
1647 #ifdef KTRACE
1648 if (KTRPOINT(p, KTR_PSIG)) {
1649 ktrpsig(p, signum, sctx->sig_action, p->p_flag & P_SIGSUSPEND ?
1650 p->p_oldmask : p->p_sigmask, code, &si);
1651 }
1652 #endif
1653 if (sctx->sig_action == SIG_DFL) {
1654 /*
1655 * Default action, where the default is to kill
1656 * the process. (Other cases were ignored above.)
1657 */
1658 KERNEL_LOCK();
1659 sigexit(p, signum);
1660 /* NOTREACHED */
1661 } else {
1662 /*
1663 * If we get here, the signal must be caught.
1664 */
1665 #ifdef DIAGNOSTIC
1666 if (sctx->sig_action == SIG_IGN || (p->p_sigmask & mask))
1667 panic("postsig action");
1668 #endif
1669 /*
1670 * Set the new mask value and also defer further
1671 * occurrences of this signal.
1672 *
1673 * Special case: user has done a sigpause. Here the
1674 * current mask is not of interest, but rather the
1675 * mask from before the sigpause is what we want
1676 * restored after the signal processing is completed.
1677 */
1678 if (p->p_flag & P_SIGSUSPEND) {
1679 atomic_clearbits_int(&p->p_flag, P_SIGSUSPEND);
1680 returnmask = p->p_oldmask;
1681 } else {
1682 returnmask = p->p_sigmask;
1683 }
1684 if (p->p_sisig == signum) {
1685 p->p_sisig = 0;
1686 p->p_sitrapno = 0;
1687 p->p_sicode = SI_USER;
1688 p->p_sigval.sival_ptr = NULL;
1689 }
1690
1691 if (sendsig(sctx->sig_action, signum, returnmask, &si,
1692 sctx->sig_info, sctx->sig_onstack)) {
1693 KERNEL_LOCK();
1694 sigexit(p, SIGILL);
1695 /* NOTREACHED */
1696 }
1697 postsig_done(p, signum, sctx->sig_catchmask, sctx->sig_reset);
1698 }
1699 }
1700
1701 /*
1702 * Force the current process to exit with the specified signal, dumping core
1703 * if appropriate. We bypass the normal tests for masked and caught signals,
1704 * allowing unrecoverable failures to terminate the process without changing
1705 * signal state. Mark the accounting record with the signal termination.
1706 * If dumping core, save the signal number for the debugger. Calls exit and
1707 * does not return.
1708 */
1709 void
sigexit(struct proc * p,int signum)1710 sigexit(struct proc *p, int signum)
1711 {
1712 /* Mark process as going away */
1713 atomic_setbits_int(&p->p_flag, P_WEXIT);
1714
1715 p->p_p->ps_acflag |= AXSIG;
1716 if (sigprop[signum] & SA_CORE) {
1717 p->p_sisig = signum;
1718
1719 /* if there are other threads, pause them */
1720 if (P_HASSIBLING(p))
1721 single_thread_set(p, SINGLE_UNWIND);
1722
1723 if (coredump(p) == 0)
1724 signum |= WCOREFLAG;
1725 }
1726 exit1(p, 0, signum, EXIT_NORMAL);
1727 /* NOTREACHED */
1728 }
1729
1730 /*
1731 * Send uncatchable SIGABRT for coredump.
1732 */
1733 void
sigabort(struct proc * p)1734 sigabort(struct proc *p)
1735 {
1736 struct sigaction sa;
1737
1738 KASSERT(p == curproc || panicstr || db_active);
1739
1740 memset(&sa, 0, sizeof sa);
1741 sa.sa_handler = SIG_DFL;
1742 setsigvec(p, SIGABRT, &sa);
1743 CLR(p->p_sigmask, sigmask(SIGABRT));
1744 psignal(p, SIGABRT);
1745 }
1746
1747 /*
1748 * Return 1 if `sig', a given signal, is ignored or masked for `p', a given
1749 * thread, and 0 otherwise.
1750 */
1751 int
sigismasked(struct proc * p,int sig)1752 sigismasked(struct proc *p, int sig)
1753 {
1754 struct process *pr = p->p_p;
1755 int rv;
1756
1757 KASSERT(p == curproc);
1758
1759 mtx_enter(&pr->ps_mtx);
1760 rv = (pr->ps_sigacts->ps_sigignore & sigmask(sig)) ||
1761 (p->p_sigmask & sigmask(sig));
1762 mtx_leave(&pr->ps_mtx);
1763
1764 return !!rv;
1765 }
1766
1767 struct coredump_iostate {
1768 struct proc *io_proc;
1769 struct vnode *io_vp;
1770 struct ucred *io_cred;
1771 off_t io_offset;
1772 };
1773
1774 /*
1775 * Dump core, into a file named "progname.core", unless the process was
1776 * setuid/setgid.
1777 */
1778 int
coredump(struct proc * p)1779 coredump(struct proc *p)
1780 {
1781 #ifdef SMALL_KERNEL
1782 return EPERM;
1783 #else
1784 struct process *pr = p->p_p;
1785 struct vnode *vp;
1786 struct ucred *cred = p->p_ucred;
1787 struct vmspace *vm = p->p_vmspace;
1788 struct nameidata nd;
1789 struct vattr vattr;
1790 struct coredump_iostate io;
1791 int error, len, incrash = 0;
1792 char *name;
1793 const char *dir = "/var/crash";
1794 int nosuidcoredump_local = atomic_load_int(&nosuidcoredump);
1795
1796 atomic_setbits_int(&pr->ps_flags, PS_COREDUMP);
1797
1798 #ifdef PMAP_CHECK_COPYIN
1799 /* disable copyin checks, so we can write out text sections if needed */
1800 p->p_vmspace->vm_map.check_copyin_count = 0;
1801 #endif
1802
1803 /* Don't dump if will exceed file size limit. */
1804 if (USPACE + ptoa(vm->vm_dsize + vm->vm_ssize) >= lim_cur(RLIMIT_CORE))
1805 return (EFBIG);
1806
1807 name = pool_get(&namei_pool, PR_WAITOK);
1808
1809 /*
1810 * If the process has inconsistent uids, nosuidcoredump
1811 * determines coredump placement policy.
1812 */
1813 if (((pr->ps_flags & PS_SUGID) && (error = suser(p))) ||
1814 ((pr->ps_flags & PS_SUGID) && nosuidcoredump_local)) {
1815 if (nosuidcoredump_local == 3) {
1816 /*
1817 * If the program directory does not exist, dumps of
1818 * that core will silently fail.
1819 */
1820 len = snprintf(name, MAXPATHLEN, "%s/%s/%u.core",
1821 dir, pr->ps_comm, pr->ps_pid);
1822 incrash = KERNELPATH;
1823 } else if (nosuidcoredump_local == 2) {
1824 len = snprintf(name, MAXPATHLEN, "%s/%s.core",
1825 dir, pr->ps_comm);
1826 incrash = KERNELPATH;
1827 } else {
1828 pool_put(&namei_pool, name);
1829 return (EPERM);
1830 }
1831 } else
1832 len = snprintf(name, MAXPATHLEN, "%s.core", pr->ps_comm);
1833
1834 if (len >= MAXPATHLEN) {
1835 pool_put(&namei_pool, name);
1836 return (EACCES);
1837 }
1838
1839 /*
1840 * Control the UID used to write out. The normal case uses
1841 * the real UID. If the sugid case is going to write into the
1842 * controlled directory, we do so as root.
1843 */
1844 if (incrash == 0) {
1845 cred = crdup(cred);
1846 cred->cr_uid = cred->cr_ruid;
1847 cred->cr_gid = cred->cr_rgid;
1848 } else {
1849 if (p->p_fd->fd_rdir) {
1850 vrele(p->p_fd->fd_rdir);
1851 p->p_fd->fd_rdir = NULL;
1852 }
1853 p->p_ucred = crdup(p->p_ucred);
1854 crfree(cred);
1855 cred = p->p_ucred;
1856 crhold(cred);
1857 cred->cr_uid = 0;
1858 cred->cr_gid = 0;
1859 }
1860
1861 /* incrash should be 0 or KERNELPATH only */
1862 NDINIT(&nd, 0, BYPASSUNVEIL | incrash, UIO_SYSSPACE, name, p);
1863
1864 error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW | O_NONBLOCK,
1865 S_IRUSR | S_IWUSR);
1866
1867 if (error)
1868 goto out;
1869
1870 /*
1871 * Don't dump to non-regular files, files with links, or files
1872 * owned by someone else.
1873 */
1874 vp = nd.ni_vp;
1875 if ((error = VOP_GETATTR(vp, &vattr, cred, p)) != 0) {
1876 VOP_UNLOCK(vp);
1877 vn_close(vp, FWRITE, cred, p);
1878 goto out;
1879 }
1880 if (vp->v_type != VREG || vattr.va_nlink != 1 ||
1881 vattr.va_mode & ((VREAD | VWRITE) >> 3 | (VREAD | VWRITE) >> 6) ||
1882 vattr.va_uid != cred->cr_uid) {
1883 error = EACCES;
1884 VOP_UNLOCK(vp);
1885 vn_close(vp, FWRITE, cred, p);
1886 goto out;
1887 }
1888 vattr_null(&vattr);
1889 vattr.va_size = 0;
1890 VOP_SETATTR(vp, &vattr, cred, p);
1891 pr->ps_acflag |= ACORE;
1892
1893 io.io_proc = p;
1894 io.io_vp = vp;
1895 io.io_cred = cred;
1896 io.io_offset = 0;
1897 VOP_UNLOCK(vp);
1898 vref(vp);
1899 error = vn_close(vp, FWRITE, cred, p);
1900 if (error == 0)
1901 error = coredump_elf(p, &io);
1902 vrele(vp);
1903 out:
1904 crfree(cred);
1905 pool_put(&namei_pool, name);
1906 return (error);
1907 #endif
1908 }
1909
1910 #ifndef SMALL_KERNEL
1911 int
coredump_write(void * cookie,enum uio_seg segflg,const void * data,size_t len,int isvnode)1912 coredump_write(void *cookie, enum uio_seg segflg, const void *data, size_t len,
1913 int isvnode)
1914 {
1915 struct coredump_iostate *io = cookie;
1916 off_t coffset = 0;
1917 size_t csize;
1918 int chunk, error;
1919
1920 csize = len;
1921 do {
1922 if (sigmask(SIGKILL) &
1923 (io->io_proc->p_siglist | io->io_proc->p_p->ps_siglist))
1924 return (EINTR);
1925
1926 /* Rest of the loop sleeps with lock held, so... */
1927 yield();
1928
1929 chunk = MIN(csize, MAXPHYS);
1930 error = vn_rdwr(UIO_WRITE, io->io_vp,
1931 (caddr_t)data + coffset, chunk,
1932 io->io_offset + coffset, segflg,
1933 IO_UNIT, io->io_cred, NULL, io->io_proc);
1934 if (error && (error != EFAULT || !isvnode)) {
1935 struct process *pr = io->io_proc->p_p;
1936
1937 if (error == ENOSPC)
1938 log(LOG_ERR,
1939 "coredump of %s(%d) failed, filesystem full\n",
1940 pr->ps_comm, pr->ps_pid);
1941 else
1942 log(LOG_ERR,
1943 "coredump of %s(%d), write failed: errno %d\n",
1944 pr->ps_comm, pr->ps_pid, error);
1945 return (error);
1946 }
1947
1948 coffset += chunk;
1949 csize -= chunk;
1950 } while (csize > 0);
1951
1952 io->io_offset += len;
1953 return (0);
1954 }
1955
1956 void
coredump_unmap(void * cookie,vaddr_t start,vaddr_t end)1957 coredump_unmap(void *cookie, vaddr_t start, vaddr_t end)
1958 {
1959 struct coredump_iostate *io = cookie;
1960
1961 uvm_unmap(&io->io_proc->p_vmspace->vm_map, start, end);
1962 }
1963
1964 #endif /* !SMALL_KERNEL */
1965
1966 /*
1967 * Nonexistent system call-- signal process (may want to handle it).
1968 * Flag error in case process won't see signal immediately (blocked or ignored).
1969 */
1970 int
sys_nosys(struct proc * p,void * v,register_t * retval)1971 sys_nosys(struct proc *p, void *v, register_t *retval)
1972 {
1973 ptsignal(p, SIGSYS, STHREAD);
1974 return (ENOSYS);
1975 }
1976
1977 int
sys___thrsigdivert(struct proc * p,void * v,register_t * retval)1978 sys___thrsigdivert(struct proc *p, void *v, register_t *retval)
1979 {
1980 struct sys___thrsigdivert_args /* {
1981 syscallarg(sigset_t) sigmask;
1982 syscallarg(siginfo_t *) info;
1983 syscallarg(const struct timespec *) timeout;
1984 } */ *uap = v;
1985 struct sigctx ctx;
1986 sigset_t mask = SCARG(uap, sigmask) &~ sigcantmask;
1987 siginfo_t si;
1988 uint64_t nsecs = INFSLP;
1989 int timeinvalid = 0;
1990 int error = 0;
1991
1992 memset(&si, 0, sizeof(si));
1993
1994 if (SCARG(uap, timeout) != NULL) {
1995 struct timespec ts;
1996 if ((error = copyin(SCARG(uap, timeout), &ts, sizeof(ts))) != 0)
1997 return (error);
1998 #ifdef KTRACE
1999 if (KTRPOINT(p, KTR_STRUCT))
2000 ktrreltimespec(p, &ts);
2001 #endif
2002 if (!timespecisvalid(&ts))
2003 timeinvalid = 1;
2004 else
2005 nsecs = TIMESPEC_TO_NSEC(&ts);
2006 }
2007
2008 dosigsuspend(p, p->p_sigmask &~ mask);
2009 for (;;) {
2010 si.si_signo = cursig(p, &ctx, 0);
2011 if (si.si_signo != 0) {
2012 sigset_t smask = sigmask(si.si_signo);
2013 if (smask & mask) {
2014 atomic_clearbits_int(&p->p_siglist, smask);
2015 error = 0;
2016 break;
2017 }
2018 }
2019
2020 /* per-POSIX, delay this error until after the above */
2021 if (timeinvalid)
2022 error = EINVAL;
2023 /* per-POSIX, return immediately if timeout is zero-valued */
2024 if (nsecs == 0)
2025 error = EAGAIN;
2026
2027 if (error != 0)
2028 break;
2029
2030 error = tsleep_nsec(&nowake, PPAUSE|PCATCH, "sigwait", nsecs);
2031 }
2032
2033 if (error == 0) {
2034 *retval = si.si_signo;
2035 if (SCARG(uap, info) != NULL) {
2036 error = copyout(&si, SCARG(uap, info), sizeof(si));
2037 #ifdef KTRACE
2038 if (error == 0 && KTRPOINT(p, KTR_STRUCT))
2039 ktrsiginfo(p, &si);
2040 #endif
2041 }
2042 } else if (error == ERESTART && SCARG(uap, timeout) != NULL) {
2043 /*
2044 * Restarting is wrong if there's a timeout, as it'll be
2045 * for the same interval again
2046 */
2047 error = EINTR;
2048 }
2049
2050 return (error);
2051 }
2052
2053 void
initsiginfo(siginfo_t * si,int sig,u_long trapno,int code,union sigval val)2054 initsiginfo(siginfo_t *si, int sig, u_long trapno, int code, union sigval val)
2055 {
2056 memset(si, 0, sizeof(*si));
2057
2058 si->si_signo = sig;
2059 si->si_code = code;
2060 if (code == SI_USER) {
2061 si->si_value = val;
2062 } else {
2063 switch (sig) {
2064 case SIGSEGV:
2065 case SIGILL:
2066 case SIGBUS:
2067 case SIGFPE:
2068 si->si_addr = val.sival_ptr;
2069 si->si_trapno = trapno;
2070 break;
2071 case SIGXFSZ:
2072 break;
2073 }
2074 }
2075 }
2076
2077 void
userret(struct proc * p)2078 userret(struct proc *p)
2079 {
2080 struct sigctx ctx;
2081 int signum;
2082
2083 if (p->p_flag & P_SUSPSINGLE)
2084 single_thread_check(p, 0);
2085
2086 /* send SIGPROF or SIGVTALRM if their timers interrupted this thread */
2087 if (p->p_flag & P_PROFPEND) {
2088 atomic_clearbits_int(&p->p_flag, P_PROFPEND);
2089 psignal(p, SIGPROF);
2090 }
2091 if (p->p_flag & P_ALRMPEND) {
2092 atomic_clearbits_int(&p->p_flag, P_ALRMPEND);
2093 psignal(p, SIGVTALRM);
2094 }
2095
2096 if (SIGPENDING(p) != 0) {
2097 while ((signum = cursig(p, &ctx, 0)) != 0)
2098 postsig(p, signum, &ctx);
2099 }
2100
2101 /*
2102 * If P_SIGSUSPEND is still set here, then we still need to restore
2103 * the original sigmask before returning to userspace. Also, this
2104 * might unmask some pending signals, so we need to check a second
2105 * time for signals to post.
2106 */
2107 if (p->p_flag & P_SIGSUSPEND) {
2108 p->p_sigmask = p->p_oldmask;
2109 atomic_clearbits_int(&p->p_flag, P_SIGSUSPEND);
2110
2111 while ((signum = cursig(p, &ctx, 0)) != 0)
2112 postsig(p, signum, &ctx);
2113 }
2114
2115 WITNESS_WARN(WARN_PANIC, NULL, "userret: returning");
2116
2117 p->p_cpu->ci_schedstate.spc_curpriority = p->p_usrpri;
2118 }
2119
2120 int
single_thread_check_locked(struct proc * p,int deep)2121 single_thread_check_locked(struct proc *p, int deep)
2122 {
2123 struct process *pr = p->p_p;
2124
2125 MUTEX_ASSERT_LOCKED(&pr->ps_mtx);
2126
2127 if (pr->ps_single == NULL || pr->ps_single == p)
2128 return (0);
2129
2130 /* if we're in deep, we need to unwind to the edge */
2131 if (deep) {
2132 int err = 0;
2133
2134 if (pr->ps_flags & PS_SINGLEUNWIND ||
2135 pr->ps_flags & PS_SINGLEEXIT)
2136 return (ERESTART);
2137 SCHED_LOCK();
2138 if (p->p_stat != SSTOP)
2139 err = EWOULDBLOCK;
2140 SCHED_UNLOCK();
2141 return (err);
2142 }
2143
2144 do {
2145 if (pr->ps_flags & PS_SINGLEEXIT) {
2146 mtx_leave(&pr->ps_mtx);
2147 KERNEL_LOCK();
2148 exit1(p, 0, 0, EXIT_THREAD_NOCHECK);
2149 /* NOTREACHED */
2150 }
2151
2152 if (--pr->ps_singlecnt == 0)
2153 wakeup(&pr->ps_singlecnt);
2154
2155 /* not exiting and don't need to unwind, so suspend */
2156 mtx_leave(&pr->ps_mtx);
2157
2158 SCHED_LOCK();
2159 p->p_stat = SSTOP;
2160 mi_switch();
2161 SCHED_UNLOCK();
2162 mtx_enter(&pr->ps_mtx);
2163 } while (pr->ps_single != NULL);
2164
2165 return (0);
2166 }
2167
2168 int
single_thread_check(struct proc * p,int deep)2169 single_thread_check(struct proc *p, int deep)
2170 {
2171 int error;
2172
2173 mtx_enter(&p->p_p->ps_mtx);
2174 error = single_thread_check_locked(p, deep);
2175 mtx_leave(&p->p_p->ps_mtx);
2176
2177 return error;
2178 }
2179
2180 /*
2181 * Stop other threads in the process. The mode controls how and
2182 * where the other threads should stop:
2183 * - SINGLE_SUSPEND: stop wherever they are, will later be released (via
2184 * single_thread_clear())
2185 * - SINGLE_UNWIND: just unwind to kernel boundary, will be told to exit
2186 * (by setting to SINGLE_EXIT) or released as with SINGLE_SUSPEND
2187 * - SINGLE_EXIT: unwind to kernel boundary and exit
2188 */
2189 int
single_thread_set(struct proc * p,int flags)2190 single_thread_set(struct proc *p, int flags)
2191 {
2192 struct process *pr = p->p_p;
2193 struct proc *q;
2194 int error, mode = flags & SINGLE_MASK;
2195
2196 KASSERT(curproc == p);
2197
2198 mtx_enter(&pr->ps_mtx);
2199 error = single_thread_check_locked(p, flags & SINGLE_DEEP);
2200 if (error) {
2201 mtx_leave(&pr->ps_mtx);
2202 return error;
2203 }
2204
2205 switch (mode) {
2206 case SINGLE_SUSPEND:
2207 break;
2208 case SINGLE_UNWIND:
2209 atomic_setbits_int(&pr->ps_flags, PS_SINGLEUNWIND);
2210 break;
2211 case SINGLE_EXIT:
2212 atomic_setbits_int(&pr->ps_flags, PS_SINGLEEXIT);
2213 atomic_clearbits_int(&pr->ps_flags, PS_SINGLEUNWIND);
2214 break;
2215 #ifdef DIAGNOSTIC
2216 default:
2217 panic("single_thread_mode = %d", mode);
2218 #endif
2219 }
2220 KASSERT((p->p_flag & P_SUSPSINGLE) == 0);
2221 pr->ps_single = p;
2222 pr->ps_singlecnt = pr->ps_threadcnt;
2223
2224 TAILQ_FOREACH(q, &pr->ps_threads, p_thr_link) {
2225 if (q == p)
2226 continue;
2227 SCHED_LOCK();
2228 atomic_setbits_int(&q->p_flag, P_SUSPSINGLE);
2229 switch (q->p_stat) {
2230 case SSTOP:
2231 if (mode == SINGLE_EXIT) {
2232 unsleep(q);
2233 setrunnable(q);
2234 } else
2235 --pr->ps_singlecnt;
2236 break;
2237 case SSLEEP:
2238 /* if it's not interruptible, then just have to wait */
2239 if (q->p_flag & P_SINTR) {
2240 /* merely need to suspend? just stop it */
2241 if (mode == SINGLE_SUSPEND) {
2242 q->p_stat = SSTOP;
2243 --pr->ps_singlecnt;
2244 break;
2245 }
2246 /* need to unwind or exit, so wake it */
2247 unsleep(q);
2248 setrunnable(q);
2249 }
2250 break;
2251 case SONPROC:
2252 signotify(q);
2253 break;
2254 case SRUN:
2255 case SIDL:
2256 case SDEAD:
2257 break;
2258 }
2259 SCHED_UNLOCK();
2260 }
2261
2262 /* count ourself out */
2263 --pr->ps_singlecnt;
2264 mtx_leave(&pr->ps_mtx);
2265
2266 if ((flags & SINGLE_NOWAIT) == 0)
2267 single_thread_wait(pr, 1);
2268
2269 return 0;
2270 }
2271
2272 /*
2273 * Wait for other threads to stop. If recheck is false then the function
2274 * returns non-zero if the caller needs to restart the check else 0 is
2275 * returned. If recheck is true the return value is always 0.
2276 */
2277 int
single_thread_wait(struct process * pr,int recheck)2278 single_thread_wait(struct process *pr, int recheck)
2279 {
2280 int wait;
2281
2282 /* wait until they're all suspended */
2283 mtx_enter(&pr->ps_mtx);
2284 while ((wait = pr->ps_singlecnt > 0)) {
2285 msleep_nsec(&pr->ps_singlecnt, &pr->ps_mtx, PWAIT, "suspend",
2286 INFSLP);
2287 if (!recheck)
2288 break;
2289 }
2290 KASSERT((pr->ps_single->p_flag & P_SUSPSINGLE) == 0);
2291 mtx_leave(&pr->ps_mtx);
2292
2293 return wait;
2294 }
2295
2296 void
single_thread_clear(struct proc * p)2297 single_thread_clear(struct proc *p)
2298 {
2299 struct process *pr = p->p_p;
2300
2301 KASSERT(pr->ps_single == p);
2302 KASSERT(curproc == p);
2303
2304 mtx_enter(&pr->ps_mtx);
2305 pr->ps_single = NULL;
2306 atomic_clearbits_int(&pr->ps_flags, PS_SINGLEUNWIND | PS_SINGLEEXIT);
2307
2308 SCHED_LOCK();
2309 process_continue(pr, P_SUSPSINGLE);
2310 SCHED_UNLOCK();
2311
2312 mtx_leave(&pr->ps_mtx);
2313 }
2314
2315 void
sigio_del(struct sigiolst * rmlist)2316 sigio_del(struct sigiolst *rmlist)
2317 {
2318 struct sigio *sigio;
2319
2320 while ((sigio = LIST_FIRST(rmlist)) != NULL) {
2321 LIST_REMOVE(sigio, sio_pgsigio);
2322 crfree(sigio->sio_ucred);
2323 free(sigio, M_SIGIO, sizeof(*sigio));
2324 }
2325 }
2326
2327 void
sigio_unlink(struct sigio_ref * sir,struct sigiolst * rmlist)2328 sigio_unlink(struct sigio_ref *sir, struct sigiolst *rmlist)
2329 {
2330 struct sigio *sigio;
2331
2332 MUTEX_ASSERT_LOCKED(&sigio_lock);
2333
2334 sigio = sir->sir_sigio;
2335 if (sigio != NULL) {
2336 KASSERT(sigio->sio_myref == sir);
2337 sir->sir_sigio = NULL;
2338
2339 if (sigio->sio_pgid > 0)
2340 sigio->sio_proc = NULL;
2341 else
2342 sigio->sio_pgrp = NULL;
2343 LIST_REMOVE(sigio, sio_pgsigio);
2344
2345 LIST_INSERT_HEAD(rmlist, sigio, sio_pgsigio);
2346 }
2347 }
2348
2349 void
sigio_free(struct sigio_ref * sir)2350 sigio_free(struct sigio_ref *sir)
2351 {
2352 struct sigiolst rmlist;
2353
2354 if (sir->sir_sigio == NULL)
2355 return;
2356
2357 LIST_INIT(&rmlist);
2358
2359 mtx_enter(&sigio_lock);
2360 sigio_unlink(sir, &rmlist);
2361 mtx_leave(&sigio_lock);
2362
2363 sigio_del(&rmlist);
2364 }
2365
2366 void
sigio_freelist(struct sigiolst * sigiolst)2367 sigio_freelist(struct sigiolst *sigiolst)
2368 {
2369 struct sigiolst rmlist;
2370 struct sigio *sigio;
2371
2372 if (LIST_EMPTY(sigiolst))
2373 return;
2374
2375 LIST_INIT(&rmlist);
2376
2377 mtx_enter(&sigio_lock);
2378 while ((sigio = LIST_FIRST(sigiolst)) != NULL)
2379 sigio_unlink(sigio->sio_myref, &rmlist);
2380 mtx_leave(&sigio_lock);
2381
2382 sigio_del(&rmlist);
2383 }
2384
2385 int
sigio_setown(struct sigio_ref * sir,u_long cmd,caddr_t data)2386 sigio_setown(struct sigio_ref *sir, u_long cmd, caddr_t data)
2387 {
2388 struct sigiolst rmlist;
2389 struct proc *p = curproc;
2390 struct pgrp *pgrp = NULL;
2391 struct process *pr = NULL;
2392 struct sigio *sigio;
2393 int error;
2394 pid_t pgid = *(int *)data;
2395
2396 if (pgid == 0) {
2397 sigio_free(sir);
2398 return (0);
2399 }
2400
2401 if (cmd == TIOCSPGRP) {
2402 if (pgid < 0)
2403 return (EINVAL);
2404 pgid = -pgid;
2405 }
2406
2407 sigio = malloc(sizeof(*sigio), M_SIGIO, M_WAITOK);
2408 sigio->sio_pgid = pgid;
2409 sigio->sio_ucred = crhold(p->p_ucred);
2410 sigio->sio_myref = sir;
2411
2412 LIST_INIT(&rmlist);
2413
2414 /*
2415 * The kernel lock, and not sleeping between prfind()/pgfind() and
2416 * linking of the sigio ensure that the process or process group does
2417 * not disappear unexpectedly.
2418 */
2419 KERNEL_LOCK();
2420 mtx_enter(&sigio_lock);
2421
2422 if (pgid > 0) {
2423 pr = prfind(pgid);
2424 if (pr == NULL) {
2425 error = ESRCH;
2426 goto fail;
2427 }
2428
2429 /*
2430 * Policy - Don't allow a process to FSETOWN a process
2431 * in another session.
2432 *
2433 * Remove this test to allow maximum flexibility or
2434 * restrict FSETOWN to the current process or process
2435 * group for maximum safety.
2436 */
2437 if (pr->ps_session != p->p_p->ps_session) {
2438 error = EPERM;
2439 goto fail;
2440 }
2441
2442 if ((pr->ps_flags & PS_EXITING) != 0) {
2443 error = ESRCH;
2444 goto fail;
2445 }
2446 } else /* if (pgid < 0) */ {
2447 pgrp = pgfind(-pgid);
2448 if (pgrp == NULL) {
2449 error = ESRCH;
2450 goto fail;
2451 }
2452
2453 /*
2454 * Policy - Don't allow a process to FSETOWN a process
2455 * in another session.
2456 *
2457 * Remove this test to allow maximum flexibility or
2458 * restrict FSETOWN to the current process or process
2459 * group for maximum safety.
2460 */
2461 if (pgrp->pg_session != p->p_p->ps_session) {
2462 error = EPERM;
2463 goto fail;
2464 }
2465 }
2466
2467 if (pgid > 0) {
2468 sigio->sio_proc = pr;
2469 LIST_INSERT_HEAD(&pr->ps_sigiolst, sigio, sio_pgsigio);
2470 } else {
2471 sigio->sio_pgrp = pgrp;
2472 LIST_INSERT_HEAD(&pgrp->pg_sigiolst, sigio, sio_pgsigio);
2473 }
2474
2475 sigio_unlink(sir, &rmlist);
2476 sir->sir_sigio = sigio;
2477
2478 mtx_leave(&sigio_lock);
2479 KERNEL_UNLOCK();
2480
2481 sigio_del(&rmlist);
2482
2483 return (0);
2484
2485 fail:
2486 mtx_leave(&sigio_lock);
2487 KERNEL_UNLOCK();
2488
2489 crfree(sigio->sio_ucred);
2490 free(sigio, M_SIGIO, sizeof(*sigio));
2491
2492 return (error);
2493 }
2494
2495 void
sigio_getown(struct sigio_ref * sir,u_long cmd,caddr_t data)2496 sigio_getown(struct sigio_ref *sir, u_long cmd, caddr_t data)
2497 {
2498 struct sigio *sigio;
2499 pid_t pgid = 0;
2500
2501 mtx_enter(&sigio_lock);
2502 sigio = sir->sir_sigio;
2503 if (sigio != NULL)
2504 pgid = sigio->sio_pgid;
2505 mtx_leave(&sigio_lock);
2506
2507 if (cmd == TIOCGPGRP)
2508 pgid = -pgid;
2509
2510 *(int *)data = pgid;
2511 }
2512
2513 void
sigio_copy(struct sigio_ref * dst,struct sigio_ref * src)2514 sigio_copy(struct sigio_ref *dst, struct sigio_ref *src)
2515 {
2516 struct sigiolst rmlist;
2517 struct sigio *newsigio, *sigio;
2518
2519 sigio_free(dst);
2520
2521 if (src->sir_sigio == NULL)
2522 return;
2523
2524 newsigio = malloc(sizeof(*newsigio), M_SIGIO, M_WAITOK);
2525 LIST_INIT(&rmlist);
2526
2527 mtx_enter(&sigio_lock);
2528
2529 sigio = src->sir_sigio;
2530 if (sigio == NULL) {
2531 mtx_leave(&sigio_lock);
2532 free(newsigio, M_SIGIO, sizeof(*newsigio));
2533 return;
2534 }
2535
2536 newsigio->sio_pgid = sigio->sio_pgid;
2537 newsigio->sio_ucred = crhold(sigio->sio_ucred);
2538 newsigio->sio_myref = dst;
2539 if (newsigio->sio_pgid > 0) {
2540 newsigio->sio_proc = sigio->sio_proc;
2541 LIST_INSERT_HEAD(&newsigio->sio_proc->ps_sigiolst, newsigio,
2542 sio_pgsigio);
2543 } else {
2544 newsigio->sio_pgrp = sigio->sio_pgrp;
2545 LIST_INSERT_HEAD(&newsigio->sio_pgrp->pg_sigiolst, newsigio,
2546 sio_pgsigio);
2547 }
2548
2549 sigio_unlink(dst, &rmlist);
2550 dst->sir_sigio = newsigio;
2551
2552 mtx_leave(&sigio_lock);
2553
2554 sigio_del(&rmlist);
2555 }
2556