| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTimA8wtM4sJu1SMVuOaNXyxEtLcfaj7kJf2NovAd@mail.gmail.com> Date: Wed, 2 Mar 2011 12:21:28 +0100 From: Denys Vlasenko <vda.linux@...glemail.com> To: Tejun Heo <tj@...nel.org> Cc: Oleg Nesterov <oleg@...hat.com>, Roland McGrath <roland@...hat.com>, jan.kratochvil@...hat.com, linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org, akpm@...ux-foundation.org Subject: Re: [RFC] Proposal for ptrace improvements On Wed, Mar 2, 2011 at 8:37 AM, Tejun Heo <tj@...nel.org> wrote: > On Wed, Mar 02, 2011 at 12:16:23AM +0100, Denys Vlasenko wrote: >> Let's spell this out in detail. Please correct me if >> I misunderstood your proposal: >> >> We have a stopped task under ptrace. >> (More precisely: debugger got a WSTOPPED notification via waitpid. >> Debugger decided to emulate the job control stop, therefore it >> keeps tracee stopped, therefore it just waits on waitpid >> without doing any PTRACE_CONTs). >> >> Another task sends SIGCONT to the tracee. >> >> Debugger gets waitpid notification of the >> WSTOPPED, WSTOPSIG == SIGCONT form. > > I think WSTOPSIG should be SIGTRAP as the tracee left group stop and > entered ptrace trap. This would be, by my count, 13th kind of SIGTRAP use by ptrace. Which makes multi-level if's in debuggers even more complex and more error-prone. Why not SIGCONT? This event is, after all, caused by SIGCONT. It would be so much nicer to be able to detect it with single if() in the debugger... >> Debugger can check PTRACE_GETSIGINFO, which succeeds. >> Debugger now knows it's a signal delivery notification. > > No, it's not a signal delivery notification. It's a ptrace trap > notification. SIGCONT may not be delivered to this task. Please > remember that it's the emission of SIGCONT which ends a group stop, > not delivery. >From userspace POV it's really a kernel's implementation detail. >> Debugger performs PTRACE_CONT(SIGCONT) - it injects the signal. >> [Question: what if debugger doesn't? IOW: is it possible >> for debugger to suppress SIGCONTs, or not? > > SIGCONT shouldn't be used here and wouldn't make any difference. > We're not in signal delivery path. > >> IOW2: what should happen if debugger >> (a) does not do any PTRACE_CONT at all? or > > The tracee stays stopped. > >> (b) does PTRACE_CONT(<other_sig>)? or >> (c) does PTRACE_CONT(0)? > > See above. This means that SIGCONT handler will be executed in the tracee after debugger does PTRACE_CONT(<any_signo>) at this point. Which makes SIGCONT special: debugger can suppress execution of other signal handlers in tracee, but not SIGCONT handler. Another special case. Can we avoid having it? >> Debugger gets WCONTINUED waitpid notification. >> [question: do we need this?] > > I don't think we need this. The tracer needs all the stopped > notifications but it doesn't need the continued notification because a > tracee is never continued without the tracer saying so. Yes, I think it's ok. -- vda -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists