lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 29 Feb 2012 12:53:21 -0800
From:	Tim Bird <tim.bird@...sony.com>
To:	Oleg Nesterov <oleg@...hat.com>
CC:	Denys Vlasenko <vda.linux@...glemail.com>,
	linux kernel <linux-kernel@...r.kernel.org>
Subject: Re: Questions about ptrace on a dying process

On 02/29/2012 10:50 AM, Oleg Nesterov wrote:
> On 02/29, Tim Bird wrote:
>>
>> ptrace maintainers (and interested parties)...
>>
>> I'm working on a crash handler for Linux, which uses ptrace to retrieve information
>> about a process during it's coredump.  Specifically, from within a core handler
>> program (started within do_coredump() as a user_mode_helper), I would like to make
>> ptrace calls against the dying process.
> 
> Which calls? just curious.

Right now, I'm using:
	PTRACE_ATTACH, PTRACE_GETREGS,
	PTRAGE_PEEKTEXT and PTRACE_GETSIGINFO


>> My problem is that the process state is not entering into TASK_TRACED, when
>> I do an PTRACE_ATTACH against it.
> 
> Yes, it can never do ptrace_stop() in do_coredump() paths.

That's what I figured.

> Perhaps you can use PTRACE_O_TRACEEXIT. PTRACE_EVENT_EXIT will be reported
> after the coredumping. I think the core handler should close the pipe first,
> otherwise the dumping tracee will wait for the handler forever.
>
> However. You need PTRACE_SEIZE, not PTRACE_ATTACH. And this can only work
> with the recent patch from Denys which allows to pass PTRACE_O_TRACEEXIT
> with PTRACE_SEIZE (currently in -mm tree).
> 
> Just in case, it could have other threads sleeping in TASK_UNINTERRUPTIBLE
> until do_coredump() completes. But these threads have already passed
> ptrace_event(PTRACE_EVENT_EXIT).

I'll look at these and see if they might work.  I've determined
that there are some funny races for accessing /proc, using ptrace,
and reading the coredump from stdin (in the core pipe handler)
associated with the technique I'm currently using. Maybe some
of these other ptrace requests or options would help out.

Thanks very much for the suggestions.
 -- Tim

=============================
Tim Bird
Architecture Group Chair, CE Workgroup of the Linux Foundation
Senior Staff Engineer, Sony Network Entertainment
=============================

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ