From patchwork Mon Jun 23 10:09:32 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Hui Zhu <hui@codesourcery.com>
X-Patchwork-Id: 1659
Received: (qmail 14960 invoked by alias); 23 Jun 2014 10:10:34 -0000
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Unsubscribe: <mailto:gdb-patches-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
Delivered-To: mailing list gdb-patches@sourceware.org
Received: (qmail 14949 invoked by uid 89); 23 Jun 2014 10:10:32 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.2 required=5.0 tests=AWL,
	BAYES_40 autolearn=ham version=3.3.2
X-HELO: relay1.mentorg.com
Received: from relay1.mentorg.com (HELO relay1.mentorg.com) (192.94.38.131)
	by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with
	ESMTP; Mon, 23 Jun 2014 10:10:02 +0000
Received: from svr-orw-exc-10.mgc.mentorg.com ([147.34.98.58])	by
	relay1.mentorg.com with esmtp id 1Wz1CI-0005WJ-Us from
	Hui_Zhu@mentor.com for gdb-patches@sourceware.org;
	Mon, 23 Jun 2014 03:09:58 -0700
Received: from SVR-ORW-FEM-04.mgc.mentorg.com ([147.34.97.41]) by
	SVR-ORW-EXC-10.mgc.mentorg.com with Microsoft
	SMTPSVC(6.0.3790.4675); Mon, 23 Jun 2014 03:09:57 -0700
Received: from localhost (147.34.91.1) by svr-orw-fem-04.mgc.mentorg.com
	(147.34.97.41) with Microsoft SMTP Server id 14.2.247.3;
	Mon, 23 Jun 2014 03:09:32 -0700
From: Hui Zhu <hui@codesourcery.com>
To: gdb-patches ml <gdb-patches@sourceware.org>
Subject: [PATCH] Fix crash of gdbserver when kill threads
MIME-Version: 1.0
Message-ID: 
 <510f2362-8d33-4c3c-9a13-5d187f26abdf@SVR-ORW-FEM-04.mgc.mentorg.com>
Date: Mon, 23 Jun 2014 03:09:32 -0700
X-IsSubscribed: yes

gdbserver :1234 gdb.base/watch_thread_num
gdb gdb.base/watch_thread_num
(gdb) b 48
Breakpoint 1 at 0x400737: file ../../../binutils-gdb/gdb/testsuite/gdb.base/watch_thread_num.c, line 48.
(gdb) c
Continuing.

Breakpoint 1, main () at ../../../binutils-gdb/gdb/testsuite/gdb.base/watch_thread_num.c:48
48	    thread_result = thread_function ((void *) i);
(gdb) k
Kill the program being debugged? (y or n) y
gdbserver :1234 gdb.base/watch_thread_num
Process gdb.base/watch_thread_num created; pid = 9719
Listening on port 1234
Remote debugging from host 127.0.0.1
Killing all inferiors
Segmentation fault (core dumped)

Backtrace:
(gdb) bt
#0  find_inferior (list=<optimized out>, func=func@entry=0x423990 <kill_one_lwp_callback>, arg=arg@entry=0x7fffe97405dc)
    at ../../../binutils-gdb/gdb/gdbserver/inferiors.c:199
#1  0x0000000000425bff in linux_kill (pid=10130) at ../../../binutils-gdb/gdb/gdbserver/linux-low.c:966
#2  0x000000000040ae8c in kill_inferior_callback (entry=<optimized out>) at ../../../binutils-gdb/gdb/gdbserver/server.c:2934
#3  0x0000000000405c61 in for_each_inferior (list=<optimized out>, action=action@entry=0x40ae60 <kill_inferior_callback>)
    at ../../../binutils-gdb/gdb/gdbserver/inferiors.c:57
#4  0x000000000040d5e2 in process_serial_event () at ../../../binutils-gdb/gdb/gdbserver/server.c:3767
#5  handle_serial_event (err=<optimized out>, client_data=<optimized out>) at ../../../binutils-gdb/gdb/gdbserver/server.c:3880
#6  0x0000000000412cda in handle_file_event (event_file_desc=event_file_desc@entry=4)
    at ../../../binutils-gdb/gdb/gdbserver/event-loop.c:434
#7  0x000000000041357a in process_event () at ../../../binutils-gdb/gdb/gdbserver/event-loop.c:189
#8  start_event_loop () at ../../../binutils-gdb/gdb/gdbserver/event-loop.c:552
#9  0x0000000000403088 in main (argc=3, argv=0x7fffe9740938) at ../../../binutils-gdb/gdb/gdbserver/server.c:3283

The cause of this issue is when linux_kill call "find_inferior (&all_threads, kill_one_lwp_callback , &pid)"
to kill all the lwp of pid.
In linux_wait_for_event, it will delete_lwp any lwp in all_threads if it
get exit event of it.  Then it make find_inferior crash.

I make a patch that let kill_one_lwp_callback return 1, then after
linux_wait_for_event is called(Maybe all_threads is changed), find_inferior
will return.
And change call "find_inferior (&all_threads, kill_one_lwp_callback , &pid)"
to be a loop.  It will stop when all_threads doesn't have any lwp is pid.

It pass regression test in x86_64 Linux. 

Thanks,
Hui

2014-06-23  Hui Zhu  <hui@codesourcery.com>

	* linux-low.c (kill_one_lwp_callback): Change last return to 1.
	(linux_kill): Call find_inferior with a loop.

--- a/gdb/gdbserver/linux-low.c
+++ b/gdb/gdbserver/linux-low.c
@@ -944,7 +944,9 @@ kill_one_lwp_callback (struct inferior_l
       pid = linux_wait_for_event (thread->entry.id, &wstat, __WALL);
     } while (pid > 0 && WIFSTOPPED (wstat));
 
-  return 0;
+  /* Let find_inferior return because maybe other lwp in the list will
+     be deleted by delete_lwp.  */
+  return 1;
 }
 
 static int
@@ -963,7 +965,9 @@ linux_kill (int pid)
      first, as PTRACE_KILL will not work otherwise.  */
   stop_all_lwps (0, NULL);
 
-  find_inferior (&all_threads, kill_one_lwp_callback , &pid);
+  /* Keep call kill_one_lwp_callback until find_inferior cannot find any
+     lwps that is for pid.  */
+  while (find_inferior (&all_threads, kill_one_lwp_callback , &pid) != NULL);
 
   /* See the comment in linux_kill_one_lwp.  We did not kill the first
      thread in the list, so do so now.  */