lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 23 Sep 2014 16:05:51 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Oleg Nesterov <oleg@...hat.com>
Cc:	Alexander Viro <viro@...iv.linux.org.uk>,
	Denys Vlasenko <dvlasenk@...hat.com>,
	Jan Kratochvil <jan.kratochvil@...hat.com>,
	Mark Wielaard <mjw@...hat.com>,
	Martin Milata <mmilata@...hat.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] coredump: add %i/%I in core_pattern to report the
 tid of the crashed thread

On Mon, 22 Sep 2014 19:15:25 +0200 Oleg Nesterov <oleg@...hat.com> wrote:

> format_corename() can only pass the leader's pid to the core handler, but
> there is no simple way to figure out which thread originated the coredump.
> 
> As Jan explains, this also means that there is no simple way to create the
> backtrace of the crashed process:
> 
> As programs are mostly compiled with implicit gcc -fomit-frame-pointer one
> needs program's .eh_frame section (equivalently PT_GNU_EH_FRAME segment) or
> .debug_frame section. .debug_frame usually is present only in separate debug
> info files usually not even installed on the system.  While .eh_frame is a
> part of the executable/library (and it is even always mapped for C++
> exceptions unwinding) it no longer has to be present anywhere on the disk
> as the program could be upgraded in the meantime and the running instance
> has its executable file already unlinked from disk.
> 
> One possibility is to echo 0x3f >/proc/*/coredump_filter and dump all the
> file-backed memory including the executable's .eh_frame section. But that
> can create huge core files, for example even due to mmapped data files.
> 
> Other possibility would be to read .eh_frame from /proc/PID/mem at the
> core_pattern handler time of the core dump.  For the backtrace one needs to
> read the register state first which can be done from core_pattern handler:
> 
> 	ptrace(PTRACE_SEIZE, tid, 0, PTRACE_O_TRACEEXIT)
> 	close(0);    // close pipe fd to resume the sleeping dumper
> 	waitpid();   // should report EXIT
> 	PTRACE_GETREGS or other requests
> 
> The remaining problem is how to get the 'tid' value of the crashed thread.
> It could be read from the first NT_PRSTATUS note of the core file but that
> makes the core_pattern handler complicated.
> 
> Unfortunately %t is already used so this patch uses %i/%I.

Is any userspace actually going to use this?  If so, details?

Am wondering what is driving this change...

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ