MFC 341800: Don't report stale signal information in ptrace_lwpinfo.

Once a signal's siginfo was copied to 'td_si' as part of the signal
exchange in issignal(), it was never cleared. This caused future
thread events that are reported as SIGTRAP events without signal
information to report the stale siginfo in 'td_si'. For example, if a
debugger created a new process and used SIGSTOP to stop it after
PT_ATTACH, future system call entry / exit events would set PL_FLAG_SI
with the SIGSTOP siginfo in pl_siginfo. This broke 'catch syscall' in
current versions of gdb as it assumed PL_FLAG_SI with SIGTRAP
indicates a breakpoint or single step trap.

MFC r278479,278494,278525,278545,278592,279237,280410:

This change merges devctl notification for userland coredumps.

r278479 (rpaulo):

Notify devd(8) when a process crashed.

This change implements a notification (via devctl) to userland when
the kernel produces coredumps after a process has crashed.
devd can then run a specific command to produce a human readable crash
report. The command is most usually a helper that runs gdb/lldb
commands on the file/coredump pair. It's possible to use this
functionality for implementing automatic generation of crash reports.

devd(8) will be notified of the full path of the binary that crashed and
the full path of the coredump file.

r278494 (rpaulo):

Sanitise the coredump file names sent to devd.

While there, add a sysctl to turn this feature off as requested by kib@.

r278525 (rpaulo):

Remove a printf and an strlen() from the coredump code.

r278545 (rpaulo):

Restore the data array in coredump(), but use a different style to
calculate the length.

r278592 (rpaulo):

Remove check against NULL after M_WAITOK.

r279237 (kib):

Keep a reference on the coredump vnode for vn_fullpath() call. Do it
by moving vn_close() after the point where notification is sent.

r280410 (rpaulo):

Disable coredump_devctl because it could lead to leaking paths to jails.

Approved by: re

MFC r318243:
Do not wake up sleeping thread in reschedule_signals() if the signal
is blocked. The spurious wakeup might result in spurious EINTR.

PR: 219228

MFC r317845-r317846

r317845:
Provide a freebsd32 implementation of sigqueue()

The previous misuse of sys_sigqueue() was sending random register or
stack garbage to 64-bit targets. The freebsd32 implementation preserves
the sival_int member of value when signaling a 64-bit process.

Document the mixed ABI implementation of union sigval and the
incompability of sival_ptr with pointer integrity schemes.

Reviewed by: kib, wblock
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D10605

r317846:
Regen post r317845.

MFC with: r317845
Sponsored by: DARPA, AFRL

MFC r315412, r314852:

r315412:
Don't clear p_ptevents on normal SIGKILL delivery

The ptrace() user has the option of discarding the signal. In such a
case, p_ptevents should not be modified. If the ptrace() user decides to
send a SIGKILL, ptevents will be cleared in ptracestop(). procfs events
do not have the capability to discard the signal, so continue to clear
the mask in that case.

r314852:
don't stop in issignal() if P_SINGLE_EXIT is set

Suppose a traced process is stopped in ptracestop() due to receipt of a
SIGSTOP signal, and is awaiting orders from the tracing process on how
to handle the signal. Before sending any such orders, the tracing
process exits. This should kill the traced process. But suppose a second
thread handles the SIGKILL and proceeds to exit1(), calling
thread_single(). The first thread will now awaken and will have a chance
to check once more if it should go to sleep due to the SIGSTOP. It must
not sleep after P_SINGLE_EXIT has been set; this would prevent the
SIGKILL from taking effect, leaving a stopped orphan behind after the
tracing process dies.

Also add new tests for this condition.

Sponsored by: Dell EMC

MFC r313992, r314075, r314118, r315484:

r315484:
ptrace_test: eliminate assumption about thread scheduling

A couple of the ptrace tests make assumptions about which thread in a
multithreaded process will run after a halt. This makes the tests less
portable across branches, and susceptible to future breakage. Instead,
twiddle thread scheduling and priorities to match the tests'
expectation.

r314118:
Actually fix buildworlds other than i386/amd64/sparc64 after r313992

Disable offending test for platforms without a userspace visible
breakpoint().

r314075:
Fix world build for archs where __builtin_debugtrap() does not work.

The offending code was introduced in r313992.

r313992:
Defer ptracestop() signals that cannot be delivered immediately

When a thread is stopped in ptracestop(), the ptrace(2) user may request
a signal be delivered upon resumption of the thread. Heretofore, those signals
were discarded unless ptracestop()'s caller was issignal(). Fix this by
modifying ptracestop() to queue up signals requested by the ptrace user that
will be delivered when possible. Take special care when the signal is SIGKILL
(usually generated from a PT_KILL request); no new stop events should be
triggered after a PT_KILL.

Add a number of tests for the new functionality. Several tests were authored
by jhb.

PR: 212607
Sponsored by: Dell EMC

MFC r315453:
When clearing altsigstack settings on exec, do it to the right thread.

MFC r304440, r304487:
Fix some handling of P2_PTRACE_FSTP.

MFC r303423:
Force SIGSTOP to be the first signal reported after the attach.

MFC 302900,302902,302921,303461,304009:
Add a mask of optional ptrace() events.

302900:
Add a test for user signal delivery.

This test verifies we get the correct ptrace event details when a signal
is posted to a traced process from userland.

302902:
Add a mask of optional ptrace() events.

ptrace() now stores a mask of optional events in p_ptevents. Currently
this mask is a single integer, but it can be expanded into an array of
integers in the future.

Two new ptrace requests can be used to manipulate the event mask:
PT_GET_EVENT_MASK fetches the current event mask and PT_SET_EVENT_MASK
sets the current event mask.

The current set of events include:
- PTRACE_EXEC: trace calls to execve().
- PTRACE_SCE: trace system call entries.
- PTRACE_SCX: trace syscam call exits.
- PTRACE_FORK: trace forks and auto-attach to new child processes.
- PTRACE_LWP: trace LWP events.

The S_PT_SCX and S_PT_SCE events in the procfs p_stops flags have
been replaced by PTRACE_SCE and PTRACE_SCX. PTRACE_FORK replaces
P_FOLLOW_FORK and PTRACE_LWP replaces P2_LWP_EVENTS.

The PT_FOLLOW_FORK and PT_LWP_EVENTS ptrace requests remain for
compatibility but now simply toggle corresponding flags in the
event mask.

While here, document that PT_SYSCALL, PT_TO_SCE, and PT_TO_SCX both
modify the event mask and continue the traced process.

302921:
Rename PTRACE_SYSCALL to LINUX_PTRACE_SYSCALL.

303461:
Note that not all optional ptrace events use SIGTRAP.

New child processes attached due to PTRACE_FORK use SIGSTOP instead of
SIGTRAP. All other ptrace events use SIGTRAP.

304009:
Remove description of P_FOLLOWFORK as this flag was removed.

MFC 292894,292896: Add ptrace(2) reporting for LWP events.

292894:
Add ptrace(2) reporting for LWP events.

Add two new LWPINFO flags: PL_FLAG_BORN and PL_FLAG_EXITED for reporting
thread creation and destruction. Newly created threads will stop to report
PL_FLAG_BORN before returning to userland and exiting threads will stop to
report PL_FLAG_EXIT before exiting completely. Both of these events are
only enabled and reported if PT_LWP_EVENTS is enabled on a process.

292896:
Document the recently added support for ptrace(2) LWP events.

MFC r292384:

Fix style issues around existing SDT probes.

** Changes to sys/netinet/in_kdtrace.c and sys/netinet/in_kdtrace.h skipped.

MFC r288336: save some bytes by using more concise SDT_PROBE<n>

MFC 283546:
Add KTR tracing for some MI ptrace events.

MFC r283745:
Do not raise priority of the idle thread on singal delivery.

Merge r263233 from HEAD to stable/10:

Update kernel inclusions of capability.h to use capsicum.h instead; some
further refinement is required as some device drivers intended to be
portable over FreeBSD versions rely on __FreeBSD_version to decide whether
to include capability.h.

Sponsored by: Google, Inc.

MFC r277322:
Add procctl(2) PROC_TRACE_CTL command to enable or disable debugger
attachment to the process.

MFC r277321:
Make SIGSTOP working for sleeps done while waiting for fifo readers or
writers in open(2), when the fifo is located on an NFS mount.

MFC r277236:
For sigaction(2), ignore possible garbage in sa_flags for sa_handler
== SIG_DFL or SIG_IGN.

MFC r276008:
Add VN_OPEN_NAMECACHE flag for vn_open_cred(9), which requests that
the created file name was cached. Use the flag for core dumps.

MFC r275745:
Add facility to stop all userspace processes.

MFC r275753:
Fix gcc build.

MFC r275820:
Add missed break.

MFC r275206:
Assert the state of the process lock and sigact mutex in
kern_sigprocmask() and reschedule_signals().

MFC r275120:
Fix SA_SIGINFO | SA_RESETHAND handling, reset disposition after sv_sendsig()
is called.

MFC r270321:
Ensure that sigaction flags for signal, which disposition is reset to
ignored or default, are not leaking.

MFC r270504:
Revert the handling of all siginfo sa_flags except SA_SIGINFO to the
pre-r270321 state.

MFC r270320:
Check the validity of struct sigaction sa_flags value, reject unknown
flags.

MFC r268634:

Manage struct sigacts refcnt with atomics instead of a mutex.

MFC r268074:

Perform a lockless check in sigacts_shared.

It is used only during execve (i.e. singlethreaded), so there is no fear
of returning 'not shared' which soon becomes 'shared'.

While here reorganize the code a little to avoid proc lock/unlock in
shared case.

MFC r258622: dtrace sdt: remove the ugly sname parameter of SDT_PROBE_DEFINE

MFC r258281: Fix siginfo_t.si_status for wait6/waitid/SIGCHLD.

Per POSIX, si_status should contain the value passed to exit() for
si_code==CLD_EXITED and the signal number for other si_code. This was
incorrect for CLD_EXITED and CLD_DUMPED.

This is still not fully POSIX-compliant (Austin group issue #594 says that
the full value passed to exit() shall be returned via si_status, not just
the low 8 bits) but is sufficient for a si_status-related test in libnih
(upstart, Debian/kFreeBSD).

PR: kern/184002

MFC 283546:
Add KTR tracing for some MI ptrace events.

MFC r283745:
Do not raise priority of the idle thread on singal delivery.

Merge r263233 from HEAD to stable/10:

Update kernel inclusions of capability.h to use capsicum.h instead; some
further refinement is required as some device drivers intended to be
portable over FreeBSD versions rely on __FreeBSD_version to decide whether
to include capability.h.

Sponsored by: Google, Inc.

MFC r277322:
Add procctl(2) PROC_TRACE_CTL command to enable or disable debugger
attachment to the process.

MFC r277321:
Make SIGSTOP working for sleeps done while waiting for fifo readers or
writers in open(2), when the fifo is located on an NFS mount.

MFC r277236:
For sigaction(2), ignore possible garbage in sa_flags for sa_handler
== SIG_DFL or SIG_IGN.

MFC r276008:
Add VN_OPEN_NAMECACHE flag for vn_open_cred(9), which requests that
the created file name was cached. Use the flag for core dumps.

MFC r275745:
Add facility to stop all userspace processes.

MFC r275753:
Fix gcc build.

MFC r275820:
Add missed break.

MFC r275206:
Assert the state of the process lock and sigact mutex in
kern_sigprocmask() and reschedule_signals().

MFC r275120:
Fix SA_SIGINFO | SA_RESETHAND handling, reset disposition after sv_sendsig()
is called.

MFC r270321:
Ensure that sigaction flags for signal, which disposition is reset to
ignored or default, are not leaking.

MFC r270504:
Revert the handling of all siginfo sa_flags except SA_SIGINFO to the
pre-r270321 state.

MFC r270320:
Check the validity of struct sigaction sa_flags value, reject unknown
flags.

MFC r268634:

Manage struct sigacts refcnt with atomics instead of a mutex.

MFC r268074:

Perform a lockless check in sigacts_shared.

It is used only during execve (i.e. singlethreaded), so there is no fear
of returning 'not shared' which soon becomes 'shared'.

While here reorganize the code a little to avoid proc lock/unlock in
shared case.

MFC r258622: dtrace sdt: remove the ugly sname parameter of SDT_PROBE_DEFINE

MFC r258281: Fix siginfo_t.si_status for wait6/waitid/SIGCHLD.

Per POSIX, si_status should contain the value passed to exit() for
si_code==CLD_EXITED and the signal number for other si_code. This was
incorrect for CLD_EXITED and CLD_DUMPED.

This is still not fully POSIX-compliant (Austin group issue #594 says that
the full value passed to exit() shall be returned via si_status, not just
the low 8 bits) but is sufficient for a si_status-related test in libnih
(upstart, Debian/kFreeBSD).

PR: kern/184002