From patchwork Thu Apr 11 11:39:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pedro Alves X-Patchwork-Id: 88350 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E4C1E3858C52 for ; Thu, 11 Apr 2024 11:40:21 +0000 (GMT) X-Original-To: gdb-patches@sourceware.org Delivered-To: gdb-patches@sourceware.org Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by sourceware.org (Postfix) with ESMTPS id 4A8D93858D1E for ; Thu, 11 Apr 2024 11:39:51 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 4A8D93858D1E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=palves.net Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 4A8D93858D1E Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=209.85.128.43 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712835594; cv=none; b=LGCvSJuVOF55Gfftj18aIxyaFT2hbm49PenW8k9PQEhUXB6QYA/PfL5iRjlqfUMl5Ey8GpN2OBsHKQO4J0R1L4WYzXwEzA3AnerKbOf3dd0/rps1iLuL3jSm4bLYmnm2jqhPhniu8wfC+ZP7aeUyH6BOsfTGk5Ho/UUSedOPxjs= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712835594; c=relaxed/simple; bh=kLdtpofMa14+juC2MYMUw4xVYtYiuqNeZVDqtOHZgHI=; h=From:To:Subject:Date:Message-ID:MIME-Version; b=fI8rVdnEoF3fHF8ON0U3ot+g06AN4Ucq/ue6TMfIxY2yU3imP5SSSr+XnW6jKhWLOG7zHhOpmkOBpo+y+baIKFAWqqSKXe9keY1fsJYijSazILiEIWtPs1aY/saJLgu15XR1cuttjga9ozcyiWc8/d8z/rXNGVpwz217B7DgfqI= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-417d0194705so5230415e9.2 for ; Thu, 11 Apr 2024 04:39:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712835590; x=1713440390; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=8uA2buLgoXRX+FsvaNXEq82h2bpB13OzZRQK4WITBno=; b=LVdGgAEMY4OQRcbFUSrJ16xAfjwWlgQXQz4Xt1ahUAWWwVdHGO+RQgMyeDmxwCFKt5 MDqaYcEVDeHoGVsDzEZ6fOtjRzStqM/Hh6YIg8eLe917fIItDcOQIc+8NNoCUVPJ2lKM FU9bglBchpj4k8u7waimvr9vH8eOq/NJaRcm8DjeavE1VdeTt7AUspeJP6zQT28JchCp IwBrOEpTs+j061Kpqbi6r4q8V6RK5ZdKum6EGojIcA0KKwXU6IQGcbID2ZT/vYFfWbZV wqA9qO2Yhd/597rIdBmrlRITQY7hYfrq5o39c1ddOyAfzPdgFOpCuBI9Ia+pqjSJspyj kNzQ== X-Gm-Message-State: AOJu0YyLjuWwRMK2rXK8VaFxt55FYtImBjCYmhT7HpWbeBDplbAKkNPC 4YTda9xSCUfheMxWYv4IVBNvOYePjLxgq7J3FgkU2kmQ+byrG6zRdp1JKOc8 X-Google-Smtp-Source: AGHT+IF1cd2mvYoFZ03mxnicDDOCVaBMtn2iVnO8RknI3JyUC0xMfBwZZbCHDbXdiNGANFnjcjzmGg== X-Received: by 2002:a05:600c:1d8b:b0:417:e090:4772 with SMTP id p11-20020a05600c1d8b00b00417e0904772mr801195wms.34.1712835589691; Thu, 11 Apr 2024 04:39:49 -0700 (PDT) Received: from localhost ([2001:8a0:f93d:b900:6275:51e0:bc27:74b1]) by smtp.gmail.com with UTF8SMTPSA id jg25-20020a05600ca01900b004169836bf9asm5168804wmb.23.2024.04.11.04.39.49 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 11 Apr 2024 04:39:49 -0700 (PDT) From: Pedro Alves To: gdb-patches@sourceware.org Subject: [PATCH] gdb/linux-nat: Fix mem access ptrace fallback (PR threads/31579) Date: Thu, 11 Apr 2024 12:39:41 +0100 Message-ID: <20240411113941.204268-1-pedro@palves.net> X-Mailer: git-send-email 2.43.2 MIME-Version: 1.0 X-Spam-Status: No, score=-10.8 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN, FREEMAIL_FROM, GIT_PATCH_0, HEADER_FROM_DIFFERENT_DOMAINS, KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces+patchwork=sourceware.org@sourceware.org Old RHEL systems have a kernel that does not support writing memory via /proc/pid/mem. On such systems, we fallback to accessing memory via ptrace. That has a few downsides described in the "Accessing inferior memory" section at the top of linux-nat.c. The target_xfer interface for memory access uses inferior_ptid as sideband argument to indicate which process to access. Memory access is process-wide, it is not thread-specific, so inferior_ptid is sometimes pointed at a process-wide ptid_t for the memory access (i.e., a ptid that looks like {pid, 0, 0}). That is the case for any code that uses scoped_restore_current_inferior_for_memory, for example. That is what causes the issue described in PR 31579, where thread_db calls into the debugger to read memory, which reaches our ps_xfer_memory function, which does: static ps_err_e ps_xfer_memory (const struct ps_prochandle *ph, psaddr_t addr, gdb_byte *buf, size_t len, int write) { scoped_restore_current_inferior_for_memory save_inferior (ph->thread->inf); ... ret = target_read_memory (core_addr, buf, len); ... } If linux_nat_target::xfer_partial falls back to inf_ptrace_target with a pid-ptid, then the ptrace code will do the ptrace call targeting pid, the leader LWP. That may fail with ESRCH if the leader is currently running, or zombie. That is the case in the scenario in question, because thread_db is consulted for an event of a non-leader thread, before we've stopped the whole process. Fix this by having the ptrace fallback code try to find a stopped LWP to use with ptrace. I chose to handle this in the linux-nat target instead of in common code because (global) memory is a process-wide property, and this avoids having to teach all the code paths that use scoped_restore_current_inferior_for_memory to find some stopped thread to access memory through, which is a ptrace quirk. That is effectively what we used to do before we started relying on writable /proc/pid/mem. I'd rather not go back there. To trigger this on modern kernels you have to hack linux-nat.c to force the ptrace fallback code, like so: --- a/gdb/linux-nat.c +++ b/gdb/linux-nat.c @@ -3921,7 +3921,7 @@ linux_nat_target::xfer_partial (enum target_object object, poke would incorrectly write memory to the post-exec address space, while the core was trying to write to the pre-exec address space. */ - if (proc_mem_file_is_writable ()) + if (0 && proc_mem_file_is_writable ()) With that hack, I was able to confirm that the fix fixes hundreds of testsuite failures. Compared to a test run with pristine master, the hack above + this commit's fix shows that some non-stop-related tests fail, but that is expected, because those are tests that need to write memory while the program is running. (I made no effort to temporarily pause an lwp if no ptrace-stopped lwp is found.) Change-Id: I24a4f558e248aff7bc7c514a88c698f379f23180 Tested-By: Hannes Domani --- gdb/linux-nat.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 58 insertions(+), 3 deletions(-) base-commit: cafca5eaa068eaaa3e3a2ffab356efb4714c2968 diff --git a/gdb/linux-nat.c b/gdb/linux-nat.c index 2602e1f240d..d2b9aea724d 100644 --- a/gdb/linux-nat.c +++ b/gdb/linux-nat.c @@ -296,6 +296,8 @@ static struct lwp_info *find_lwp_pid (ptid_t ptid); static int lwp_status_pending_p (struct lwp_info *lp); +static bool is_lwp_marked_dead (lwp_info *lp); + static void save_stop_reason (struct lwp_info *lp); static bool proc_mem_file_is_writable (); @@ -1467,9 +1469,7 @@ detach_one_lwp (struct lwp_info *lp, int *signo_p) /* If the lwp has exited or was terminated due to a signal, there's nothing left to do. */ - if (lp->waitstatus.kind () == TARGET_WAITKIND_EXITED - || lp->waitstatus.kind () == TARGET_WAITKIND_THREAD_EXITED - || lp->waitstatus.kind () == TARGET_WAITKIND_SIGNALLED) + if (is_lwp_marked_dead (lp)) { linux_nat_debug_printf ("Can't detach %s - it has exited or was terminated: %s.", @@ -2199,6 +2199,21 @@ mark_lwp_dead (lwp_info *lp, int status) lp->stopped = 1; } +/* Return true if LP is dead, with a pending exit/signalled event. */ + +static bool +is_lwp_marked_dead (lwp_info *lp) +{ + switch (lp->waitstatus.kind ()) + { + case TARGET_WAITKIND_EXITED: + case TARGET_WAITKIND_THREAD_EXITED: + case TARGET_WAITKIND_SIGNALLED: + return true; + } + return false; +} + /* Wait for LP to stop. Returns the wait status, or 0 if the LWP has exited. */ @@ -3879,6 +3894,20 @@ linux_proc_xfer_memory_partial (int pid, gdb_byte *readbuf, const gdb_byte *writebuf, ULONGEST offset, LONGEST len, ULONGEST *xfered_len); +/* Look for an LWP of PID that we know is ptrace-stopped. Returns + NULL if none is found. */ + +static lwp_info * +find_stopped_lwp (int pid) +{ + for (lwp_info *lp : all_lwps ()) + if (lp->ptid.pid () == pid + && lp->stopped + && !is_lwp_marked_dead (lp)) + return lp; + return nullptr; +} + enum target_xfer_status linux_nat_target::xfer_partial (enum target_object object, const char *annex, gdb_byte *readbuf, @@ -3925,6 +3954,32 @@ linux_nat_target::xfer_partial (enum target_object object, return linux_proc_xfer_memory_partial (inferior_ptid.pid (), readbuf, writebuf, offset, len, xfered_len); + + /* Fallback to ptrace. This should only really trigger on old + systems. See "Accessing inferior memory" at the top. + + The target_xfer interface for memory access uses + inferior_ptid as sideband argument to indicate which process + to access. Memory access is process-wide, it is not + thread-specific, so inferior_ptid sometimes points at a + process ptid_t. If we fallback to inf_ptrace_target with + that inferior_ptid, then the ptrace code will do the ptrace + call targeting inferior_ptid.pid(), the leader LWP. That + may fail with ESRCH if the leader is currently running, or + zombie. So if we get a pid-ptid, we try to find a stopped + LWP to use with ptrace. + + Note that inferior_ptid may not exist in the lwp / thread / + inferior lists. This can happen when we're removing + breakpoints from a fork child that we're not going to stay + attached to. So if we don't find a stopped LWP, still do the + ptrace call, targeting the inferior_ptid we had on entry. */ + scoped_restore save_inferior_ptid = make_scoped_restore (&inferior_ptid); + lwp_info *stopped = find_stopped_lwp (inferior_ptid.pid ()); + if (stopped != nullptr) + inferior_ptid = stopped->ptid; + return inf_ptrace_target::xfer_partial (object, annex, readbuf, writebuf, + offset, len, xfered_len); } return inf_ptrace_target::xfer_partial (object, annex, readbuf, writebuf,