| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 Sep 2014 17:22:48 +0200 From: Oleg Nesterov <oleg@...hat.com> To: Andrew Morton <akpm@...ux-foundation.org> Cc: Alexander Viro <viro@...iv.linux.org.uk>, Denys Vlasenko <dvlasenk@...hat.com>, Jan Kratochvil <jan.kratochvil@...hat.com>, Mark Wielaard <mjw@...hat.com>, Martin Milata <mmilata@...hat.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH] coredump: add %T in core_pattern to report the tid Self-nack after discussion on debug-list, I'll send v2. If we teach format_corename() to report task_pid_vnr() we should also allow to report the global tid from the root namespace, at least to make this consistent with %p/%P. This means that %T was a bad choice, Martin suggests %i/%I. On 09/21, Oleg Nesterov wrote: > > format_corename() can only pass the leader's pid to the core handler, but > there is no simple way to figure out which thread originated the coredump. > > As Jan explains, this also means that there is no simple way to create the > backtrace of the crashed process: > > As programs are mostly compiled with implicit gcc -fomit-frame-pointer one > needs program's .eh_frame section (equivalently PT_GNU_EH_FRAME segment) or > .debug_frame section. .debug_frame usually is present only in separate debug > info files usually not even installed on the system. While .eh_frame is a > part of the executable/library (and it is even always mapped for C++ > exceptions unwinding) it no longer has to be present anywhere on the disk > as the program could be upgraded in the meantime and the running instance > has its executable file already unlinked from disk. > > One possibility is to echo 0x3f >/proc/*/coredump_filter and dump all the > file-backed memory including the executable's .eh_frame section. But that > can create huge core files, for example even due to mmapped data files. > > Other possibility would be to read .eh_frame from /proc/PID/mem at the > core_pattern handler time of the core dump. For the backtrace one needs to > read the register state first which can be done from core_pattern handler: > > ptrace(PTRACE_SEIZE, tid, 0, PTRACE_O_TRACEEXIT) > close(0); // close pipe fd to resume the sleeping dumper > waitpid(); // should report EXIT > PTRACE_GETREGS or other requests > > The remaining problem is how to get the 'tid' value of the crashed thread. > It could be read from the first NT_PRSTATUS note of the core file but that > makes the core_pattern handler complicated. > > Signed-off-by: Jan Kratochvil <jan.kratochvil@...hat.com> > Signed-off-by: Oleg Nesterov <oleg@...hat.com> > --- > Documentation/sysctl/kernel.txt | 1 + > fs/coredump.c | 4 ++++ > 2 files changed, 5 insertions(+), 0 deletions(-) > > diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt > index f79eb96..d2aa7f1 100644 > --- a/Documentation/sysctl/kernel.txt > +++ b/Documentation/sysctl/kernel.txt > @@ -189,6 +189,7 @@ core_pattern is used to specify a core dumpfile pattern name. > %<NUL> '%' is dropped > %% output one '%' > %p pid > + %T tid > %P global pid (init PID namespace) > %u uid > %g gid > diff --git a/fs/coredump.c b/fs/coredump.c > index a93f7e6..1dc6106 100644 > --- a/fs/coredump.c > +++ b/fs/coredump.c > @@ -194,6 +194,10 @@ static int format_corename(struct core_name *cn, struct coredump_params *cprm) > err = cn_printf(cn, "%d", > task_tgid_vnr(current)); > break; > + case 'T': > + err = cn_printf(cn, "%d", > + task_pid_vnr(current)); > + break; > /* global pid */ > case 'P': > err = cn_printf(cn, "%d", > -- > 1.5.5.1 > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists