aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPedro Alves <pedro@palves.net>2024-04-10 20:00:26 +0100
committerPedro Alves <pedro@palves.net>2024-04-26 21:57:46 +0100
commit5e86aab85118ae705bbf9b247497167a8d801d2c (patch)
treeeb4b7d869260c6f7770611a3b0188e52054379bd
parentacaf8d85fe9b8231c0b8ba5796a7eb350a04d7c2 (diff)
downloadgdb-5e86aab85118ae705bbf9b247497167a8d801d2c.zip
gdb-5e86aab85118ae705bbf9b247497167a8d801d2c.tar.gz
gdb-5e86aab85118ae705bbf9b247497167a8d801d2c.tar.bz2
gdb/linux-nat: Fix mem access ptrace fallback (PR threads/31579)
Old RHEL systems have a kernel that does not support writing memory via /proc/pid/mem. On such systems, we fallback to accessing memory via ptrace. That has a few downsides described in the "Accessing inferior memory" section at the top of linux-nat.c. The target_xfer interface for memory access uses inferior_ptid as sideband argument to indicate which process to access. Memory access is process-wide, it is not thread-specific, so inferior_ptid is sometimes pointed at a process-wide ptid_t for the memory access (i.e., a ptid that looks like {pid, 0, 0}). That is the case for any code that uses scoped_restore_current_inferior_for_memory, for example. That is what causes the issue described in PR 31579, where thread_db calls into the debugger to read memory, which reaches our ps_xfer_memory function, which does: static ps_err_e ps_xfer_memory (const struct ps_prochandle *ph, psaddr_t addr, gdb_byte *buf, size_t len, int write) { scoped_restore_current_inferior_for_memory save_inferior (ph->thread->inf); ... ret = target_read_memory (core_addr, buf, len); ... } If linux_nat_target::xfer_partial falls back to inf_ptrace_target with a pid-ptid, then the ptrace code will do the ptrace call targeting pid, the leader LWP. That may fail with ESRCH if the leader is currently running, or zombie. That is the case in the scenario in question, because thread_db is consulted for an event of a non-leader thread, before we've stopped the whole process. Fix this by having the ptrace fallback code try to find a stopped LWP to use with ptrace. I chose to handle this in the linux-nat target instead of in common code because (global) memory is a process-wide property, and this avoids having to teach all the code paths that use scoped_restore_current_inferior_for_memory to find some stopped thread to access memory through, which is a ptrace quirk. That is effectively what we used to do before we started relying on writable /proc/pid/mem. I'd rather not go back there. To trigger this on modern kernels you have to hack linux-nat.c to force the ptrace fallback code, like so: --- a/gdb/linux-nat.c +++ b/gdb/linux-nat.c @@ -3921,7 +3921,7 @@ linux_nat_target::xfer_partial (enum target_object object, poke would incorrectly write memory to the post-exec address space, while the core was trying to write to the pre-exec address space. */ - if (proc_mem_file_is_writable ()) + if (0 && proc_mem_file_is_writable ()) With that hack, I was able to confirm that the fix fixes hundreds of testsuite failures. Compared to a test run with pristine master, the hack above + this commit's fix shows that some non-stop-related tests fail, but that is expected, because those are tests that need to access memory while the program is running. (I made no effort to temporarily pause an lwp if no ptrace-stopped lwp is found.) Change-Id: I24a4f558e248aff7bc7c514a88c698f379f23180 Tested-By: Hannes Domani <ssbssa@yahoo.de> Approved-By: Andrew Burgess <aburgess@redhat.com>
-rw-r--r--gdb/linux-nat.c61
1 files changed, 58 insertions, 3 deletions
diff --git a/gdb/linux-nat.c b/gdb/linux-nat.c
index c357ca3..48ecd36 100644
--- a/gdb/linux-nat.c
+++ b/gdb/linux-nat.c
@@ -296,6 +296,8 @@ static struct lwp_info *find_lwp_pid (ptid_t ptid);
static int lwp_status_pending_p (struct lwp_info *lp);
+static bool is_lwp_marked_dead (lwp_info *lp);
+
static void save_stop_reason (struct lwp_info *lp);
static bool proc_mem_file_is_writable ();
@@ -1467,9 +1469,7 @@ detach_one_lwp (struct lwp_info *lp, int *signo_p)
/* If the lwp has exited or was terminated due to a signal, there's
nothing left to do. */
- if (lp->waitstatus.kind () == TARGET_WAITKIND_EXITED
- || lp->waitstatus.kind () == TARGET_WAITKIND_THREAD_EXITED
- || lp->waitstatus.kind () == TARGET_WAITKIND_SIGNALLED)
+ if (is_lwp_marked_dead (lp))
{
linux_nat_debug_printf
("Can't detach %s - it has exited or was terminated: %s.",
@@ -2199,6 +2199,21 @@ mark_lwp_dead (lwp_info *lp, int status)
lp->stopped = 1;
}
+/* Return true if LP is dead, with a pending exit/signalled event. */
+
+static bool
+is_lwp_marked_dead (lwp_info *lp)
+{
+ switch (lp->waitstatus.kind ())
+ {
+ case TARGET_WAITKIND_EXITED:
+ case TARGET_WAITKIND_THREAD_EXITED:
+ case TARGET_WAITKIND_SIGNALLED:
+ return true;
+ }
+ return false;
+}
+
/* Wait for LP to stop. Returns the wait status, or 0 if the LWP has
exited. */
@@ -3830,6 +3845,20 @@ linux_proc_xfer_memory_partial (int pid, gdb_byte *readbuf,
const gdb_byte *writebuf, ULONGEST offset,
LONGEST len, ULONGEST *xfered_len);
+/* Look for an LWP of PID that we know is ptrace-stopped. Returns
+ NULL if none is found. */
+
+static lwp_info *
+find_stopped_lwp (int pid)
+{
+ for (lwp_info *lp : all_lwps ())
+ if (lp->ptid.pid () == pid
+ && lp->stopped
+ && !is_lwp_marked_dead (lp))
+ return lp;
+ return nullptr;
+}
+
enum target_xfer_status
linux_nat_target::xfer_partial (enum target_object object,
const char *annex, gdb_byte *readbuf,
@@ -3876,6 +3905,32 @@ linux_nat_target::xfer_partial (enum target_object object,
return linux_proc_xfer_memory_partial (inferior_ptid.pid (), readbuf,
writebuf, offset, len,
xfered_len);
+
+ /* Fallback to ptrace. This should only really trigger on old
+ systems. See "Accessing inferior memory" at the top.
+
+ The target_xfer interface for memory access uses
+ inferior_ptid as sideband argument to indicate which process
+ to access. Memory access is process-wide, it is not
+ thread-specific, so inferior_ptid sometimes points at a
+ process ptid_t. If we fallback to inf_ptrace_target with
+ that inferior_ptid, then the ptrace code will do the ptrace
+ call targeting inferior_ptid.pid(), the leader LWP. That
+ may fail with ESRCH if the leader is currently running, or
+ zombie. So if we get a pid-ptid, we try to find a stopped
+ LWP to use with ptrace.
+
+ Note that inferior_ptid may not exist in the lwp / thread /
+ inferior lists. This can happen when we're removing
+ breakpoints from a fork child that we're not going to stay
+ attached to. So if we don't find a stopped LWP, still do the
+ ptrace call, targeting the inferior_ptid we had on entry. */
+ scoped_restore save_inferior_ptid = make_scoped_restore (&inferior_ptid);
+ lwp_info *stopped = find_stopped_lwp (inferior_ptid.pid ());
+ if (stopped != nullptr)
+ inferior_ptid = stopped->ptid;
+ return inf_ptrace_target::xfer_partial (object, annex, readbuf, writebuf,
+ offset, len, xfered_len);
}
return inf_ptrace_target::xfer_partial (object, annex, readbuf, writebuf,