From owner-freebsd-bugs Sun Oct 13 8:20: 7 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 175B037B401 for ; Sun, 13 Oct 2002 08:20:03 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 076AE43E88 for ; Sun, 13 Oct 2002 08:20:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g9DFK1Co068078 for ; Sun, 13 Oct 2002 08:20:01 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g9DFK1Is068077; Sun, 13 Oct 2002 08:20:01 -0700 (PDT) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 26F1337B401 for ; Sun, 13 Oct 2002 08:11:20 -0700 (PDT) Received: from walton.kettenis.dyndns.org (a169250.upc-a.chello.nl [62.163.169.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E06543E6E for ; Sun, 13 Oct 2002 08:11:18 -0700 (PDT) (envelope-from kettenis@elgar.kettenis.dyndns.org) Received: from elgar.kettenis.dyndns.org (elgar.kettenis.dyndns.org [192.168.0.2]) by walton.kettenis.dyndns.org (8.12.5/8.12.5) with ESMTP id g9DFBHQW000741 for ; Sun, 13 Oct 2002 17:11:17 +0200 (CEST) (envelope-from kettenis@elgar.kettenis.dyndns.org) Received: from elgar.kettenis.dyndns.org (localhost [127.0.0.1]) by elgar.kettenis.dyndns.org (8.12.6/8.12.6) with ESMTP id g9DFBGKa000742 for ; Sun, 13 Oct 2002 17:11:16 +0200 (CEST) (envelope-from kettenis@elgar.kettenis.dyndns.org) Received: (from kettenis@localhost) by elgar.kettenis.dyndns.org (8.12.6/8.12.6/Submit) id g9DFBGbm000741; Sun, 13 Oct 2002 17:11:16 +0200 (CEST) Message-Id: <200210131511.g9DFBGbm000741@elgar.kettenis.dyndns.org> Date: Sun, 13 Oct 2002 17:11:16 +0200 (CEST) From: Mark Kettenis Reply-To: Mark Kettenis To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: kern/44011: [PATCH] PT_CONTINUE, PT_KILL and PT_DETACH are broken Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 44011 >Category: kern >Synopsis: [PATCH] PT_CONTINUE, PT_KILL and PT_DETACH are broken >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Oct 13 08:20:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Mark Kettenis >Release: FreeBSD 5.0-CURRENT i386 >Organization: >Environment: System: FreeBSD elgar.kettenis.dyndns.org 5.0-CURRENT FreeBSD 5.0-CURRENT #7: Sun Oct 13 15:15:46 CEST 2002 kettenis@elgar.kettenis.dyndns.org:/usr/obj/usr/src/sys/GENERIC i386 >Description: There's a long standing bug that prevents the PT_CONTINUE, PT_KILL and PT_DETACH ptrace(2) requests from functioning as advertised in the manual page. As described in kern/35175, the PT_DETACH request will, under certain circumstances, pass an unwanted signal on to the traced process upan detaching from it. The PT_CONTINUE request will sometimes fail if you make it pass a signal that has "properties" that differ from the properties of the signal that origionally caused the traced process to be stopped. Since PT_KILL is nothing than PT_CONTINUE with SIGKILL, it is broken too. In the PT_KILL case, this leads to an unkillable process. >How-To-Repeat: These problems manifest themselves in the GDB testsuite where several test will fail: FAIL: gdb.base/attach.exp: (timeout) attach2 FAIL: gdb.base/attach.exp: (timeout) after attach2, set should_exit FAIL: gdb.base/attach.exp: (timeout) after attach2, set tbreak postloop FAIL: gdb.base/attach.exp: (timeout) after attach2, reach tbreak postloop FAIL: gdb.base/attach.exp: (timeout) after attach2, exit FAIL: gdb.base/attach.exp: set source path because PT_DETACH doesn't work as advertised, and FAIL: gdb.base/attach.exp: (timeout) after attach3, exit because PT_KILL doesn't work. >Fix: These bugs are caused by code in issignal(), where the signal that's being handled isn't cleared if the process is no longer traced (i.e. for a PT_DETACH request), and where the "properties" of the current signal aren't updated when the signal to be taken is changed by the parent (i.e. for a PT_CONTINUE or PT_KILL request). The attached patch solves these problems. The first problem is fixed by a variant of the patch by Peter Edwards in kern/35175. The second problem is fixed by moving the initialisation of 'prop' further down, such that it is set based on the right signal. This patch is against version 1.196 of kern_sig.c. This patch is also available as: http://members.chello.nl/~m.m.kettenis/FreeBSD/5-current/ptrace.patch. Mark --- /usr/src/sys/kern/kern_sig.c.orig Wed Oct 2 11:08:11 2002 +++ /usr/src/sys/kern/kern_sig.c Sat Oct 12 23:19:03 2002 @@ -1616,7 +1616,6 @@ issignal(td) if (SIGISEMPTY(mask)) /* no signal to send */ return (0); sig = sig_ffs(&mask); - prop = sigprop(sig); _STOPEVENT(p, S_SIG, sig); @@ -1648,14 +1647,6 @@ issignal(td) PROC_LOCK(p); /* - * If the traced bit got turned off, go back up - * to the top to rescan signals. This ensures - * that p_sig* and ps_sigact are consistent. - */ - if ((p->p_flag & P_TRACED) == 0) - continue; - - /* * If parent wants us to take the signal, * then it will leave it in p->p_xstat; * otherwise we just look for signals again. @@ -1673,7 +1664,17 @@ issignal(td) if (SIGISMEMBER(p->p_sigmask, sig)) continue; signotify(p); + + /* + * If the traced bit got turned off, go back up + * to the top to rescan signals. This ensures + * that p_sig* and ps_sigact are consistent. + */ + if ((p->p_flag & P_TRACED) == 0) + continue; } + + prop = sigprop(sig); /* * Decide whether the signal should be returned. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message