Also atomically accessed boolean integer. Only ptrace_ctrl() loads it
once outside sysctl(2) layer.

Index: sys/kern/kern_sysctl.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_sysctl.c,v
diff -u -p -r1.456 kern_sysctl.c
--- sys/kern/kern_sysctl.c	14 Dec 2024 12:07:38 -0000	1.456
+++ sys/kern/kern_sysctl.c	14 Dec 2024 20:18:51 -0000
@@ -600,6 +600,7 @@ kern_sysctl(int *name, u_int namelen, vo
 	case KERN_NPROCS:
 	case KERN_WXABORT:
 	case KERN_NETLIVELOCKS:
+	case KERN_GLOBAL_PTRACE:
 	case KERN_AUTOCONF_SERIAL:
 		return (sysctl_bounded_arr(kern_vars, nitems(kern_vars), name,
 		    namelen, oldp, oldlenp, newp, newlen));
Index: sys/kern/sys_process.c
===================================================================
RCS file: /cvs/src/sys/kern/sys_process.c,v
diff -u -p -r1.104 sys_process.c
--- sys/kern/sys_process.c	27 Nov 2024 12:29:14 -0000	1.104
+++ sys/kern/sys_process.c	14 Dec 2024 20:18:51 -0000
@@ -70,6 +70,11 @@
 
 #ifdef PTRACE
 
+/*
+ * Locks used to protect data:
+ *	a	atomic
+ */
+
 static inline int	process_checktracestate(struct process *_curpr,
 			    struct process *_tr, struct proc *_t);
 static inline struct process *process_tprfind(pid_t _tpid, struct proc **_tp);
@@ -78,7 +83,7 @@ int	ptrace_ctrl(struct proc *, int, pid_
 int	ptrace_ustate(struct proc *, int, pid_t, void *, int, register_t *);
 int	ptrace_kstate(struct proc *, int, pid_t, void *);
 
-int	global_ptrace;	/* permit tracing of not children */
+int	global_ptrace;	/* [a] permit tracing of not children */
 
 
 /*
@@ -411,8 +416,8 @@ ptrace_ctrl(struct proc *p, int req, pid
 		/*
 		 * 	(5.5) it's not a child of the tracing process.
 		 */
-		if (global_ptrace == 0 && !inferior(tr, p->p_p) &&
-		    (error = suser(p)) != 0)
+		if (atomic_load_int(&global_ptrace) == 0 &&
+		    !inferior(tr, p->p_p) && (error = suser(p)) != 0)
 			goto fail;
 
 		/*