From: James Cownie <jcownie@etnus.com>
To: linux-kernel@vger.kernel.org
Subject: Re: ptrace patch fails stress testing
Date: Thu, 03 Apr 2003 16:22:48 +0100 [thread overview]
Message-ID: <1916YC-0Qp-00@etnus.com> (raw)
Alan wrote :-
> On Tue, 2003-04-01 at 19:22, linas@austin.ibm.com wrote:
> > The problem appears to be that task->mm is dereferenced without
> > looking to see if mm is NULL. e.g. in the sched.h in the
> > is_dumpable() macro, we have task->mm->dumpable . I'm sitting
> > in front of a KDB session and I'm clearly looking at task->mm
> > which is NULL.
> > Why, how and under what conditions this race condition occurs,
> > I don't know. What the best fix is, I don't know.
>
> Zombie process. The patch checks ->mm but must also check ->mm != NULL
> first.
We're seeing this 100% reliably with out TotalView debugger, and as
Alan suggests it happens when trying to make a ptrace call on a zombie
process.
FWIW the oops looks like this
>>EIP; c01197f3 <ptrace_check_attach+13/50> <=====
Trace; c0109bc6 <sys_ptrace+ba/580>
Trace; c0106cb8 <error_code+34/3c>
Trace; c0106bc7 <system_call+33/38>
Code; c01197f3 <ptrace_check_attach+13/50>
00000000 <_EIP>:
Code; c01197f3 <ptrace_check_attach+13/50> <=====
0: f6 40 7c 01 testb $0x1,0x7c(%eax) <=====
Code; c01197f7 <ptrace_check_attach+17/50>
4: 75 07 jne d <_EIP+0xd> c0119800 <ptrace_check_attach+20/50>
Code; c01197f9 <ptrace_check_attach+19/50>
6: b8 ff ff ff ff mov $0xffffffff,%eax
Code; c01197fe <ptrace_check_attach+1e/50>
b: c3 ret
Code; c01197ff <ptrace_check_attach+1f/50>
c: 90 nop
Code; c0119800 <ptrace_check_attach+20/50>
d: f6 42 18 01 testb $0x1,0x18(%edx)
Code; c0119804 <ptrace_check_attach+24/50>
11: 75 0a jne 1d <_EIP+0x1d> c0119810 <ptrace_check_attach+30/50>
Code; c0119806 <ptrace_check_attach+26/50>
13: b8 00 00 00 00 mov $0x0,%eax
which corresponds to checking a null mm.
Following Alan, the fix, then is to have is_dumpable look like this :-
#define is_dumpable(tsk) ((tsk)->task_dumpable && (tsk)->mm && (tsk)->mm->dumpable)
(and be prepared un user space to get EPERM back from some ptrace
calls which previously "worked" ok.)
-- Jim
James Cownie <jcownie@etnus.com>
Etnus, LLC. +44 117 9071438
http://www.etnus.com
next reply other threads:[~2003-04-03 15:11 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-03 15:22 James Cownie [this message]
2003-04-03 19:53 ` ptrace patch fails stress testing Chris Wright
-- strict thread matches above, loose matches on Subject: below --
2003-04-01 18:22 linas
2003-04-01 21:25 ` John M Flinchbaugh
2003-04-02 11:49 ` Alan Cox
2003-04-02 14:45 ` Keith Owens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1916YC-0Qp-00@etnus.com \
--to=jcownie@etnus.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.