diff options
author | Pedro Alves <palves@redhat.com> | 2014-07-11 11:07:13 +0100 |
---|---|---|
committer | Pedro Alves <palves@redhat.com> | 2014-07-11 11:07:13 +0100 |
commit | e76126e8d1fc8e244fbfce03bda4a41a7b7722b1 (patch) | |
tree | 417fa03adeafdc09a0aba6ba4bde606404fce484 /gdb/gdbserver | |
parent | b9c1d481cc639a9c1f31aea164f8716a85edd89f (diff) | |
download | gdb-e76126e8d1fc8e244fbfce03bda4a41a7b7722b1.zip gdb-e76126e8d1fc8e244fbfce03bda4a41a7b7722b1.tar.gz gdb-e76126e8d1fc8e244fbfce03bda4a41a7b7722b1.tar.bz2 |
GDBserver crashes when killing a multi-thread process
Here's an example, with the new test:
gdbserver :9999 gdb.threads/kill
gdb gdb.threads/kill
(gdb) b 52
Breakpoint 1 at 0x4007f4: file kill.c, line 52.
Continuing.
Breakpoint 1, main () at kill.c:52
52 return 0; /* set break here */
(gdb) k
Kill the program being debugged? (y or n) y
gdbserver :9999 gdb.threads/kill
Process gdb.base/watch_thread_num created; pid = 9719
Listening on port 1234
Remote debugging from host 127.0.0.1
Killing all inferiors
Segmentation fault (core dumped)
Backtrace:
(gdb) bt
#0 0x00000000004068a0 in find_inferior (list=0x66b060 <all_threads>, func=0x427637 <kill_one_lwp_callback>, arg=0x7fffffffd3fc) at src/gdb/gdbserver/inferiors.c:199
#1 0x00000000004277b6 in linux_kill (pid=15708) at src/gdb/gdbserver/linux-low.c:966
#2 0x000000000041354d in kill_inferior (pid=15708) at src/gdb/gdbserver/target.c:163
#3 0x00000000004107e9 in kill_inferior_callback (entry=0x6704f0) at src/gdb/gdbserver/server.c:2934
#4 0x0000000000406522 in for_each_inferior (list=0x66b050 <all_processes>, action=0x4107a6 <kill_inferior_callback>) at src/gdb/gdbserver/inferiors.c:57
#5 0x0000000000412377 in process_serial_event () at src/gdb/gdbserver/server.c:3767
#6 0x000000000041267c in handle_serial_event (err=0, client_data=0x0) at src/gdb/gdbserver/server.c:3880
#7 0x00000000004189ff in handle_file_event (event_file_desc=4) at src/gdb/gdbserver/event-loop.c:434
#8 0x00000000004181c6 in process_event () at src/gdb/gdbserver/event-loop.c:189
#9 0x0000000000418f45 in start_event_loop () at src/gdb/gdbserver/event-loop.c:552
#10 0x0000000000411272 in main (argc=3, argv=0x7fffffffd8d8) at src/gdb/gdbserver/server.c:3283
The problem is that linux_wait_for_event deletes lwps that have exited
(even those not passed in as lwps of interest), while the lwp/thread
list is being walked on with find_inferior. find_inferior can handle
the current iterated inferior being deleted, but not others.
When killing lwps, we don't really care about any of the pending
status handling of linux_wait_for_event. We can just waitpid the lwps
directly, which is also what GDB does (see
linux-nat.c:kill_wait_callback). This way the lwps are not deleted
while we're walking the list. They'll be deleted by linux_mourn
afterwards.
This crash triggers several times when running the testsuite against
GDBserver with the native-gdbserver board (target remote), but as GDB
can't distinguish between GDBserver crashing and "kill" being
sucessful, as in both cases the connection is closed (the 'k' packet
doesn't require a reply), and the inferior is gone, that results in no
FAIL.
The patch adds a generic test that catches the issue with
extended-remote mode (and works fine with native testing too). Here's
how it fails with the native-extended-gdbserver board without the fix:
(gdb) info threads
Id Target Id Frame
6 Thread 15367.15374 0x000000373bcbc98d in nanosleep () at ../sysdeps/unix/syscall-template.S:81
5 Thread 15367.15373 0x000000373bcbc98d in nanosleep () at ../sysdeps/unix/syscall-template.S:81
4 Thread 15367.15372 0x000000373bcbc98d in nanosleep () at ../sysdeps/unix/syscall-template.S:81
3 Thread 15367.15371 0x000000373bcbc98d in nanosleep () at ../sysdeps/unix/syscall-template.S:81
2 Thread 15367.15370 0x000000373bcbc98d in nanosleep () at ../sysdeps/unix/syscall-template.S:81
* 1 Thread 15367.15367 main () at .../gdb.threads/kill.c:52
(gdb) kill
Kill the program being debugged? (y or n) y
Remote connection closed
^^^^^^^^^^^^^^^^^^^^^^^^
(gdb) FAIL: gdb.threads/kill.exp: kill
Extended remote should remain connected after the kill.
gdb/gdbserver/
2014-07-11 Pedro Alves <palves@redhat.com>
* linux-low.c (kill_wait_lwp): New function, based on
kill_one_lwp_callback, but use my_waitpid directly.
(kill_one_lwp_callback, linux_kill): Use it.
gdb/testsuite/
2014-07-11 Pedro Alves <palves@redhat.com>
* gdb.threads/kill.c: New file.
* gdb.threads/kill.exp: New file.
Diffstat (limited to 'gdb/gdbserver')
-rw-r--r-- | gdb/gdbserver/ChangeLog | 6 | ||||
-rw-r--r-- | gdb/gdbserver/linux-low.c | 68 |
2 files changed, 48 insertions, 26 deletions
diff --git a/gdb/gdbserver/ChangeLog b/gdb/gdbserver/ChangeLog index cd5aa0f..e6b0a84 100644 --- a/gdb/gdbserver/ChangeLog +++ b/gdb/gdbserver/ChangeLog @@ -1,3 +1,9 @@ +2014-07-11 Pedro Alves <palves@redhat.com> + + * linux-low.c (kill_wait_lwp): New function, based on + kill_one_lwp_callback, but use my_waitpid directly. + (kill_one_lwp_callback, linux_kill): Use it. + 2014-06-23 Pedro Alves <palves@redhat.com> * linux-x86-low.c (x86_linux_prepare_to_resume): Clear DR_CONTROL diff --git a/gdb/gdbserver/linux-low.c b/gdb/gdbserver/linux-low.c index 61552f4..215a80c 100644 --- a/gdb/gdbserver/linux-low.c +++ b/gdb/gdbserver/linux-low.c @@ -909,6 +909,46 @@ linux_kill_one_lwp (struct lwp_info *lwp) errno ? strerror (errno) : "OK"); } +/* Kill LWP and wait for it to die. */ + +static void +kill_wait_lwp (struct lwp_info *lwp) +{ + struct thread_info *thr = get_lwp_thread (lwp); + int pid = ptid_get_pid (ptid_of (thr)); + int lwpid = ptid_get_lwp (ptid_of (thr)); + int wstat; + int res; + + if (debug_threads) + debug_printf ("kwl: killing lwp %d, for pid: %d\n", lwpid, pid); + + do + { + linux_kill_one_lwp (lwp); + + /* Make sure it died. Notes: + + - The loop is most likely unnecessary. + + - We don't use linux_wait_for_event as that could delete lwps + while we're iterating over them. We're not interested in + any pending status at this point, only in making sure all + wait status on the kernel side are collected until the + process is reaped. + + - We don't use __WALL here as the __WALL emulation relies on + SIGCHLD, and killing a stopped process doesn't generate + one, nor an exit status. + */ + res = my_waitpid (lwpid, &wstat, 0); + if (res == -1 && errno == ECHILD) + res = my_waitpid (lwpid, &wstat, __WCLONE); + } while (res > 0 && WIFSTOPPED (wstat)); + + gdb_assert (res > 0); +} + /* Callback for `find_inferior'. Kills an lwp of a given process, except the leader. */ @@ -917,7 +957,6 @@ kill_one_lwp_callback (struct inferior_list_entry *entry, void *args) { struct thread_info *thread = (struct thread_info *) entry; struct lwp_info *lwp = get_thread_lwp (thread); - int wstat; int pid = * (int *) args; if (ptid_get_pid (entry->id) != pid) @@ -936,14 +975,7 @@ kill_one_lwp_callback (struct inferior_list_entry *entry, void *args) return 0; } - do - { - linux_kill_one_lwp (lwp); - - /* Make sure it died. The loop is most likely unnecessary. */ - pid = linux_wait_for_event (thread->entry.id, &wstat, __WALL); - } while (pid > 0 && WIFSTOPPED (wstat)); - + kill_wait_lwp (lwp); return 0; } @@ -952,8 +984,6 @@ linux_kill (int pid) { struct process_info *process; struct lwp_info *lwp; - int wstat; - int lwpid; process = find_process_pid (pid); if (process == NULL) @@ -976,21 +1006,7 @@ linux_kill (int pid) pid); } else - { - struct thread_info *thr = get_lwp_thread (lwp); - - if (debug_threads) - debug_printf ("lk_1: killing lwp %ld, for pid: %d\n", - lwpid_of (thr), pid); - - do - { - linux_kill_one_lwp (lwp); - - /* Make sure it died. The loop is most likely unnecessary. */ - lwpid = linux_wait_for_event (thr->entry.id, &wstat, __WALL); - } while (lwpid > 0 && WIFSTOPPED (wstat)); - } + kill_wait_lwp (lwp); the_target->mourn (process); |