Re: [RFC PATCH] ptrace: make ptrace() fail if the tracee changed its pid unexpectedly

[Oleg Nesterov <oleg@redhat.com>]

On 12/17, Eric W. Biederman wrote:
>
> Oleg Nesterov <oleg@redhat.com> writes:
>
> > Suppose we have 2 threads, the group-leader L and a sub-theread T,
> > both parked in ptrace_stop(). Debugger tries to resume both threads
> > and does
> >
> > 	ptrace(PTRACE_CONT, T);
> > 	ptrace(PTRACE_CONT, L);
> >
> > If the sub-thread T execs in between, the 2nd PTRACE_CONT doesn not
> > resume the old leader L, it resumes the post-exec thread T which was
> > actually now stopped in PTHREAD_EVENT_EXEC. In this case the
> > PTHREAD_EVENT_EXEC event is lost, and the tracer can't know that the
> > tracee changed its pid.
>
> The change seems sensible.  I don't expect this is common but it looks
> painful to deal with if it happens.

Yes, this is not a bug, but gdb can't handle this case without some help
from the kernel.

> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>

Thanks!



> I am wondering if this should be expanded to all ptrace types for
> consistency.  Or maybe we should set a flag to make this happen for
> all ptrace events.

But for what? ptrace is the very old API, I don't think we want to
suddenly enforce the rule that every reported event must be wait()'ed.
Plus this needs some complications to support WNOWAIT.

I would like to kill JOBCTL_TRAPPING_BIT which ensures that the tracer
does NOT need wait() after PTRACE_ATTACH(stopped-task) (see
wait_on_bit() in ptrace_attach()). I think this makes no sense but
who knows, perhaps even this change can break something.

> It just seems really odd to only worry about missing this event.

Agreed,

> I admit this a threaded PTRACE_EVENT_EXEC is the only event we are
> likely to miss but still.

Yes, this is the only event debugger can miss even if it uses wait()
correctly.

> Do you by any chance have any debugger/strace test cases?
>
> I would think that would be the way to test to see if this breaks
> anything.  I think I remember strace having a good test suite.

Heh. You can never know what other people do with ptrace ;)
For example, see

    fab840fc2d54 ptrace: PTRACE_DETACH should do flush_ptrace_hw_breakpoint(child)
    35114fcbe0b9 Revert "ptrace: PTRACE_DETACH should do flush_ptrace_hw_breakpoint(child)"

Oleg.