From: Oleg Nesterov <oleg@redhat.com>
To: Tejun Heo <tj@kernel.org>
Cc: Roland McGrath <roland@redhat.com>,
jan.kratochvil@redhat.com, linux-kernel@vger.kernel.org,
torvalds@linux-foundation.org, akpm@linux-foundation.org
Subject: Re: [PATCH 1/1] ptrace: make sure do_wait() won't hang after PTRACE_ATTACH
Date: Mon, 7 Feb 2011 18:48:21 +0100 [thread overview]
Message-ID: <20110207174821.GA1237@redhat.com> (raw)
In-Reply-To: <20110207163121.GB16992@htj.dyndns.org>
On 02/07, Tejun Heo wrote:
>
> Hey, Oleg.
>
> On Mon, Feb 07, 2011 at 04:37:23PM +0100, Oleg Nesterov wrote:
> >
> > > Yes, I do have some other ideas. When a ptraced task gets a stop
> > > signal, its delivery is controlled by the tracer, right?
> >
> > Right, but note that the tracer does not fully control the group-stop.
> > One a thread dequeues SIGSTOP (and please note this thread can be !traced),
> > all other threads (traced or not) should participate.
>
> I don't know. Maybe it's more consistent that way and I'm not
> fundamentally against that but it is a big behavior change
Hmm. I tried to describe the current behaviour...
> > > Notifying the parent w/o making group stop superior to ptrace sure is
> > > a possibility.
> >
> > Could you please reiterate? I think I missed something before, and
> > now I do not really understand what do you mean.
>
> I was trying to say that it's still possible to deliver group stop
> notifications to the real parent while letting the ptracer override
> group stop with PTRACE_CONT.
Do you mean the current code? Yes, this is possible. And yes, this
doesn't look good. PTRACE_CONT should either notify the real parent
or do not resume the tracee.
> > > A ptraced task stops in TASK_TRACED.
> >
> > Unless it reacts to SIGSTOP/group_stop_count.
>
> What do you do about PTRACE requests while a task is group stopped?
> Reject them? Block them?
Yes, another known oddity. Of course we shouldn't reject or block.
Perhaps we can ignore this initially. If SIGCONT comes after another
request does STOPPED/TRACED it clears SIGNAL_STOP_STOPPED, but the
tracee won't run until the next PTRACE_CONT, this makes sense.
The problem is, gdb can't leave the tracee in STOPPED state if it
wants. We need to improve this somehow (like in your previous example
with gdb).
> > > I agree that what
> > > you're describing seems like a good compromise. What I was objecting
> > > to was putting group stop mechanism in general on top of ptrace. I
> > > can't see how that would work.
> >
> > And I still can't understand why this can't work ;)
> >
> > And I don't really understand "putting group stop mechanism in general
> > on top of ptrace". It is very possible I am wrong, but I see this from
> > the different angle: stop/ptrace should be "parallel".
>
> Hmmm... currently ptrace overrides group stop and has full control
> over when and where the tracee stops and continues,
Only if it attaches to every thread in the thread group. Otherwise,
if the non-thread has already initiated the group-stop, the tracee
will notice TIF_SIGPENDING eventually and call do_signal_stop(),
debugger can't control this.
> I don't think it's an extreme corner case
> we can break. For example, if a user gdb's a program which raises one
> of the stop signals, currently the user expects to be able to continue
> the program from whithin the gdb. If we make group stop override
> ptrace, there's no other recourse than sending signal from outside.
Yes. Of course, gdb can be "fixed", it can send SIGCONT.
But yes, this is the noticeable change, that is why I suggested
ptrace_resume-acts-as-SIGCONT logic. Ugly, yes, but more or less
compatible. (although let me repeat, _pesonally_ I'd prefer to
simply tell user-space to learn the new rules ;)
> > > I think it should only include the case where the
> > > tracee actually stops for group stop excluding all other trapping
> > > points.
> >
> > I was thinking about this too and probably this makes sense. But
> > I think at least initial changes should keep the current behaviour
> > (assuming this behaviour is fixed).
>
> But if you make the other change but not this one, we end up with
> ptrace which doesn't notify the ptracer what's going on. Apart from
> _polling_ /proc/tid/status, there is no mechanism to discover the
> tracee's state.
(Don't forget, ptrace_stop() should be fixed to notify and set
SIGNAL_STOP_STOPPED if needed. Damn, it is not exactly trivial as
I though initially... but hopefully possible anyway)
If gdb attaches to all threads it can detect this case, otherwise
it doesn't fully control the group-stop anyway.
But,
> The only thing it achieves is the integrity of group
> stop
Given that SIGCHLD doesn't queue and with or without your changes
we send it per-thread, it is not trivial for gdb to detect the
group-stop anyway. Again, the kernel should help somehow.
> and I'm not really sure whether that's something worth achieving
> at the cost of debugging capabilities especially when we don't _have_
> to lose them.
But we do not? I mean, at least this is not worse than the current
behaviour.
> > As for SIGCONT. Roland suggests (roughly) to change ptrace_resume()
> > so that it doesn't wakeup the stopped tracee until the real SIGCONT
> > comes. And this makes sense to me.
>
> I agree it adds more integrity to group stop but at the cost of
> debugging capabilities. I'm not yet convinced integrity of group stop
> is that important. Why is it such a big deal?
Of course I can't "prove" it is that important. But I think so.
> > But yes, I see your point. And while I think that Roland's suggestion is
> > fine, I also have another proposal
> >
> > - never send CLD_CONTINUED to the tracer, always send it to parent.
> >
> > Firstly, this is completely pointless: ptrace is per-thread, while
> > this notification is per-process
>
> CLD_STOPPED is too but while ptrace is attached the notifications are
> made per-task and delivered to the tracer.
No, there is a difference. Sure, CLD_STOPPED is per-process without
ptrace. But CLD_CONTINUED continues to be per-process even if all
threads are traced.
> > - change do_wait() so that WCONTINUED for real_parent
> >
> > - change ptrace_resume() to check SIGNAL_STOP_STOPPED case. It should
> > act as SIGCONT in this case. Yes: "act as SIGCONT" needs more
> > discussion.
>
> I don't know.
Heh, if only I could say I know ;)
> I think this is the key question. Whether to de-throne
> PTRACE_CONT such that it cannot override group stop. As I've already
> said several times already, I think it is a pretty fundamental
> property of ptrace
Again, I am a bit confused. Note that PTRACE_CONT overrides
group stop if we do the above. It should wake up the tracee, in
SIGCONT-compatible way (yes, the latter is not exactly clear).
But at least this should be visible to real parent. We shouldn't
silently make the stopped tracee running while its real_parent
thinks everything is stopped.
> and change to it would be quite visible,
If you meant Roland's suggestion (PTRACE_CONT doesn't wakeup
but needs SIGCONT) - yes.
> in
> negative way, from userland.
At least, in a non-compatible way.
Oleg.
next prev parent reply other threads:[~2011-02-07 17:56 UTC|newest]
Thread overview: 160+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-28 15:08 [PATCHSET] ptrace,signal: group stop / ptrace updates Tejun Heo
2011-01-28 15:08 ` [PATCH 01/10] signal: fix SIGCONT notification code Tejun Heo
2011-01-28 15:08 ` [PATCH 02/10] ptrace: remove the extra wake_up_process() from ptrace_detach() Tejun Heo
2011-01-28 18:46 ` Roland McGrath
2011-01-31 10:38 ` Tejun Heo
2011-02-01 10:26 ` [PATCH] ptrace: use safer wake up on ptrace_detach() Tejun Heo
2011-02-01 13:40 ` Oleg Nesterov
2011-02-01 15:07 ` Tejun Heo
2011-02-01 19:17 ` Oleg Nesterov
2011-02-02 5:31 ` Roland McGrath
2011-02-02 10:35 ` Tejun Heo
2011-02-02 0:27 ` Andrew Morton
2011-02-02 5:33 ` Roland McGrath
2011-02-02 5:38 ` Andrew Morton
2011-02-02 10:34 ` Tejun Heo
2011-02-02 19:33 ` Andrew Morton
2011-02-02 20:01 ` Tejun Heo
2011-02-02 21:40 ` Oleg Nesterov
2011-02-02 5:29 ` Roland McGrath
2011-02-02 5:28 ` [PATCH 02/10] ptrace: remove the extra wake_up_process() from ptrace_detach() Roland McGrath
2011-01-28 15:08 ` [PATCH 03/10] signal: remove superflous try_to_freeze() loop in do_signal_stop() Tejun Heo
2011-01-28 18:46 ` Roland McGrath
2011-01-28 15:08 ` [PATCH 04/10] ptrace: kill tracehook_notify_jctl() Tejun Heo
2011-01-28 21:09 ` Roland McGrath
2011-01-28 15:08 ` [PATCH 05/10] ptrace: add @why to ptrace_stop() Tejun Heo
2011-01-28 18:48 ` Roland McGrath
2011-01-28 15:08 ` [PATCH 06/10] signal: fix premature completion of group stop when interfered by ptrace Tejun Heo
2011-01-28 21:22 ` Roland McGrath
2011-01-31 11:00 ` Tejun Heo
2011-02-02 5:44 ` Roland McGrath
2011-02-02 10:56 ` Tejun Heo
2011-01-28 15:08 ` [PATCH 07/10] signal: use GROUP_STOP_PENDING to stop once for a single group stop Tejun Heo
2011-01-28 15:08 ` [PATCH 08/10] ptrace: participate in group stop from ptrace_stop() iff the task is trapping for " Tejun Heo
2011-01-28 21:30 ` Roland McGrath
2011-01-31 11:26 ` Tejun Heo
2011-02-02 5:57 ` Roland McGrath
2011-02-02 10:53 ` Tejun Heo
2011-02-03 10:02 ` Tejun Heo
2011-02-01 19:36 ` Oleg Nesterov
2011-01-28 15:08 ` [PATCH 09/10] ptrace: make do_signal_stop() use ptrace_stop() if the task is being ptraced Tejun Heo
2011-01-28 15:08 ` [PATCH 10/10] ptrace: clean transitions between TASK_STOPPED and TRACED Tejun Heo
2011-02-03 20:41 ` [PATCH 0/1] (Was: ptrace: clean transitions between TASK_STOPPED and TRACED) Oleg Nesterov
2011-02-03 20:41 ` [PATCH 1/1] ptrace: make sure do_wait() won't hang after PTRACE_ATTACH Oleg Nesterov
2011-02-03 21:36 ` Roland McGrath
2011-02-03 21:44 ` Oleg Nesterov
2011-02-04 10:53 ` Tejun Heo
2011-02-04 13:04 ` Oleg Nesterov
2011-02-04 14:48 ` Tejun Heo
2011-02-04 17:06 ` Oleg Nesterov
2011-02-05 13:39 ` Tejun Heo
2011-02-07 13:42 ` Oleg Nesterov
2011-02-07 14:11 ` Tejun Heo
2011-02-07 15:37 ` Oleg Nesterov
2011-02-07 16:31 ` Tejun Heo
2011-02-07 17:48 ` Oleg Nesterov [this message]
2011-02-09 14:18 ` Tejun Heo
2011-02-09 14:21 ` Tejun Heo
2011-02-09 21:25 ` Oleg Nesterov
2011-02-13 23:01 ` Denys Vlasenko
2011-02-14 9:03 ` Jan Kratochvil
2011-02-14 11:39 ` Denys Vlasenko
2011-02-14 17:32 ` Oleg Nesterov
2011-02-14 16:01 ` Oleg Nesterov
2011-02-26 3:59 ` Pavel Machek
2011-02-14 15:51 ` Oleg Nesterov
2011-02-14 14:50 ` Tejun Heo
2011-02-14 18:53 ` Oleg Nesterov
2011-02-13 22:25 ` Denys Vlasenko
2011-02-14 15:13 ` Tejun Heo
2011-02-14 16:15 ` Oleg Nesterov
2011-02-14 16:33 ` Tejun Heo
2011-02-14 17:23 ` Oleg Nesterov
2011-02-14 17:20 ` Denys Vlasenko
2011-02-14 17:30 ` Tejun Heo
2011-02-14 17:45 ` Oleg Nesterov
2011-02-14 17:54 ` Denys Vlasenko
2011-02-21 15:16 ` Tejun Heo
2011-02-21 15:28 ` Oleg Nesterov
2011-02-21 16:11 ` [pseudo patch] ptrace should respect the group stop Oleg Nesterov
2011-02-22 16:24 ` [PATCH 1/1] ptrace: make sure do_wait() won't hang after PTRACE_ATTACH Tejun Heo
2011-02-24 21:08 ` Oleg Nesterov
2011-02-25 15:45 ` Tejun Heo
2011-02-25 17:42 ` Roland McGrath
2011-02-28 15:23 ` Oleg Nesterov
2011-02-14 17:51 ` Oleg Nesterov
2011-02-14 18:55 ` Denys Vlasenko
2011-02-14 19:01 ` Oleg Nesterov
2011-02-14 19:42 ` Denys Vlasenko
2011-02-14 20:01 ` Oleg Nesterov
2011-02-15 15:24 ` Tejun Heo
2011-02-15 15:58 ` Oleg Nesterov
2011-02-15 17:31 ` Roland McGrath
2011-02-15 20:27 ` Oleg Nesterov
2011-02-18 17:02 ` Tejun Heo
2011-02-18 19:37 ` Oleg Nesterov
2011-02-21 16:22 ` Tejun Heo
2011-02-21 16:49 ` Oleg Nesterov
2011-02-21 16:59 ` Tejun Heo
2011-02-23 19:31 ` Oleg Nesterov
2011-02-25 15:10 ` Tejun Heo
2011-02-24 20:29 ` Oleg Nesterov
2011-02-25 15:51 ` Tejun Heo
2011-02-26 2:48 ` Denys Vlasenko
2011-02-28 12:56 ` Tejun Heo
2011-02-28 13:16 ` Denys Vlasenko
2011-02-28 13:29 ` Tejun Heo
2011-02-28 13:41 ` Denys Vlasenko
2011-02-28 13:53 ` Tejun Heo
2011-02-28 14:25 ` Denys Vlasenko
2011-02-28 14:39 ` Tejun Heo
2011-02-28 16:48 ` Oleg Nesterov
2011-02-28 14:36 ` Oleg Nesterov
2011-02-16 21:51 ` Jan Kratochvil
2011-02-17 3:37 ` Denys Vlasenko
2011-02-17 19:19 ` Oleg Nesterov
2011-02-18 21:11 ` Jan Kratochvil
2011-02-19 20:16 ` Oleg Nesterov
2011-02-17 16:49 ` Oleg Nesterov
2011-02-17 18:58 ` Roland McGrath
2011-02-17 19:33 ` Oleg Nesterov
2011-02-18 21:34 ` Jan Kratochvil
2011-02-19 20:06 ` Oleg Nesterov
2011-02-20 9:40 ` Jan Kratochvil
2011-02-20 17:06 ` Denys Vlasenko
2011-02-20 17:48 ` Oleg Nesterov
2011-02-20 19:10 ` Jan Kratochvil
2011-02-20 19:16 ` Oleg Nesterov
2011-02-20 17:16 ` Oleg Nesterov
2011-02-20 18:52 ` Jan Kratochvil
2011-02-20 20:38 ` Oleg Nesterov
2011-02-20 21:06 ` `(T) stopped' preservation after _exit() [Re: [PATCH 1/1] ptrace: make sure do_wait() won't hang after PTRACE_ATTACH] Jan Kratochvil
2011-02-20 21:19 ` Oleg Nesterov
2011-02-20 21:20 ` [PATCH 1/1] ptrace: make sure do_wait() won't hang after PTRACE_ATTACH Jan Kratochvil
2011-02-21 14:23 ` Oleg Nesterov
2011-02-23 16:44 ` Jan Kratochvil
2011-02-14 15:31 ` Oleg Nesterov
2011-02-14 17:24 ` Denys Vlasenko
2011-02-14 17:39 ` Oleg Nesterov
2011-02-14 17:57 ` Denys Vlasenko
2011-02-14 18:00 ` Oleg Nesterov
2011-02-14 18:06 ` Oleg Nesterov
2011-02-14 18:59 ` Denys Vlasenko
2011-02-13 21:24 ` Denys Vlasenko
2011-02-14 15:06 ` Oleg Nesterov
2011-02-14 15:19 ` Tejun Heo
2011-02-14 16:20 ` Oleg Nesterov
2011-02-14 17:05 ` Denys Vlasenko
2011-02-14 17:18 ` Oleg Nesterov
2011-01-28 16:54 ` [PATCHSET] ptrace,signal: group stop / ptrace updates Ingo Molnar
2011-01-28 17:41 ` Thomas Gleixner
2011-01-28 18:04 ` Anca Emanuel
2011-01-28 18:36 ` Mathieu Desnoyers
2011-01-28 17:55 ` Oleg Nesterov
2011-01-28 18:29 ` Bash not reacting to Ctrl-C Ingo Molnar
2011-02-05 20:34 ` Oleg Nesterov
2011-02-07 13:08 ` Oleg Nesterov
2011-02-09 6:17 ` Michael Witten
2011-02-09 14:53 ` Ingo Molnar
2011-02-09 19:37 ` Michael Witten
2011-02-11 14:41 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110207174821.GA1237@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=jan.kratochvil@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=roland@redhat.com \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.