1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  *
26  * Portions Copyright 2007 Chad Mynhier
27  * Copyright 2012 DEY Storage Systems, Inc.  All rights reserved.
28  * Copyright (c) 2013 by Delphix. All rights reserved.
29  */
30 
31 #include <assert.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <unistd.h>
35 #include <ctype.h>
36 #include <fcntl.h>
37 #include <string.h>
38 #include <strings.h>
39 #include <memory.h>
40 #include <errno.h>
41 #include <dirent.h>
42 #include <limits.h>
43 #include <signal.h>
44 #include <atomic.h>
45 #include <zone.h>
46 #include <sys/types.h>
47 #include <sys/uio.h>
48 #include <sys/stat.h>
49 #include <sys/resource.h>
50 #include <sys/param.h>
51 #include <sys/stack.h>
52 #include <sys/fault.h>
53 #include <sys/syscall.h>
54 #include <sys/sysmacros.h>
55 #include <sys/systeminfo.h>
56 
57 #include "libproc.h"
58 #include "Pcontrol.h"
59 #include "Putil.h"
60 #include "P32ton.h"
61 
62 int	_libproc_debug;		/* set non-zero to enable debugging printfs */
63 int	_libproc_no_qsort;	/* set non-zero to inhibit sorting */
64 				/* of symbol tables */
65 int	_libproc_incore_elf;	/* only use in-core elf data */
66 
67 sigset_t blockable_sigs;	/* signals to block when we need to be safe */
68 static	int	minfd;	/* minimum file descriptor returned by dupfd(fd, 0) */
69 char	procfs_path[PATH_MAX] = "/proc";
70 
71 /*
72  * Function prototypes for static routines in this module.
73  */
74 static	void	deadcheck(struct ps_prochandle *);
75 static	void	restore_tracing_flags(struct ps_prochandle *);
76 static	void	Lfree_internal(struct ps_prochandle *, struct ps_lwphandle *);
77 static  prheader_t *read_lfile(struct ps_prochandle *, const char *);
78 
79 /*
80  * Ops vector functions for live processes.
81  */
82 
83 /*ARGSUSED*/
84 static ssize_t
85 Pread_live(struct ps_prochandle *P, void *buf, size_t n, uintptr_t addr,
86     void *data)
87 {
88 	return (pread(P->asfd, buf, n, (off_t)addr));
89 }
90 
91 /*ARGSUSED*/
92 static ssize_t
93 Pwrite_live(struct ps_prochandle *P, const void *buf, size_t n, uintptr_t addr,
94     void *data)
95 {
96 	return (pwrite(P->asfd, buf, n, (off_t)addr));
97 }
98 
99 /*ARGSUSED*/
100 static int
101 Pread_maps_live(struct ps_prochandle *P, prmap_t **Pmapp, ssize_t *nmapp,
102     void *data)
103 {
104 	char mapfile[PATH_MAX];
105 	int mapfd;
106 	struct stat statb;
107 	ssize_t nmap;
108 	prmap_t *Pmap = NULL;
109 
110 	(void) snprintf(mapfile, sizeof (mapfile), "%s/%d/map",
111 	    procfs_path, (int)P->pid);
112 	if ((mapfd = open(mapfile, O_RDONLY)) < 0 ||
113 	    fstat(mapfd, &statb) != 0 ||
114 	    statb.st_size < sizeof (prmap_t) ||
115 	    (Pmap = malloc(statb.st_size)) == NULL ||
116 	    (nmap = pread(mapfd, Pmap, statb.st_size, 0L)) <= 0 ||
117 	    (nmap /= sizeof (prmap_t)) == 0) {
118 		if (Pmap != NULL)
119 			free(Pmap);
120 		if (mapfd >= 0)
121 			(void) close(mapfd);
122 		Preset_maps(P); /* utter failure; destroy tables */
123 		return (-1);
124 	}
125 	(void) close(mapfd);
126 
127 	*Pmapp = Pmap;
128 	*nmapp = nmap;
129 
130 	return (0);
131 }
132 
133 /*ARGSUSED*/
134 static void
135 Pread_aux_live(struct ps_prochandle *P, auxv_t **auxvp, int *nauxp, void *data)
136 {
137 	char auxfile[64];
138 	int fd;
139 	struct stat statb;
140 	auxv_t *auxv;
141 	ssize_t naux;
142 
143 	(void) snprintf(auxfile, sizeof (auxfile), "%s/%d/auxv",
144 	    procfs_path, (int)P->pid);
145 	if ((fd = open(auxfile, O_RDONLY)) < 0) {
146 		dprintf("%s: failed to open %s: %s\n",
147 		    __func__, auxfile, strerror(errno));
148 		return;
149 	}
150 
151 	if (fstat(fd, &statb) == 0 &&
152 	    statb.st_size >= sizeof (auxv_t) &&
153 	    (auxv = malloc(statb.st_size + sizeof (auxv_t))) != NULL) {
154 		if ((naux = read(fd, auxv, statb.st_size)) < 0 ||
155 		    (naux /= sizeof (auxv_t)) < 1) {
156 			dprintf("%s: read failed: %s\n",
157 			    __func__, strerror(errno));
158 			free(auxv);
159 		} else {
160 			auxv[naux].a_type = AT_NULL;
161 			auxv[naux].a_un.a_val = 0L;
162 
163 			*auxvp = auxv;
164 			*nauxp = (int)naux;
165 		}
166 	}
167 
168 	(void) close(fd);
169 }
170 
171 /*ARGSUSED*/
172 static int
173 Pcred_live(struct ps_prochandle *P, prcred_t *pcrp, int ngroups, void *data)
174 {
175 	return (proc_get_cred(P->pid, pcrp, ngroups));
176 }
177 
178 /*ARGSUSED*/
179 static int
180 Ppriv_live(struct ps_prochandle *P, prpriv_t **pprv, void *data)
181 {
182 	prpriv_t *pp;
183 
184 	pp = proc_get_priv(P->pid);
185 	if (pp == NULL) {
186 		return (-1);
187 	}
188 
189 	*pprv = pp;
190 	return (0);
191 }
192 
193 /*ARGSUSED*/
194 static const psinfo_t *
195 Ppsinfo_live(struct ps_prochandle *P, psinfo_t *psinfo, void *data)
196 {
197 	if (proc_get_psinfo(P->pid, psinfo) == -1)
198 		return (NULL);
199 
200 	return (psinfo);
201 }
202 
203 /*ARGSUSED*/
204 static prheader_t *
205 Plstatus_live(struct ps_prochandle *P, void *data)
206 {
207 	return (read_lfile(P, "lstatus"));
208 }
209 
210 /*ARGSUSED*/
211 static prheader_t *
212 Plpsinfo_live(struct ps_prochandle *P, void *data)
213 {
214 	return (read_lfile(P, "lpsinfo"));
215 }
216 
217 /*ARGSUSED*/
218 static char *
219 Pplatform_live(struct ps_prochandle *P, char *s, size_t n, void *data)
220 {
221 	if (sysinfo(SI_PLATFORM, s, n) == -1)
222 		return (NULL);
223 	return (s);
224 }
225 
226 /*ARGSUSED*/
227 static int
228 Puname_live(struct ps_prochandle *P, struct utsname *u, void *data)
229 {
230 	return (uname(u));
231 }
232 
233 /*ARGSUSED*/
234 static char *
235 Pzonename_live(struct ps_prochandle *P, char *s, size_t n, void *data)
236 {
237 	if (getzonenamebyid(P->status.pr_zoneid, s, n) < 0)
238 		return (NULL);
239 	s[n - 1] = '\0';
240 	return (s);
241 }
242 
243 /*
244  * Callback function for Pfindexec().  We return a match if we can stat the
245  * suggested pathname and confirm its device and inode number match our
246  * previous information about the /proc/<pid>/object/a.out file.
247  */
248 static int
249 stat_exec(const char *path, void *arg)
250 {
251 	struct stat64 *stp = arg;
252 	struct stat64 st;
253 
254 	return (stat64(path, &st) == 0 && S_ISREG(st.st_mode) &&
255 	    stp->st_dev == st.st_dev && stp->st_ino == st.st_ino);
256 }
257 
258 /*ARGSUSED*/
259 static char *
260 Pexecname_live(struct ps_prochandle *P, char *buf, size_t buflen, void *data)
261 {
262 	char exec_name[PATH_MAX];
263 	char cwd[PATH_MAX];
264 	char proc_cwd[64];
265 	struct stat64 st;
266 	int ret;
267 
268 	/*
269 	 * Try to get the path information first.
270 	 */
271 	(void) snprintf(exec_name, sizeof (exec_name),
272 	    "%s/%d/path/a.out", procfs_path, (int)P->pid);
273 	if ((ret = readlink(exec_name, buf, buflen - 1)) > 0) {
274 		buf[ret] = '\0';
275 		(void) Pfindobj(P, buf, buf, buflen);
276 		return (buf);
277 	}
278 
279 	/*
280 	 * Stat the executable file so we can compare Pfindexec's
281 	 * suggestions to the actual device and inode number.
282 	 */
283 	(void) snprintf(exec_name, sizeof (exec_name),
284 	    "%s/%d/object/a.out", procfs_path, (int)P->pid);
285 
286 	if (stat64(exec_name, &st) != 0 || !S_ISREG(st.st_mode))
287 		return (NULL);
288 
289 	/*
290 	 * Attempt to figure out the current working directory of the
291 	 * target process.  This only works if the target process has
292 	 * not changed its current directory since it was exec'd.
293 	 */
294 	(void) snprintf(proc_cwd, sizeof (proc_cwd),
295 	    "%s/%d/path/cwd", procfs_path, (int)P->pid);
296 
297 	if ((ret = readlink(proc_cwd, cwd, PATH_MAX - 1)) > 0)
298 		cwd[ret] = '\0';
299 
300 	(void) Pfindexec(P, ret > 0 ? cwd : NULL, stat_exec, &st);
301 
302 	return (NULL);
303 }
304 
305 #if defined(__i386) || defined(__amd64)
306 /*ARGSUSED*/
307 static int
308 Pldt_live(struct ps_prochandle *P, struct ssd *pldt, int nldt, void *data)
309 {
310 	return (proc_get_ldt(P->pid, pldt, nldt));
311 }
312 #endif
313 
314 static const ps_ops_t P_live_ops = {
315 	.pop_pread	= Pread_live,
316 	.pop_pwrite	= Pwrite_live,
317 	.pop_read_maps	= Pread_maps_live,
318 	.pop_read_aux	= Pread_aux_live,
319 	.pop_cred	= Pcred_live,
320 	.pop_priv	= Ppriv_live,
321 	.pop_psinfo	= Ppsinfo_live,
322 	.pop_lstatus	= Plstatus_live,
323 	.pop_lpsinfo	= Plpsinfo_live,
324 	.pop_platform	= Pplatform_live,
325 	.pop_uname	= Puname_live,
326 	.pop_zonename	= Pzonename_live,
327 	.pop_execname	= Pexecname_live,
328 #if defined(__i386) || defined(__amd64)
329 	.pop_ldt	= Pldt_live
330 #endif
331 };
332 
333 /*
334  * This is the library's .init handler.
335  */
336 #pragma init(_libproc_init)
337 void
338 _libproc_init(void)
339 {
340 	_libproc_debug = getenv("LIBPROC_DEBUG") != NULL;
341 	_libproc_no_qsort = getenv("LIBPROC_NO_QSORT") != NULL;
342 	_libproc_incore_elf = getenv("LIBPROC_INCORE_ELF") != NULL;
343 
344 	(void) sigfillset(&blockable_sigs);
345 	(void) sigdelset(&blockable_sigs, SIGKILL);
346 	(void) sigdelset(&blockable_sigs, SIGSTOP);
347 }
348 
349 void
350 Pset_procfs_path(const char *path)
351 {
352 	(void) snprintf(procfs_path, sizeof (procfs_path), "%s", path);
353 }
354 
355 /*
356  * Call set_minfd() once before calling dupfd() several times.
357  * We assume that the application will not reduce its current file
358  * descriptor limit lower than 512 once it has set at least that value.
359  */
360 int
361 set_minfd(void)
362 {
363 	static mutex_t minfd_lock = DEFAULTMUTEX;
364 	struct rlimit rlim;
365 	int fd;
366 
367 	if ((fd = minfd) < 256) {
368 		(void) mutex_lock(&minfd_lock);
369 		if ((fd = minfd) < 256) {
370 			if (getrlimit(RLIMIT_NOFILE, &rlim) != 0)
371 				rlim.rlim_cur = rlim.rlim_max = 0;
372 			if (rlim.rlim_cur >= 512)
373 				fd = 256;
374 			else if ((fd = rlim.rlim_cur / 2) < 3)
375 				fd = 3;
376 			membar_producer();
377 			minfd = fd;
378 		}
379 		(void) mutex_unlock(&minfd_lock);
380 	}
381 	return (fd);
382 }
383 
384 int
385 dupfd(int fd, int dfd)
386 {
387 	int mfd;
388 
389 	/*
390 	 * Make fd be greater than 255 (the 32-bit stdio limit),
391 	 * or at least make it greater than 2 so that the
392 	 * program will work when spawned by init(1m).
393 	 * Also, if dfd is non-zero, dup the fd to be dfd.
394 	 */
395 	if ((mfd = minfd) == 0)
396 		mfd = set_minfd();
397 	if (dfd > 0 || (0 <= fd && fd < mfd)) {
398 		if (dfd <= 0)
399 			dfd = mfd;
400 		dfd = fcntl(fd, F_DUPFD, dfd);
401 		(void) close(fd);
402 		fd = dfd;
403 	}
404 	/*
405 	 * Mark it close-on-exec so any created process doesn't inherit it.
406 	 */
407 	if (fd >= 0)
408 		(void) fcntl(fd, F_SETFD, FD_CLOEXEC);
409 	return (fd);
410 }
411 
412 /*
413  * Create a new controlled process.
414  * Leave it stopped on successful exit from exec() or execve().
415  * Return an opaque pointer to its process control structure.
416  * Return NULL if process cannot be created (fork()/exec() not successful).
417  */
418 struct ps_prochandle *
419 Pxcreate(const char *file,	/* executable file name */
420 	char *const *argv,	/* argument vector */
421 	char *const *envp,	/* environment */
422 	int *perr,	/* pointer to error return code */
423 	char *path,	/* if non-null, holds exec path name on return */
424 	size_t len)	/* size of the path buffer */
425 {
426 	char execpath[PATH_MAX];
427 	char procname[PATH_MAX];
428 	struct ps_prochandle *P;
429 	pid_t pid;
430 	int fd;
431 	char *fname;
432 	int rc;
433 	int lasterrno = 0;
434 
435 	if (len == 0)	/* zero length, no path */
436 		path = NULL;
437 	if (path != NULL)
438 		*path = '\0';
439 
440 	if ((P = malloc(sizeof (struct ps_prochandle))) == NULL) {
441 		*perr = C_STRANGE;
442 		return (NULL);
443 	}
444 
445 	if ((pid = fork1()) == -1) {
446 		free(P);
447 		*perr = C_FORK;
448 		return (NULL);
449 	}
450 
451 	if (pid == 0) {			/* child process */
452 		id_t id;
453 		extern char **environ;
454 
455 		/*
456 		 * If running setuid or setgid, reset credentials to normal.
457 		 */
458 		if ((id = getgid()) != getegid())
459 			(void) setgid(id);
460 		if ((id = getuid()) != geteuid())
461 			(void) setuid(id);
462 
463 		Pcreate_callback(P);	/* execute callback (see below) */
464 		(void) pause();		/* wait for PRSABORT from parent */
465 
466 		/*
467 		 * This is ugly.  There is no execvep() function that takes a
468 		 * path and an environment.  We cheat here by replacing the
469 		 * global 'environ' variable right before we call this.
470 		 */
471 		if (envp)
472 			environ = (char **)envp;
473 
474 		(void) execvp(file, argv);  /* execute the program */
475 		_exit(127);
476 	}
477 
478 	/*
479 	 * Initialize the process structure.
480 	 */
481 	(void) memset(P, 0, sizeof (*P));
482 	(void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
483 	P->flags |= CREATED;
484 	P->state = PS_RUN;
485 	P->pid = pid;
486 	P->asfd = -1;
487 	P->ctlfd = -1;
488 	P->statfd = -1;
489 	P->agentctlfd = -1;
490 	P->agentstatfd = -1;
491 	Pinit_ops(&P->ops, &P_live_ops);
492 	Pinitsym(P);
493 
494 	/*
495 	 * Open the /proc/pid files.
496 	 */
497 	(void) snprintf(procname, sizeof (procname), "%s/%d/",
498 	    procfs_path, (int)pid);
499 	fname = procname + strlen(procname);
500 	(void) set_minfd();
501 
502 	/*
503 	 * Exclusive write open advises others not to interfere.
504 	 * There is no reason for any of these open()s to fail.
505 	 */
506 	(void) strcpy(fname, "as");
507 	if ((fd = open(procname, (O_RDWR|O_EXCL))) < 0 ||
508 	    (fd = dupfd(fd, 0)) < 0) {
509 		dprintf("Pcreate: failed to open %s: %s\n",
510 		    procname, strerror(errno));
511 		rc = C_STRANGE;
512 		goto bad;
513 	}
514 	P->asfd = fd;
515 
516 	(void) strcpy(fname, "status");
517 	if ((fd = open(procname, O_RDONLY)) < 0 ||
518 	    (fd = dupfd(fd, 0)) < 0) {
519 		dprintf("Pcreate: failed to open %s: %s\n",
520 		    procname, strerror(errno));
521 		rc = C_STRANGE;
522 		goto bad;
523 	}
524 	P->statfd = fd;
525 
526 	(void) strcpy(fname, "ctl");
527 	if ((fd = open(procname, O_WRONLY)) < 0 ||
528 	    (fd = dupfd(fd, 0)) < 0) {
529 		dprintf("Pcreate: failed to open %s: %s\n",
530 		    procname, strerror(errno));
531 		rc = C_STRANGE;
532 		goto bad;
533 	}
534 	P->ctlfd = fd;
535 
536 	(void) Pstop(P, 0);	/* stop the controlled process */
537 
538 	/*
539 	 * Wait for process to sleep in pause().
540 	 * If the process has already called pause(), then it should be
541 	 * stopped (PR_REQUESTED) while asleep in pause and we are done.
542 	 * Else we set up to catch entry/exit to pause() and set the process
543 	 * running again, expecting it to stop when it reaches pause().
544 	 * There is no reason for this to fail other than an interrupt.
545 	 */
546 	(void) Psysentry(P, SYS_pause, 1);
547 	(void) Psysexit(P, SYS_pause, 1);
548 	for (;;) {
549 		if (P->state == PS_STOP &&
550 		    P->status.pr_lwp.pr_syscall == SYS_pause &&
551 		    (P->status.pr_lwp.pr_why == PR_REQUESTED ||
552 		    P->status.pr_lwp.pr_why == PR_SYSENTRY ||
553 		    P->status.pr_lwp.pr_why == PR_SYSEXIT))
554 			break;
555 
556 		if (P->state != PS_STOP ||	/* interrupt or process died */
557 		    Psetrun(P, 0, 0) != 0) {	/* can't restart */
558 			if (errno == EINTR || errno == ERESTART)
559 				rc = C_INTR;
560 			else {
561 				dprintf("Pcreate: Psetrun failed: %s\n",
562 				    strerror(errno));
563 				rc = C_STRANGE;
564 			}
565 			goto bad;
566 		}
567 
568 		(void) Pwait(P, 0);
569 	}
570 	(void) Psysentry(P, SYS_pause, 0);
571 	(void) Psysexit(P, SYS_pause, 0);
572 
573 	/*
574 	 * Kick the process off the pause() and catch
575 	 * it again on entry to exec() or exit().
576 	 */
577 	(void) Psysentry(P, SYS_exit, 1);
578 	(void) Psysentry(P, SYS_execve, 1);
579 	if (Psetrun(P, 0, PRSABORT) == -1) {
580 		dprintf("Pcreate: Psetrun failed: %s\n", strerror(errno));
581 		rc = C_STRANGE;
582 		goto bad;
583 	}
584 	(void) Pwait(P, 0);
585 	if (P->state != PS_STOP) {
586 		dprintf("Pcreate: Pwait failed: %s\n", strerror(errno));
587 		rc = C_STRANGE;
588 		goto bad;
589 	}
590 
591 	/*
592 	 * Move the process through instances of failed exec()s
593 	 * to reach the point of stopped on successful exec().
594 	 */
595 	(void) Psysexit(P, SYS_execve, TRUE);
596 
597 	while (P->state == PS_STOP &&
598 	    P->status.pr_lwp.pr_why == PR_SYSENTRY &&
599 	    P->status.pr_lwp.pr_what == SYS_execve) {
600 		/*
601 		 * Fetch the exec path name now, before we complete
602 		 * the exec().  We may lose the process and be unable
603 		 * to get the information later.
604 		 */
605 		(void) Pread_string(P, execpath, sizeof (execpath),
606 		    (off_t)P->status.pr_lwp.pr_sysarg[0]);
607 		if (path != NULL)
608 			(void) strncpy(path, execpath, len);
609 		/*
610 		 * Set the process running and wait for
611 		 * it to stop on exit from the exec().
612 		 */
613 		(void) Psetrun(P, 0, 0);
614 		(void) Pwait(P, 0);
615 
616 		if (P->state == PS_LOST &&		/* we lost control */
617 		    Preopen(P) != 0) {		/* and we can't get it back */
618 			rc = C_PERM;
619 			goto bad;
620 		}
621 
622 		/*
623 		 * If the exec() failed, continue the loop, expecting
624 		 * there to be more attempts to exec(), based on PATH.
625 		 */
626 		if (P->state == PS_STOP &&
627 		    P->status.pr_lwp.pr_why == PR_SYSEXIT &&
628 		    P->status.pr_lwp.pr_what == SYS_execve &&
629 		    (lasterrno = P->status.pr_lwp.pr_errno) != 0) {
630 			/*
631 			 * The exec() failed.  Set the process running and
632 			 * wait for it to stop on entry to the next exec().
633 			 */
634 			(void) Psetrun(P, 0, 0);
635 			(void) Pwait(P, 0);
636 
637 			continue;
638 		}
639 		break;
640 	}
641 
642 	if (P->state == PS_STOP &&
643 	    P->status.pr_lwp.pr_why == PR_SYSEXIT &&
644 	    P->status.pr_lwp.pr_what == SYS_execve &&
645 	    P->status.pr_lwp.pr_errno == 0) {
646 		/*
647 		 * The process is stopped on successful exec() or execve().
648 		 * Turn off all tracing flags and return success.
649 		 */
650 		restore_tracing_flags(P);
651 #ifndef _LP64
652 		/* We must be a 64-bit process to deal with a 64-bit process */
653 		if (P->status.pr_dmodel == PR_MODEL_LP64) {
654 			rc = C_LP64;
655 			goto bad;
656 		}
657 #endif
658 		/*
659 		 * Set run-on-last-close so the controlled process
660 		 * runs even if we die on a signal.
661 		 */
662 		(void) Psetflags(P, PR_RLC);
663 		*perr = 0;
664 		return (P);
665 	}
666 
667 	rc = lasterrno == ENOENT ? C_NOENT : C_NOEXEC;
668 
669 bad:
670 	(void) kill(pid, SIGKILL);
671 	if (path != NULL && rc != C_PERM && rc != C_LP64)
672 		*path = '\0';
673 	Pfree(P);
674 	*perr = rc;
675 	return (NULL);
676 }
677 
678 struct ps_prochandle *
679 Pcreate(
680 	const char *file,	/* executable file name */
681 	char *const *argv,	/* argument vector */
682 	int *perr,	/* pointer to error return code */
683 	char *path,	/* if non-null, holds exec path name on return */
684 	size_t len)	/* size of the path buffer */
685 {
686 	return (Pxcreate(file, argv, NULL, perr, path, len));
687 }
688 
689 /*
690  * Return a printable string corresponding to a Pcreate() error return.
691  */
692 const char *
693 Pcreate_error(int error)
694 {
695 	const char *str;
696 
697 	switch (error) {
698 	case C_FORK:
699 		str = "cannot fork";
700 		break;
701 	case C_PERM:
702 		str = "file is set-id or unreadable";
703 		break;
704 	case C_NOEXEC:
705 		str = "cannot execute file";
706 		break;
707 	case C_INTR:
708 		str = "operation interrupted";
709 		break;
710 	case C_LP64:
711 		str = "program is _LP64, self is not";
712 		break;
713 	case C_STRANGE:
714 		str = "unanticipated system error";
715 		break;
716 	case C_NOENT:
717 		str = "cannot find executable file";
718 		break;
719 	default:
720 		str = "unknown error";
721 		break;
722 	}
723 
724 	return (str);
725 }
726 
727 /*
728  * Callback to execute in each child process created with Pcreate() after fork
729  * but before it execs the new process image.  By default, we do nothing, but
730  * by calling this function we allow the client program to define its own
731  * version of the function which will interpose on our empty default.  This
732  * may be useful for clients that need to modify signal dispositions, terminal
733  * attributes, or process group and session properties for each new victim.
734  */
735 /*ARGSUSED*/
736 void
737 Pcreate_callback(struct ps_prochandle *P)
738 {
739 	/* nothing to do here */
740 }
741 
742 /*
743  * Grab an existing process.
744  * Return an opaque pointer to its process control structure.
745  *
746  * pid:		UNIX process ID.
747  * flags:
748  *	PGRAB_RETAIN	Retain tracing flags (default clears all tracing flags).
749  *	PGRAB_FORCE	Grab regardless of whether process is already traced.
750  *	PGRAB_RDONLY	Open the address space file O_RDONLY instead of O_RDWR,
751  *                      and do not open the process control file.
752  *	PGRAB_NOSTOP	Open the process but do not force it to stop.
753  * perr:	pointer to error return code.
754  */
755 struct ps_prochandle *
756 Pgrab(pid_t pid, int flags, int *perr)
757 {
758 	struct ps_prochandle *P;
759 	int fd, omode;
760 	char procname[PATH_MAX];
761 	char *fname;
762 	int rc = 0;
763 
764 	/*
765 	 * PGRAB_RDONLY means that we do not open the /proc/<pid>/control file,
766 	 * and so it implies RETAIN and NOSTOP since both require control.
767 	 */
768 	if (flags & PGRAB_RDONLY)
769 		flags |= PGRAB_RETAIN | PGRAB_NOSTOP;
770 
771 	if ((P = malloc(sizeof (struct ps_prochandle))) == NULL) {
772 		*perr = G_STRANGE;
773 		return (NULL);
774 	}
775 
776 	P->asfd = -1;
777 	P->ctlfd = -1;
778 	P->statfd = -1;
779 
780 again:	/* Come back here if we lose it in the Window of Vulnerability */
781 	if (P->ctlfd >= 0)
782 		(void) close(P->ctlfd);
783 	if (P->asfd >= 0)
784 		(void) close(P->asfd);
785 	if (P->statfd >= 0)
786 		(void) close(P->statfd);
787 	(void) memset(P, 0, sizeof (*P));
788 	(void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
789 	P->ctlfd = -1;
790 	P->asfd = -1;
791 	P->statfd = -1;
792 	P->agentctlfd = -1;
793 	P->agentstatfd = -1;
794 	Pinit_ops(&P->ops, &P_live_ops);
795 	Pinitsym(P);
796 
797 	/*
798 	 * Open the /proc/pid files
799 	 */
800 	(void) snprintf(procname, sizeof (procname), "%s/%d/",
801 	    procfs_path, (int)pid);
802 	fname = procname + strlen(procname);
803 	(void) set_minfd();
804 
805 	/*
806 	 * Request exclusive open to avoid grabbing someone else's
807 	 * process and to prevent others from interfering afterwards.
808 	 * If this fails and the 'PGRAB_FORCE' flag is set, attempt to
809 	 * open non-exclusively.
810 	 */
811 	(void) strcpy(fname, "as");
812 	omode = (flags & PGRAB_RDONLY) ? O_RDONLY : O_RDWR;
813 
814 	if (((fd = open(procname, omode | O_EXCL)) < 0 &&
815 	    (fd = ((flags & PGRAB_FORCE)? open(procname, omode) : -1)) < 0) ||
816 	    (fd = dupfd(fd, 0)) < 0) {
817 		switch (errno) {
818 		case ENOENT:
819 			rc = G_NOPROC;
820 			break;
821 		case EACCES:
822 		case EPERM:
823 			rc = G_PERM;
824 			break;
825 		case EMFILE:
826 			rc = G_NOFD;
827 			break;
828 		case EBUSY:
829 			if (!(flags & PGRAB_FORCE) || geteuid() != 0) {
830 				rc = G_BUSY;
831 				break;
832 			}
833 			/* FALLTHROUGH */
834 		default:
835 			dprintf("Pgrab: failed to open %s: %s\n",
836 			    procname, strerror(errno));
837 			rc = G_STRANGE;
838 			break;
839 		}
840 		goto err;
841 	}
842 	P->asfd = fd;
843 
844 	(void) strcpy(fname, "status");
845 	if ((fd = open(procname, O_RDONLY)) < 0 ||
846 	    (fd = dupfd(fd, 0)) < 0) {
847 		switch (errno) {
848 		case ENOENT:
849 			rc = G_NOPROC;
850 			break;
851 		case EMFILE:
852 			rc = G_NOFD;
853 			break;
854 		default:
855 			dprintf("Pgrab: failed to open %s: %s\n",
856 			    procname, strerror(errno));
857 			rc = G_STRANGE;
858 			break;
859 		}
860 		goto err;
861 	}
862 	P->statfd = fd;
863 
864 	if (!(flags & PGRAB_RDONLY)) {
865 		(void) strcpy(fname, "ctl");
866 		if ((fd = open(procname, O_WRONLY)) < 0 ||
867 		    (fd = dupfd(fd, 0)) < 0) {
868 			switch (errno) {
869 			case ENOENT:
870 				rc = G_NOPROC;
871 				break;
872 			case EMFILE:
873 				rc = G_NOFD;
874 				break;
875 			default:
876 				dprintf("Pgrab: failed to open %s: %s\n",
877 				    procname, strerror(errno));
878 				rc = G_STRANGE;
879 				break;
880 			}
881 			goto err;
882 		}
883 		P->ctlfd = fd;
884 	}
885 
886 	P->state = PS_RUN;
887 	P->pid = pid;
888 
889 	/*
890 	 * We are now in the Window of Vulnerability (WoV).  The process may
891 	 * exec() a setuid/setgid or unreadable object file between the open()
892 	 * and the PCSTOP.  We will get EAGAIN in this case and must start over.
893 	 * As Pstopstatus will trigger the first read() from a /proc file,
894 	 * we also need to handle EOVERFLOW here when 32-bit as an indicator
895 	 * that this process is 64-bit.  Finally, if the process has become
896 	 * a zombie (PS_UNDEAD) while we were trying to grab it, just remain
897 	 * silent about this and pretend there was no process.
898 	 */
899 	if (Pstopstatus(P, PCNULL, 0) != 0) {
900 #ifndef _LP64
901 		if (errno == EOVERFLOW) {
902 			rc = G_LP64;
903 			goto err;
904 		}
905 #endif
906 		if (P->state == PS_LOST) {	/* WoV */
907 			(void) mutex_destroy(&P->proc_lock);
908 			goto again;
909 		}
910 
911 		if (P->state == PS_UNDEAD)
912 			rc = G_NOPROC;
913 		else
914 			rc = G_STRANGE;
915 
916 		goto err;
917 	}
918 
919 	/*
920 	 * If the process is a system process, we can't control it even as root
921 	 */
922 	if (P->status.pr_flags & PR_ISSYS) {
923 		rc = G_SYS;
924 		goto err;
925 	}
926 #ifndef _LP64
927 	/*
928 	 * We must be a 64-bit process to deal with a 64-bit process
929 	 */
930 	if (P->status.pr_dmodel == PR_MODEL_LP64) {
931 		rc = G_LP64;
932 		goto err;
933 	}
934 #endif
935 
936 	/*
937 	 * Remember the status for use by Prelease().
938 	 */
939 	P->orig_status = P->status;	/* structure copy */
940 
941 	/*
942 	 * Before stopping the process, make sure we are not grabbing ourselves.
943 	 * If we are, make sure we are doing it PGRAB_RDONLY.
944 	 */
945 	if (pid == getpid()) {
946 		/*
947 		 * Verify that the process is really ourself:
948 		 * Set a magic number, read it through the
949 		 * /proc file and see if the results match.
950 		 */
951 		uint32_t magic1 = 0;
952 		uint32_t magic2 = 2;
953 
954 		errno = 0;
955 
956 		if (Pread(P, &magic2, sizeof (magic2), (uintptr_t)&magic1)
957 		    == sizeof (magic2) &&
958 		    magic2 == 0 &&
959 		    (magic1 = 0xfeedbeef) &&
960 		    Pread(P, &magic2, sizeof (magic2), (uintptr_t)&magic1)
961 		    == sizeof (magic2) &&
962 		    magic2 == 0xfeedbeef &&
963 		    !(flags & PGRAB_RDONLY)) {
964 			rc = G_SELF;
965 			goto err;
966 		}
967 	}
968 
969 	/*
970 	 * If the process is already stopped or has been directed
971 	 * to stop via /proc, do not set run-on-last-close.
972 	 */
973 	if (!(P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) &&
974 	    !(flags & PGRAB_RDONLY)) {
975 		/*
976 		 * Mark the process run-on-last-close so
977 		 * it runs even if we die from SIGKILL.
978 		 */
979 		if (Psetflags(P, PR_RLC) != 0) {
980 			if (errno == EAGAIN) {	/* WoV */
981 				(void) mutex_destroy(&P->proc_lock);
982 				goto again;
983 			}
984 			if (errno == ENOENT)	/* No complaint about zombies */
985 				rc = G_ZOMB;
986 			else {
987 				dprintf("Pgrab: failed to set RLC\n");
988 				rc = G_STRANGE;
989 			}
990 			goto err;
991 		}
992 	}
993 
994 	/*
995 	 * If a stop directive is pending and the process has not yet stopped,
996 	 * then synchronously wait for the stop directive to take effect.
997 	 * Limit the time spent waiting for the process to stop by iterating
998 	 * at most 10 times. The time-out of 20 ms corresponds to the time
999 	 * between sending the stop directive and the process actually stopped
1000 	 * as measured by DTrace on a slow, busy system. If the process doesn't
1001 	 * stop voluntarily, clear the PR_DSTOP flag so that the code below
1002 	 * forces the process to stop.
1003 	 */
1004 	if (!(flags & PGRAB_RDONLY)) {
1005 		int niter = 0;
1006 		while ((P->status.pr_lwp.pr_flags & (PR_STOPPED|PR_DSTOP)) ==
1007 		    PR_DSTOP && niter < 10 &&
1008 		    Pstopstatus(P, PCTWSTOP, 20) != 0) {
1009 			niter++;
1010 			if (flags & PGRAB_NOSTOP)
1011 				break;
1012 		}
1013 		if (niter == 10 && !(flags & PGRAB_NOSTOP)) {
1014 			/* Try it harder down below */
1015 			P->status.pr_lwp.pr_flags &= ~PR_DSTOP;
1016 		}
1017 	}
1018 
1019 	/*
1020 	 * If the process is not already stopped or directed to stop
1021 	 * and PGRAB_NOSTOP was not specified, stop the process now.
1022 	 */
1023 	if (!(P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) &&
1024 	    !(flags & PGRAB_NOSTOP)) {
1025 		/*
1026 		 * Stop the process, get its status and signal/syscall masks.
1027 		 */
1028 		if (((P->status.pr_lwp.pr_flags & PR_STOPPED) &&
1029 		    Pstopstatus(P, PCDSTOP, 0) != 0) ||
1030 		    Pstopstatus(P, PCSTOP, 2000) != 0) {
1031 #ifndef _LP64
1032 			if (errno == EOVERFLOW) {
1033 				rc = G_LP64;
1034 				goto err;
1035 			}
1036 #endif
1037 			if (P->state == PS_LOST) {	/* WoV */
1038 				(void) mutex_destroy(&P->proc_lock);
1039 				goto again;
1040 			}
1041 			if ((errno != EINTR && errno != ERESTART) ||
1042 			    (P->state != PS_STOP &&
1043 			    !(P->status.pr_flags & PR_DSTOP))) {
1044 				if (P->state != PS_RUN && errno != ENOENT) {
1045 					dprintf("Pgrab: failed to PCSTOP\n");
1046 					rc = G_STRANGE;
1047 				} else {
1048 					rc = G_ZOMB;
1049 				}
1050 				goto err;
1051 			}
1052 		}
1053 
1054 		/*
1055 		 * Process should now either be stopped via /proc or there
1056 		 * should be an outstanding stop directive.
1057 		 */
1058 		if (!(P->status.pr_flags & (PR_ISTOP|PR_DSTOP))) {
1059 			dprintf("Pgrab: process is not stopped\n");
1060 			rc = G_STRANGE;
1061 			goto err;
1062 		}
1063 #ifndef _LP64
1064 		/*
1065 		 * Test this again now because the 32-bit victim process may
1066 		 * have exec'd a 64-bit process in the meantime.
1067 		 */
1068 		if (P->status.pr_dmodel == PR_MODEL_LP64) {
1069 			rc = G_LP64;
1070 			goto err;
1071 		}
1072 #endif
1073 	}
1074 
1075 	/*
1076 	 * Cancel all tracing flags unless the PGRAB_RETAIN flag is set.
1077 	 */
1078 	if (!(flags & PGRAB_RETAIN)) {
1079 		(void) Psysentry(P, 0, FALSE);
1080 		(void) Psysexit(P, 0, FALSE);
1081 		(void) Psignal(P, 0, FALSE);
1082 		(void) Pfault(P, 0, FALSE);
1083 		Psync(P);
1084 	}
1085 
1086 	*perr = 0;
1087 	return (P);
1088 
1089 err:
1090 	Pfree(P);
1091 	*perr = rc;
1092 	return (NULL);
1093 }
1094 
1095 /*
1096  * Return a printable string corresponding to a Pgrab() error return.
1097  */
1098 const char *
1099 Pgrab_error(int error)
1100 {
1101 	const char *str;
1102 
1103 	switch (error) {
1104 	case G_NOPROC:
1105 		str = "no such process";
1106 		break;
1107 	case G_NOCORE:
1108 		str = "no such core file";
1109 		break;
1110 	case G_NOPROCORCORE:
1111 		str = "no such process or core file";
1112 		break;
1113 	case G_NOEXEC:
1114 		str = "cannot find executable file";
1115 		break;
1116 	case G_ZOMB:
1117 		str = "zombie process";
1118 		break;
1119 	case G_PERM:
1120 		str = "permission denied";
1121 		break;
1122 	case G_BUSY:
1123 		str = "process is traced";
1124 		break;
1125 	case G_SYS:
1126 		str = "system process";
1127 		break;
1128 	case G_SELF:
1129 		str = "attempt to grab self";
1130 		break;
1131 	case G_INTR:
1132 		str = "operation interrupted";
1133 		break;
1134 	case G_LP64:
1135 		str = "program is _LP64, self is not";
1136 		break;
1137 	case G_FORMAT:
1138 		str = "file is not an ELF core file";
1139 		break;
1140 	case G_ELF:
1141 		str = "libelf error";
1142 		break;
1143 	case G_NOTE:
1144 		str = "core file is corrupt or missing required data";
1145 		break;
1146 	case G_STRANGE:
1147 		str = "unanticipated system error";
1148 		break;
1149 	case G_ISAINVAL:
1150 		str = "wrong ELF machine type";
1151 		break;
1152 	case G_BADLWPS:
1153 		str = "bad lwp specification";
1154 		break;
1155 	case G_NOFD:
1156 		str = "too many open files";
1157 		break;
1158 	default:
1159 		str = "unknown error";
1160 		break;
1161 	}
1162 
1163 	return (str);
1164 }
1165 
1166 /*
1167  * Free a process control structure.
1168  * Close the file descriptors but don't do the Prelease logic.
1169  */
1170 void
1171 Pfree(struct ps_prochandle *P)
1172 {
1173 	uint_t i;
1174 
1175 	if (P->ucaddrs != NULL) {
1176 		free(P->ucaddrs);
1177 		P->ucaddrs = NULL;
1178 		P->ucnelems = 0;
1179 	}
1180 
1181 	(void) mutex_lock(&P->proc_lock);
1182 	if (P->hashtab != NULL) {
1183 		struct ps_lwphandle *L;
1184 		for (i = 0; i < HASHSIZE; i++) {
1185 			while ((L = P->hashtab[i]) != NULL)
1186 				Lfree_internal(P, L);
1187 		}
1188 		free(P->hashtab);
1189 	}
1190 
1191 	while (P->num_fd > 0) {
1192 		fd_info_t *fip = list_next(&P->fd_head);
1193 		list_unlink(fip);
1194 		free(fip);
1195 		P->num_fd--;
1196 	}
1197 	(void) mutex_unlock(&P->proc_lock);
1198 	(void) mutex_destroy(&P->proc_lock);
1199 
1200 	if (P->agentctlfd >= 0)
1201 		(void) close(P->agentctlfd);
1202 	if (P->agentstatfd >= 0)
1203 		(void) close(P->agentstatfd);
1204 	if (P->ctlfd >= 0)
1205 		(void) close(P->ctlfd);
1206 	if (P->asfd >= 0)
1207 		(void) close(P->asfd);
1208 	if (P->statfd >= 0)
1209 		(void) close(P->statfd);
1210 	Preset_maps(P);
1211 	P->ops.pop_fini(P, P->data);
1212 
1213 	/* clear out the structure as a precaution against reuse */
1214 	(void) memset(P, 0, sizeof (*P));
1215 	P->ctlfd = -1;
1216 	P->asfd = -1;
1217 	P->statfd = -1;
1218 	P->agentctlfd = -1;
1219 	P->agentstatfd = -1;
1220 
1221 	free(P);
1222 }
1223 
1224 /*
1225  * Return the state of the process, one of the PS_* values.
1226  */
1227 int
1228 Pstate(struct ps_prochandle *P)
1229 {
1230 	return (P->state);
1231 }
1232 
1233 /*
1234  * Return the open address space file descriptor for the process.
1235  * Clients must not close this file descriptor, not use it
1236  * after the process is freed.
1237  */
1238 int
1239 Pasfd(struct ps_prochandle *P)
1240 {
1241 	return (P->asfd);
1242 }
1243 
1244 /*
1245  * Return the open control file descriptor for the process.
1246  * Clients must not close this file descriptor, not use it
1247  * after the process is freed.
1248  */
1249 int
1250 Pctlfd(struct ps_prochandle *P)
1251 {
1252 	return (P->ctlfd);
1253 }
1254 
1255 /*
1256  * Return a pointer to the process psinfo structure.
1257  * Clients should not hold on to this pointer indefinitely.
1258  * It will become invalid on Prelease().
1259  */
1260 const psinfo_t *
1261 Ppsinfo(struct ps_prochandle *P)
1262 {
1263 	return (P->ops.pop_psinfo(P, &P->psinfo, P->data));
1264 }
1265 
1266 /*
1267  * Return a pointer to the process status structure.
1268  * Clients should not hold on to this pointer indefinitely.
1269  * It will become invalid on Prelease().
1270  */
1271 const pstatus_t *
1272 Pstatus(struct ps_prochandle *P)
1273 {
1274 	return (&P->status);
1275 }
1276 
1277 static void
1278 Pread_status(struct ps_prochandle *P)
1279 {
1280 	P->ops.pop_status(P, &P->status, P->data);
1281 }
1282 
1283 /*
1284  * Fill in a pointer to a process credentials structure.  The ngroups parameter
1285  * is the number of supplementary group entries allocated in the caller's cred
1286  * structure.  It should equal zero or one unless extra space has been
1287  * allocated for the group list by the caller.
1288  */
1289 int
1290 Pcred(struct ps_prochandle *P, prcred_t *pcrp, int ngroups)
1291 {
1292 	return (P->ops.pop_cred(P, pcrp, ngroups, P->data));
1293 }
1294 
1295 static prheader_t *
1296 Plstatus(struct ps_prochandle *P)
1297 {
1298 	return (P->ops.pop_lstatus(P, P->data));
1299 }
1300 
1301 static prheader_t *
1302 Plpsinfo(struct ps_prochandle *P)
1303 {
1304 	return (P->ops.pop_lpsinfo(P, P->data));
1305 }
1306 
1307 
1308 #if defined(__i386) || defined(__amd64)
1309 /*
1310  * Fill in a pointer to a process LDT structure.
1311  * The caller provides a buffer of size 'nldt * sizeof (struct ssd)';
1312  * If pldt == NULL or nldt == 0, we return the number of existing LDT entries.
1313  * Otherwise we return the actual number of LDT entries fetched (<= nldt).
1314  */
1315 int
1316 Pldt(struct ps_prochandle *P, struct ssd *pldt, int nldt)
1317 {
1318 	return (P->ops.pop_ldt(P, pldt, nldt, P->data));
1319 
1320 }
1321 #endif	/* __i386 */
1322 
1323 /*
1324  * Return a malloced process privilege structure in *pprv.
1325  */
1326 int
1327 Ppriv(struct ps_prochandle *P, prpriv_t **pprv)
1328 {
1329 	return (P->ops.pop_priv(P, pprv, P->data));
1330 }
1331 
1332 int
1333 Psetpriv(struct ps_prochandle *P, prpriv_t *pprv)
1334 {
1335 	int rc;
1336 	long *ctl;
1337 	size_t sz;
1338 
1339 	if (P->state == PS_DEAD) {
1340 		errno = EBADF;
1341 		return (-1);
1342 	}
1343 
1344 	sz = PRIV_PRPRIV_SIZE(pprv) + sizeof (long);
1345 
1346 	sz = ((sz - 1) / sizeof (long) + 1) * sizeof (long);
1347 
1348 	ctl = malloc(sz);
1349 	if (ctl == NULL)
1350 		return (-1);
1351 
1352 	ctl[0] = PCSPRIV;
1353 
1354 	(void) memcpy(&ctl[1], pprv, PRIV_PRPRIV_SIZE(pprv));
1355 
1356 	if (write(P->ctlfd, ctl, sz) != sz)
1357 		rc = -1;
1358 	else
1359 		rc = 0;
1360 
1361 	free(ctl);
1362 
1363 	return (rc);
1364 }
1365 
1366 void *
1367 Pprivinfo(struct ps_prochandle *P)
1368 {
1369 	core_info_t *core = P->data;
1370 
1371 	/* Use default from libc */
1372 	if (P->state != PS_DEAD)
1373 		return (NULL);
1374 
1375 	return (core->core_privinfo);
1376 }
1377 
1378 /*
1379  * Ensure that all cached state is written to the process.
1380  * The cached state is the LWP's signal mask and registers
1381  * and the process's tracing flags.
1382  */
1383 void
1384 Psync(struct ps_prochandle *P)
1385 {
1386 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
1387 	long cmd[6];
1388 	iovec_t iov[12];
1389 	int n = 0;
1390 
1391 	if (P->flags & SETHOLD) {
1392 		cmd[0] = PCSHOLD;
1393 		iov[n].iov_base = (caddr_t)&cmd[0];
1394 		iov[n++].iov_len = sizeof (long);
1395 		iov[n].iov_base = (caddr_t)&P->status.pr_lwp.pr_lwphold;
1396 		iov[n++].iov_len = sizeof (P->status.pr_lwp.pr_lwphold);
1397 	}
1398 	if (P->flags & SETREGS) {
1399 		cmd[1] = PCSREG;
1400 #ifdef __i386
1401 		/* XX64 we should probably restore REG_GS after this */
1402 		if (ctlfd == P->agentctlfd)
1403 			P->status.pr_lwp.pr_reg[GS] = 0;
1404 #elif defined(__amd64)
1405 		/* XX64 */
1406 #endif
1407 		iov[n].iov_base = (caddr_t)&cmd[1];
1408 		iov[n++].iov_len = sizeof (long);
1409 		iov[n].iov_base = (caddr_t)&P->status.pr_lwp.pr_reg[0];
1410 		iov[n++].iov_len = sizeof (P->status.pr_lwp.pr_reg);
1411 	}
1412 	if (P->flags & SETSIG) {
1413 		cmd[2] = PCSTRACE;
1414 		iov[n].iov_base = (caddr_t)&cmd[2];
1415 		iov[n++].iov_len = sizeof (long);
1416 		iov[n].iov_base = (caddr_t)&P->status.pr_sigtrace;
1417 		iov[n++].iov_len = sizeof (P->status.pr_sigtrace);
1418 	}
1419 	if (P->flags & SETFAULT) {
1420 		cmd[3] = PCSFAULT;
1421 		iov[n].iov_base = (caddr_t)&cmd[3];
1422 		iov[n++].iov_len = sizeof (long);
1423 		iov[n].iov_base = (caddr_t)&P->status.pr_flttrace;
1424 		iov[n++].iov_len = sizeof (P->status.pr_flttrace);
1425 	}
1426 	if (P->flags & SETENTRY) {
1427 		cmd[4] = PCSENTRY;
1428 		iov[n].iov_base = (caddr_t)&cmd[4];
1429 		iov[n++].iov_len = sizeof (long);
1430 		iov[n].iov_base = (caddr_t)&P->status.pr_sysentry;
1431 		iov[n++].iov_len = sizeof (P->status.pr_sysentry);
1432 	}
1433 	if (P->flags & SETEXIT) {
1434 		cmd[5] = PCSEXIT;
1435 		iov[n].iov_base = (caddr_t)&cmd[5];
1436 		iov[n++].iov_len = sizeof (long);
1437 		iov[n].iov_base = (caddr_t)&P->status.pr_sysexit;
1438 		iov[n++].iov_len = sizeof (P->status.pr_sysexit);
1439 	}
1440 
1441 	if (n == 0 || writev(ctlfd, iov, n) < 0)
1442 		return;		/* nothing to do or write failed */
1443 
1444 	P->flags &= ~(SETSIG|SETFAULT|SETENTRY|SETEXIT|SETHOLD|SETREGS);
1445 }
1446 
1447 /*
1448  * Reopen the /proc file (after PS_LOST).
1449  */
1450 int
1451 Preopen(struct ps_prochandle *P)
1452 {
1453 	int fd;
1454 	char procname[PATH_MAX];
1455 	char *fname;
1456 
1457 	if (P->state == PS_DEAD || P->state == PS_IDLE)
1458 		return (0);
1459 
1460 	if (P->agentcnt > 0) {
1461 		P->agentcnt = 1;
1462 		Pdestroy_agent(P);
1463 	}
1464 
1465 	(void) snprintf(procname, sizeof (procname), "%s/%d/",
1466 	    procfs_path, (int)P->pid);
1467 	fname = procname + strlen(procname);
1468 
1469 	(void) strcpy(fname, "as");
1470 	if ((fd = open(procname, O_RDWR)) < 0 ||
1471 	    close(P->asfd) < 0 ||
1472 	    (fd = dupfd(fd, P->asfd)) != P->asfd) {
1473 		dprintf("Preopen: failed to open %s: %s\n",
1474 		    procname, strerror(errno));
1475 		if (fd >= 0)
1476 			(void) close(fd);
1477 		return (-1);
1478 	}
1479 	P->asfd = fd;
1480 
1481 	(void) strcpy(fname, "status");
1482 	if ((fd = open(procname, O_RDONLY)) < 0 ||
1483 	    close(P->statfd) < 0 ||
1484 	    (fd = dupfd(fd, P->statfd)) != P->statfd) {
1485 		dprintf("Preopen: failed to open %s: %s\n",
1486 		    procname, strerror(errno));
1487 		if (fd >= 0)
1488 			(void) close(fd);
1489 		return (-1);
1490 	}
1491 	P->statfd = fd;
1492 
1493 	(void) strcpy(fname, "ctl");
1494 	if ((fd = open(procname, O_WRONLY)) < 0 ||
1495 	    close(P->ctlfd) < 0 ||
1496 	    (fd = dupfd(fd, P->ctlfd)) != P->ctlfd) {
1497 		dprintf("Preopen: failed to open %s: %s\n",
1498 		    procname, strerror(errno));
1499 		if (fd >= 0)
1500 			(void) close(fd);
1501 		return (-1);
1502 	}
1503 	P->ctlfd = fd;
1504 
1505 	/*
1506 	 * Set the state to PS_RUN and wait for the process to stop so that
1507 	 * we re-read the status from the new P->statfd.  If this fails, Pwait
1508 	 * will reset the state to PS_LOST and we fail the reopen.  Before
1509 	 * returning, we also forge a bit of P->status to allow the debugger to
1510 	 * see that we are PS_LOST following a successful exec.
1511 	 */
1512 	P->state = PS_RUN;
1513 	if (Pwait(P, 0) == -1) {
1514 #ifdef _ILP32
1515 		if (errno == EOVERFLOW)
1516 			P->status.pr_dmodel = PR_MODEL_LP64;
1517 #endif
1518 		P->status.pr_lwp.pr_why = PR_SYSEXIT;
1519 		P->status.pr_lwp.pr_what = SYS_execve;
1520 		P->status.pr_lwp.pr_errno = 0;
1521 		return (-1);
1522 	}
1523 
1524 	/*
1525 	 * The process should be stopped on exec (REQUESTED)
1526 	 * or else should be stopped on exit from exec() (SYSEXIT)
1527 	 */
1528 	if (P->state == PS_STOP &&
1529 	    (P->status.pr_lwp.pr_why == PR_REQUESTED ||
1530 	    (P->status.pr_lwp.pr_why == PR_SYSEXIT &&
1531 	    P->status.pr_lwp.pr_what == SYS_execve))) {
1532 		/* fake up stop-on-exit-from-execve */
1533 		if (P->status.pr_lwp.pr_why == PR_REQUESTED) {
1534 			P->status.pr_lwp.pr_why = PR_SYSEXIT;
1535 			P->status.pr_lwp.pr_what = SYS_execve;
1536 			P->status.pr_lwp.pr_errno = 0;
1537 		}
1538 	} else {
1539 		dprintf("Preopen: expected REQUESTED or "
1540 		    "SYSEXIT(SYS_execve) stop\n");
1541 	}
1542 
1543 	return (0);
1544 }
1545 
1546 /*
1547  * Define all settable flags other than the microstate accounting flags.
1548  */
1549 #define	ALL_SETTABLE_FLAGS (PR_FORK|PR_RLC|PR_KLC|PR_ASYNC|PR_BPTADJ|PR_PTRACE)
1550 
1551 /*
1552  * Restore /proc tracing flags to their original values
1553  * in preparation for releasing the process.
1554  * Also called by Pcreate() to clear all tracing flags.
1555  */
1556 static void
1557 restore_tracing_flags(struct ps_prochandle *P)
1558 {
1559 	long flags;
1560 	long cmd[4];
1561 	iovec_t iov[8];
1562 
1563 	if (P->flags & CREATED) {
1564 		/* we created this process; clear all tracing flags */
1565 		premptyset(&P->status.pr_sigtrace);
1566 		premptyset(&P->status.pr_flttrace);
1567 		premptyset(&P->status.pr_sysentry);
1568 		premptyset(&P->status.pr_sysexit);
1569 		if ((P->status.pr_flags & ALL_SETTABLE_FLAGS) != 0)
1570 			(void) Punsetflags(P, ALL_SETTABLE_FLAGS);
1571 	} else {
1572 		/* we grabbed the process; restore its tracing flags */
1573 		P->status.pr_sigtrace = P->orig_status.pr_sigtrace;
1574 		P->status.pr_flttrace = P->orig_status.pr_flttrace;
1575 		P->status.pr_sysentry = P->orig_status.pr_sysentry;
1576 		P->status.pr_sysexit  = P->orig_status.pr_sysexit;
1577 		if ((P->status.pr_flags & ALL_SETTABLE_FLAGS) !=
1578 		    (flags = (P->orig_status.pr_flags & ALL_SETTABLE_FLAGS))) {
1579 			(void) Punsetflags(P, ALL_SETTABLE_FLAGS);
1580 			if (flags)
1581 				(void) Psetflags(P, flags);
1582 		}
1583 	}
1584 
1585 	cmd[0] = PCSTRACE;
1586 	iov[0].iov_base = (caddr_t)&cmd[0];
1587 	iov[0].iov_len = sizeof (long);
1588 	iov[1].iov_base = (caddr_t)&P->status.pr_sigtrace;
1589 	iov[1].iov_len = sizeof (P->status.pr_sigtrace);
1590 
1591 	cmd[1] = PCSFAULT;
1592 	iov[2].iov_base = (caddr_t)&cmd[1];
1593 	iov[2].iov_len = sizeof (long);
1594 	iov[3].iov_base = (caddr_t)&P->status.pr_flttrace;
1595 	iov[3].iov_len = sizeof (P->status.pr_flttrace);
1596 
1597 	cmd[2] = PCSENTRY;
1598 	iov[4].iov_base = (caddr_t)&cmd[2];
1599 	iov[4].iov_len = sizeof (long);
1600 	iov[5].iov_base = (caddr_t)&P->status.pr_sysentry;
1601 	iov[5].iov_len = sizeof (P->status.pr_sysentry);
1602 
1603 	cmd[3] = PCSEXIT;
1604 	iov[6].iov_base = (caddr_t)&cmd[3];
1605 	iov[6].iov_len = sizeof (long);
1606 	iov[7].iov_base = (caddr_t)&P->status.pr_sysexit;
1607 	iov[7].iov_len = sizeof (P->status.pr_sysexit);
1608 
1609 	(void) writev(P->ctlfd, iov, 8);
1610 
1611 	P->flags &= ~(SETSIG|SETFAULT|SETENTRY|SETEXIT);
1612 }
1613 
1614 /*
1615  * Release the process.  Frees the process control structure.
1616  * flags:
1617  *	PRELEASE_CLEAR	Clear all tracing flags.
1618  *	PRELEASE_RETAIN	Retain current tracing flags.
1619  *	PRELEASE_HANG	Leave the process stopped and abandoned.
1620  *	PRELEASE_KILL	Terminate the process with SIGKILL.
1621  */
1622 void
1623 Prelease(struct ps_prochandle *P, int flags)
1624 {
1625 	if (P->state == PS_DEAD) {
1626 		dprintf("Prelease: releasing handle %p PS_DEAD of pid %d\n",
1627 		    (void *)P, (int)P->pid);
1628 		Pfree(P);
1629 		return;
1630 	}
1631 
1632 	if (P->state == PS_IDLE) {
1633 		file_info_t *fptr = list_next(&P->file_head);
1634 		dprintf("Prelease: releasing handle %p PS_IDLE of file %s\n",
1635 		    (void *)P, fptr->file_pname);
1636 		Pfree(P);
1637 		return;
1638 	}
1639 
1640 	dprintf("Prelease: releasing handle %p pid %d\n",
1641 	    (void *)P, (int)P->pid);
1642 
1643 	if (P->ctlfd == -1) {
1644 		Pfree(P);
1645 		return;
1646 	}
1647 
1648 	if (P->agentcnt > 0) {
1649 		P->agentcnt = 1;
1650 		Pdestroy_agent(P);
1651 	}
1652 
1653 	/*
1654 	 * Attempt to stop the process.
1655 	 */
1656 	P->state = PS_RUN;
1657 	(void) Pstop(P, 1000);
1658 
1659 	if (flags & PRELEASE_KILL) {
1660 		if (P->state == PS_STOP)
1661 			(void) Psetrun(P, SIGKILL, 0);
1662 		(void) kill(P->pid, SIGKILL);
1663 		Pfree(P);
1664 		return;
1665 	}
1666 
1667 	/*
1668 	 * If we lost control, all we can do now is close the files.
1669 	 * In this case, the last close sets the process running.
1670 	 */
1671 	if (P->state != PS_STOP &&
1672 	    (P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) == 0) {
1673 		Pfree(P);
1674 		return;
1675 	}
1676 
1677 	/*
1678 	 * We didn't lose control; we do more.
1679 	 */
1680 	Psync(P);
1681 
1682 	if (flags & PRELEASE_CLEAR)
1683 		P->flags |= CREATED;
1684 
1685 	if (!(flags & PRELEASE_RETAIN))
1686 		restore_tracing_flags(P);
1687 
1688 	if (flags & PRELEASE_HANG) {
1689 		/* Leave the process stopped and abandoned */
1690 		(void) Punsetflags(P, PR_RLC|PR_KLC);
1691 		Pfree(P);
1692 		return;
1693 	}
1694 
1695 	/*
1696 	 * Set the process running if we created it or if it was
1697 	 * not originally stopped or directed to stop via /proc
1698 	 * or if we were given the PRELEASE_CLEAR flag.
1699 	 */
1700 	if ((P->flags & CREATED) ||
1701 	    (P->orig_status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP)) == 0) {
1702 		(void) Psetflags(P, PR_RLC);
1703 		/*
1704 		 * We do this repeatedly because the process may have
1705 		 * more than one LWP stopped on an event of interest.
1706 		 * This makes sure all of them are set running.
1707 		 */
1708 		do {
1709 			if (Psetrun(P, 0, 0) == -1 && errno == EBUSY)
1710 				break; /* Agent LWP may be stuck */
1711 		} while (Pstopstatus(P, PCNULL, 0) == 0 &&
1712 		    P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP));
1713 
1714 		if (P->status.pr_lwp.pr_flags & (PR_ISTOP|PR_DSTOP))
1715 			dprintf("Prelease: failed to set process running\n");
1716 	}
1717 
1718 	Pfree(P);
1719 }
1720 
1721 /* debugging */
1722 void
1723 prldump(const char *caller, lwpstatus_t *lsp)
1724 {
1725 	char name[32];
1726 	uint32_t bits;
1727 
1728 	switch (lsp->pr_why) {
1729 	case PR_REQUESTED:
1730 		dprintf("%s: REQUESTED\n", caller);
1731 		break;
1732 	case PR_SIGNALLED:
1733 		dprintf("%s: SIGNALLED %s\n", caller,
1734 		    proc_signame(lsp->pr_what, name, sizeof (name)));
1735 		break;
1736 	case PR_FAULTED:
1737 		dprintf("%s: FAULTED %s\n", caller,
1738 		    proc_fltname(lsp->pr_what, name, sizeof (name)));
1739 		break;
1740 	case PR_SYSENTRY:
1741 		dprintf("%s: SYSENTRY %s\n", caller,
1742 		    proc_sysname(lsp->pr_what, name, sizeof (name)));
1743 		break;
1744 	case PR_SYSEXIT:
1745 		dprintf("%s: SYSEXIT %s\n", caller,
1746 		    proc_sysname(lsp->pr_what, name, sizeof (name)));
1747 		break;
1748 	case PR_JOBCONTROL:
1749 		dprintf("%s: JOBCONTROL %s\n", caller,
1750 		    proc_signame(lsp->pr_what, name, sizeof (name)));
1751 		break;
1752 	case PR_SUSPENDED:
1753 		dprintf("%s: SUSPENDED\n", caller);
1754 		break;
1755 	default:
1756 		dprintf("%s: Unknown\n", caller);
1757 		break;
1758 	}
1759 
1760 	if (lsp->pr_cursig)
1761 		dprintf("%s: p_cursig  = %d\n", caller, lsp->pr_cursig);
1762 
1763 	bits = *((uint32_t *)&lsp->pr_lwppend);
1764 	if (bits)
1765 		dprintf("%s: pr_lwppend = 0x%.8X\n", caller, bits);
1766 }
1767 
1768 /* debugging */
1769 static void
1770 prdump(struct ps_prochandle *P)
1771 {
1772 	uint32_t bits;
1773 
1774 	prldump("Pstopstatus", &P->status.pr_lwp);
1775 
1776 	bits = *((uint32_t *)&P->status.pr_sigpend);
1777 	if (bits)
1778 		dprintf("Pstopstatus: pr_sigpend = 0x%.8X\n", bits);
1779 }
1780 
1781 /*
1782  * Wait for the specified process to stop or terminate.
1783  * Or, just get the current status (PCNULL).
1784  * Or, direct it to stop and get the current status (PCDSTOP).
1785  * If the agent LWP exists, do these things to the agent,
1786  * else do these things to the process as a whole.
1787  */
1788 int
1789 Pstopstatus(struct ps_prochandle *P,
1790 	long request,		/* PCNULL, PCDSTOP, PCSTOP, PCWSTOP */
1791 	uint_t msec)		/* if non-zero, timeout in milliseconds */
1792 {
1793 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
1794 	long ctl[3];
1795 	ssize_t rc;
1796 	int err;
1797 	int old_state = P->state;
1798 
1799 	switch (P->state) {
1800 	case PS_RUN:
1801 		break;
1802 	case PS_STOP:
1803 		if (request != PCNULL && request != PCDSTOP)
1804 			return (0);
1805 		break;
1806 	case PS_LOST:
1807 		if (request != PCNULL) {
1808 			errno = EAGAIN;
1809 			return (-1);
1810 		}
1811 		break;
1812 	case PS_UNDEAD:
1813 	case PS_DEAD:
1814 	case PS_IDLE:
1815 		if (request != PCNULL) {
1816 			errno = ENOENT;
1817 			return (-1);
1818 		}
1819 		break;
1820 	default:	/* corrupted state */
1821 		dprintf("Pstopstatus: corrupted state: %d\n", P->state);
1822 		errno = EINVAL;
1823 		return (-1);
1824 	}
1825 
1826 	ctl[0] = PCDSTOP;
1827 	ctl[1] = PCTWSTOP;
1828 	ctl[2] = (long)msec;
1829 	rc = 0;
1830 	switch (request) {
1831 	case PCSTOP:
1832 		rc = write(ctlfd, &ctl[0], 3*sizeof (long));
1833 		break;
1834 	case PCWSTOP:
1835 		rc = write(ctlfd, &ctl[1], 2*sizeof (long));
1836 		break;
1837 	case PCDSTOP:
1838 		rc = write(ctlfd, &ctl[0], 1*sizeof (long));
1839 		break;
1840 	case PCNULL:
1841 		if (P->state == PS_DEAD || P->state == PS_IDLE)
1842 			return (0);
1843 		break;
1844 	default:	/* programming error */
1845 		errno = EINVAL;
1846 		return (-1);
1847 	}
1848 	err = (rc < 0)? errno : 0;
1849 	Psync(P);
1850 
1851 	if (P->agentstatfd < 0) {
1852 		if (pread(P->statfd, &P->status,
1853 		    sizeof (P->status), (off_t)0) < 0)
1854 			err = errno;
1855 	} else {
1856 		if (pread(P->agentstatfd, &P->status.pr_lwp,
1857 		    sizeof (P->status.pr_lwp), (off_t)0) < 0)
1858 			err = errno;
1859 		P->status.pr_flags = P->status.pr_lwp.pr_flags;
1860 	}
1861 
1862 	if (err) {
1863 		switch (err) {
1864 		case EINTR:		/* user typed ctl-C */
1865 		case ERESTART:
1866 			dprintf("Pstopstatus: EINTR\n");
1867 			break;
1868 		case EAGAIN:		/* we lost control of the the process */
1869 		case EOVERFLOW:
1870 			dprintf("Pstopstatus: PS_LOST, errno=%d\n", err);
1871 			P->state = PS_LOST;
1872 			break;
1873 		default:		/* check for dead process */
1874 			if (_libproc_debug) {
1875 				const char *errstr;
1876 
1877 				switch (request) {
1878 				case PCNULL:
1879 					errstr = "Pstopstatus PCNULL"; break;
1880 				case PCSTOP:
1881 					errstr = "Pstopstatus PCSTOP"; break;
1882 				case PCDSTOP:
1883 					errstr = "Pstopstatus PCDSTOP"; break;
1884 				case PCWSTOP:
1885 					errstr = "Pstopstatus PCWSTOP"; break;
1886 				default:
1887 					errstr = "Pstopstatus PC???"; break;
1888 				}
1889 				dprintf("%s: %s\n", errstr, strerror(err));
1890 			}
1891 			deadcheck(P);
1892 			break;
1893 		}
1894 		if (err != EINTR && err != ERESTART) {
1895 			errno = err;
1896 			return (-1);
1897 		}
1898 	}
1899 
1900 	if (!(P->status.pr_flags & PR_STOPPED)) {
1901 		P->state = PS_RUN;
1902 		if (request == PCNULL || request == PCDSTOP || msec != 0)
1903 			return (0);
1904 		dprintf("Pstopstatus: process is not stopped\n");
1905 		errno = EPROTO;
1906 		return (-1);
1907 	}
1908 
1909 	P->state = PS_STOP;
1910 
1911 	if (_libproc_debug)	/* debugging */
1912 		prdump(P);
1913 
1914 	/*
1915 	 * If the process was already stopped coming into Pstopstatus(),
1916 	 * then don't use its PC to set P->sysaddr since it may have been
1917 	 * changed since the time the process originally stopped.
1918 	 */
1919 	if (old_state == PS_STOP)
1920 		return (0);
1921 
1922 	switch (P->status.pr_lwp.pr_why) {
1923 	case PR_SYSENTRY:
1924 	case PR_SYSEXIT:
1925 		if (Pissyscall_prev(P, P->status.pr_lwp.pr_reg[R_PC],
1926 		    &P->sysaddr) == 0)
1927 			P->sysaddr = P->status.pr_lwp.pr_reg[R_PC];
1928 		break;
1929 	case PR_REQUESTED:
1930 	case PR_SIGNALLED:
1931 	case PR_FAULTED:
1932 	case PR_JOBCONTROL:
1933 	case PR_SUSPENDED:
1934 		break;
1935 	default:
1936 		errno = EPROTO;
1937 		return (-1);
1938 	}
1939 
1940 	return (0);
1941 }
1942 
1943 /*
1944  * Wait for the process to stop for any reason.
1945  */
1946 int
1947 Pwait(struct ps_prochandle *P, uint_t msec)
1948 {
1949 	return (Pstopstatus(P, PCWSTOP, msec));
1950 }
1951 
1952 /*
1953  * Direct the process to stop; wait for it to stop.
1954  */
1955 int
1956 Pstop(struct ps_prochandle *P, uint_t msec)
1957 {
1958 	return (Pstopstatus(P, PCSTOP, msec));
1959 }
1960 
1961 /*
1962  * Direct the process to stop; don't wait.
1963  */
1964 int
1965 Pdstop(struct ps_prochandle *P)
1966 {
1967 	return (Pstopstatus(P, PCDSTOP, 0));
1968 }
1969 
1970 static void
1971 deadcheck(struct ps_prochandle *P)
1972 {
1973 	int fd;
1974 	void *buf;
1975 	size_t size;
1976 
1977 	if (P->statfd < 0)
1978 		P->state = PS_UNDEAD;
1979 	else {
1980 		if (P->agentstatfd < 0) {
1981 			fd = P->statfd;
1982 			buf = &P->status;
1983 			size = sizeof (P->status);
1984 		} else {
1985 			fd = P->agentstatfd;
1986 			buf = &P->status.pr_lwp;
1987 			size = sizeof (P->status.pr_lwp);
1988 		}
1989 		while (pread(fd, buf, size, (off_t)0) != size) {
1990 			switch (errno) {
1991 			default:
1992 				P->state = PS_UNDEAD;
1993 				break;
1994 			case EINTR:
1995 			case ERESTART:
1996 				continue;
1997 			case EAGAIN:
1998 				P->state = PS_LOST;
1999 				break;
2000 			}
2001 			break;
2002 		}
2003 		P->status.pr_flags = P->status.pr_lwp.pr_flags;
2004 	}
2005 }
2006 
2007 /*
2008  * Get the value of one register from stopped process.
2009  */
2010 int
2011 Pgetareg(struct ps_prochandle *P, int regno, prgreg_t *preg)
2012 {
2013 	if (regno < 0 || regno >= NPRGREG) {
2014 		errno = EINVAL;
2015 		return (-1);
2016 	}
2017 
2018 	if (P->state == PS_IDLE) {
2019 		errno = ENODATA;
2020 		return (-1);
2021 	}
2022 
2023 	if (P->state != PS_STOP && P->state != PS_DEAD) {
2024 		errno = EBUSY;
2025 		return (-1);
2026 	}
2027 
2028 	*preg = P->status.pr_lwp.pr_reg[regno];
2029 	return (0);
2030 }
2031 
2032 /*
2033  * Put value of one register into stopped process.
2034  */
2035 int
2036 Pputareg(struct ps_prochandle *P, int regno, prgreg_t reg)
2037 {
2038 	if (regno < 0 || regno >= NPRGREG) {
2039 		errno = EINVAL;
2040 		return (-1);
2041 	}
2042 
2043 	if (P->state != PS_STOP) {
2044 		errno = EBUSY;
2045 		return (-1);
2046 	}
2047 
2048 	P->status.pr_lwp.pr_reg[regno] = reg;
2049 	P->flags |= SETREGS;	/* set registers before continuing */
2050 	return (0);
2051 }
2052 
2053 int
2054 Psetrun(struct ps_prochandle *P,
2055 	int sig,	/* signal to pass to process */
2056 	int flags)	/* PRSTEP|PRSABORT|PRSTOP|PRCSIG|PRCFAULT */
2057 {
2058 	int ctlfd = (P->agentctlfd >= 0) ? P->agentctlfd : P->ctlfd;
2059 	int sbits = (PR_DSTOP | PR_ISTOP | PR_ASLEEP);
2060 
2061 	long ctl[1 +					/* PCCFAULT	*/
2062 	    1 + sizeof (siginfo_t)/sizeof (long) +	/* PCSSIG/PCCSIG */
2063 	    2 ];					/* PCRUN	*/
2064 
2065 	long *ctlp = ctl;
2066 	size_t size;
2067 
2068 	if (P->state != PS_STOP && (P->status.pr_lwp.pr_flags & sbits) == 0) {
2069 		errno = EBUSY;
2070 		return (-1);
2071 	}
2072 
2073 	Psync(P);	/* flush tracing flags and registers */
2074 
2075 	if (flags & PRCFAULT) {		/* clear current fault */
2076 		*ctlp++ = PCCFAULT;
2077 		flags &= ~PRCFAULT;
2078 	}
2079 
2080 	if (flags & PRCSIG) {		/* clear current signal */
2081 		*ctlp++ = PCCSIG;
2082 		flags &= ~PRCSIG;
2083 	} else if (sig && sig != P->status.pr_lwp.pr_cursig) {
2084 		/* make current signal */
2085 		siginfo_t *infop;
2086 
2087 		*ctlp++ = PCSSIG;
2088 		infop = (siginfo_t *)ctlp;
2089 		(void) memset(infop, 0, sizeof (*infop));
2090 		infop->si_signo = sig;
2091 		ctlp += sizeof (siginfo_t) / sizeof (long);
2092 	}
2093 
2094 	*ctlp++ = PCRUN;
2095 	*ctlp++ = flags;
2096 	size = (char *)ctlp - (char *)ctl;
2097 
2098 	P->info_valid = 0;	/* will need to update map and file info */
2099 
2100 	/*
2101 	 * If we've cached ucontext-list information while we were stopped,
2102 	 * free it now.
2103 	 */
2104 	if (P->ucaddrs != NULL) {
2105 		free(P->ucaddrs);
2106 		P->ucaddrs = NULL;
2107 		P->ucnelems = 0;
2108 	}
2109 
2110 	if (write(ctlfd, ctl, size) != size) {
2111 		/* If it is dead or lost, return the real status, not PS_RUN */
2112 		if (errno == ENOENT || errno == EAGAIN) {
2113 			(void) Pstopstatus(P, PCNULL, 0);
2114 			return (0);
2115 		}
2116 		/* If it is not in a jobcontrol stop, issue an error message */
2117 		if (errno != EBUSY ||
2118 		    P->status.pr_lwp.pr_why != PR_JOBCONTROL) {
2119 			dprintf("Psetrun: %s\n", strerror(errno));
2120 			return (-1);
2121 		}
2122 		/* Otherwise pretend that the job-stopped process is running */
2123 	}
2124 
2125 	P->state = PS_RUN;
2126 	return (0);
2127 }
2128 
2129 ssize_t
2130 Pread(struct ps_prochandle *P,
2131 	void *buf,		/* caller's buffer */
2132 	size_t nbyte,		/* number of bytes to read */
2133 	uintptr_t address)	/* address in process */
2134 {
2135 	return (P->ops.pop_pread(P, buf, nbyte, address, P->data));
2136 }
2137 
2138 ssize_t
2139 Pread_string(struct ps_prochandle *P,
2140 	char *buf,		/* caller's buffer */
2141 	size_t size,		/* upper limit on bytes to read */
2142 	uintptr_t addr)		/* address in process */
2143 {
2144 	enum { STRSZ = 40 };
2145 	char string[STRSZ + 1];
2146 	ssize_t leng = 0;
2147 	int nbyte;
2148 
2149 	if (size < 2) {
2150 		errno = EINVAL;
2151 		return (-1);
2152 	}
2153 
2154 	size--;			/* ensure trailing null fits in buffer */
2155 
2156 	*buf = '\0';
2157 	string[STRSZ] = '\0';
2158 
2159 	for (nbyte = STRSZ; nbyte == STRSZ && leng < size; addr += STRSZ) {
2160 		if ((nbyte = P->ops.pop_pread(P, string, STRSZ, addr,
2161 		    P->data)) <= 0) {
2162 			buf[leng] = '\0';
2163 			return (leng ? leng : -1);
2164 		}
2165 		if ((nbyte = strlen(string)) > 0) {
2166 			if (leng + nbyte > size)
2167 				nbyte = size - leng;
2168 			(void) strncpy(buf + leng, string, nbyte);
2169 			leng += nbyte;
2170 		}
2171 	}
2172 	buf[leng] = '\0';
2173 	return (leng);
2174 }
2175 
2176 ssize_t
2177 Pwrite(struct ps_prochandle *P,
2178 	const void *buf,	/* caller's buffer */
2179 	size_t nbyte,		/* number of bytes to write */
2180 	uintptr_t address)	/* address in process */
2181 {
2182 	return (P->ops.pop_pwrite(P, buf, nbyte, address, P->data));
2183 }
2184 
2185 int
2186 Pclearsig(struct ps_prochandle *P)
2187 {
2188 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2189 	long ctl = PCCSIG;
2190 
2191 	if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
2192 		return (-1);
2193 	P->status.pr_lwp.pr_cursig = 0;
2194 	return (0);
2195 }
2196 
2197 int
2198 Pclearfault(struct ps_prochandle *P)
2199 {
2200 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2201 	long ctl = PCCFAULT;
2202 
2203 	if (write(ctlfd, &ctl, sizeof (ctl)) != sizeof (ctl))
2204 		return (-1);
2205 	return (0);
2206 }
2207 
2208 /*
2209  * Set a breakpoint trap, return original instruction.
2210  */
2211 int
2212 Psetbkpt(struct ps_prochandle *P, uintptr_t address, ulong_t *saved)
2213 {
2214 	long ctl[1 + sizeof (priovec_t) / sizeof (long) +	/* PCREAD */
2215 	    1 + sizeof (priovec_t) / sizeof (long)];	/* PCWRITE */
2216 	long *ctlp = ctl;
2217 	size_t size;
2218 	priovec_t *iovp;
2219 	instr_t bpt = BPT;
2220 	instr_t old;
2221 
2222 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2223 	    P->state == PS_IDLE) {
2224 		errno = ENOENT;
2225 		return (-1);
2226 	}
2227 
2228 	/* fetch the old instruction */
2229 	*ctlp++ = PCREAD;
2230 	iovp = (priovec_t *)ctlp;
2231 	iovp->pio_base = &old;
2232 	iovp->pio_len = sizeof (old);
2233 	iovp->pio_offset = address;
2234 	ctlp += sizeof (priovec_t) / sizeof (long);
2235 
2236 	/* write the BPT instruction */
2237 	*ctlp++ = PCWRITE;
2238 	iovp = (priovec_t *)ctlp;
2239 	iovp->pio_base = &bpt;
2240 	iovp->pio_len = sizeof (bpt);
2241 	iovp->pio_offset = address;
2242 	ctlp += sizeof (priovec_t) / sizeof (long);
2243 
2244 	size = (char *)ctlp - (char *)ctl;
2245 	if (write(P->ctlfd, ctl, size) != size)
2246 		return (-1);
2247 
2248 	/*
2249 	 * Fail if there was already a breakpoint there from another debugger
2250 	 * or DTrace's user-level tracing on x86.
2251 	 */
2252 	if (old == BPT) {
2253 		errno = EBUSY;
2254 		return (-1);
2255 	}
2256 
2257 	*saved = (ulong_t)old;
2258 	return (0);
2259 }
2260 
2261 /*
2262  * Restore original instruction where a breakpoint was set.
2263  */
2264 int
2265 Pdelbkpt(struct ps_prochandle *P, uintptr_t address, ulong_t saved)
2266 {
2267 	instr_t old = (instr_t)saved;
2268 	instr_t cur;
2269 
2270 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2271 	    P->state == PS_IDLE) {
2272 		errno = ENOENT;
2273 		return (-1);
2274 	}
2275 
2276 	/*
2277 	 * If the breakpoint instruction we had placed has been overwritten
2278 	 * with a new instruction, then don't try to replace it with the
2279 	 * old instruction. Doing do can cause problems with self-modifying
2280 	 * code -- PLTs for example. If the Pread() fails, we assume that we
2281 	 * should proceed though most likely the Pwrite() will also fail.
2282 	 */
2283 	if (Pread(P, &cur, sizeof (cur), address) == sizeof (cur) &&
2284 	    cur != BPT)
2285 		return (0);
2286 
2287 	if (Pwrite(P, &old, sizeof (old), address) != sizeof (old))
2288 		return (-1);
2289 
2290 	return (0);
2291 }
2292 
2293 /*
2294  * Common code for Pxecbkpt() and Lxecbkpt().
2295  * Develop the array of requests that will do the job, then
2296  * write them to the specified control file descriptor.
2297  * Return the non-zero errno if the write fails.
2298  */
2299 static int
2300 execute_bkpt(
2301 	int ctlfd,		/* process or LWP control file descriptor */
2302 	const fltset_t *faultset,	/* current set of traced faults */
2303 	const sigset_t *sigmask,	/* current signal mask */
2304 	uintptr_t address,		/* address of breakpint */
2305 	ulong_t saved)			/* the saved instruction */
2306 {
2307 	long ctl[
2308 	    1 + sizeof (sigset_t) / sizeof (long) +		/* PCSHOLD */
2309 	    1 + sizeof (fltset_t) / sizeof (long) +		/* PCSFAULT */
2310 	    1 + sizeof (priovec_t) / sizeof (long) +		/* PCWRITE */
2311 	    2 +							/* PCRUN */
2312 	    1 +							/* PCWSTOP */
2313 	    1 +							/* PCCFAULT */
2314 	    1 + sizeof (priovec_t) / sizeof (long) +		/* PCWRITE */
2315 	    1 + sizeof (fltset_t) / sizeof (long) +		/* PCSFAULT */
2316 	    1 + sizeof (sigset_t) / sizeof (long)];		/* PCSHOLD */
2317 	long *ctlp = ctl;
2318 	sigset_t unblock;
2319 	size_t size;
2320 	ssize_t ssize;
2321 	priovec_t *iovp;
2322 	sigset_t *holdp;
2323 	fltset_t *faultp;
2324 	instr_t old = (instr_t)saved;
2325 	instr_t bpt = BPT;
2326 	int error = 0;
2327 
2328 	/* block our signals for the duration */
2329 	(void) sigprocmask(SIG_BLOCK, &blockable_sigs, &unblock);
2330 
2331 	/* hold posted signals */
2332 	*ctlp++ = PCSHOLD;
2333 	holdp = (sigset_t *)ctlp;
2334 	prfillset(holdp);
2335 	prdelset(holdp, SIGKILL);
2336 	prdelset(holdp, SIGSTOP);
2337 	ctlp += sizeof (sigset_t) / sizeof (long);
2338 
2339 	/* force tracing of FLTTRACE */
2340 	if (!(prismember(faultset, FLTTRACE))) {
2341 		*ctlp++ = PCSFAULT;
2342 		faultp = (fltset_t *)ctlp;
2343 		*faultp = *faultset;
2344 		praddset(faultp, FLTTRACE);
2345 		ctlp += sizeof (fltset_t) / sizeof (long);
2346 	}
2347 
2348 	/* restore the old instruction */
2349 	*ctlp++ = PCWRITE;
2350 	iovp = (priovec_t *)ctlp;
2351 	iovp->pio_base = &old;
2352 	iovp->pio_len = sizeof (old);
2353 	iovp->pio_offset = address;
2354 	ctlp += sizeof (priovec_t) / sizeof (long);
2355 
2356 	/* clear current signal and fault; set running w/ single-step */
2357 	*ctlp++ = PCRUN;
2358 	*ctlp++ = PRCSIG | PRCFAULT | PRSTEP;
2359 
2360 	/* wait for stop, cancel the fault */
2361 	*ctlp++ = PCWSTOP;
2362 	*ctlp++ = PCCFAULT;
2363 
2364 	/* restore the breakpoint trap */
2365 	*ctlp++ = PCWRITE;
2366 	iovp = (priovec_t *)ctlp;
2367 	iovp->pio_base = &bpt;
2368 	iovp->pio_len = sizeof (bpt);
2369 	iovp->pio_offset = address;
2370 	ctlp += sizeof (priovec_t) / sizeof (long);
2371 
2372 	/* restore fault tracing set */
2373 	if (!(prismember(faultset, FLTTRACE))) {
2374 		*ctlp++ = PCSFAULT;
2375 		*(fltset_t *)ctlp = *faultset;
2376 		ctlp += sizeof (fltset_t) / sizeof (long);
2377 	}
2378 
2379 	/* restore the hold mask */
2380 	*ctlp++ = PCSHOLD;
2381 	*(sigset_t *)ctlp = *sigmask;
2382 	ctlp += sizeof (sigset_t) / sizeof (long);
2383 
2384 	size = (char *)ctlp - (char *)ctl;
2385 	if ((ssize = write(ctlfd, ctl, size)) != size)
2386 		error = (ssize == -1)? errno : EINTR;
2387 	(void) sigprocmask(SIG_SETMASK, &unblock, NULL);
2388 	return (error);
2389 }
2390 
2391 /*
2392  * Step over a breakpoint, i.e., execute the instruction that
2393  * really belongs at the breakpoint location (the current %pc)
2394  * and leave the process stopped at the next instruction.
2395  */
2396 int
2397 Pxecbkpt(struct ps_prochandle *P, ulong_t saved)
2398 {
2399 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2400 	int rv, error;
2401 
2402 	if (P->state != PS_STOP) {
2403 		errno = EBUSY;
2404 		return (-1);
2405 	}
2406 
2407 	Psync(P);
2408 
2409 	error = execute_bkpt(ctlfd,
2410 	    &P->status.pr_flttrace, &P->status.pr_lwp.pr_lwphold,
2411 	    P->status.pr_lwp.pr_reg[R_PC], saved);
2412 	rv = Pstopstatus(P, PCNULL, 0);
2413 
2414 	if (error != 0) {
2415 		if (P->status.pr_lwp.pr_why == PR_JOBCONTROL &&
2416 		    error == EBUSY) {	/* jobcontrol stop -- back off */
2417 			P->state = PS_RUN;
2418 			return (0);
2419 		}
2420 		if (error == ENOENT)
2421 			return (0);
2422 		errno = error;
2423 		return (-1);
2424 	}
2425 
2426 	return (rv);
2427 }
2428 
2429 /*
2430  * Install the watchpoint described by wp.
2431  */
2432 int
2433 Psetwapt(struct ps_prochandle *P, const prwatch_t *wp)
2434 {
2435 	long ctl[1 + sizeof (prwatch_t) / sizeof (long)];
2436 	prwatch_t *cwp = (prwatch_t *)&ctl[1];
2437 
2438 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2439 	    P->state == PS_IDLE) {
2440 		errno = ENOENT;
2441 		return (-1);
2442 	}
2443 
2444 	ctl[0] = PCWATCH;
2445 	cwp->pr_vaddr = wp->pr_vaddr;
2446 	cwp->pr_size = wp->pr_size;
2447 	cwp->pr_wflags = wp->pr_wflags;
2448 
2449 	if (write(P->ctlfd, ctl, sizeof (ctl)) != sizeof (ctl))
2450 		return (-1);
2451 
2452 	return (0);
2453 }
2454 
2455 /*
2456  * Remove the watchpoint described by wp.
2457  */
2458 int
2459 Pdelwapt(struct ps_prochandle *P, const prwatch_t *wp)
2460 {
2461 	long ctl[1 + sizeof (prwatch_t) / sizeof (long)];
2462 	prwatch_t *cwp = (prwatch_t *)&ctl[1];
2463 
2464 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2465 	    P->state == PS_IDLE) {
2466 		errno = ENOENT;
2467 		return (-1);
2468 	}
2469 
2470 	ctl[0] = PCWATCH;
2471 	cwp->pr_vaddr = wp->pr_vaddr;
2472 	cwp->pr_size = wp->pr_size;
2473 	cwp->pr_wflags = 0;
2474 
2475 	if (write(P->ctlfd, ctl, sizeof (ctl)) != sizeof (ctl))
2476 		return (-1);
2477 
2478 	return (0);
2479 }
2480 
2481 /*
2482  * Common code for Pxecwapt() and Lxecwapt().  Develop the array of requests
2483  * that will do the job, then write them to the specified control file
2484  * descriptor.  Return the non-zero errno if the write fails.
2485  */
2486 static int
2487 execute_wapt(
2488 	int ctlfd,		/* process or LWP control file descriptor */
2489 	const fltset_t *faultset,	/* current set of traced faults */
2490 	const sigset_t *sigmask,	/* current signal mask */
2491 	const prwatch_t *wp)		/* watchpoint descriptor */
2492 {
2493 	long ctl[
2494 	    1 + sizeof (sigset_t) / sizeof (long) +		/* PCSHOLD */
2495 	    1 + sizeof (fltset_t) / sizeof (long) +		/* PCSFAULT */
2496 	    1 + sizeof (prwatch_t) / sizeof (long) +		/* PCWATCH */
2497 	    2 +							/* PCRUN */
2498 	    1 +							/* PCWSTOP */
2499 	    1 +							/* PCCFAULT */
2500 	    1 + sizeof (prwatch_t) / sizeof (long) +		/* PCWATCH */
2501 	    1 + sizeof (fltset_t) / sizeof (long) +		/* PCSFAULT */
2502 	    1 + sizeof (sigset_t) / sizeof (long)];		/* PCSHOLD */
2503 
2504 	long *ctlp = ctl;
2505 	int error = 0;
2506 
2507 	sigset_t unblock;
2508 	sigset_t *holdp;
2509 	fltset_t *faultp;
2510 	prwatch_t *prw;
2511 	ssize_t ssize;
2512 	size_t size;
2513 
2514 	(void) sigprocmask(SIG_BLOCK, &blockable_sigs, &unblock);
2515 
2516 	/*
2517 	 * Hold all posted signals in the victim process prior to stepping.
2518 	 */
2519 	*ctlp++ = PCSHOLD;
2520 	holdp = (sigset_t *)ctlp;
2521 	prfillset(holdp);
2522 	prdelset(holdp, SIGKILL);
2523 	prdelset(holdp, SIGSTOP);
2524 	ctlp += sizeof (sigset_t) / sizeof (long);
2525 
2526 	/*
2527 	 * Force tracing of FLTTRACE since we need to single step.
2528 	 */
2529 	if (!(prismember(faultset, FLTTRACE))) {
2530 		*ctlp++ = PCSFAULT;
2531 		faultp = (fltset_t *)ctlp;
2532 		*faultp = *faultset;
2533 		praddset(faultp, FLTTRACE);
2534 		ctlp += sizeof (fltset_t) / sizeof (long);
2535 	}
2536 
2537 	/*
2538 	 * Clear only the current watchpoint by setting pr_wflags to zero.
2539 	 */
2540 	*ctlp++ = PCWATCH;
2541 	prw = (prwatch_t *)ctlp;
2542 	prw->pr_vaddr = wp->pr_vaddr;
2543 	prw->pr_size = wp->pr_size;
2544 	prw->pr_wflags = 0;
2545 	ctlp += sizeof (prwatch_t) / sizeof (long);
2546 
2547 	/*
2548 	 * Clear the current signal and fault; set running with single-step.
2549 	 * Then wait for the victim to stop and cancel the FLTTRACE.
2550 	 */
2551 	*ctlp++ = PCRUN;
2552 	*ctlp++ = PRCSIG | PRCFAULT | PRSTEP;
2553 	*ctlp++ = PCWSTOP;
2554 	*ctlp++ = PCCFAULT;
2555 
2556 	/*
2557 	 * Restore the current watchpoint.
2558 	 */
2559 	*ctlp++ = PCWATCH;
2560 	(void) memcpy(ctlp, wp, sizeof (prwatch_t));
2561 	ctlp += sizeof (prwatch_t) / sizeof (long);
2562 
2563 	/*
2564 	 * Restore fault tracing set if we modified it.
2565 	 */
2566 	if (!(prismember(faultset, FLTTRACE))) {
2567 		*ctlp++ = PCSFAULT;
2568 		*(fltset_t *)ctlp = *faultset;
2569 		ctlp += sizeof (fltset_t) / sizeof (long);
2570 	}
2571 
2572 	/*
2573 	 * Restore the hold mask to the current hold mask (i.e. the one
2574 	 * before we executed any of the previous operations).
2575 	 */
2576 	*ctlp++ = PCSHOLD;
2577 	*(sigset_t *)ctlp = *sigmask;
2578 	ctlp += sizeof (sigset_t) / sizeof (long);
2579 
2580 	size = (char *)ctlp - (char *)ctl;
2581 	if ((ssize = write(ctlfd, ctl, size)) != size)
2582 		error = (ssize == -1)? errno : EINTR;
2583 	(void) sigprocmask(SIG_SETMASK, &unblock, NULL);
2584 	return (error);
2585 }
2586 
2587 /*
2588  * Step over a watchpoint, i.e., execute the instruction that was stopped by
2589  * the watchpoint, and then leave the LWP stopped at the next instruction.
2590  */
2591 int
2592 Pxecwapt(struct ps_prochandle *P, const prwatch_t *wp)
2593 {
2594 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
2595 	int rv, error;
2596 
2597 	if (P->state != PS_STOP) {
2598 		errno = EBUSY;
2599 		return (-1);
2600 	}
2601 
2602 	Psync(P);
2603 	error = execute_wapt(ctlfd,
2604 	    &P->status.pr_flttrace, &P->status.pr_lwp.pr_lwphold, wp);
2605 	rv = Pstopstatus(P, PCNULL, 0);
2606 
2607 	if (error != 0) {
2608 		if (P->status.pr_lwp.pr_why == PR_JOBCONTROL &&
2609 		    error == EBUSY) {	/* jobcontrol stop -- back off */
2610 			P->state = PS_RUN;
2611 			return (0);
2612 		}
2613 		if (error == ENOENT)
2614 			return (0);
2615 		errno = error;
2616 		return (-1);
2617 	}
2618 
2619 	return (rv);
2620 }
2621 
2622 int
2623 Psetflags(struct ps_prochandle *P, long flags)
2624 {
2625 	int rc;
2626 	long ctl[2];
2627 
2628 	ctl[0] = PCSET;
2629 	ctl[1] = flags;
2630 
2631 	if (write(P->ctlfd, ctl, 2*sizeof (long)) != 2*sizeof (long)) {
2632 		rc = -1;
2633 	} else {
2634 		P->status.pr_flags |= flags;
2635 		P->status.pr_lwp.pr_flags |= flags;
2636 		rc = 0;
2637 	}
2638 
2639 	return (rc);
2640 }
2641 
2642 int
2643 Punsetflags(struct ps_prochandle *P, long flags)
2644 {
2645 	int rc;
2646 	long ctl[2];
2647 
2648 	ctl[0] = PCUNSET;
2649 	ctl[1] = flags;
2650 
2651 	if (write(P->ctlfd, ctl, 2*sizeof (long)) != 2*sizeof (long)) {
2652 		rc = -1;
2653 	} else {
2654 		P->status.pr_flags &= ~flags;
2655 		P->status.pr_lwp.pr_flags &= ~flags;
2656 		rc = 0;
2657 	}
2658 
2659 	return (rc);
2660 }
2661 
2662 /*
2663  * Common function to allow clients to manipulate the action to be taken
2664  * on receipt of a signal, receipt of machine fault, entry to a system call,
2665  * or exit from a system call.  We make use of our private prset_* functions
2666  * in order to make this code be common.  The 'which' parameter identifies
2667  * the code for the event of interest (0 means change the entire set), and
2668  * the 'stop' parameter is a boolean indicating whether the process should
2669  * stop when the event of interest occurs.  The previous value is returned
2670  * to the caller; -1 is returned if an error occurred.
2671  */
2672 static int
2673 Psetaction(struct ps_prochandle *P, void *sp, size_t size,
2674     uint_t flag, int max, int which, int stop)
2675 {
2676 	int oldval;
2677 
2678 	if (which < 0 || which > max) {
2679 		errno = EINVAL;
2680 		return (-1);
2681 	}
2682 
2683 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2684 	    P->state == PS_IDLE) {
2685 		errno = ENOENT;
2686 		return (-1);
2687 	}
2688 
2689 	oldval = prset_ismember(sp, size, which) ? TRUE : FALSE;
2690 
2691 	if (stop) {
2692 		if (which == 0) {
2693 			prset_fill(sp, size);
2694 			P->flags |= flag;
2695 		} else if (!oldval) {
2696 			prset_add(sp, size, which);
2697 			P->flags |= flag;
2698 		}
2699 	} else {
2700 		if (which == 0) {
2701 			prset_empty(sp, size);
2702 			P->flags |= flag;
2703 		} else if (oldval) {
2704 			prset_del(sp, size, which);
2705 			P->flags |= flag;
2706 		}
2707 	}
2708 
2709 	if (P->state == PS_RUN)
2710 		Psync(P);
2711 
2712 	return (oldval);
2713 }
2714 
2715 /*
2716  * Set action on specified signal.
2717  */
2718 int
2719 Psignal(struct ps_prochandle *P, int which, int stop)
2720 {
2721 	int oldval;
2722 
2723 	if (which == SIGKILL && stop != 0) {
2724 		errno = EINVAL;
2725 		return (-1);
2726 	}
2727 
2728 	oldval = Psetaction(P, &P->status.pr_sigtrace, sizeof (sigset_t),
2729 	    SETSIG, PRMAXSIG, which, stop);
2730 
2731 	if (oldval != -1 && which == 0 && stop != 0)
2732 		prdelset(&P->status.pr_sigtrace, SIGKILL);
2733 
2734 	return (oldval);
2735 }
2736 
2737 /*
2738  * Set all signal tracing flags.
2739  */
2740 void
2741 Psetsignal(struct ps_prochandle *P, const sigset_t *set)
2742 {
2743 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2744 	    P->state == PS_IDLE)
2745 		return;
2746 
2747 	P->status.pr_sigtrace = *set;
2748 	P->flags |= SETSIG;
2749 
2750 	if (P->state == PS_RUN)
2751 		Psync(P);
2752 }
2753 
2754 /*
2755  * Set action on specified fault.
2756  */
2757 int
2758 Pfault(struct ps_prochandle *P, int which, int stop)
2759 {
2760 	return (Psetaction(P, &P->status.pr_flttrace, sizeof (fltset_t),
2761 	    SETFAULT, PRMAXFAULT, which, stop));
2762 }
2763 
2764 /*
2765  * Set all machine fault tracing flags.
2766  */
2767 void
2768 Psetfault(struct ps_prochandle *P, const fltset_t *set)
2769 {
2770 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2771 	    P->state == PS_IDLE)
2772 		return;
2773 
2774 	P->status.pr_flttrace = *set;
2775 	P->flags |= SETFAULT;
2776 
2777 	if (P->state == PS_RUN)
2778 		Psync(P);
2779 }
2780 
2781 /*
2782  * Set action on specified system call entry.
2783  */
2784 int
2785 Psysentry(struct ps_prochandle *P, int which, int stop)
2786 {
2787 	return (Psetaction(P, &P->status.pr_sysentry, sizeof (sysset_t),
2788 	    SETENTRY, PRMAXSYS, which, stop));
2789 }
2790 
2791 /*
2792  * Set all system call entry tracing flags.
2793  */
2794 void
2795 Psetsysentry(struct ps_prochandle *P, const sysset_t *set)
2796 {
2797 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2798 	    P->state == PS_IDLE)
2799 		return;
2800 
2801 	P->status.pr_sysentry = *set;
2802 	P->flags |= SETENTRY;
2803 
2804 	if (P->state == PS_RUN)
2805 		Psync(P);
2806 }
2807 
2808 /*
2809  * Set action on specified system call exit.
2810  */
2811 int
2812 Psysexit(struct ps_prochandle *P, int which, int stop)
2813 {
2814 	return (Psetaction(P, &P->status.pr_sysexit, sizeof (sysset_t),
2815 	    SETEXIT, PRMAXSYS, which, stop));
2816 }
2817 
2818 /*
2819  * Set all system call exit tracing flags.
2820  */
2821 void
2822 Psetsysexit(struct ps_prochandle *P, const sysset_t *set)
2823 {
2824 	if (P->state == PS_DEAD || P->state == PS_UNDEAD ||
2825 	    P->state == PS_IDLE)
2826 		return;
2827 
2828 	P->status.pr_sysexit = *set;
2829 	P->flags |= SETEXIT;
2830 
2831 	if (P->state == PS_RUN)
2832 		Psync(P);
2833 }
2834 
2835 /*
2836  * Utility function to read the contents of a file that contains a
2837  * prheader_t at the start (/proc/pid/lstatus or /proc/pid/lpsinfo).
2838  * Returns a malloc()d buffer or NULL on failure.
2839  */
2840 static prheader_t *
2841 read_lfile(struct ps_prochandle *P, const char *lname)
2842 {
2843 	prheader_t *Lhp;
2844 	char lpath[PATH_MAX];
2845 	struct stat64 statb;
2846 	int fd;
2847 	size_t size;
2848 	ssize_t rval;
2849 
2850 	(void) snprintf(lpath, sizeof (lpath), "%s/%d/%s", procfs_path,
2851 	    (int)P->status.pr_pid, lname);
2852 	if ((fd = open(lpath, O_RDONLY)) < 0 || fstat64(fd, &statb) != 0) {
2853 		if (fd >= 0)
2854 			(void) close(fd);
2855 		return (NULL);
2856 	}
2857 
2858 	/*
2859 	 * 'size' is just the initial guess at the buffer size.
2860 	 * It will have to grow if the number of lwps increases
2861 	 * while we are looking at the process.
2862 	 * 'size' must be larger than the actual file size.
2863 	 */
2864 	size = statb.st_size + 32;
2865 
2866 	for (;;) {
2867 		if ((Lhp = malloc(size)) == NULL)
2868 			break;
2869 		if ((rval = pread(fd, Lhp, size, 0)) < 0 ||
2870 		    rval <= sizeof (prheader_t)) {
2871 			free(Lhp);
2872 			Lhp = NULL;
2873 			break;
2874 		}
2875 		if (rval < size)
2876 			break;
2877 		/* need a bigger buffer */
2878 		free(Lhp);
2879 		size *= 2;
2880 	}
2881 
2882 	(void) close(fd);
2883 	return (Lhp);
2884 }
2885 
2886 /*
2887  * LWP iteration interface.
2888  */
2889 int
2890 Plwp_iter(struct ps_prochandle *P, proc_lwp_f *func, void *cd)
2891 {
2892 	prheader_t *Lhp;
2893 	lwpstatus_t *Lsp;
2894 	long nlwp;
2895 	int rv;
2896 
2897 	switch (P->state) {
2898 	case PS_RUN:
2899 		(void) Pstopstatus(P, PCNULL, 0);
2900 		break;
2901 
2902 	case PS_STOP:
2903 		Psync(P);
2904 		break;
2905 
2906 	case PS_IDLE:
2907 		errno = ENODATA;
2908 		return (-1);
2909 	}
2910 
2911 	/*
2912 	 * For either live processes or cores, the single LWP case is easy:
2913 	 * the pstatus_t contains the lwpstatus_t for the only LWP.
2914 	 */
2915 	if (P->status.pr_nlwp <= 1)
2916 		return (func(cd, &P->status.pr_lwp));
2917 
2918 	/*
2919 	 * For the core file multi-LWP case, we just iterate through the
2920 	 * list of LWP structs we read in from the core file.
2921 	 */
2922 	if (P->state == PS_DEAD) {
2923 		core_info_t *core = P->data;
2924 		lwp_info_t *lwp = list_prev(&core->core_lwp_head);
2925 		uint_t i;
2926 
2927 		for (i = 0; i < core->core_nlwp; i++, lwp = list_prev(lwp)) {
2928 			if (lwp->lwp_psinfo.pr_sname != 'Z' &&
2929 			    (rv = func(cd, &lwp->lwp_status)) != 0)
2930 				break;
2931 		}
2932 
2933 		return (rv);
2934 	}
2935 
2936 	/*
2937 	 * For the live process multi-LWP case, we have to work a little
2938 	 * harder: the /proc/pid/lstatus file has the array of LWP structs.
2939 	 */
2940 	if ((Lhp = Plstatus(P)) == NULL)
2941 		return (-1);
2942 
2943 	for (nlwp = Lhp->pr_nent, Lsp = (lwpstatus_t *)(uintptr_t)(Lhp + 1);
2944 	    nlwp > 0;
2945 	    nlwp--, Lsp = (lwpstatus_t *)((uintptr_t)Lsp + Lhp->pr_entsize)) {
2946 		if ((rv = func(cd, Lsp)) != 0)
2947 			break;
2948 	}
2949 
2950 	free(Lhp);
2951 	return (rv);
2952 }
2953 
2954 /*
2955  * Extended LWP iteration interface.
2956  * Iterate over all LWPs, active and zombie.
2957  */
2958 int
2959 Plwp_iter_all(struct ps_prochandle *P, proc_lwp_all_f *func, void *cd)
2960 {
2961 	prheader_t *Lhp = NULL;
2962 	lwpstatus_t *Lsp;
2963 	lwpstatus_t *sp;
2964 	prheader_t *Lphp = NULL;
2965 	lwpsinfo_t *Lpsp;
2966 	long nstat;
2967 	long ninfo;
2968 	int rv;
2969 
2970 retry:
2971 	if (Lhp != NULL)
2972 		free(Lhp);
2973 	if (Lphp != NULL)
2974 		free(Lphp);
2975 	if (P->state == PS_RUN)
2976 		(void) Pstopstatus(P, PCNULL, 0);
2977 	(void) Ppsinfo(P);
2978 
2979 	if (P->state == PS_STOP)
2980 		Psync(P);
2981 
2982 	/*
2983 	 * For either live processes or cores, the single LWP case is easy:
2984 	 * the pstatus_t contains the lwpstatus_t for the only LWP and
2985 	 * the psinfo_t contains the lwpsinfo_t for the only LWP.
2986 	 */
2987 	if (P->status.pr_nlwp + P->status.pr_nzomb <= 1)
2988 		return (func(cd, &P->status.pr_lwp, &P->psinfo.pr_lwp));
2989 
2990 	/*
2991 	 * For the core file multi-LWP case, we just iterate through the
2992 	 * list of LWP structs we read in from the core file.
2993 	 */
2994 	if (P->state == PS_DEAD) {
2995 		core_info_t *core = P->data;
2996 		lwp_info_t *lwp = list_prev(&core->core_lwp_head);
2997 		uint_t i;
2998 
2999 		for (i = 0; i < core->core_nlwp; i++, lwp = list_prev(lwp)) {
3000 			sp = (lwp->lwp_psinfo.pr_sname == 'Z')? NULL :
3001 			    &lwp->lwp_status;
3002 			if ((rv = func(cd, sp, &lwp->lwp_psinfo)) != 0)
3003 				break;
3004 		}
3005 
3006 		return (rv);
3007 	}
3008 
3009 	/*
3010 	 * For all other cases retrieve the array of lwpstatus_t's and
3011 	 * lwpsinfo_t's.
3012 	 */
3013 	if ((Lhp = Plstatus(P)) == NULL)
3014 		return (-1);
3015 	if ((Lphp = Plpsinfo(P)) == NULL) {
3016 		free(Lhp);
3017 		return (-1);
3018 	}
3019 
3020 	/*
3021 	 * If we are looking at a running process, or one we do not control,
3022 	 * the active and zombie lwps in the process may have changed since
3023 	 * we read the process status structure.  If so, just start over.
3024 	 */
3025 	if (Lhp->pr_nent != P->status.pr_nlwp ||
3026 	    Lphp->pr_nent != P->status.pr_nlwp + P->status.pr_nzomb)
3027 		goto retry;
3028 
3029 	/*
3030 	 * To be perfectly safe, prescan the two arrays, checking consistency.
3031 	 * We rely on /proc giving us lwpstatus_t's and lwpsinfo_t's in the
3032 	 * same order (the lwp directory order) in their respective files.
3033 	 * We also rely on there being (possibly) more lwpsinfo_t's than
3034 	 * lwpstatus_t's (the extra lwpsinfo_t's are for zombie lwps).
3035 	 */
3036 	Lsp = (lwpstatus_t *)(uintptr_t)(Lhp + 1);
3037 	Lpsp = (lwpsinfo_t *)(uintptr_t)(Lphp + 1);
3038 	nstat = Lhp->pr_nent;
3039 	for (ninfo = Lphp->pr_nent; ninfo != 0; ninfo--) {
3040 		if (Lpsp->pr_sname != 'Z') {
3041 			/*
3042 			 * Not a zombie lwp; check for matching lwpids.
3043 			 */
3044 			if (nstat == 0 || Lsp->pr_lwpid != Lpsp->pr_lwpid)
3045 				goto retry;
3046 			Lsp = (lwpstatus_t *)((uintptr_t)Lsp + Lhp->pr_entsize);
3047 			nstat--;
3048 		}
3049 		Lpsp = (lwpsinfo_t *)((uintptr_t)Lpsp + Lphp->pr_entsize);
3050 	}
3051 	if (nstat != 0)
3052 		goto retry;
3053 
3054 	/*
3055 	 * Rescan, this time for real.
3056 	 */
3057 	Lsp = (lwpstatus_t *)(uintptr_t)(Lhp + 1);
3058 	Lpsp = (lwpsinfo_t *)(uintptr_t)(Lphp + 1);
3059 	for (ninfo = Lphp->pr_nent; ninfo != 0; ninfo--) {
3060 		if (Lpsp->pr_sname != 'Z') {
3061 			sp = Lsp;
3062 			Lsp = (lwpstatus_t *)((uintptr_t)Lsp + Lhp->pr_entsize);
3063 		} else {
3064 			sp = NULL;
3065 		}
3066 		if ((rv = func(cd, sp, Lpsp)) != 0)
3067 			break;
3068 		Lpsp = (lwpsinfo_t *)((uintptr_t)Lpsp + Lphp->pr_entsize);
3069 	}
3070 
3071 	free(Lhp);
3072 	free(Lphp);
3073 	return (rv);
3074 }
3075 
3076 core_content_t
3077 Pcontent(struct ps_prochandle *P)
3078 {
3079 	core_info_t *core = P->data;
3080 
3081 	if (P->state == PS_DEAD)
3082 		return (core->core_content);
3083 	if (P->state == PS_IDLE)
3084 		return (CC_CONTENT_TEXT | CC_CONTENT_DATA | CC_CONTENT_CTF);
3085 
3086 	return (CC_CONTENT_ALL);
3087 }
3088 
3089 /*
3090  * =================================================================
3091  * The remainder of the functions in this file are for the
3092  * control of individual LWPs in the controlled process.
3093  * =================================================================
3094  */
3095 
3096 /*
3097  * Find an entry in the process hash table for the specified lwpid.
3098  * The entry will either point to an existing struct ps_lwphandle
3099  * or it will point to an empty slot for a new struct ps_lwphandle.
3100  */
3101 static struct ps_lwphandle **
3102 Lfind(struct ps_prochandle *P, lwpid_t lwpid)
3103 {
3104 	struct ps_lwphandle **Lp;
3105 	struct ps_lwphandle *L;
3106 
3107 	for (Lp = &P->hashtab[lwpid % (HASHSIZE - 1)];
3108 	    (L = *Lp) != NULL; Lp = &L->lwp_hash)
3109 		if (L->lwp_id == lwpid)
3110 			break;
3111 	return (Lp);
3112 }
3113 
3114 /*
3115  * Grab an LWP contained within the controlled process.
3116  * Return an opaque pointer to its LWP control structure.
3117  *	perr: pointer to error return code.
3118  */
3119 struct ps_lwphandle *
3120 Lgrab(struct ps_prochandle *P, lwpid_t lwpid, int *perr)
3121 {
3122 	struct ps_lwphandle **Lp;
3123 	struct ps_lwphandle *L;
3124 	int fd;
3125 	char procname[PATH_MAX];
3126 	char *fname;
3127 	int rc = 0;
3128 
3129 	(void) mutex_lock(&P->proc_lock);
3130 
3131 	if (P->state == PS_UNDEAD || P->state == PS_IDLE)
3132 		rc = G_NOPROC;
3133 	else if (P->hashtab == NULL &&
3134 	    (P->hashtab = calloc(HASHSIZE, sizeof (struct ps_lwphandle *)))
3135 	    == NULL)
3136 		rc = G_STRANGE;
3137 	else if (*(Lp = Lfind(P, lwpid)) != NULL)
3138 		rc = G_BUSY;
3139 	else if ((L = malloc(sizeof (struct ps_lwphandle))) == NULL)
3140 		rc = G_STRANGE;
3141 	if (rc) {
3142 		*perr = rc;
3143 		(void) mutex_unlock(&P->proc_lock);
3144 		return (NULL);
3145 	}
3146 
3147 	(void) memset(L, 0, sizeof (*L));
3148 	L->lwp_ctlfd = -1;
3149 	L->lwp_statfd = -1;
3150 	L->lwp_proc = P;
3151 	L->lwp_id = lwpid;
3152 	*Lp = L;	/* insert into the hash table */
3153 
3154 	if (P->state == PS_DEAD) {	/* core file */
3155 		if (getlwpstatus(P, lwpid, &L->lwp_status) == -1) {
3156 			rc = G_NOPROC;
3157 			goto err;
3158 		}
3159 		L->lwp_state = PS_DEAD;
3160 		*perr = 0;
3161 		(void) mutex_unlock(&P->proc_lock);
3162 		return (L);
3163 	}
3164 
3165 	/*
3166 	 * Open the /proc/<pid>/lwp/<lwpid> files
3167 	 */
3168 	(void) snprintf(procname, sizeof (procname), "%s/%d/lwp/%d/",
3169 	    procfs_path, (int)P->pid, (int)lwpid);
3170 	fname = procname + strlen(procname);
3171 	(void) set_minfd();
3172 
3173 	(void) strcpy(fname, "lwpstatus");
3174 	if ((fd = open(procname, O_RDONLY)) < 0 ||
3175 	    (fd = dupfd(fd, 0)) < 0) {
3176 		switch (errno) {
3177 		case ENOENT:
3178 			rc = G_NOPROC;
3179 			break;
3180 		default:
3181 			dprintf("Lgrab: failed to open %s: %s\n",
3182 			    procname, strerror(errno));
3183 			rc = G_STRANGE;
3184 			break;
3185 		}
3186 		goto err;
3187 	}
3188 	L->lwp_statfd = fd;
3189 
3190 	if (pread(fd, &L->lwp_status, sizeof (L->lwp_status), (off_t)0) < 0) {
3191 		switch (errno) {
3192 		case ENOENT:
3193 			rc = G_NOPROC;
3194 			break;
3195 		default:
3196 			dprintf("Lgrab: failed to read %s: %s\n",
3197 			    procname, strerror(errno));
3198 			rc = G_STRANGE;
3199 			break;
3200 		}
3201 		goto err;
3202 	}
3203 
3204 	(void) strcpy(fname, "lwpctl");
3205 	if ((fd = open(procname, O_WRONLY)) < 0 ||
3206 	    (fd = dupfd(fd, 0)) < 0) {
3207 		switch (errno) {
3208 		case ENOENT:
3209 			rc = G_NOPROC;
3210 			break;
3211 		default:
3212 			dprintf("Lgrab: failed to open %s: %s\n",
3213 			    procname, strerror(errno));
3214 			rc = G_STRANGE;
3215 			break;
3216 		}
3217 		goto err;
3218 	}
3219 	L->lwp_ctlfd = fd;
3220 
3221 	L->lwp_state =
3222 	    ((L->lwp_status.pr_flags & (PR_STOPPED|PR_ISTOP))
3223 	    == (PR_STOPPED|PR_ISTOP))?
3224 	    PS_STOP : PS_RUN;
3225 
3226 	*perr = 0;
3227 	(void) mutex_unlock(&P->proc_lock);
3228 	return (L);
3229 
3230 err:
3231 	Lfree_internal(P, L);
3232 	*perr = rc;
3233 	(void) mutex_unlock(&P->proc_lock);
3234 	return (NULL);
3235 }
3236 
3237 /*
3238  * Return a printable string corresponding to an Lgrab() error return.
3239  */
3240 const char *
3241 Lgrab_error(int error)
3242 {
3243 	const char *str;
3244 
3245 	switch (error) {
3246 	case G_NOPROC:
3247 		str = "no such LWP";
3248 		break;
3249 	case G_BUSY:
3250 		str = "LWP already grabbed";
3251 		break;
3252 	case G_STRANGE:
3253 		str = "unanticipated system error";
3254 		break;
3255 	default:
3256 		str = "unknown error";
3257 		break;
3258 	}
3259 
3260 	return (str);
3261 }
3262 
3263 /*
3264  * Free an LWP control structure.
3265  */
3266 void
3267 Lfree(struct ps_lwphandle *L)
3268 {
3269 	struct ps_prochandle *P = L->lwp_proc;
3270 
3271 	(void) mutex_lock(&P->proc_lock);
3272 	Lfree_internal(P, L);
3273 	(void) mutex_unlock(&P->proc_lock);
3274 }
3275 
3276 static void
3277 Lfree_internal(struct ps_prochandle *P, struct ps_lwphandle *L)
3278 {
3279 	*Lfind(P, L->lwp_id) = L->lwp_hash;	/* delete from hash table */
3280 	if (L->lwp_ctlfd >= 0)
3281 		(void) close(L->lwp_ctlfd);
3282 	if (L->lwp_statfd >= 0)
3283 		(void) close(L->lwp_statfd);
3284 
3285 	/* clear out the structure as a precaution against reuse */
3286 	(void) memset(L, 0, sizeof (*L));
3287 	L->lwp_ctlfd = -1;
3288 	L->lwp_statfd = -1;
3289 
3290 	free(L);
3291 }
3292 
3293 /*
3294  * Return the state of the process, one of the PS_* values.
3295  */
3296 int
3297 Lstate(struct ps_lwphandle *L)
3298 {
3299 	return (L->lwp_state);
3300 }
3301 
3302 /*
3303  * Return the open control file descriptor for the LWP.
3304  * Clients must not close this file descriptor, nor use it
3305  * after the LWP is freed.
3306  */
3307 int
3308 Lctlfd(struct ps_lwphandle *L)
3309 {
3310 	return (L->lwp_ctlfd);
3311 }
3312 
3313 /*
3314  * Return a pointer to the LWP lwpsinfo structure.
3315  * Clients should not hold on to this pointer indefinitely.
3316  * It will become invalid on Lfree().
3317  */
3318 const lwpsinfo_t *
3319 Lpsinfo(struct ps_lwphandle *L)
3320 {
3321 	if (Plwp_getpsinfo(L->lwp_proc, L->lwp_id, &L->lwp_psinfo) == -1)
3322 		return (NULL);
3323 
3324 	return (&L->lwp_psinfo);
3325 }
3326 
3327 /*
3328  * Return a pointer to the LWP status structure.
3329  * Clients should not hold on to this pointer indefinitely.
3330  * It will become invalid on Lfree().
3331  */
3332 const lwpstatus_t *
3333 Lstatus(struct ps_lwphandle *L)
3334 {
3335 	return (&L->lwp_status);
3336 }
3337 
3338 /*
3339  * Given an LWP handle, return the process handle.
3340  */
3341 struct ps_prochandle *
3342 Lprochandle(struct ps_lwphandle *L)
3343 {
3344 	return (L->lwp_proc);
3345 }
3346 
3347 /*
3348  * Ensure that all cached state is written to the LWP.
3349  * The cached state is the LWP's signal mask and registers.
3350  */
3351 void
3352 Lsync(struct ps_lwphandle *L)
3353 {
3354 	int ctlfd = L->lwp_ctlfd;
3355 	long cmd[2];
3356 	iovec_t iov[4];
3357 	int n = 0;
3358 
3359 	if (L->lwp_flags & SETHOLD) {
3360 		cmd[0] = PCSHOLD;
3361 		iov[n].iov_base = (caddr_t)&cmd[0];
3362 		iov[n++].iov_len = sizeof (long);
3363 		iov[n].iov_base = (caddr_t)&L->lwp_status.pr_lwphold;
3364 		iov[n++].iov_len = sizeof (L->lwp_status.pr_lwphold);
3365 	}
3366 	if (L->lwp_flags & SETREGS) {
3367 		cmd[1] = PCSREG;
3368 		iov[n].iov_base = (caddr_t)&cmd[1];
3369 		iov[n++].iov_len = sizeof (long);
3370 		iov[n].iov_base = (caddr_t)&L->lwp_status.pr_reg[0];
3371 		iov[n++].iov_len = sizeof (L->lwp_status.pr_reg);
3372 	}
3373 
3374 	if (n == 0 || writev(ctlfd, iov, n) < 0)
3375 		return;		/* nothing to do or write failed */
3376 
3377 	L->lwp_flags &= ~(SETHOLD|SETREGS);
3378 }
3379 
3380 /*
3381  * Wait for the specified LWP to stop or terminate.
3382  * Or, just get the current status (PCNULL).
3383  * Or, direct it to stop and get the current status (PCDSTOP).
3384  */
3385 static int
3386 Lstopstatus(struct ps_lwphandle *L,
3387 	long request,		/* PCNULL, PCDSTOP, PCSTOP, PCWSTOP */
3388 	uint_t msec)		/* if non-zero, timeout in milliseconds */
3389 {
3390 	int ctlfd = L->lwp_ctlfd;
3391 	long ctl[3];
3392 	ssize_t rc;
3393 	int err;
3394 
3395 	switch (L->lwp_state) {
3396 	case PS_RUN:
3397 		break;
3398 	case PS_STOP:
3399 		if (request != PCNULL && request != PCDSTOP)
3400 			return (0);
3401 		break;
3402 	case PS_LOST:
3403 		if (request != PCNULL) {
3404 			errno = EAGAIN;
3405 			return (-1);
3406 		}
3407 		break;
3408 	case PS_UNDEAD:
3409 	case PS_DEAD:
3410 		if (request != PCNULL) {
3411 			errno = ENOENT;
3412 			return (-1);
3413 		}
3414 		break;
3415 	default:	/* corrupted state */
3416 		dprintf("Lstopstatus: corrupted state: %d\n", L->lwp_state);
3417 		errno = EINVAL;
3418 		return (-1);
3419 	}
3420 
3421 	ctl[0] = PCDSTOP;
3422 	ctl[1] = PCTWSTOP;
3423 	ctl[2] = (long)msec;
3424 	rc = 0;
3425 	switch (request) {
3426 	case PCSTOP:
3427 		rc = write(ctlfd, &ctl[0], 3*sizeof (long));
3428 		break;
3429 	case PCWSTOP:
3430 		rc = write(ctlfd, &ctl[1], 2*sizeof (long));
3431 		break;
3432 	case PCDSTOP:
3433 		rc = write(ctlfd, &ctl[0], 1*sizeof (long));
3434 		break;
3435 	case PCNULL:
3436 		if (L->lwp_state == PS_DEAD)
3437 			return (0); /* Nothing else to do for cores */
3438 		break;
3439 	default:	/* programming error */
3440 		errno = EINVAL;
3441 		return (-1);
3442 	}
3443 	err = (rc < 0)? errno : 0;
3444 	Lsync(L);
3445 
3446 	if (pread(L->lwp_statfd, &L->lwp_status,
3447 	    sizeof (L->lwp_status), (off_t)0) < 0)
3448 		err = errno;
3449 
3450 	if (err) {
3451 		switch (err) {
3452 		case EINTR:		/* user typed ctl-C */
3453 		case ERESTART:
3454 			dprintf("Lstopstatus: EINTR\n");
3455 			break;
3456 		case EAGAIN:		/* we lost control of the the process */
3457 			dprintf("Lstopstatus: EAGAIN\n");
3458 			L->lwp_state = PS_LOST;
3459 			errno = err;
3460 			return (-1);
3461 		default:
3462 			if (_libproc_debug) {
3463 				const char *errstr;
3464 
3465 				switch (request) {
3466 				case PCNULL:
3467 					errstr = "Lstopstatus PCNULL"; break;
3468 				case PCSTOP:
3469 					errstr = "Lstopstatus PCSTOP"; break;
3470 				case PCDSTOP:
3471 					errstr = "Lstopstatus PCDSTOP"; break;
3472 				case PCWSTOP:
3473 					errstr = "Lstopstatus PCWSTOP"; break;
3474 				default:
3475 					errstr = "Lstopstatus PC???"; break;
3476 				}
3477 				dprintf("%s: %s\n", errstr, strerror(err));
3478 			}
3479 			L->lwp_state = PS_UNDEAD;
3480 			errno = err;
3481 			return (-1);
3482 		}
3483 	}
3484 
3485 	if ((L->lwp_status.pr_flags & (PR_STOPPED|PR_ISTOP))
3486 	    != (PR_STOPPED|PR_ISTOP)) {
3487 		L->lwp_state = PS_RUN;
3488 		if (request == PCNULL || request == PCDSTOP || msec != 0)
3489 			return (0);
3490 		dprintf("Lstopstatus: LWP is not stopped\n");
3491 		errno = EPROTO;
3492 		return (-1);
3493 	}
3494 
3495 	L->lwp_state = PS_STOP;
3496 
3497 	if (_libproc_debug)	/* debugging */
3498 		prldump("Lstopstatus", &L->lwp_status);
3499 
3500 	switch (L->lwp_status.pr_why) {
3501 	case PR_SYSENTRY:
3502 	case PR_SYSEXIT:
3503 	case PR_REQUESTED:
3504 	case PR_SIGNALLED:
3505 	case PR_FAULTED:
3506 	case PR_JOBCONTROL:
3507 	case PR_SUSPENDED:
3508 		break;
3509 	default:
3510 		errno = EPROTO;
3511 		return (-1);
3512 	}
3513 
3514 	return (0);
3515 }
3516 
3517 /*
3518  * Wait for the LWP to stop for an