Trouble with ptrace self-attach rule since kernel > 2.6.14

[Andreas Hobein <ah2@delair.de>]

[-- Attachment #1: Type: text/plain, Size: 1295 bytes --]

Hi !

I have some trouble with the restriction of the ptrace functionality assumably 
introduced into the linux kernel  with the patch from 9. 11.2006 
1105_2_ptrace-self-attach.patch.

My multithreaded application tries to write callstacks of all threads (some 
sort of built-in mini debugger) in case of abnormal situations or failure. 
With the newer linux kernel (> 2.6.14) self-attaching to processes of the 
same thread group does not work any longer. Any call to ptrace results in a 
EPERM result.

I have worked around this problem by first forking the process, than creating 
the callstack output in the forked child process - which works without the 
above mentioned problem - and terminating the child process just after this 
operation.

Anyway this solution is somehow dirty and I would prefer the way it was 
implemented before. My question is: Why may a sibling thread not 
ptrace_attach another process of the same thread group, while at the same 
time a forked child process of the same thread is allowed to do this 
operation? Is there any replacement like pthread_suspend, which is available 
on other Unixes?

(A short program for the demonstration of this effect is attached. Use Option 
-f to enable forking)

Best regards,

        Andreas


[-- Attachment #2: trace.c --]
[-- Type: text/x-csrc, Size: 1811 bytes --]

// Build with:    gcc trace.c -o trace -lpthread
// Usage trace [-f ]    Option -f forks the tracing process before attaching to child thread

#include <stdio.h>
#include <errno.h>
#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <pthread.h>
#include <sys/syscall.h>
#include <unistd.h>

pthread_t threadPid=0;

void *threadFunc(void* dummy)
{

    threadPid=syscall(__NR_gettid);
    
    while(1)
    {
        printf("Thread is running with pid %d\n",threadPid);
	sleep(1);
    }
}

int main (int argc,char** argv)
{
    printf("Parent pid: %d\n",getpid());
    
    pthread_t thread;
    if (pthread_create(&thread, NULL, &threadFunc, NULL) == -1)
    {
	perror("pthread_create:");
	return 10;
    }

    sleep(1);
    
    pid_t childPid;
    
    if(argc==2 && strcmp(argv[1],"-f")==0 &&( childPid=fork()) > 0)
    {
        printf("Forking process for PTRACE_ATTACH, waitig for\n");
        int status;
        
        waitpid(childPid,&status,0);
        
        if( WIFEXITED(status) )
        {
            printf("Child terminated normally\n");
        }
        return 0;
    }
        
    printf("Tracing threadPid %d.\n",threadPid);

    if(ptrace(PTRACE_ATTACH,threadPid,NULL,NULL)!=-1)
    {
        int status;

        if(waitpid(threadPid, &status, WUNTRACED|__WALL) == threadPid)
        {
            if(ptrace(PTRACE_DETACH,threadPid,NULL,NULL)!=-1)
            {
                printf("Process %d attaching/detaching was sucessful!\n");
            }
            else
            {
                perror("PTRACE_ATTACH:");
            }
        }
        else
        {
            perror("waitthreadPid:");
            printf("status:%d errno:%d\n",status,errno);
        }

    }
    else
    {
        perror("PTRACE_ATTACH: ");
    }
    return 0;
}