lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140922152248.GA24805@redhat.com>
Date:	Mon, 22 Sep 2014 17:22:48 +0200
From:	Oleg Nesterov <oleg@...hat.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Alexander Viro <viro@...iv.linux.org.uk>,
	Denys Vlasenko <dvlasenk@...hat.com>,
	Jan Kratochvil <jan.kratochvil@...hat.com>,
	Mark Wielaard <mjw@...hat.com>,
	Martin Milata <mmilata@...hat.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] coredump: add %T in core_pattern to report the tid

Self-nack after discussion on debug-list, I'll send v2.

If we teach format_corename() to report task_pid_vnr() we should also
allow to report the global tid from the root namespace, at least to
make this consistent with %p/%P.

This means that %T was a bad choice, Martin suggests %i/%I.

On 09/21, Oleg Nesterov wrote:
>
> format_corename() can only pass the leader's pid to the core handler, but
> there is no simple way to figure out which thread originated the coredump.
>
> As Jan explains, this also means that there is no simple way to create the
> backtrace of the crashed process:
>
> As programs are mostly compiled with implicit gcc -fomit-frame-pointer one
> needs program's .eh_frame section (equivalently PT_GNU_EH_FRAME segment) or
> .debug_frame section. .debug_frame usually is present only in separate debug
> info files usually not even installed on the system.  While .eh_frame is a
> part of the executable/library (and it is even always mapped for C++
> exceptions unwinding) it no longer has to be present anywhere on the disk
> as the program could be upgraded in the meantime and the running instance
> has its executable file already unlinked from disk.
>
> One possibility is to echo 0x3f >/proc/*/coredump_filter and dump all the
> file-backed memory including the executable's .eh_frame section. But that
> can create huge core files, for example even due to mmapped data files.
>
> Other possibility would be to read .eh_frame from /proc/PID/mem at the
> core_pattern handler time of the core dump.  For the backtrace one needs to
> read the register state first which can be done from core_pattern handler:
>
> 	ptrace(PTRACE_SEIZE, tid, 0, PTRACE_O_TRACEEXIT)
> 	close(0);    // close pipe fd to resume the sleeping dumper
> 	waitpid();   // should report EXIT
> 	PTRACE_GETREGS or other requests
>
> The remaining problem is how to get the 'tid' value of the crashed thread.
> It could be read from the first NT_PRSTATUS note of the core file but that
> makes the core_pattern handler complicated.
>
> Signed-off-by: Jan Kratochvil <jan.kratochvil@...hat.com>
> Signed-off-by: Oleg Nesterov <oleg@...hat.com>
> ---
>  Documentation/sysctl/kernel.txt |    1 +
>  fs/coredump.c                   |    4 ++++
>  2 files changed, 5 insertions(+), 0 deletions(-)
>
> diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
> index f79eb96..d2aa7f1 100644
> --- a/Documentation/sysctl/kernel.txt
> +++ b/Documentation/sysctl/kernel.txt
> @@ -189,6 +189,7 @@ core_pattern is used to specify a core dumpfile pattern name.
>  	%<NUL>	'%' is dropped
>  	%%	output one '%'
>  	%p	pid
> +	%T	tid
>  	%P	global pid (init PID namespace)
>  	%u	uid
>  	%g	gid
> diff --git a/fs/coredump.c b/fs/coredump.c
> index a93f7e6..1dc6106 100644
> --- a/fs/coredump.c
> +++ b/fs/coredump.c
> @@ -194,6 +194,10 @@ static int format_corename(struct core_name *cn, struct coredump_params *cprm)
>  				err = cn_printf(cn, "%d",
>  					      task_tgid_vnr(current));
>  				break;
> +			case 'T':
> +				err = cn_printf(cn, "%d",
> +					      task_pid_vnr(current));
> +				break;
>  			/* global pid */
>  			case 'P':
>  				err = cn_printf(cn, "%d",
> --
> 1.5.5.1
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ