lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <1225966258.5765.6.camel@rivendell.trier.ximian.com>
Date:	Thu, 06 Nov 2008 11:10:58 +0100
From:	Martin Baulig <martin@...ell.com>
To:	linux-kernel@...r.kernel.org
Subject: Problem with PTRACE_EVENT_CLONE in 2.6.27

Hello,

I am developing a debugger and recently run into a strange problem
with ptrace() which showed up between 2.6.25.16 and 2.6.28-rc3.

I'm using

	int flags = PTRACE_O_TRACECLONE | PTRACE_O_TRACEFORK |
PTRACE_O_TRACEVFORK |
		PTRACE_O_TRACEEXEC;

	ptrace (PTRACE_SETOPTIONS, pid, 0, flags);

after starting the target application and then do a

	ret = waitpid (pid, status, WUNTRACED | __WALL | __WCLONE);

in a special worker thread.

My problem is that with recent kernels, I sometimes get the initial
SIGSTOP event for a newly created thread before the `PTRACE_EVENT_CLONE'
event for that thread.

This causes two problems for me:

a) I'm getting a SIGSTOP for an unknown PID, so I have to decide what
   to do with it.

   It seems that ptrace (PT_GETRETGS) on that PID sometimes works and
   sometimes doesn't - what's going on here ?  Can I debug the new
   thread just after receiving its initial SIGSTOP or do I need to
   wait until the `PTRACE_EVENT_CLONE' ?


b) After getting the PTRACE_EVENT_CLONE, there seems to be no reliable
   way for me to wait until this new thread has stopped.

   If I understand things correctly, you can't waitpid() on a thread
   which is already stopped, so how do I check whether the newly
   created thread has already stopped ?

I put some really bad hack to work around this problem into the
development version of our product, but I'd be very happy to hear about
an official solution.

I'm not subscribed to the list, so please Cc: me on all replies.

Thanks,
Martin Baulig

-- 
Martin Baulig - martin@...ell.com
Novell GmbH, Düsseldorf
GF: Volker Smid, Djamel Souici; HRB 21108 (AG Düsseldorf)


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ