From patchwork Thu Mar 23 13:17:24 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philipp Rudo X-Patchwork-Id: 19709 Received: (qmail 78955 invoked by alias); 23 Mar 2017 13:17:50 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 78937 invoked by uid 89); 23 Mar 2017 13:17:50 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-24.3 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_LAZY_DOMAIN_SECURITY, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.2 spammy= X-HELO: mx0a-001b2d01.pphosted.com Received: from mx0a-001b2d01.pphosted.com (HELO mx0a-001b2d01.pphosted.com) (148.163.156.1) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 23 Mar 2017 13:17:49 +0000 Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v2NDDxq2139760 for ; Thu, 23 Mar 2017 09:17:48 -0400 Received: from e06smtp12.uk.ibm.com (e06smtp12.uk.ibm.com [195.75.94.108]) by mx0a-001b2d01.pphosted.com with ESMTP id 29c3f39w7n-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 23 Mar 2017 09:17:48 -0400 Received: from localhost by e06smtp12.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 23 Mar 2017 13:17:45 -0000 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp12.uk.ibm.com (192.168.101.142) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 23 Mar 2017 13:17:26 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v2NDHPGh12845528; Thu, 23 Mar 2017 13:17:25 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 032764C040; Thu, 23 Mar 2017 13:17:05 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D8CBB4C04A; Thu, 23 Mar 2017 13:17:04 +0000 (GMT) Received: from ThinkPad (unknown [9.152.212.148]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 23 Mar 2017 13:17:04 +0000 (GMT) Date: Thu, 23 Mar 2017 14:17:24 +0100 From: Philipp Rudo To: Pedro Alves Cc: gdb-patches@sourceware.org Subject: [PATCH v2] Fix read after xfree in linux_nat_detach In-Reply-To: <4fd5805f-7763-9548-d743-45dd2aa1b17c@redhat.com> References: <20170322131132.98976-1-prudo@linux.vnet.ibm.com> <20170322131132.98976-2-prudo@linux.vnet.ibm.com> <1ba8e9a2-2155-cab4-a530-ef7344a40c33@redhat.com> <20170322181652.6d145e7f@ThinkPad> <4fd5805f-7763-9548-d743-45dd2aa1b17c@redhat.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 17032313-0008-0000-0000-0000040C5A40 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17032313-0009-0000-0000-00001CF34463 Message-Id: <20170323141724.1707affa@ThinkPad> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-03-23_12:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=2 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1702020001 definitions=main-1703230119 X-IsSubscribed: yes On Wed, 22 Mar 2017 17:26:27 +0000 Pedro Alves wrote: > On 03/22/2017 05:16 PM, Philipp Rudo wrote: > > > Looks like we can get simply rid of it. I'll see that I get a test > > case running which forks to verify it, tomorrow. > > This forks handling is the support for the "checkpoint" & > friends commands, covered by gdb.base/checkpoint.exp. > Doesn't seem to exercise detach yet though, unfortunately. I double checked, the same bug also happens when checkpointing. The fix now is simply to remove delete_lwp at the end of linux_nat_detach. Although testing detach would be good, I'm not sure if the testsuite would have found this bug. --- From ee3dced0b22cc1edb10a82aeb79ae35d78d665bc Mon Sep 17 00:00:00 2001 From: Philipp Rudo Date: Wed, 22 Mar 2017 13:53:50 +0100 Subject: [PATCH v2] Fix read after xfree in linux_nat_detach At the end of linux_nat_detach the main_lwp is deleted (delete_lwp). This is problematic as during detach (detach_one_lwp and linux_fork_detach) main_lwp already gets freed. Thus calling delete_lwp causes a read after free. Fix it by removing the unnecessary delete_lwp. gdb/ChangeLog: * linux-nat.c (linux_nat_detach): delete_lwp causes read after free. Remove it. --- gdb/linux-nat.c | 1 - 1 file changed, 1 deletion(-) diff --git a/gdb/linux-nat.c b/gdb/linux-nat.c index dff0da5..efe7daf 100644 --- a/gdb/linux-nat.c +++ b/gdb/linux-nat.c @@ -1549,7 +1549,6 @@ linux_nat_detach (struct target_ops *ops, const char *args, int from_tty) inf_ptrace_detach_success (ops); } - delete_lwp (main_lwp->ptid); } /* Resume execution of the inferior process. If STEP is nonzero,