From: James Cownie <jcownie@etnus.com>
To: linux-kernel@vger.kernel.org
Subject: Re: ptrace patch fails stress testing
Date: Thu, 03 Apr 2003 16:22:48 +0100 [thread overview]
Message-ID: <1916YC-0Qp-00@etnus.com> (raw)
Alan wrote :-
> On Tue, 2003-04-01 at 19:22, linas@austin.ibm.com wrote:
> > The problem appears to be that task->mm is dereferenced without
> > looking to see if mm is NULL. e.g. in the sched.h in the
> > is_dumpable() macro, we have task->mm->dumpable . I'm sitting
> > in front of a KDB session and I'm clearly looking at task->mm
> > which is NULL.
> > Why, how and under what conditions this race condition occurs,
> > I don't know. What the best fix is, I don't know.
>
> Zombie process. The patch checks ->mm but must also check ->mm != NULL
> first.
We're seeing this 100% reliably with out TotalView debugger, and as
Alan suggests it happens when trying to make a ptrace call on a zombie
process.
FWIW the oops looks like this
>>EIP; c01197f3 <ptrace_check_attach+13/50> <=====
Trace; c0109bc6 <sys_ptrace+ba/580>
Trace; c0106cb8 <error_code+34/3c>
Trace; c0106bc7 <system_call+33/38>
Code; c01197f3 <ptrace_check_attach+13/50>
00000000 <_EIP>:
Code; c01197f3 <ptrace_check_attach+13/50> <=====
0: f6 40 7c 01 testb $0x1,0x7c(%eax) <=====
Code; c01197f7 <ptrace_check_attach+17/50>
4: 75 07 jne d <_EIP+0xd> c0119800 <ptrace_check_attach+20/50>
Code; c01197f9 <ptrace_check_attach+19/50>
6: b8 ff ff ff ff mov $0xffffffff,%eax
Code; c01197fe <ptrace_check_attach+1e/50>
b: c3 ret
Code; c01197ff <ptrace_check_attach+1f/50>
c: 90 nop
Code; c0119800 <ptrace_check_attach+20/50>
d: f6 42 18 01 testb $0x1,0x18(%edx)
Code; c0119804 <ptrace_check_attach+24/50>
11: 75 0a jne 1d <_EIP+0x1d> c0119810 <ptrace_check_attach+30/50>
Code; c0119806 <ptrace_check_attach+26/50>
13: b8 00 00 00 00 mov $0x0,%eax
which corresponds to checking a null mm.
Following Alan, the fix, then is to have is_dumpable look like this :-
#define is_dumpable(tsk) ((tsk)->task_dumpable && (tsk)->mm && (tsk)->mm->dumpable)
(and be prepared un user space to get EPERM back from some ptrace
calls which previously "worked" ok.)
-- Jim
James Cownie <jcownie@etnus.com>
Etnus, LLC. +44 117 9071438
http://www.etnus.com
next reply other threads:[~2003-04-03 15:11 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-03 15:22 James Cownie [this message]
2003-04-03 19:53 ` ptrace patch fails stress testing Chris Wright
-- strict thread matches above, loose matches on Subject: below --
2003-04-01 18:22 linas
2003-04-01 21:25 ` John M Flinchbaugh
2003-04-02 11:49 ` Alan Cox
2003-04-02 14:45 ` Keith Owens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1916YC-0Qp-00@etnus.com \
--to=jcownie@etnus.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox