Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 11 Feb 2005 14:50:17 -0800
From:      Kris Kennaway <kris@obsecurity.org>
To:        "David G. Lawrence" <dg@dglawrence.com>
Cc:        Kris Kennaway <kris@obsecurity.org>
Subject:   Re: do_execve() finding vmspace_destroyed set under load
Message-ID:  <20050211225017.GA58711@xor.obsecurity.org>
In-Reply-To: <20050130101403.GM48777@opteron.dglawrence.com>
References:  <20050130025217.GA32612@xor.obsecurity.org> <20050130075422.GL48777@opteron.dglawrence.com> <20050130093527.GA89923@xor.obsecurity.org> <20050130101403.GM48777@opteron.dglawrence.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
On Sun, Jan 30, 2005 at 02:14:03AM -0800, David G. Lawrence wrote:
> > > > Needless to say, the scripts get pretty unhappy when they're summarily
> > > > aborted.  What is the cause of this?
> > > 
> > >    There are many reasons why an exec can fail - you'd need to collect
> > > more info to be able to say specifically. Speaking generally, the above
> > > code happens because something failed after the process's address space
> > > had been cleared, so there is no process executable image to return
> > > to. The only thing to do in that case is to kill off the process. If
> > > you're only seeing the problem under load, it is probably indicating
> > > that your running out of a kernel VM pool of some kind.
> > 
> > Any suggestions on what to look at to try and debug this further?
> 
>    The first thing to do is to add some kernel printf's to do_execve()
> in each of the 'if (error)' cases to determine where the error is occuring.
> It's probably not worth putting them in cases prior to the 'loop through
> the list of image activators', since the vmspace isn't destroyed until
> then.
>    Once you've done that, the cause of the problem should become obvious.

It's the error branch here:

        for (i = 0; error == -1 && execsw[i]; ++i) {
                if (execsw[i]->ex_imgact == NULL ||
                    execsw[i]->ex_imgact == img_first) {
                        continue;
                }
                error = (*execsw[i]->ex_imgact)(imgp);
        }

        if (error) {
                if (error == -1) {
                        if (textset == 0)
                                imgp->vp->v_vflag &= ~VV_TEXT;
                        error = ENOEXEC;
                }
                goto exec_fail_dealloc;
        }

But I forgot to print the value of error..duh :-(

Kris
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQFCDTapWry0BWjoQKURAi9NAKDrUKm0uQT9lTKY9SuDzhgU2qknAQCcCNBF
ieH+SejgnyRNAsJRgj+Wz8o=
=Lq+c
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050211225017.GA58711>